Today, I want to write about cybersecurity people and practices, but first I need to take an aside, and talk a bit about Gilligan’s Island.
You must be wondering what Gilligan has to do with cybersecurity. It’s simple – it amounts to people doing the same stupid things over-and-over again while expecting a different outcome. AA refers to this as, “insanity”; however, to my mind, insanity is shooting up a bunch of innocent kids at a high school or drinking bleach to cure COVID.
That being said, this story begins with Gilligan’s Island – a certain candidate for the stupidest network television show ever. If you are not familiar with the premise, Gilligan’s Island was about an odd assortment of shipwrecked castaways who wanted to leave some uncharted remote island (Gilligan’s) every week. Their increasingly weirder efforts to return home *always* failed owing to some bumbling error committed by Gilligan. I watched every episode of Gilligan’s Island. That was stupid. Maybe 3 full standard deviations to the left of the IQ bell curve centerline.
Why was watching Gilligan’s Island stupid?
Because you *knew* that in every half hour show – more specifically, 3 nine-minute segments, the castaways would come up with some whacky plan to return home, and that Gilligan would *always* do something foolish that would prevent the group’s chances of getting home.
Here’s a picture of Gilligan.
The physics of Gilligan, like tossing a ball into the air & catching it on its return – as sure as gravity, death, & taxes — was that he always fucked things up.
After the first few shows, I wondered, “Why don’t they tie this idiot up, or why don’t they use him for shark bait?”
Why didn’t they just kill Gilligan?
This is a little embarrassing to admit, but the reason I watched every week was Mary Ann & Ginger.
One way to define a stupid person is to place them into an IQ bucket. Check out the graph below. Intelligence – whatever that is – when measured, falls into a normal distribution. A normal distribution looks like a Bell Curve (below)
Most people know this, but have they thought through what this means?
The normal distribution means that probability that you will interact with a stupid person is 50% if you interact with one other person, or in fact, look in a mirror.
Half of the people in the world are on the left side of the IQ Bell Curve. These people are the stupid people (I’m not certain that I’d be wrong if I suggested that 90% of “IT Security” experts live on the left side of that curve).
I’ve noted that I have committed many stupid acts, using Gilligan’s Island as one example. But, here’s what’s really scary. The United States Coast Guard occasionally received telegrams from concerned citizens, who apparently did not realize it was a scripted TV show, pleading for them to rescue the people on the deserted island. There were a number of people out there who believed that the show was real!
This is a depth of stupidity that I can’t comprehend. This is blazing hot summer day on Mercury stupid.
Anyways – I planned to write about cybersecurity people and practices, and instead, ended up writing about Gilligan and stupidity. Coincidence?
Most cybersecurity experts are the Gilligans of the technology landscape. They are walking examples of The Lollipop That Licks Itself.
That image it’s oddly disturbing in some fashion. What does it mean?
The LTLI is a metaphor for a process, department, institution, or person that offers few benefits and exists primarily to justify or perpetuate its own existence. Gilligan is an example of this. While the rational thing to do would have been to drown him, without him there was no show; thus, he continued to live.
Similarly, in the world of cybersecurity, security experts and entire IT security departments exist whose mission is really quite simple, “Protect this organization’s data”. That is, get us off the frikken island. And yet, after more than thirty years of education, tools, practice, and funding, we can’t stop the flood of data that escapes from organizations every day. Why is this? It’s because we won’t kill the Gilligans. Now, I’m not suggesting that we actually kill them, but terminating their employment would suffice. If you are a LTLI, then you go.
The lens we look through determines what we see. A common maxim describes this: “If you have a hammer, every problem looks like a nail”. Most everyone at every level in the business of cybersecurity are content to whang away with the latest, digitally transformed hammer without understanding that the nail is not a nail, nor will it ever be.
My belief is that cybercrime can be wiped out in the same way that seagoing piracy was wiped out. That is: by elimination of all safe harbors, by rapid identification & arrest of the attackers, & punishment by severe criminal penalties. If you think about this the way that Cleon handled non-virtual criminals during the Peloponnesian War, then immediate execution seems a reasonable option.
The root cause solution is to come up with an international, joint, enforceable policy on internet crime that addresses the points above.
: – \