News Stay informed about the latest enterprise technology news and product updates.

Opinion: The importance of a military mindset

The military security mindset shouldn't be so quickly dismissed, says Michael Tanji, because military science has spawned many commercially successful technologies and trained many of the professionals who today are the lifeblood of the industry.

While the military is not without shortcomings, I take issue with any attempts to dismiss the military security...

mindset, as Gartner vice president Jay Heiser did in his recent column for Information Security magazine. It's a realm from which so many good security ideas have emerged, and from which more good ideas are just around the corner.

The nature of the problems facing infosec pros is not much different from those the military has faced for centuries: advancing technology, evolving threats, surprises and serious consequences.
Military science has spawned a number of successful technologies and methodologies. Military R&D changed the face of the world several times over, as military engineers developed the means to overcome a previous generation's successful defenses. The nature of the problems facing information security professionals are not much different from those the military has faced for centuries: advancing technology, evolving threats, surprises and serious consequences.

Military engineers learned quickly that no single defensive mechanism, be it a moat, "great wall" or network of trenches could defeat an advancing enemy. However, by combining multiple solutions -- i.e. a strategy that we've come to know as defense-in-depth -- they could mitigate the impact of an attack and slow an enemy's progress enough that countermeasures could be deployed.

If you are familiar with the concept of a virtual DMZ -- an area that separates a protected network from a hostile one -- you are surely familiar with what the acronym stands for: demilitarized zone. For those without a sense of history, the patch of ground that divides the nation that was once called Korea is a real-life DMZ.

How many security firms were started or staffed with veterans of defense and intelligence agencies? Military officers working in intelligence and infosec fields started firms like WheelGroup Corp. and Riptech Inc., now part of the security practices of Cisco Systems Inc. and Symantec Corp., respectively.

Also, it's worth noting that there would be no commercial infosec industry were it not ARPANET, the precursor to the Internet and an effort sponsored by the U.S. Department of Defense. After ARPANET was threatened by the Morris worm in the late 1980s, the DOD funded what would become the Computer Emergency Response Team Coordination Center (CERT/CC), which has served as the template for countless commercial imitators.

Another opinion

Read why infosec pro Norman Beznoska Jr. says corporate America has borrowed much of its technology from the armed forces, and could still stand to learn a thing or two.
There are certainly situations in which military-oriented methodologies are not suitable for use in the commercial world. Military goals tend to be final and absolute, while businesses have to maintain a fluid state of flexibility, able to undo decisions as market dynamics change. Problems and mistakes in business can typically be addressed with marginal consequences.

That's not to say mistakes aren't OK in the corporate infosec world, yet organizations large and small often fall victim repeatedly to the same types of attacks and continue to follow bad practices, at least until a ChoicePoint-like scandal exposes their actions. That mindset simply doesn't cut it in the military. It can't afford to make security mistakes when lives are on the line.

Last but not least, it is the defense and intelligence communities that fund think tanks and graduate schools, which ferment the ideas that will evolve into the security solutions of the future. For all these reasons, the military security mindset deserves a salute, not the brush-off.

Michael Tanji is a veteran of the Army and several intelligence agencies, and an associate of the Terrorism Research Center in Arlington, Va.

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.