[superuser2]

Assuming you have an impenetrable perimeter is a common reason for failing to secure the interior of a network. i.e. "It doesn't matter if we use Windows XP/don't patch things/don't use encryption because it's airgapped." Then, once someone does breach your impenetrable perimeter (through an insider, side-channel, whatever), the whole thing falls.

So yes, a network designed with the assumption that it will be constantly barraged with attacks is probably more secure than one designed be people who (subconsciously or not) discount the possibility of malicious traffic ever occurring.

[ghshephard]

It's a common meme - back in 1999, when I was running IT in a startup, a lot of the recent engineers who had come from Stanford were offended by our firewall. There claim was that our network should not have a firewall rule, because, by having a firewall, we believed that we were somehow "less vulnerable" than if we had no firewall, and that if we eliminated the firewall, then all of our servers, desktops, etc... would be secured, and, if someone were to get inside our network, they would not have any advantage.

The reality, is that you want to do both - have a rock solid firewall, and secure your internal servers.

In the case of a Nuclear Missile Silo, I'd like to believe that as much as possible was run with switches, dials, and manual controls which require physically penetrating the perimeter of the silo, and having all sorts of advanced credentials, procedures, and codes to actually accomplish anything. (Said PAL codes being supplied by the President or their designate).