Page 9 - Cyber Warnings
P. 9
similar yet different. The court’s interpretation may also be different. Although this does appear
to be a positive step, this is still indicative of a fractured set of direct guidance.
Commonality
The bi-product and symptom of this issue is rather clear. This has been manifested with the
breaches in email providers (e.g. Yahoo twice), the federal government (e.g. IRS, FDIC, OPM,
etc.), and too many other entities in the U.S. and abroad. The users personal data, intellectual
property, and other data and information stolen during these breaches has been sold in the
Dark Web, used for fraudulent activities and scams, and other deviant activities. This, among
other factors, has led to a decline in the confidence associated with cybersecurity (Help Net
Security, 2016). This is not only in the U.S., but on a global basis.
These endeavors have the same focus and goal of making the world a better place to live in via
implementing a standard which everyone follows. This would take the form in the future as a
reduction in the number of breaches, consumers being able to meander on the internet without
fear of ransomware or being a victim of personal identification theft, industry not having to fear
other nation states breaching their system for data and intellectual property.
The primary source of these issues continues to be the splintered InfoSec community standards
and a lack of applied security. The community is working towards the same goals however on
an individual basis. This, for example, would be securing the enterprise, securing
communication between endpoints or intr-company, securing the data at rest, and other projects
or transactions. This has not been focussed though. These efforts are not being accumulated at
a sufficient pace. The advances with these are being artificially depressed by the infrastructure
the community has self-imposed with each group being siloed. The effort may be much further
advanced if these groups had been working together towards a single standard.
The space program is an example. Space exploration would not be at this stage if multiple
groups in the 1950’s and 1960’s had been working on this. With this endeavor being under a
single, driving force (NASA), significant advances were made.
Common Processes
There is a commonality with the processes being reviewed. Within each protocol, there may
also be slight differences. With Wi Fi, there is the same action being undertaken. “A” is
communicating with “B”. These endpoints send and receive data and information. The data may
consist of appointments, Human Resource Payroll records, new circuit designs, or other
intellectual property. This process is replicated with a vehicle communicating with an application
on a smartphone to unlock or start the vehicle, a person working on a laptop connecting to their
work email, and biomedical equipment sending and receiving data.
These all have in common the act of communication of sensitive data. The security with this
should be standardized with the same protocol, since this is the same act. The “A” and “B”
parties are not necessarily pertinent in that these could be any business. The method or
channel is however the pertinent factor.
9 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide