DETROIT – Almost everybody thinks that the systems that power our society are secure. Nonetheless, computer crime has officially surpassed the drug trade for profitability and God only knows what the world?s various nation states are up to when it comes to stealing each other?s secrets.
So, ?What?s the problem?? The problem stems from the fact that the people who are responsible for cybersecurity suffer from the ?Six Blind Men and the Elephant? syndrome. In that old story six blind men are asked to describe an elephant based on what they are touching. So to one, it?s a snake, another, a wall, and to another tree, etcetera. In the end, ?Though each was partly in the right, all were entirely wrong.?
We have the same problem with cybersecurity. There are established elements of the field that know how to secure the part of the elephant that they touch. But until we are able to amalgamate that knowledge into a single coordinated solution we can?t realistically say we are protected.
The U.S. National Security Agency is a good example of what I am talking about. The NSA sees all and knows all when it comes to electronic security. But they were unable to prevent a relatively low level analyst from tucking a bunch of vital national secrets into a black bag and skipping off to Moscow. You might have read about that over the past couple of years.
Nevertheless, NSA?s failure is understandable when you consider that their entire culture revolves around electronic security, while, the things you need to do to secure people are part of the elephant that they don?t touch.
A mere 2,800 years ago Sun Tzu said, ?Attack weakness not strength? and baseball?s Wee Willie Keeler elaborated on that with, ?Hit it where they ain?t?. The nerds at NSA clearly don?t know much about how human beings work. So it is easy to see how one of their own could quietly slip out the back door while they were busy monitoring the airwaves.
The term ?holistic? has been used to describe what has to happen in order for the security solution to be complete and correct. But most of our current crop of professionals specializes in some vertical aspect of the field. And they are not going to simply drop what they have been doing for their entire career and start approaching things holistically.
So, a breed of professionals with more comprehensive vision will have to be created. That requires changes to how we educate and train them.
I have spent the past decade writing about this and you can read about it in my books and articles. I intend to expand on the need for a holistic approach, what it is and what we have to do to get it. For the time being though, please believe me when I tell you that that you are not really secure if you are not completely secure.
