From perimeter defense to precision-driven: a shift in war and cybersecurity strategy

How war and defense have changed over time and what lessons we can learn from this

For decades, scale defined strength. In both military doctrine and cybersecurity, the default mindset was straightforward: the bigger the wall, the better the protection.

This thinking gave rise to France’s Maginot Line[i], a long and advanced chain of fortifications built after World War I. It was designed to create an impenetrable perimeter against German invasion.

In cybersecurity, this same thinking led to a focus on firewalls and building the highest possible ‘wall’ around your corporate network. This made sense in a time when threats were more linear and predictable: if you controlled the perimeter, you managed the risk.

But that logic has been tested, just as the Maginot Line was. In 1940, the German army didn’t try to break through the line’s strongest points. They simply went around it through the Ardennes Forest, a route that the French considered too hard to cross. The nature of conflict evolved, requiring a shift in defense as well.

Success in modern-day warfare depends on speed, visibility and the ability to act with intent. Militaries have moved from broad defense strategies to precision operations.

A development that was illustrated by the ‘Revolution in Military Affairs’ with the use of smart bombs and real-time intelligence[ii] during the Gulf War. Instead of ‘carpet bombing’, a single cruise missile could now eliminate a specific command center.

Cybersecurity is undergoing a similar shift: from static perimeters to precision-driven approach.

Why total coverage ≠ total control

Traditional cybersecurity still leans on the idea of total visibility and protection. Organizations invest in multiple layers of defense, monitor a wide environment and try to track every possible event. The assumption is that more coverage = more control.

Yet, attackers don’t need break through the whole wall. They find small openings and bypass the strongest defenses instead. One example is the 2013 Target data breach. Attackers didn’t hit Target directly; they got in through a third-party HVAC vendor[iii] who had network access. Once inside, they moved laterally and went straight for the crown jewel: the point-of-sale systems. The breach affected 70 million customers.

Defending everything equally may seem thorough, but in practice it can stretch teams thin, increase alert volume and reduce the ability to respond effectively. You may even consider it the digital equivalent of trench warfare: there are wide defenses but the constant, high-volume stream of attacks makes it impossible to spot the truly significant offensive maneuver.

Coverage is necessary, but without prioritization and context, it becomes noise.

A shift toward a smarter cybersecurity strategy: prioritization

Modern military strategy, heavily influenced by concepts like Colonel John Boyd’s Observe, Orient, Decide, Act (OODA) Loop[iv], underscores the relevance of fast decision-making. The goal is not to win through brute force, but to out-think and out-maneuver the adversary.

For example, the German Blitzkrieg doctrine in World War II prioritized attacks on command centers, communication lines and logistical hubs to paralyze the enemy’s ability to respond.

For organizations these days, this translates to a similar mindset when it comes to cybersecurity strategy:

• Identifying the ‘crown jewels’ (the most critical systems, data and assets) whose compromise would cause the most damage.
• Applying strict access controls to protect the paths to and from these assets.
• Monitoring those assets with detection capabilities that inform fast, targeted decisions for containment and eradication.
• Building situational awareness to distinguish a real threat from benign anomalies.

This isn’t about cutting corners. It’s about making smart, risk-informed choices to allocate finite resources where they will have the greatest impact on protection.

From visibility to taking action

Security begins with visibility, but effective security demands more. Without clear context, visibility can become overwhelming. The 2020 SolarWinds supply chain attack is a prime example. The attackers compromised the build process for SolarWinds’ software, embedding their malware into legitimate software updates. Thousands of organizations, including top government agencies, installed the malicious update.[v]

The initial intrusion was ‘visible’ (a new process was running), but it lacked context. It appeared as a trusted, signed process from a known vendor. Static inventories and disconnected alerts were insufficient. What was needed was a dynamic understanding of the environment to detect abnormal behavior from a supposedly normal process. Like a known process suddenly trying to connect to unknown external servers or access sensitive credentials.

Precision strengthens real resilience

Trying to protect everything equally is not always realistic, especially at enterprise scale. Building a digital Maginot Line creates complexity that can end up obscuring risk, rather than reducing it.

A more effective cybersecurity strategy balances broad coverage with focused control. When you know what matters most and can protect it adequately, you build true resilience. Not by increasing volume, but by focusing effort on what matters most.

---

[i] Horne, Alistair. 1990. To Lose a Battle : France 1940. Revised edition. London: Penguin.

[ii] Hallion, Richard. 1998. Storm over Iraq : Air Power and the Gulf War. Washington: Smithsonian Institution Press.

[iii] Krebs on Security. “Target Hackers Broke in via HVAC Company,” February 9, 2014. https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/.

[iv] Coram, Robert. 2002. Boyd : The Fighter Pilot Who Changed the Art of War. 1st ed. Boston: Little, Brown.

[v] Reuters. Suspected Russian hackers spied on U.S. Treasury emails – sources. December 13, 2020. https://www.reuters.com/article/us-global-cyber-usa-idUSKBN28N0PG/.