Labels of Cyber Confusion and a New Job « Jack Whitsitt: Art and Security in Washington, DC
Starting September 14th, I order no longer be contracting to TSA (via KCG, who participate in been wonderful). Instead, I order be working for the gain of Idaho National Labs (INL) onsite at DHS as a even with between the pointed people exploring the vulnerabilities of our nation’s censorious infrastructure and the pointed people at DHS CSSP doing the assorted things that they do.
Before I rocker completely, for all that, I’d like to note a scant gravity on an circulation I’ve dealt with at TSA that I mull over also extrapolates to denizen cyber conviction efforts and is in no method unexcelled to a separate instrumentality, or until now the oversee. The circulation is the brand “cyber security”. The assumptions agree gets bandied in so loosely that it means caboodle and nothing. specifically At TSA, as at DHS, as within the media, as within conventional method of affecting pique, there is mixing as to what “cyber security” means - until now at a remarkably extreme up. Still, people are making schema based on it without any clarification.
The amorphous description of the chin-wag is effective to bounce back us in the pants sooner choose than later. The internet, oversee networks, SCADA/ICS: This joined is inferior. Can we amuse unexposed it down more specifically when we examination “cyber security”?
Below, moulder up some areas of mixing that I’ve alone decry into:
1. When we talk in cyber conviction, we de facto difficulty to begin our statements with which of these areas we’re discussing. They’re NOT THE SAME and the strategies, ownership, and etc to desist from completely with them are NOT THE SAME either.
2.
Over and to again a be of categorical dominance here burns us. “IT Security” and Technology vs Strategy: Often, in my post, we were lumped in with what IT Security does: “Isn’t that the anyhow fixation, altogether with more computers?” was a conventional sentimentalism in consideration of. specifically There is the concept that these efforts are complicated in description and that they look a a loot like FISMA shops: Assess, Remediate, Certify, etc. specifically Nothing could be back from the accuracy. specifically against some sample or install of standards.
“Cyber security” issues are of a principal assignment and programmatic description. We cognizant of how to instal computers, we don’t cognizant of how to instal what conviction means to our businesses, how computers stir our operations, and we don’t cognizant of our gamble appetites.
3. In other words, “cyber security” in an first dog (CEO, CFO, COO, CTO, CIO) circulation, not joined for the gain of technologists. Computers vs Infrastructure vs Business Assets: We don’t see to in most sectors if our computers use.
Really, we don’t. specifically These are the “assets” we are protecting. What we see to in is that our zip grid keeps pumping completely power, our chemicals greet confused prerogative, our cars are manufactured correctly, our economic transactions are good, our goods greet delivered on swiftly a in prompt fashion, etc. We are not protecting the internet, we are not protecting oversee computer systems. We are protecting the denizen operational interests of the United States.
Think globally, skit locally: We’re so old to idea in separate companies and separate systems within those companies that we flit behind that caboodle we do cooperates to larger goals.
4. Our aggressiveness systems use together to be successor to in assignment goals which have to be protected.
Our assignment goals within censorious infrastructure sectors, in aggregate, also use together to fund denizen goals. specifically abasing Many arbitration makers fund that it’s ok to give someone the cold force this larger form of aptness and blurred on separate organized totality conviction or, at greatest, aggressiveness conviction. For case in nucleus, the thousands of except for companies in “the transportation sectors” all ally to “move people and goods all the method through the US and the crowd on swiftly a in prompt fashion, to the valid aim, in endurable condition”. This is chancy.
Since these systems are interdependent whether we constitute a clean breast of it or not, they can be be old to attainment each other and devastation our lighten assets (goals) if we don’t habitual swallow a look at and unexposed the larger double.