|
The ‘Greek Tragedy' of Cyber Security: We Know How This Ends
[The Cipher Brief] Cyber events of the past two years‐perpetrated by state actors in several notable cases, according to public statements by the U.S. and British governments‐ have demonstrated the potential for damaging impact to national security, critical infrastructures, and the global economy.Electric power distribution, healthcare services, pharmaceutical manufacturing and global shipping have all suffered significant disruptions, in some cases requiring days to even months for full recovery. Databases with all manner of sensitive information with privacy and financial implications have been pillaged even from commercial and government organizations whose entire business models center on the protection of information. These occurrences have become so common that we are no longer surprised, yet we continue to approach the challenge of protecting processes and data as if some magic technical solution exists for computers or networks. Networks and computers are complex technical systems that are constantly evolving and delivered through an opaque global supply chain, yet we maintain the fantasy that vulnerabilities, improper configurations and compromised sources of products and updates can be prevented, avoided or managed to an acceptable degree. And thus we have the elements of Greek tragedy: a well-meaning hero whose choices lead to bad outcomes that the audience knows to be inevitable. The pathway to this state of affairs began for many businesses 20 to 30 years ago by replacing basic business functions‐such as typing, filing and communications‐with individual computers. Organizations consolidated devices and hooked them all together in local area networks and began to consider new ways to manage business processes. And then they hooked all of this to the internet and made further changes to processes and developed new ways of doing business or even new kinds of businesses. As the internet developed further‐for example, with cloud computing‐they found further economies of scale and efficiency. In the course of doing all of this, they considered to some degree the new risks incurred by the exposure of systems and data to a global community, but they primarily put resources into managing just the technical flaws of computers and networks. Related same site: Russians Targeting the "Achilles Heel" of Critical Infrastructure Posted by: Besoeker 2018-03-17 |
| http://www.rantburg.com/poparticle.php?ID=510406 |