Truths About Cybersecurity and National Security
Seems since the New York Times announced that China had hacked their newspaper, cyber security has ruled the headlines from Main Street to Wall Street.
The alarm is years overdue according to cyber specialists in government and industry. The news it heralds is bad: We are not prepared.
- Most of us don’t clearly grasp what cyber-security is or why it is important on a personal level.
- Our cyber security personally and professionally has been breached. Most likely we don’t even know it. The extent of cyber infiltration renders quaint, if not already archaic, the concept of privacy.
- Those in positions to search and identify a breach and able to recognize a potential link to disaster are unclear who to notify.
Cyber-security is about every person on-line, professionally and personally, e-mailing, networking, downloading, uploading. Large scale damage has resulted from such innocuous individual cyber behavior as opening an e-mail or plugging a flash drive into a USB port. We are the links – as weak as we individually choose to be – to the treasure troves of those operating systems that keep us alive.
Cyber security is about protecting the power grid, the regulation of dams, the systems moving oil and gas across the nation over bridges and under tunnels, about the air traffic controllers. Cyber security is national security, absolutely and unequivocally.
Cyber security isn’t about someone hacking into your checking account. Indeed, the banking industry is very good at cyber security because the industry decided early on to share information among all institutions. Cooperative exposure of security breaches is virtually nonexistent in any other industry. Utilities, quasi-public cooperatives and agencies, are making strides as well, but data sharing remains a tough nut to crack. The level of sharing needed becomes increasingly problematic the more directly an industry is tied to national security.
These three statements are the bare minimum of what everyone should be able to affirm:
- My organization has a complete cyber security program in place and everyone in the organization knows what it is.
- The organization is aware of the breaches in its cyber security, it corrects and reports them.
- Everyone is aware to whom to report a breach should one occur.
Many defense and security related companies are doing everything right to ensure cyber protection of the nation. Policies and procedures are up-to-date, known by all staff members, and successfully identifying threats and breaches. They might even know which government agency to inform of a breach, although this is not as clear as both the federal government and its contracting industries desire.
Still there is a final obstacle: Once a company reports a breach its clearance can be pulled.
So the bad news remains: We are under attack but few of us realize. Thus we don’t have a line of defense or even a strategy to build one. Even worse, those in the front lines of cyber-security/national security are discouraged from working as a team.
Thus, the interim strategy is this:
- Take control of your personal cyber behavior. You’re probably right and nobody is searching for your cyber identity, they are searching for a way in to your employer, your utility, your child’s teacher’s spouse’s employer.
- Get a handle on your company’s cyber security policies. Learn them. And even if there isn’t a policy expressing saying it, keep your personal and professional cyber selves separate.
- Build a safe bridge between industry and government allowing information to be shared without reprisal.
Good luck.
[adrotate group=”12″]
