The recently published fourth edition of Common Sense Guide to Mitigating Insider Threats, sponsored by DHS, updates and expands the CERT Insider Threat Center's recommendations for a broad range of organizational stakeholders.
Based on your experience, what advice would you give to a government trying to improve the resilience of its cyber ecosystem? What areas are often overlooked and in desperate need of improvement?
First of all, I think that we need to significantly alter the conversation about the challenges we face. We have countless government agencies, private industries and citizens within and outside of the United States, who own, operate, and use cyber infrastructure to conduct their business. We also have another broad range of players, some human, some natural events, that threaten our cyber infrastructure.
Given the diversity of players, it isn’t surprising that they don’t operate as if they were part of a single team that is playing the same game and using the same set of rules in a predictable manner, where linear cause and effect relationships are easily definable.
In this game, the different players who own and operate the infrastructure each have different approaches to how they assess and manage risks to their infrastructures. At the same time, and paradoxically, while these players are organizationally independent, and have different approaches to risk management, they are often operationally interdependent. This interdependence means that impacts to a single sector, facility or asset can have increasingly significant second, third, and fourth order of magnitude impacts on other sectors. Or to say it more pointedly, if the power in your house goes out, your cell phone and laptop won’t be far behind.
When you talk about the actors who threaten our cyber infrastructure, we know they are also a diverse bunch—motivated by any combination of political, economic, security, and criminal gain. So the challenge becomes even more complex. It means that numerous players—human and system, adversary and ally, and natural adversity—are continually and dynamically playing this game in unpredictable ways.
Here is our challenge. Despite the diversity of players, and the different ways they play the game, we sometimes act as if those players are centrally controlled and commanded and are playing the same game by the same rules. In addition, we often assume that one player can easily be protected independently of the others.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.