Jim Garrettson
One of the challenges of cyber security is that the topic is incredibly complex. How complex? At a recent event on cyber security, General Hayden, former head of the CIA, NSA and 4-star Air Force general, began by joking “I would much rather be up here speaking about something as straightforward as Afghanistan.”
It is not feasible to conduct cyber defense in a ‘fenced-in style,’ where you merely hide behind a firewall and hope it keeps you safe. Improvements are thought of in terms of the height, width and strength of the fence. Instead, thought leaders are looking to alter how people think about cyber security.
When conceptualizing cyber security, it is necessary to recognize that a tiered approach is required. The range of threats requires an array of solutions to effectively combat them. As Jim Lewis of CSIS says, “one size does not fit all.”
Cyber security is more similar in problematic profile to murder or infidelity than simple theft. The ability to commit murder is a part of the human condition, just as the ability to commit cyber crime is a part of being a human being connected to the internet, including people inside of the fenced-in environment you are trying to protect.
Just as you would avoid strangers in dark alleyways and people with dangerous profiles, you should avoid cyber contact with unknown citizens of the cyber domain.
Pat Riley’s number one rule of the river is “you must be an active participant in your own rescue.” Jim Garrettson’s number one rule of the cyber security river is “you must be an active participant in your own security.”
