Military-Grade Thinking

Is the current administration’s cybersecurity legislation too little too late in the war on cyber terrorism? President Obama recently enacted measures to try and shore up cybersecurity defenses for U.S. businesses, including those that are a part of our vital national infrastructure. According to some, the executive order doesn’t go far enough. This mainly has to do with outdated and insecure equipment used by the very companies overseeing cybersecurity for utilities and other vital areas. The question remains, what can be done to change this?

Some suggest using military grade hardware to help combat the threat of cyber attack. And while the hacking of many small- and medium-sized businesses do not constitute a threat to our national security, it can have adverse effects on local economies. Disagreements remain on the extent that businesses need to get involved in protecting themselves. Should they actively pursue to disrupt the abilities of cyber criminals, or should they leave such actions to the proper authorities? Cyber vigilantism is still vigilantism, and in some instances could get companies in trouble with the law.

More than likely the best approach is from a defensive posture. Companies should create a program with the assumption that their network will be infiltrated, documenting the necessary precautions to prevent it from happening again. The measures of the past no longer provide adequate protection against intrusion. Data encryption and firewalls no longer provide the protections necessary to thwart attacks. Waiting on the government to protect your business also has proven to be a practice in futility. To function in the new cyber age, company officials need to think like their attackers. They need to determine who might launch a cyber attack against them and for what purpose; then they need to decide how to best guard against these threats. They should also do these analyses separately with each department.

Companies need to be very careful where they get their security strategy guidance from though. While the military might have the best in equipment, they respond slowly to change in actual implementation of new policy. When it comes down to it, companies need to keep their own interest in mind and develop policies keyed to their business and protecting those assets most valuable to them.

The military’s approach to IT security as a whole might provide the best benefit to enterprises. It is this overall, holistic approach to securing all areas of a company’s infrastructure that can provide the best overall protection. It is pointless to shore up the front defenses for an assault when cyber criminals can just sneak in the back door, so to speak, and take what they want. So, when developing a cybersecurity plan, keep all areas in mind, and don’t fall into the trap of focusing on one specific area.

For more information about how businesses can best defend their intellectual data, visit: http://www.itpro.co.uk/security/19210/how-win-it-security-war-think-soldier

http://www.nytimes.com/2013/02/13/us/executive-order-on-cybersecurity-is-issued.html?_r=0

http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity