Doing the same thing over and over and expecting different results is the definition of insanity. —Albert Einstein
In the early blogs in this series we illustrated that one of the major reasons not made substantial progress in securing cyberspace over the past 30 years is that we have generally thought of cyber risk primarily in technical/operational terms, and largely ignored the economic causes for most cyber-attacks.
Recognizing the industry interplay, DHS recently moved to a new model based on an industry determined function-based framework. Taking a functional view widens the lens to move closer to this interconnected, multi-industry reality. Under the leadership of the Cybersecurity
& Infrastructure Security Agency (CISA), has a comprehensive program to:
The world was caught by surprise in May 2017 by the WannaCry ransomware attack. In June of the same year, a more damaging attack – NotPetya – infected many major global corporations leading to IT infrastructure damage and business disruption. The two events caused over $10 billions of economic loss and serve as a dramatic reminder of the potential for cyber-attacks of a systemic nature to cause damage at scale.
The Russian attack on the SolarWinds software is destined to impact thousands of government and private sectotor entities. However its real significance may lie in not the extent, or even the damage of this specific attack, but rather in the way this cyber attack was carried out
Naturally, and appropriately Congress is beginning its review of the attack on SolarWinds software which will possibly be the broadest and most damaging in history. We won’t know the details of the harms for months or years.
The man who founded the organization I work for, the Internet Security Alliance, was Dave McCurdy. Mr. McCurdy was the former Chair of the House Intelligence Committee. Dave was fond of reminding people, “Congress does two things well: Nothing and overreact.”
President-elect Joe Biden’s response to the Russian cyber-attack, that could turn out to be the most serious security breach since World War II, was his vow that “I will not stand by idlily in the face of cyber assaults on our country”
If the dramatic Solar Winds hack of multiple critical US government and key private sector, systems proves anything, it is that we need to substantially rethink our approach to cyber security.
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.