It’s a typical lazy Sunday afternoon. Watching cartoons with my kids, surfing the net and trying to catch up on the state of the world (via Twitter and Google). A few interesting things have piqued my interest and I wanted to put down some thoughts on these.
- Saw the term “securing the castle” for the first time today. For some reason I really like that term and to me it really resonates for what we (security practitioners) are trying to accomplish. I saw the term in a blog post on https://www.infosecisland.com/ which is a great security site by the way.
- I am reading Mike McConnell’s (former DNI) OP-ED on “…how to win the cyberwar that we are currently losing“. I think he makes a lot of good points and one interesting stat really stood out to me,
“But the reality is that while the lion’s share of cybersecurity expertise lies in the federal government, more than 90 percent of the physical infrastructure of the Web is owned by private industry. Neither side on its own can mount the cyber-defense we need;”
This is really interesting as the government theoretically has the expertise to protect my companies network … but I wouldn’t trust the government to protect my network. I think there in lies the problem. Either the corporate world will need to trust the government enough to give them authority or they will need to develop their own security expertise. I am in optimist but I don’t see how that collaboration will happen effectively. Honestly, there is very little trust between government agencies (and their on the same team) … I can’t imagine how to implement a co-op between government and public with the necessary level of trust.