The French built the famous Maginot Line after WW I as the perfect defense against another German attack. We all know how that worked out; it became the textbook example of “fighting the last war.” With computers, the speed of evolution is literally hundreds of times faster than with armaments. That’s partly why in cyber warfare, the vast majority of money and effort is spent fighting the last war, which partly explains why we are so cyber-insecure and why it’s so important to get way smarter about cybersecurity than we are.
The Maginot Line
According to the history books, the French (among others) “won” World War I. The French certainly thought so. The French generals definitely thought so.
The French decided that they wanted “learn the lessons” of the war, and apply them to preparing for the next war with the Germans.
They knew that the technology of war evolves. They were well aware that, once they recovered from their post-war deprivations, the Germans would continue to advance the weapons of war. They were confident that heavily armored vehicles (tanks) would evolve from their nascent status during the “Great War.” To make a long story short, after considerable deliberation, they designed and built the Maginot Line as the ultimate defense against German attack.
The name Maginot “Line” implies that the Maginot whatever was line-like in nature. The reality is richer and more interesting. As this diagram indicates,
it was a rich complex of systems, stretching more than 10 miles from the border posts to the back.
Here, for example, is an element in the Maginot line.
Things like this would contain machine guns and/or anti-tank guns.
It was built over about 10 years, from 1930 to 1940, and was extolled as a “work of genius” by military experts.
The Maginot Line at War
The Germans attacked on May 10, 1940. By May 21, the Germans had the Allied armies trapped by the sea on the northern coast of France. German forces arrived at an undefended Paris on June 14, and forced the French into an armistice on June 22. France, victors in World War I and creators of that work of genius, the Maginot Line, fell in about six weeks.
How did it happen? In retrospect, it’s pretty simple: the Germans read the French script for how the war was to be played, and refused to play the part written for them. Their tanks simply by-passed the invincible Line, and the French planes were inferior in design and number to the German planes.
Even though the English fed them details of German operations obtained by breaking the Enigma code, French inferiority was so great that they still lost!
And how could the French possibly have won when the Germans had generals who looked like this?
Looking back on the Maginot Line
It’s hard to find a better example of “fighting the last war” than the Maginot Line. But surely everyone learned the lessons of how bad it is to fight the last war, right? Nope. That’s one of the reasons why the Maginot Line serves so well as a metaphor, going well beyond its role in history. It serves as an oft-ignored beacon for what you should not do.
The Maginot Line and Cyber Insecurity
We can make ourselves feel comfortable by calling it cyber-security, but the reality is that anyone involved with computers is somehow involved in cyber-warfare, whether as a civilian (most people, the “users”) or as a professional. Most computer professionals like to think they have civilian jobs in the computer industry, but the fact is, they’re involved in cyber-warfare no less than the people who transport military supplies to the soldiers are involved in warfare. Everything they do makes a contribution to either winning the war or losing it.
How’s the cyber-warfare going? How do most wars go when the leaders refuse to acknowledge they’re at war? Yup, that well. We act in every way like we're at peace, and insist on peacetime software development methods, while on the other side, hosts of bad guys fully acknowledge they're at war, and it's a war they intend to win.
The leaders of our computer systems insist that they’re doing everything they can to maintain cyber-security. Their words are often backed by money. It’s not unusual for 10% of a company’s IT budget to be spent on cyber-security. Unfortunately, the vast majority of the money and the efforts go to building the computer version of Maginot Lines, systems that the people in charge are convinced are brilliant, but which are in fact generations behind the bad guys who are constantly attacking them.
There is a natural tendency to fight the last war, no matter what you’re doing or where you work. Many people are aware of this tendency and try to avoid it, just as the people who built the Maginot Line tried to avoid it. They genuinely tried their best to take into account the advances that would take place, and plan for that future state. But the Germans were more advanced than the French planned for, and more clever.
So what do you think would take place in a field where the rate of advance of the technology is greater than in any other domain of human experience? If it’s hard for people in domains in which patterns and practices advance slowly, how hard is it in a domain which advances hundreds of times more quickly than anything in history?
That, in a nutshell, is why the vast majority of the billions of dollars spent on cyber-security has the net effect of wasting money and making us cyber-insecure.