Digital Conflict

By Kevin Coleman

Blog archive

Assess your defense before a cyberattack

I am sure this is not a shock to most of you, but our current approach to cybersecurity is not working. When an information security icon such as RSA experiences a serious security breach like the one acknowledged recently, what does it say about the average organization and its ability to protect its information assets?

While I was teaching a course on cyber terrorism this month for emergency services organizations, an interesting conversation took place. During the program, three serious security issues came out during a cyberattack scenario exercise. I am not able to divulge those issues for security reasons. Let me say, though, that the magnitude of risk that accompanied these issues was cause for great concern.

Why all of our emergency services, identified as a component of our critical infrastructure, have not conducted cyberattack planning and review is beyond comprehension. This is particularly true given warnings that a cyberattack on our emergency response infrastructure and assets is likely to accompany an act of terrorism.

Some of the information systems used by emergency services are no longer supported and need to be replaced. For those emergency assets that are already in place and still supported, we need to identify areas of vulnerability and address those shortcomings before it is too late. When we plan and develop our operating procedures, critical systems and infrastructure, we need to look at the security issues that may focus on those essential capabilities. It is easier and more economical to build security in rather than trying to address security as an afterthought. Why is that so hard for us to do?

As the saying goes, an ounce of prevention is worth a pound of cure.

Posted by Kevin Coleman on Mar 24, 2011 at 12:12 PM


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.