Platt Perspective on Business and Technology

Information systems security and the ongoing consequences of always being reactive – 15: putting the puzzle together as a strategic and operational process 3

Posted in business and convergent technologies, social networking and business by Timothy Platt on April 27, 2013

This is my fifteenth installment to a series on the state of information systems security going into the second decade of the 21st century, and on challenges that will have to be addressed in moving forward from where we are now (see Ubiquitous Computing and Communications – everywhere all the time, postings 185-188 for Parts 1-4 and its continuation page, postings 189 and following for Parts 5-14.)

I usually write my postings to this blog fairly quickly and without any real pause – I know basically what I want to cover in them and how, and simply flesh out the details as I write, knowing I can add another series installment if needed. I have, however, been thinking about this posting for several days now – and in this case precisely because I do know and clearly, the basic message that I would seek to convey. In a real sense this posting is what this entire series has been building towards.

I sit down to write this thinking of the meat-grinder conflict of World War I, and of how so many, trained and equipped for a previous century’s war were thrown into a trench warfare environment dominated by machineguns and early stage but still deadly armored weapons such as tanks. And it is in this setting that men on horseback, as if still 19th century cavalry, met chemical warfare and the strafing of aerial attack.

• Millions died and have seemingly always died because potential next wars are prepared for as if their general officers were going to fight the last war.

And I write this with a conversation in mind that I participated in a couple of years ago at the end of a cyber-security meeting. And I was talking with a speaker who had just given a detailed and I admit interesting presentation and this speaker and his aide had a lot to say, some of which was probably not intended. The speaker was a General officer and his aide was a Full Colonel and both were actively serving in and leading in the national cyber-defense effort. And what they had to say and their focus of concern sent chills down my spine and brought me to think of those soldiers in the trenches of World War I then too. Their primary concern, as far as safeguarding mission-critical systems was in safeguarding networks, and particularly government command and control networks – from threats like denial of service attacks. So they spoke of packet authentication and other defensive approaches. They were preparing to fight and to mount a defense from what could only be seen as a last war mentality.

I have been writing in this series about a series of issues and factors that would perhaps serve as grounds for reconsidering the nature and targets of potential cyber-threats and both from private sector and governmental/military sources, and stealth is likely to be the hallmark of any serious 21st century military-based or large scale private sector-based attack, with efforts made to install malicious software that would not show itself or even be readily detectable unless and until activated. A frontal assault denial of service attack, if launched, might only be developed as a distraction and a diversionary tactic. And the real targets of any large-scale and definitive attack might be found more in largely private sector national infrastructure systems such as power grid and communications SCADA control systems, than anywhere else – as successfully targeting them could in principle paralyze an entire country.

I tend to be circumspect and do not, for example, generally name my consulting clients when I write to this blog. I do not name them in my LinkedIn profile either. And I have been known to mask at least some identifying details when drafting case studies from my own work experience. But I have decided to write more bluntly here and to more directly express these concerns here. And with that as an all too real-world case study example I state that private or public sector or combined:

• We cannot defend ourselves from cyber-threat if we only think in terms of and prepare for a last war, and as if next-war potentials were not and could not be developing around us.

History has shown the foolhardiness of a last war mentality in more traditional military conflict. And if anything, the pace of technological development in computers and networked systems, and in their uses have made this concern even more pressing for any potential cyber-conflict arena.

I have alluded, much more obliquely to this meeting and conversation before in this blog, at least once, and spell out its issues and my concerns stemming from it more clearly and directly here. And that is why I paused and thought before writing this for open online publication. The officer I wrote of above is very intelligent and highly trained – with a PhD in electrical engineering and a background that is fairly solid in computer systems hardware among other things. But the generals of World War I were intelligent, articulate, educated and experienced too – even as they sent horse cavalry to the barbed wire and machinegun trench warfare environment of that conflict.

The basic principles and concerns that I write of here apply across the board for acknowledging and dealing with cyber-threat. We can do better and we must. And I finish this posting and this series with that, and looping back in my thoughts to the reactive versus proactive lines of argument that I have raised here, and the other issues that I have touched upon – as only one small part to a larger and more complex story.

I might very well find myself coming back to this topic area in future postings. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and at Social Networking and Business.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: