Chapter 2. Systems-Oriented Security

Understanding is relating; it is fitting things into a context. Nothing can be understood on its own.

Mary Midgley, Beast and Man

In our sociotechnical transformation toward resilience, we must become systems thinkers. We must no longer perceive components as stationary, solitary objects. Within the susurrations of shadows on the wall, we can sense their sophisticated symphony—that they coordinate in concert toward a more momentous aspiration, grand in scale. In our day-to-day lives as computer people, we must nurture more holistic views of the technologies we build, operate, and manage if we wish to prepare them for adversity. Like spectators escaping Plato’s cave, we must work together—dismantling divisions between teams and services—to probe beyond the shadows and reveal the exquisite complexity of our system’s reality.

In this chapter, we will deepen our exploration of security in the resilience era to set the foundation for applying it in practice across the delivery lifecycle. We’ll begin with a discussion of our mental models, our omnipresent assumptions about how our systems behave; like shadows in the cave, they can lead us astray and weaken our security outcomes. How can we free ourselves from phantasms and align our mental models with reality? The answer is through resilience stress testing, a pragmatic implementation of our resilience ...