Home > Computer Security > Why the current computer security paradigm is analogous to fixing a leaky dam

Why the current computer security paradigm is analogous to fixing a leaky dam

I’m always trying to find new and innovate ways to explain the realities of computer security and hacking to people. It’s not that easy. Many people’s perspective and ideas are “hard coded” into their minds, so they are very resistant to accepting new ways of looking at the problem.  I hope you’re not one of those people.

I’m sure everyone recognizes that a leaky dam is a problem. When a hole appears, it needs to be fixed. The people maintaining the dam will come up with innovate ways to prevent leaks, such as self-sealing coatings or reinforcing certain weak spots. But water is very powerful and sometimes a hole appears despite these measures. Those maintaining the dam will implement a special leak detection system and hire a staff to monitor the system 24 x 7, so they can respond to leaks in an expeditious manner, to prevent a leak from getting bigger. But the bottom line is that leaks are still developing.  Countless time, money and effort will be spent trying to prevent, detect and fix leaks, but does anyone ever stop and think that perhaps they are going about solving the leak problem in the wrong way?

Do you know what the people in my example are doing wrong?

The problem in my example is not really the leaks, it’s the dam itself. The dam wasn’t engineered or built properly, so it leaks. Everyone accepts the fact that the dams leaks, so all the countless time, money and effort spent addressing the leak problem is justified. The way to solve the leak problem, is to re-engineer and/or rebuild the dam. But wait a second… All the people who engineer, build and maintain dams will tell you that it isn’t possible to develop a leak proof dam. Really? Is that the ground truth? Is there no one in the universe that can engineer and build a leak proof dam?

People are spending countless time, money and effort trying to secure computer systems. They purchase all kinds of “bolt-on” security and monitoring tools in an attempt to prevent, detect and respond to compromises. Sometimes these things work, but mostly, they don’t. Are we really going about solving the computer security problem in the right way? I don’t think so.

Learn more

Are you not convinced that what I say is true? Want to learn more about why we’re going about solving the computer security problem in the wrong way? Read my book!

Advertisements
  1. Bill Mullins
    June 16, 2010 at 5:44 pm

    Mister Reiner,

    A “dam” good analogy! I really enjoyed that.

    Thanks.

    Bill

  2. July 26, 2010 at 8:47 pm

    Good analogy. I used something on Dark Reading a few years ago. Something people can understand. We should talk. I want to run something by you. Will you ping me?

  1. June 16, 2010 at 5:17 pm
  2. June 17, 2010 at 1:18 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: