Cookies help us display personalized product recommendations and ensure you have great shopping experience.

CommentarySecurity

Avoiding Cyber Threat Amnesia

BobGourley
BobGourley
6 Min Read

My involvement in the non-profit educational and research organization Cyber Conflict Studies Association over the last several years has led me to an observation about federal policy makers and cyber security. This observation probably applies to many commercial organizations and to academia (and possibly even to you) so we may be talking about human nature here. But the phenomenon was definitely clear by my review of historical documents and actions of the federal government.

My involvement in the non-profit educational and research organization Cyber Conflict Studies Association over the last several years has led me to an observation about federal policy makers and cyber security. This observation probably applies to many commercial organizations and to academia (and possibly even to you) so we may be talking about human nature here. But the phenomenon was definitely clear by my review of historical documents and actions of the federal government. My hope is this review will help us address this in US policy.

What is amnesia? It is a condition where memory is lost. When it comes to the cyber threat to federal organizations we have a long list of evidence that this is occurring. The following is my list of evidence. I’m publishing it in the hopes that you can fill in the blanks on any other major events where our great institutions have learned and forgotten. We should study this phenomenon so we can prevent it in the future.

So, with that, below is the list of what I consider to be the federal government’s top “Wake-Up Calls” that the cyber threat is real:

More Read

Image
Yahoo reveals another hack impacting 1B user accounts
March 2012 Early Indications I: Financial oddities of tech companies
How Data Security Remains More Than Just About IT Safeguards
Why Returning $1 Trillion to Shareholders is a Bad Idea
Flash Vulnerabilities & Exploits: An Information Security Primer
  • 1970 and 1971 – The Defense Science Board publishes what will be known as the “Ware Report” highlighting the potential dangers to department information in the coming age of connected computing. This report was widely seen as a “wake up call” for computer security and caused changes at institutions like the National Security Agency to enhance the departments security posture.
  • Nov 1988 – The Morris Worm was released and propagated throughout internetworked systems including those of the federal government. This “wake up call” resulted in establishment of computer response organizations throughout DoD and also resulted in increased funding for computer security research being provided to academic organizations and institutions. The CERT/CC at Carnegie Mellon University was funded.
  • 1995 – The President’s Commission on Critical Infrastructure Protection (PCCIP) was widely regarded as a “wake up call” for the entire federal government and since it was extensively coordinated with industry and academia was also seen as a way forward in cybersecurity for the entire nation.
  • 1997 – Deputy Secretary of Defense John Hamre was quoted as saying “Solar Sunrise was a wake up call for DoD.” This activity resulted in increased funding to cyber defense organizations and the creation of a new joint activity called DoD’s “Joint Task Force Computer Network Defense” or JTF-CND (Gourley was first Director of Intelligence (J2) there).
  • 1998 Assistant Secretary of Defense Art Money was quoted as saying “Moonlight Maze was a wake up call for DoD.”  This activity resulted in enhanced counterintelligence resources and more information sharing across the DoD law enforcement and counterintelligence.
  • 2009 Director of National Intelligence Admiral Blair testified that “Buckshot Yankee was a wake up call” for the government. This activity resulted in more awareness and more funding for cyber security throughout the federal government.
  • 2010 Deputy Secretary of Defense Lynn writes that “Google’s Aurora attacks were a wake up call for us all.”  This wake up call resulted in stronger, deeper coordination across the federal space and underscored need for a DoD strategy.
  • 2011 Deputy Assistant Secretary of Defense Bob Butler says “Wikileaks was a wake up call for DoD.”   This wake up call resulted in significant activities and planning across the federal space aimed at enhancing security of information from disclosure.

 

That is the list as I see it. Those are the wake-up calls that I know of. Can you add more?  Or perhaps a bigger question is, can you help find ways to prevent this continued pattern of waking up then going back to sleep?

One way to prevent this pattern is to be more proactive. Perhaps my next post will be on the list of significant proactive things the nation has done in cyber security. So far I only have two item on that list. 1) The all of government coordination activities of the Cyber Initiative. The bad news is that was long ago, and 2) The establishment of US Cyber Command.  Do you know of others so significant that would make that cut? What else should be done to mitigate Cyber Threat Amnesia?

TAGGED:
Share This Article

Follow us on Facebook

Latest News

mobile device farm
How Mobile Device Farms Strengthen Big Data Workflows
Big Data Exclusive
composable analytics
How Composable Analytics Unlocks Modular Agility for Data Teams
Analytics Big Data Exclusive
fintech startups
Why Fintech Start-Ups Struggle To Secure The Funding They Need
Infographic News
edge networks in manufacturing
Edge Infrastructure Strategies for Data-Driven Manufacturers
Big Data Exclusive

Stay Connected

You Might also Like