the security models designed into operating systems never considered networked systems
The security model was aimed at putting the user in control of the software they run. That's what general-purpose computing is: allowing the user to use the machine's resources for whatever general purpose they intend. The only protection required was to make sure the user couldn't interfere with other users on the same system.
What was never considered before is adversarial software. The model we're now operating under is that users are no longer in control of the software they run. That is the primary thing that has changed; not the users, not the network, but the provenance and accountability of software.
The security model was aimed at putting the user in control of the software they run. That's what general-purpose computing is: allowing the user to use the machine's resources for whatever general purpose they intend. The only protection required was to make sure the user couldn't interfere with other users on the same system.
What was never considered before is adversarial software. The model we're now operating under is that users are no longer in control of the software they run. That is the primary thing that has changed; not the users, not the network, but the provenance and accountability of software.