Page 4 - index
P. 4
,,-+ % + ),-+1&*$ 3 "-." 0-&/3 *! -&/& (
*#- ./-0 /0-" -+/" /&+* 0./ * (0!" + 0. * %" .& .
Blocking and Tackling Will Move the Needle of Cyber Protection
- $ ,
While the government seems to be focused primarily on worst-case cyber scenarios—potential
events with projected significant impact, but very low probability of happening—there is much
more we as a nation of stakeholders in a globally connected community, could do to improve
our overall cybersecurity and critical infrastructure profile.
As with physical security, it is important to recall that cybersecurity and critical infrastructure
protection is about assessing and managing risk. It is not possible to protect everything all of the
time.
There is no one-size-fits-all approach to cybersecurity. Risk management requirements,
business or personal needs, and resource availability vary among a wide range of stakeholders,
as do the approaches to assessing and managing cybersecurity risk. It all starts with awareness
and education about the threats, vulnerabilities and consequences of engaging in cyberspace.
Accordingly, it is time to focus on fundamental steps that will improve our current cybersecurity
and critical infrastructure protection profile, while thinking about and planning for more severe
events. A holistic approach to this critical national and economic security issue will produce
more effective and tangible results.
The following are examples of actionable steps that should be included as pieces of a blueprint
for improving cybersecurity and critical infrastructure protection. In the past few months I have
explained how IT supply chain security (May 2014) and proper cyber hygiene (July 2014) fit into
this blueprint. Each of these actions can be pursued today and would improve our overall ability
to defend against the growing threats in cyberspace.
The rhetoric must meet reality when it comes to the government’s commitment to the public-
private partnership for cybersecurity and critical infrastructure protection. Industry partners are
volunteers that have contributed significant time, energy, and resources to support the
partnership for many years. There is still significant room for improvement in achieving an
equitable approach to true partnership, such as early engagement, jointly setting priorities,
defined action steps, and measuring outcomes, particularly with regards the U.S. Department of
Homeland Security (DHS). Far too often, DHS treats private sector owners and operators of this
nation’s critical infrastructure as a nuisance, not as partners. Successful engagement with the
private sector is often characterized by DHS based only on how many meetings were held and
how many people attended, as opposed to outcomes and actions that contributed to making the
nation safer and more secure.
This is a regrettable situation as there is a shared responsibility for meeting the mission of
improving the protection, security, and resilience of a wide range of stakeholders in cyberspace.
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945