TO ADDRESS SYSTEMIC CYBER RISK – FOLLOW THE MONEY, AGAIN

Posted on January 11, 2021 at 10:00 am

In the early blogs in this series we illustrated that one of the major reasons not made substantial progress in securing cyberspace over the past 30 years is that we have generally thought of cyber risk primarily in technical/operational terms, and largely ignored the economic causes for most cyber-attacks.


IMPORTANT DHS STEPS ON SYSTEMIC CYBER RISK BUT MORE WORK NEEDED

Posted on January 8, 2021 at 10:00 am

Recognizing the industry interplay, DHS recently moved to a new model based on an industry determined function-based framework. Taking a functional view widens the lens to move closer to this interconnected, multi-industry reality. Under the leadership of the Cybersecurity
& Infrastructure Security Agency (CISA), has a comprehensive program to:


“SMALLER” SYSTEMIC CYBER ATTACKS ARE HAPPENING – IT WILL GET WORSE

Posted on January 7, 2021 at 10:00 am

The world was caught by surprise in May 2017 by the WannaCry ransomware attack. In June of the same year, a more damaging attack – NotPetya – infected many major global corporations leading to IT infrastructure damage and business disruption. The two events caused over $10 billions of economic loss and serve as a dramatic reminder of the potential for cyber-attacks of a systemic nature to cause damage at scale.


THE BIG ONE! CYBER SYSTEMIC RISK – NOT ENTITY RISK –IS INCREASING

Posted on January 6, 2021 at 3:21 pm

The Russian attack on the SolarWinds software is destined to impact thousands of government and private sectotor entities. However its real significance may lie in not the extent, or even the damage of this specific attack, but rather in the way this cyber attack was carried out


WILL SOLAR WINDS FINALLY BLOW AWAY THE SIMPLITIC MODEL OF CYBERSECURITY?

Posted on January 5, 2021 at 1:04 pm

Naturally, and appropriately Congress is beginning its review of the attack on SolarWinds software which will possibly be the broadest and most damaging in history. We won’t know the details of the harms for months or years.


CONGRESS DOES TWO THINGS WELL: NOTHING & OVERREACT

Posted on January 4, 2021 at 3:00 pm

The man who founded the organization I work for, the Internet Security Alliance, was Dave McCurdy. Mr. McCurdy was the former Chair of the House Intelligence Committee. Dave was fond of reminding people, “Congress does two things well: Nothing and overreact.”


MR. BIDEN: ON CYBERSECURITY — SHOW US THE MONEY

Posted on December 22, 2020 at 10:30 am

President-elect Joe Biden’s response to the Russian cyber-attack, that could turn out to be the most serious security breach since World War II, was his vow that “I will not stand by idlily in the face of cyber assaults on our country”


SOLAR WINDS PROVES US NEEDS TO RETHINK CYBER POLICY — NDAA NOT ENOUGH

Posted on December 21, 2020 at 10:00 am

If the dramatic Solar Winds hack of multiple critical US government and key private sector, systems proves anything, it is that we need to substantially rethink our approach to cyber security.


China’s Digital Policy Has Consistently Integrated Economics

Posted on December 18, 2020 at 10:00 am

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.


Guest Blog: Simple Solutions for a Complex Threat

Posted on December 17, 2020 at 10:00 am

By Scott Algeier, IT-ISAC Executive Director The IT-ISAC is happy to support National Cyber Security Awareness Month once again. For more than 15 years, National Cybersecurity Awareness Month (and before that, National Cybersecurity Awareness Week), has encouraged end users to take appropriate steps to secure their devices. Thanks to this consistent messaging, people have become […]