[lolinder]

I don't think the author intended to say that you can prevent all problems, I think they meant you can't just shrug and say "we can't help but get hacked". You can stop all problems from becoming critical, which is what airlines attempt to do.

They talk earlier about defense in depth, so it's obvious that they're not oblivious to the need for redundant safety measures:

> "We don't need a firewall, we have good host security" - no, you don't. If your network fabric is untrustworthy every single application that goes across the network is potentially a target. 3 words: Domain Naming System.

> "We don't need host security, we have a good firewall" - no, you don't. If your firewall lets traffic through to hosts behind it, then you need to worry about the host security of those systems.

[msla]

Maybe I'm being too harsh, but my interpretation of that point is that they expect we'll eventually become perfect, which isn't going to happen in the software world as it hasn't happened in the airline world, even though the airline world has more incentives to be perfect in the form of more penalties when it isn't.

[riffraff]

My understanding is the author suggestion is to start with a security first approach, rather than wait-and-fix.

They don't expect the airline to be infallible, but they expect the airline to be proactively avoiding trouble.

[scotty79]

The most secure plane is the one that stays on the ground.

It's always point of contention between people with security mindset and people that need to earn money to even hire people with security mindset.

[kortilla]

You’re not being too harsh, you’re missing the point. Defense in depth is not something you advocate for if you expect perfection.

[worthless-trash]

There is the flipside of that problem. If you say "We can never get hacked" then you will find that you breed a culture of denial if there is a problem.