Security in computing as in real life
It’s hard not to see a parallel between the mental shift that September 11 implied, and the mental shift that’s been going on in the computing business for a year or two: It used to be that you could focus in designing systems that worked when everybody cooperated willingly. Now you have to design systems that work, even in the face of someone trying to do harm.
Sure, airports in the US had security measures even before September 11. But they weren’t taken very seriously. The focus was definitely on making air travel as effective as possible, assuming that all the passengers and all the personnel were doing their best to make things work.
Likewise with computers. Networking protocols were designed so they’d work. Nobody thought about what would happen if someone wanted to disrupt things. Why would they want to do that? Don’t they want it to work for them? Case in point: A security flaw was recently discovered in most implementations of SNMP.
Changing your mind-set from designing things that work when everybody’s trying to make it work, to designing things that work even in the face of evil-doers, is quite a challenge.