SECURING THE CAPITOL—SECURING THE INTERNET
Yesterday was Martin Luther King Day. Tomorrow is Presidential Inauguration Day. Both days should be celebratory of one of our nation’s great heroes and our nation’s proud democratic tradition. Instead, Washington DC looks incredibly ugly today. The barricades, the barbed wire, the fences, the National Guard, the weapons. All this has turned one of the […]
A RISK-BASED APPROACH TO NATIONAL CYBERSECURITY
ISA congratulates CISA’s National Risk Management Center, and Director Kolasky for this vitally needed initiative. The SolarWinds attacks have brought to everyone’s attention the need to rethink how we are conceptualizing cyber-attacks. As we have pointed out in numerous blogs over the past two months the SolarWinds attack is a paradigm shift that makes future […]
CYBER REGULATION HAS BEEN TRIED AND IT DOESN’T WORK
In previous posts we have argued that the traditional regulatory model is ill-suited to address the nature of threats we see in cyberspace. It is too slow, too reactive, static and it sets minimums when what we need is a dynamic model equipped to grow with the ever-evolving threat.
ANALOG SECURITY METHODS ARE ILL-SUITED TO DIGITAL PROBLEMS
If anything characterizes the 21st century it is speed and change. A generation ago people most typically had one phone in their house for their lifetime. Now we change phones (smart phones) every couple of years – at least. Waiting a FULL TWO SECONDS for a computer, or app, to download is, let’s face it very annoying.
TRADITIONAL REGULATION (BEEN TRIED) WON’T WORK IN CYBERSPACE
Doing the same thing over and over and expecting different results is the definition of insanity. —Albert Einstein
TO ADDRESS SYSTEMIC CYBER RISK – FOLLOW THE MONEY, AGAIN
In the early blogs in this series we illustrated that one of the major reasons not made substantial progress in securing cyberspace over the past 30 years is that we have generally thought of cyber risk primarily in technical/operational terms, and largely ignored the economic causes for most cyber-attacks.
IMPORTANT DHS STEPS ON SYSTEMIC CYBER RISK BUT MORE WORK NEEDED
Recognizing the industry interplay, DHS recently moved to a new model based on an industry determined function-based framework. Taking a functional view widens the lens to move closer to this interconnected, multi-industry reality. Under the leadership of the Cybersecurity
& Infrastructure Security Agency (CISA), has a comprehensive program to:
“SMALLER” SYSTEMIC CYBER ATTACKS ARE HAPPENING – IT WILL GET WORSE
The world was caught by surprise in May 2017 by the WannaCry ransomware attack. In June of the same year, a more damaging attack – NotPetya – infected many major global corporations leading to IT infrastructure damage and business disruption. The two events caused over $10 billions of economic loss and serve as a dramatic reminder of the potential for cyber-attacks of a systemic nature to cause damage at scale.
THE BIG ONE! CYBER SYSTEMIC RISK – NOT ENTITY RISK –IS INCREASING
The Russian attack on the SolarWinds software is destined to impact thousands of government and private sectotor entities. However its real significance may lie in not the extent, or even the damage of this specific attack, but rather in the way this cyber attack was carried out
INTERNET SECURITY ALLIANCE TOP 25 HIGHLIGHTS OF 2021
ISA, World Economic Forum, and National Association of Corporate Directors finalize their Cyber Governance Report, identifying six core principles for board-level cyber-risk oversight. This Report completes phase I of the ISA-NACD Forum collaboration. ISA is one of three US organizations invited to present at the G-20 Global Cybersecurity Forumand Digital Economic Security Conference in Riyadh, […]
