Error in Cyber security Paradigm.
This blog set to diaplay 20 days of posts. Sorry Blogspot only shows 3 days, waiting for a Google fix, G
Error in Cyber security Paradigm.
IT directors / managers CIO chief Information Officers
are among some of the most misdirected security
providers of any industry.
If CIO's were head of the DOD the US
would have huge fixed coastal defenses
and there would be pirates raiding the US
coasts, pillaging and stealing at will.
CIO's are risk aversive, born cooing code,
and raised in HTML nurseries.
And spend a lifetime defending code,
and blocking malware.
They build cyber fixed Coastal defenses
on their networks.
A CIO as a platoon leader would build mud
wall around HQ and never patrol, never send
forces out, too risky.
And that is about the state of Cyber security
today.
Cyber forces scare the hell out of CIOs.
Never been used before, something might
go wrong, unknown risks.
Better stick with fixed fortifications they have
known risks.
This is why the US Cyber forces have their
hands shackled.
And NSA, fort Meade fear turf intrusion and
interference in their operations.
NSA has a lock on WWW magic, stealth
and penetration.
And NSA's mission IS NOT PROTECTION of
the WWW or anything other than its own network.
In fact their mission is to be able to violate any and
all Security.
CIO's are security people. Always trying to lock cyber doors.
Forever Building fated fixed coastal defenses.
They are not a policing force, they lack any deterrent
facility. And function on a risk aversive paradigm.
Military defense however functions on a much different
paradigm. Which is why US doesn't have fixed coastal
defenses. They don't provide security, and are easily defeated.
To protect the US coasts the Dept of Defense rely on
a mix of offensive forces. Air power, ships, etc.
And we have no pirates off the US coast line.
Military minds are needed to provide security for
US cyber coast lines. The ability to deploy offensive
cyber forces to repel attacks, ability for hot pursuit.
Same as in the "real" world.
Relying on fixed cyber defenses is futile.
The current paradigm allows the pirates to pound on
our defenses to the level of millions of attempts a day.
Anonymous is a possible example.
They have lead successful attacks before.
But in the case of wikileaks this is the first time
a National Civilian cyber force has opposed them.
Anonymous has experienced trained organized counter strikes
against them, and stated they are changing their paradigm
in this instance, dropping DOS attacks and becoming more politically active.
This was not lead by a CIO but more military minded cyber forces
using a offensive capability, NOT FIXED DEFENSES.
I'm tired of watching the US cyber persona playing victims.
The US Marines do not set in fixed battlements taking losses,
they move and maneuver and engage the enemy.
Why is it taking so long for the US Cyber Paradigm
to adopt common sense military doctrine for defense
of its cyber assets.
Instead they elect to act as fixed targets.
In the current paradigm there is very little
deterrence. Just wave after wave of assaults
without retribution. The biggest and easiest
target in the world.
Take the shackles off the US cyber forces,
let them engage the bad guys, attach a cost
to attacking US cyber assets.
Stop being the cyber security joke of the world.
US has the force use it to defend, go offensive
when attacked, track and destroy in real time.
If its Grandmas PC that a bot herder is controlling,
that is not an excuse not to take her PC off line.
If they had stolen Grandmas car would the cops
refuse a pit maneuver to stop a perp?
I don't think so.
Nor is a take over of someones PC, a pass card
to avoid consequence for your PC attacking some one.
Cyber security equals a CIO on the site and a cyber
platoon leader patrolling out side the fire wall engaging
in hot pursuit. That will equal deterrence.
Gerald
Tactical Internet Systems analyst.
.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home