This posting is the first in an ongoing serial of cyber/information security postings, which will be made available on my LinkedIn and 22nd Century World. I appreciate any comments and suggestions, so feel free to reach out to me through LinkedIn.
EPISODE I
13 MAY 2016
It has taken some time, but cyber security seems to be on the radar for quite a few people; what “cyber security” means to each of these people though is nothing short of a mystery. Everybody will have their own perspective and bias (including myself).
Let us get one thing out of the way: we are not secure and cyber security issues are not going away any time soon.
Former FBI Director, Robert Mueller, said in March 2012:
“I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
To drive home the point, current FBI Director, James Comey said to 60 Minutes in October 2014:
“I mean, there are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.”
It is 2016 and all evidence suggests nothing is going to stop this trend. The breaches and costs are both small and large.
To those who are even remotely interested or involved in the cyber security issue, what is stated above is not news; but these postings are designed for a wider audience, so please pardon the “identification of the obvious” to those who are literate in the subject.
It is about time the general public accepts that cyber security is no longer an issue for the remotely interested or involved. Nor is it an issue solely for your anti-virus software or IT department to be concerned with. Cyber (and information) security is an issue that involves individuals to enterprise users.
So, well, pretty much everybody.
This first segment is more or less an introduction to set the landscape. In lead up to the next segment, I will begin by looking at two sets of broad questions. The first is a take on the Weinberger-Powell Doctrine (questions slightly modified). For the second set, credit goes to Sydney Finkelstein.
Simply a suggestion, but if we want to truly be effective in the cyber security battle, both sets of questions have to be answered, from a personal and organizational perspective.
(Note: I will expand more on each of the sets of questions in Episodes II & III, but for background on the Weinberger-Powell Doctrine go here and for Sydney Finkelstein go here.)
Set I – Modified Weinberger-Powell Doctrine
- Is a vital personal/organizational interest threatened?
- Do I/we have a clear attainable objective?
- Have the risks and costs been fully and frankly analyzed?
- Have all other non-technical means been fully exhausted?
- Is there a plausible strategy that avoids excessive cost?
- Have the consequences of our action been fully considered?
- Is this an action I/my organization will support?
- Will I be able to gain the support/assistance of those I rely on?
Set II – Sydney Finkelstein’s Three Questions
- Are you really willing to change what you have been doing?
- Can you think of a better strategy or idea than the status quo?
- Can you execute on your chosen solution?
Episode II will focus on the modified Weinberger-Powell Doctrine and Episode III will focus on Sydney Finkelstein’s Three Questions.
Commentary note: A growing frustration of mine has been the arrogance (real or perceived) of people who think “I got this” when it comes to cyber security. The very nature of the issue is amorphous, so the nanosecond we kick this attitude to the wayside, we will all be better off. None of us “got this” and the moment we truly start working together – from a variety of different disciplines – perhaps we’ll have a chance to get a handle on the issue.
And yes, I will declare my bias for interdisciplinary solutions given my own experiences and training, and no, “I don’t got this” either…I’m just hoping we can all learn from each other before we pass the tipping point (who knows, perhaps we have already!…open to discussion!).
Special thanks to RADM (Ret.) Donald Loren and Maj Gen (Ret.) Jim Keffer.
Special thanks Part Deux to Dr. Lydia Kostopoulos (@LKCyber) for tweeting this: https://twitter.com/LKCyber/status/730388904197693440 and to Wyly Wade (@wylywade) for the retweet.