« Measuring Moats | Main | Trusting Trust - SaaS Edition »



The airport comparison is a bit of a stretch here. The problem of keeping an airport open through snow is simple (move the snow off the runway, keep ice off planes) and uses proven and well understood simple technology. The problem is easy to understand by even the most disinterested observer. There is a clear motivation to solve the problem which a majority of people share. Solutions, even custom ones (build our own snowclearing machines) are quantifiable and the outcome obvious (no snow on runways!). The threat is expected and predictable.

Which of these apply to infosec?

I'd challenge that infosec isn't a solvable issue and the thinking that it is is our biggest problem. It is more like a chronic illness or ache that we need to learn how to live with and manage. Yes, we can take steps to reduce the pain and we should, but we shouldn't expect things to ever "be secure" for whatever definition of secure you use.


@ds- I do agree on the chronic illness piece, I think its a problem that does not go away.

But you can say the same thing about winter weather. and if as you say "The problem of keeping an airport open through snow is simple" then why have there been over 75,000 cancelled domestic flights in the US due to weather since Dec 1? I would suggest incentives play a role, but also point out that our friends in Scandinavia show this is *not* a problem that cannot be solved, Atlanta in February is about August in Sweden and yet they stay open the whole year through.

To me, infosec as commonly practiced is like winter weather response in an Atlanta airport and if we are going to get better at dealing with this chronic illness we need to get new tools and practices into play


"the largest snow blowers in the world, capable of moving one ton of snow a second"

Does not sound plausible. Are we talking the Overaasen TV-2000? That would be about 10 tons an hour.



@JohnS - I agree it sounds like a lot. The point that resonates with me is - using purpose built not off the shelf equipment. Would love to infosec do this

The comments to this entry are closed.