Network security has always been something of balancing act between maximizing sharing and ease of use, and erecting barriers.
When computer networks first emerged, there were few limitations on what could be transmitted over them. However, after the world’s first major network computer security incident—the Morris Worm of 1988—organizations began to retreat behind network-level firewalls and anti-virus software. Some defenders even tried to completely disconnect their networks from the outside world via “air gaps.”
This paper argues that it is time to move beyond the security paradigm of separating networks, as epitomized by the air gap. Instead, network defenders should embrace an approach which allows sharing and connectedness, anticipates that adversaries will penetrate the network, and is able to detect, and ultimately eject those adversaries before they can do harm.