The late Peter Bernstein, perhaps the world's foremost thinker on the topic, defined "risk" as "more things can happen than will." With technologic advance accelerating, "more things can happen than will" takes on a particularly ominous quality if your job is to ensure your citizens' survival in an anarchy where, daily, ever more things can happen than will. Realpolitik would say that under such circumstances, defense becomes irrelevant. What is relevant is either (1) offense or (2) getting out of the line of fire altogether. States that are investing in offense are being entirely rational and are likely to survive. Those of us who are backing out our remaining dependencies on digital goods and services are being entirely rational and are likely to survive. The masses who quickly depend on every new thing are effectively risk seeking, and even if they do not themselves know it, the States which own them know, which explains why every State now does to its own citizens what once States only did to officials in competing regimes.

I have long preferred to hire security people who are, more than anything else, sadder but wiser. They, and only they, know that most of what commercially succeeds succeeds only so long as attackers do not give it their attention while what commercially fails fails not because it didn't work but because it wasn't cheap or easy or sexy enough to try. Their glasses are not rose-colored; they are spattered with Realpolitik. Sadder but wiser hires, however, come only from people who have experienced private tragedies, not global ones. There are no people sadder but wiser about the scale and scope of the attack surface you get when you connect everything to everything and give up your prior ability to do without. Until such people are available, I will busy myself with reducing my dependence on, and thus my risk exposure to, the digital world even though that will be mistaken for curmudgeonly nostalgia. Call that misrepresentation, if you like.