TCP/IP: The Original Sin of Networking

Every religion has its creation story — and its original sin. In networking, that sin was baked into our DNA from the start: TCP/IP.

Don’t get me wrong. TCP/IP was a stroke of brilliance. Vint Cerf, Bob Kahn, and their colleagues solved a monumental challenge: how to get dissimilar systems — built by different vendors, using different protocols — to talk to each other. They created a standard that unlocked global connectivity and became the foundation of the digital age. Without it, there’s no internet, no cloud, no streaming, no Slack.

But like every original sin, it came with a cost. TCP/IP assumed trust. And we’ve been paying for that assumption ever since.

A Protocol Born in a Trust Club

Let’s rewind to the late 1970s. TCP/IP grew out of ARPANET, the Defense Department research project linking government labs, universities, and contractors. The environment was small, closed, and collegial. Everyone knew everyone. The adversaries weren’t ransomware gangs in Russia or phishing kits in Nigeria — the threat model was misconfigurations and dropped packets.

In that world, security wasn’t top of mind. The architects prioritized interoperability and reliability, not adversarial defense. TCP/IP’s guiding principles were simplicity, resilience, and “best effort” delivery. Routing, addressing, and packet switching mattered most. Encryption, authentication, or fine-grained access controls? Too heavy. Too slow. Too impractical for CPUs and bandwidth measured in kilobits per second.

The assumption was that security could live elsewhere. Applications could bolt it on if needed. Physical access controls, trusted labs, and government oversight would keep the bad guys out. Nobody imagined the same protocol stack would one day carry banking transactions, healthcare records, or global commerce.

The Consequences of Trust-by-Default

Fast forward a few decades, and those innocent design assumptions turned toxic. TCP/IP’s implicit trust became a goldmine for attackers:

• Flat networks, free lateral movement. Once an intruder got in, they could go anywhere.

• Bolt-on security. Firewalls, VPNs, IDS/IPS, NAC, proxies — an alphabet soup of bandages layered on after the fact.

• Complexity explosion. Every “fix” meant another box, another policy engine, another silo.

• User pain. VPNs slowed productivity, broke workflows, and frustrated employees — while attackers still waltzed in.

The result? An architecture never designed for adversaries was now defending against them, one patch at a time. And instead of policy = outcomes, we ended up with policy = hardware sprawl.

Why Security Wasn’t There in the First Place

It’s easy to criticize in hindsight. But the designers of TCP/IP weren’t negligent; they were pragmatic. In the late ’70s:

• Bandwidth was scarce and expensive.

• CPUs lacked horsepower for heavy cryptography.

• Memory and storage were limited.

If they had tried to bake in strong encryption and authentication, TCP/IP might never have worked, or wouldn’t have gained adoption. Speed and simplicity won. And once the genie was out of the bottle, security had to be retrofitted. SSL/TLS, IPsec, SSH — all came later, bolted onto a foundation never built for them.

That retrofit mindset became the default operating model of networking for 40 years. And that’s why I call TCP/IP the original sin: it forced us into a reactive, bolt-on approach to security that we still haven’t escaped.

Zero Trust: The Antidote to Original Sin

Here’s the good news: we finally have a way to atone.

Zero Trust Networking flips TCP/IP’s founding assumption. No implicit trust. No open hall passes. Every connection is continuously verified — user, device, context, and policy. Instead of extending the network everywhere (and exposing everything), Zero Trust minimizes application exposure. Users get access only to the specific resources they need, nothing more.

The impact is profound:

• Attackers are contained, unable to move laterally.

• Policy aligns with outcomes instead of hardware.

• The network becomes invisible to outsiders — there’s nothing to “break into.”

Zero Trust doesn’t erase TCP/IP’s sin, but it corrects its consequences.

SASE: The Rewrite We Needed All Along

Security is only half the battle. The other half is simplicity. Decades of bolt-on fixes left us with complexity so bad it’s now a vulnerability in itself.

That’s why Secure Access Service Edge (SASE) matters. By unifying networking (SD-WAN) with cloud-delivered security services (ZTNA, SWG, CASB, DEM), SASE provides what TCP/IP never did: a fabric where connectivity and security are inseparable. Delivered from the cloud, close to the user, SASE replaces the sprawl with a cohesive, scalable model.

Think of it as the modern rewrite of the networking stack: secure by design, built for cloud and mobility, architected for a hostile internet.

From Sin to Redemption

Calling TCP/IP the original sin of networking isn’t about blaming its inventors. They built something that changed the world. But their design assumptions — trust by default, security as an afterthought — created an inheritance of complexity and risk we’ve been patching ever since.

Now we finally have the opportunity to redeem that architecture. Zero Trust gives us the philosophy. SASE gives us the architecture. Together, they let us build networks that are not only connected, but secure, simplified, and resilient by design.

It’s time to stop patching the past and start architecting for the present. Because the only way to escape original sin is with a new covenant.