You are correct. The reason why you are correct is key though. You can keep everything up-to-date, and lock down systems as tight as you want. But as long as any user has legitimate access to the system; there are weak links in the chain. If a user has access to the internet or a phone, they're susceptible to social engineering attacks.Email or web in particular, exposes the company to spear phishing attacks. Access to I/O ports or removable media devices creates a potential attack vector. Heck even without users who aren't highly security conscious, any hardware is a potential trojan assuming you haven't fully examined the code in every ROM of every motherboard, peripheral, router, etc. Every piece of software is also susceptible to 0-day exploits.
So despite all best practices, there'll almost always be low-hanging fruit for attacks. Conversely, any system sufficiently locked down to make them impenetrable not just by script kiddies, but by organized criminal enterprises or by foreign or domestic surveillance would also make it pretty much impossible to get any work done. So while doing your best to enforce basic security measures is a good first step, delving into the arcane and esoteric to further secure systems is still necessary if you wish to stay afloat in the arms race of cybercrime.
How much time do you think it will take to pull some of those extra warheads out of mothballs, arm them, load them onto a supersonic jet, fly them within range, and finally launch them at the suspected target? The warheads wouldn't even be close to getting out into the sunlight before the mushroom clouds appeared at the military base where they were stored.
Now in the post Cold War era, it's theoretically possible that the US, Israel, or other actors could launch a few tactical nukes against reactors in Iran, Pakistan, and/or North Korea, and then theoretically deploy enough stored warheads to replenish the supply to the level before the strikes. But you'll have to factor in the blowback these strikes would have on the global stage--particularly in China and Russia. and a full scale nuclear war might ensue shortly thereafter. If not, at least a huge build up on all sides would promptly commence and tensions would rise the world over to levels not seen since the Cuban missile crisis.
They found a dime inside when they tore it down?
Yes, sounds great. But while you will be a hero/martyr amongst the tech crowd.. Think how this would play out in the corporate controlled courts, media, and the populace:
1. You violated the DMCA in reverse-engineering their IP..
2. With forethought and malicious intent, you modified their IP to cause innocent parties systems to be flagged as suspicious.
3. You "infected" computers and "hacked" networks across the country and around the world with this malware.
4. You knowingly caused widespread failure and shutdown of critical IT infrastructure, jeopardizing national security, disrupting commerce and businesses large and small leading to massive layoffs, mass panic, rioting, etc.
Your defense: "Well they did it first! And it was actually their code which shut everything down!" again will be supported by the techies and many fringe groups. But to everyone else, you'll simply be known as "the {wo}man who destroyed the internet!" Expect the popcorn you planned to munch when the SHTF will be buried in shit too!
A better solution in this case is just to be passive, or subversively active in supporting them. Don't shout from the rafters like we did for DMCA, SOPA, PIPA, et al.. Let the RIAA spend billions greasing legislators' palms and on shaping popular opinion of what a good and important step this is in protecting the media industry. We can help with the legislation, "Any system flagged for piracy will be immediately block the user from accessing the internet. However, a daemon will continue to run, searching the flagged system for any and all identifying information and sending it to the legal and RIAA authorities to facilitate prosecution." We can help them with their spin, "Don't let the music go away. Register it today!"
They can steamroll it through Congress, Declare the
HELP!!!! I'm being held prisoner in /usr/games/lib!