TO ADDRESS SYSTEMIC CYBER RISK – FOLLOW THE MONEY, AGAIN
In the early blogs in this series we illustrated that one of the major reasons not made substantial progress in securing cyberspace over the past 30 years is that we have generally thought of cyber risk primarily in technical/operational terms, and largely ignored the economic causes for most cyber-attacks.
IMPORTANT DHS STEPS ON SYSTEMIC CYBER RISK BUT MORE WORK NEEDED
Recognizing the industry interplay, DHS recently moved to a new model based on an industry determined function-based framework. Taking a functional view widens the lens to move closer to this interconnected, multi-industry reality. Under the leadership of the Cybersecurity
& Infrastructure Security Agency (CISA), has a comprehensive program to:
“SMALLER” SYSTEMIC CYBER ATTACKS ARE HAPPENING – IT WILL GET WORSE
The world was caught by surprise in May 2017 by the WannaCry ransomware attack. In June of the same year, a more damaging attack – NotPetya – infected many major global corporations leading to IT infrastructure damage and business disruption. The two events caused over $10 billions of economic loss and serve as a dramatic reminder of the potential for cyber-attacks of a systemic nature to cause damage at scale.
THE BIG ONE! CYBER SYSTEMIC RISK – NOT ENTITY RISK –IS INCREASING
The Russian attack on the SolarWinds software is destined to impact thousands of government and private sectotor entities. However its real significance may lie in not the extent, or even the damage of this specific attack, but rather in the way this cyber attack was carried out
WILL SOLAR WINDS FINALLY BLOW AWAY THE SIMPLITIC MODEL OF CYBERSECURITY?
Naturally, and appropriately Congress is beginning its review of the attack on SolarWinds software which will possibly be the broadest and most damaging in history. We won’t know the details of the harms for months or years.
CONGRESS DOES TWO THINGS WELL: NOTHING & OVERREACT
The man who founded the organization I work for, the Internet Security Alliance, was Dave McCurdy. Mr. McCurdy was the former Chair of the House Intelligence Committee. Dave was fond of reminding people, “Congress does two things well: Nothing and overreact.”
MR. BIDEN: ON CYBERSECURITY — SHOW US THE MONEY
President-elect Joe Biden’s response to the Russian cyber-attack, that could turn out to be the most serious security breach since World War II, was his vow that “I will not stand by idlily in the face of cyber assaults on our country”
SOLAR WINDS PROVES US NEEDS TO RETHINK CYBER POLICY — NDAA NOT ENOUGH
If the dramatic Solar Winds hack of multiple critical US government and key private sector, systems proves anything, it is that we need to substantially rethink our approach to cyber security.
China’s Digital Policy Has Consistently Integrated Economics
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
Guest Blog: Simple Solutions for a Complex Threat
By Scott Algeier, IT-ISAC Executive Director The IT-ISAC is happy to support National Cyber Security Awareness Month once again. For more than 15 years, National Cybersecurity Awareness Month (and before that, National Cybersecurity Awareness Week), has encouraged end users to take appropriate steps to secure their devices. Thanks to this consistent messaging, people have become […]
