What Schrödinger Knew About Cybersecurity in 1944

Entropy Always Wins... Why Integrity Assurance Is Foundational to Cybersecurity

This article was originally published by Robert E. Johnson, III  on LinkedIn — read it here.

There is a question every organization should be asking more often: How do we know our systems are still what we believe them to be?

Not what we hope they are. Not what a dashboard suggests. Not what a policy says they should be. What they actually are. 

That question sits at the center of cybersecurity, even though it is often treated as a secondary issue. We talk a lot about threats, attackers, artificial intelligence, ransomware, phishing, zero-days, and detection. Those are all important. But beneath all of them is something more fundamental: integrity.

The files, configurations, systems, devices, identities, workloads, and applications we rely on must remain in a known, trusted, and verifiable state. When they change, we need to know what changed, when it changed, who changed it, whether it was authorized, and how to restore trust. 

Without that, everything else becomes guesswork. 

To understand why this matters so much, it helps to step back and consider something larger than IT. 

Digital Trust Does Not Maintain Itself

In 1944, the physicist Erwin Schrödinger published a small book called What Is Life? In it, he made an observation that has aged remarkably well. Living systems, he argued, exist in defiance of physics' most relentless law: the second law of thermodynamics, which tells us that in any isolated system, entropy - disorder - tends to increase over time. Things break down. Order decays. Heat dissipates. Structure erodes. 

A living cell, Schrödinger pointed out, maintains its order only by continuously doing work against this tendency. It imports energy. It exports waste. It actively repairs itself. The moment that work stops, the cell collapses back into disorder. 

Order is not the default state of the universe. Order is discipline. 

This is not a metaphor. It is one of the most well-established principles in science, later developed further by Ilya Prigogine into the theory of dissipative structures, which earned him the Nobel Prize in 1997. Any complex, ordered system, such as a cell, an organism, a city, a power grid, an entire enterprise IT environment, persists only as long as something is actively maintaining its order against the universe's tendency toward decay.

Enterprise information systems are no different.

Anyone who has operated real systems understands the practical version of this. Files become corrupted. Configurations drift. Logs get noisy. Backups become stale. Dependencies break. Patches alter behavior. Cloud settings change. User permissions expand. Scripts accumulate exceptions. Systems that were once clean, known, and trusted slowly become harder to understand. 

The confidence we had in a system yesterday does not automatically carry forward to today. 

That is the cybersecurity lesson. 

Digital trust does not maintain itself. It has to be continuously verified. 

Why Integrity Assurance Is Different From Detection

Most cybersecurity programs are built around detection and response. We deploy tools to watch behavior, analyze logs, inspect traffic, score anomalies, correlate alerts, and look for patterns. These capabilities matter. They help security teams find suspicious activity in environments that are too complex for humans to monitor manually. 

But many of these tools are probabilistic by nature. They infer. They estimate. They assign confidence. They tell us something looks unusual, resembles known malicious behavior, or may deserve investigation. 

That is valuable. It is also NOT the same as assurance. 

Integrity assurance is different. 

Integrity assurance starts with a known-good state and continuously asks a simple but powerful question: has that state changed?

• Did a critical file change?
• Did a configuration drift?
• Did a registry key get modified?
• Did a privileged account's permissions change?
• Did a firewall rule get altered?
• Did a database object move away from its expected state?
• Did a cloud configuration become exposed?
• Did a container, hypervisor, network device, or application component change in a way that was not approved?

These questions are direct. They are testable. They create a different kind of confidence. 

Because almost every meaningful cyber event includes unauthorized change. 

Ransomware changes files. Malware changes binaries. Attackers change configurations. Insiders change data. Supply chain attacks change trusted software. Cloud breaches often begin with configuration mistakes or policy changes. Privilege escalation changes identity relationships. Persistence mechanisms change startup items, scripts, services, scheduled tasks, and policy settings.

Even when an attacker begins with credential theft, the objective is usually to change something: access, permissions, data, logic, behavior, visibility, or control.

Cyberscurity is often described as keeping bad actors out. That is only part of the job. The deeper job is preserving the trustworthiness of the environment.

That is why integrity assurance is foundational. 

It gives the organization a way to say, with evidence, "This system is still in the state we expect" or " This system has changed, and here is exactly how."

That distinction matters. 

Security Teams Don't Need Noise, They Need Certainty

Security teams need to be able to separate authorized change from unauthorized change. They need to know whether a change was part of a normal patch cycle, a legitimate administrator action, an accidental mistake, or the first visible sign of compromise.

This is where integrity becomes more than a compliance control. It becomes an operational discipline. It becomes a security control. It becomes a source of truth. 

Schrödinger's insight applies directly. If complex systems do not preserve order on their own, then order must be actively maintained. In cybersecurity terms, that means baselining, monitoring, validating, reconciling, documenting, and remediating change.

We should not assume integrity. We should prove it. 

This becomes even more important as technology environments become more dynamic.

Modern organizations are no longer protecting a few servers in a data center. They are protecting:

• hybrid environments
• cloud infrastructure
• virtual machines
• containers
• SaaS platfoms
• identity systems
• remote endpoints
• network devices
• databases
• industrial control systems
• increasingly AI-enabled workflows

The attack surface is not just bigger. It is constantly changing. 

Without Trust, You Have Nothing

Automation can scale good decisions. It can also scale mistakes. Cloud platforms can accelerate innovation. They can also expose sensitive systems with a single misconfiguration. AI can help analysts move faster. It can also produce outputs that sound convincing but are not verifiably correct. 

That is the challenge of the modern security environment. Speed is increasing. Complexity is increasing. Uncertainty is increasing. 

Integrity assurance pushes back against that uncertainty. It gives security teams a disciplined way to validate reality. 

This matters because cybersecurity has a truth problem. 

A dashboard can be wrong. A log can be incomplete. A system can be tampered with. An alert can be missed. An attacker can disable controls. A configuration can drift slowly enough that nobody notices until it becomes a serious exposure. Sound familiar? Just think about Volt Typhoon and Sale Typhoon... both involved authorized changes to critical systems that went undetected for extended periods. 

Every security tool depends on some version of truth. EDR needs trustworthy endpoint data. SIEM needs trustworthy logs. Vulnerability management needs a trustworthy asset inventory. Identity tools need trustworthy permissions and policy states. AI systems need trustworthy inputs. 

If the foundation is unstable, every tool that depends on that foundation becomes less reliable. 

This is why integrity should not be viewed as a niche category or a checkbox for auditors. It should be viewed as one of the core pillars of cyber resilience. 

Confidentiality protects who can see information. Availability determines whether systems can be accessed and used. Integrity protects whether systems and information can be trusted. 

Without integrity, confidentiality and availability lose much of their meaning. A system may be available, but compromised. Data may be confidential, but altered. Logs may exist, but manipulated. Software may run, but not as intended. 

Trust depends on integrity. Integrity depends on verification. 

From Guesswork to Guarantees

The future of cybersecurity will not be won by tools that only predict what might be happening. Prediction has value, but prediction is not proof. The future will require systems that can verify what has changed, determine whether that change was authorized, and restore to a trusted state when it was not. 

That is especially true as attackers become more sophisticated. 

The more advanced the threat, the more important it becomes to know whether critical assets have changed. Not generally. Not eventually. Immediately. 

The same principle applies to compliance. 

For many organizations, compliance is still too manual. Teams gather evidence, change screenshots, prepare documentation, and try to prove that controls were in place after the fact. But true compliance is not a point-in-time exercise. It is a continuous state. 

A control that was working last quarter may not be working today. A configuration that was compliant last month may have drifted yesterday. An audit report may show intent, but integrity monitoring shows evidence. 

That is a major difference. 

Integrity assurance allows organizations to move from "we believe we are compliant" to "we can demonstrate that critical systems remain in an expected state."

That is not just better for audits. It is better for security. 

Trust Begins with Integrity

Schrödinger's observation about life applies to every complex system humans build. Order does not happen passively. It must be maintained, measured, and defended against a universe that tends, always, toward disorder. 

In cybersecurity, that means integrity has to move closer to the center of the conversation. 

The organizations that understand this will have a meaningful advantage. They will respond faster. They will investigate with better evidence. They will reduce noise. They will recover with more confidence. They will prove compliance more efficiently. Most importantly, they will have a clearer view of whether their infrastructure can still be trusted. 

That is the real foundation of cybersecurity.

Not just detecting threats. Not just blocking attacks. Not just collecting alerts. Knowing, with confidence, that the systems you depend on remain in a trusted state. 

At Cimcor, this is the exact problem CimTrak was built to solve. CimTrak provides real-time system integrity monitoring and change control across files, configurations, network devices, Active Directory, databases, cloud environments, containers, hypervisors, and other critical assets. It establishes trusted baselines, detects unknown, unwanted, and unauthorized changes in real time, shows teams precisely what changed, who or what changed it, when it changed, and how, then supports remediation, rollback, and audit-ready evidence. 

In a world where complexity and AI are increasing uncertainty, CimTrak helps security teams restore something incredibly valuable: confidence that critical systems are still in the state they are supposed to be in.