Page 20 - index
P. 20
Similarly, the Center for Disease Control relies on an information sharing collaborative approach
and analysis in an effort to improve detection, prevention, mitigation, response and recovery to
health events that might have local, regional, national or even global consequences.
Each of these risk management examples are intended to reduce potential negative impacts of
a given event, including injury to persons or property. This can be done with a national
education and awareness effort.
Severe weather events may trigger a media alert that is transmitted over your television, radio,
or portable device. Severe health events, such as Ebola or the H1N1 virus, may prompt the
issuance of alerts and recommended measures through a wide range of media and other public
awareness outlets.
In May 2009, during the last major address by the President that focused on cybersecurity with
the release of the Administration’s Cyberspace Policy Review, a list of near term action items
were identified in that Report. Item number six in that plan was to “Initiate a national public
awareness and education campaign to promote cybersecurity.” We need a renewed
commitment to a comprehensive and sustained collaborative approach to this important effort.
Leveraging the national attention that will derive from the annual State of the Union address
presents an opportunity for the public, private, non-profit and academic communities to join in
an effort to teach stakeholders of all levels of sophistication about how to better protect
themselves in cyberspace. Extending the approach to the K – 12 and higher education
communities, as well as small and medium sized businesses, home users, and even large
enterprises will raise the bar of cybersecurity protection for all of us. Authoritative sources have
indicated that as much as 80 percent of exploitable vulnerabilities are the result of poor or little
cyber hygiene, basic and fundamental steps for cyber protection. The National Institute of
Standards and Technology (NIST) Cybersecurity Framework is an important toolbox that can
assist many cyber users as they seek to align their security and resilience requirements with
their risk management and business needs.
The proposed approach advocated by the White House appears to be focused largely on
addressing the issue of sharing information from the private sector to the government. There is
little reference to the continuing gap of addressing the need for the government to share threat
information and intelligence with the private sector to inform the risk management decision
making process.
As is the case in the world of physical security, it is not possible to protect everything all of the
time in cyberspace. Accordingly, all stakeholders, whether they are private sector, government,
non-profits, academic institutions or others, must rely on timely, reliable and actionable
information about threats and vulnerabilities in order to make informed decisions about their
own approach to security and resilience.
The notion as expressed in the Administration approach to creating yet another class of
information sharing organization will not address the fundamental gaps in today’s environment
and might in fact, create even more confusion for stakeholders. Established information sharing
20 Cyber Warnings E-Magazine – January 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
