Cybersecurity and Aikido

Disclaimer: I am neither a cybersecurity expert nor an Aikido practitioner so apologies in advance for any faux pas or false facts.

I was watching this video recently where it interviews an Aikido masters and he talked about Iai (Iaido), where one is always prepared to draw their sword due to sudden attack, which relates to the point that there is no honour or dishonour in attacking people when they are not ready, opposite to the idea of dueling in the West. Seems harsh but let’s think about it: if you’re a criminal, would you wait for your victim to get ready or not disadvantaged? Criminals have bad intentions anyways, and it seems ludicrous to expect them to follow rules. No honours among thieves, is the saying.

I was then reminded a few months ago when I was involved in a cybersecurity assessment of a product and we were looking at ‘strengthening’ the product through methods or techniques in the cybersecurity standard IEC 62443. The standard is huge and well intentioned but like the concept of Iai, a criminal would in no way ‘follow’ the standard, but will likely just poke and prod until he/she finds a hole or weakness in the chain. So we tried to put ourselves in the position of a criminal or hacker but this has the danger of going to extreme means in order to attack or hack the product. To be fair, IEC 62443 does have rationalisation of how much effort needed to expended based on the possible risk, which is quite useful to justify our action, but sometimes it is not that clear cut.

Maybe I am trying to hard to draw the parallel between the twos but I think cybersecurity is in some sense is martial art, as it is a form of protection, only it is done digitally.

Thank you for reading.