The CISO’s Perspective / 2017 4th Edition
Prior to the Renaissance, many mathematicians, theologians and philosophers believed the Earth was the center of a finite universe and that the sun, planets and stars orbited around it. In 1543, the Polish astronomer Nicolaus Copernicus published a thesis in which introduced a radically new idea that changed the world. All those mathematicians and philosophers were wrong and the Earth actually revolved around the Sun. Copernicus believed that nature is simple and difficult explanations don’t change that.
In the early 1990s the U.S. Navy’s communications and intelligence architectures were in a similar situation. Conventional thinking left over from the Cold War era perpetuated development of systems that moved information at early 1960’s low data rates within highly customized telecommunications systems in stove-piped computerized management and weapons systems. Information was designed to be moved, stored and displayed in a manner that best suited the communications and computer systems. This strategy placed the technology systems at the center of the communications and intelligence universe.
Vice Admiral Jerry O. Tuttle took the major idea from Copernicus and advocated placing the operator and operations center in the middle of the information universe with all communications and computer systems supporting the needs of the warrior. Tuttle’s “Copernicus moment” simplified the approach to developing technology programs and forced a paradigm change that impacted the world.
And the Earth continued to revolve around the sun.
Our issue is how we define the universe and who plays the role of the Sun? In customer facing IT organizations the answer is easy — the customer is the User — defined as the Student, Faculty Researchers and Staff at UW-Madison.
Does that definition really fit the cybersecurity universe?
In many modern day higher education institutions and networks, Cybersecurity operations currently focus on deploying tools and processes to the User that identify and manage risk based on what the tools and processes can deliver. Responding to incidents follows patching information technology which follows wiring systems into networks and application servers connected to simplified builds of desktops, laptops and data storage devices. Other cybersecurity concerns focus on responding to incidents and events, conducting initial and periodic testing, along with the command and control aspects of network operations. Often these teams are not necessarily connected or well-orchestrated.
So, how can Copernicus help?
If we want to institute a revolutionary change, let’s start by taking the leap of faith and declare that cybersecurity operations and operators are the center of the cyber universe right next to the User. Everything we do must help the cybersecurity operator remain focused on providing the Users with the best environment where systems and functions are available, data and transactions are managed with the utmost integrity, and the restricted, sensitive and internal data is afforded the appropriate levels of confidentiality.
By defining the processes and functions at the core of cybersecurity, we can begin to describe the planets and orbits that revolve around a well-defined cybersecurity posture:
- Incident Response
- Security Testing
- Routine Cyber Maintenance and Operations
- Reporting and Tracking Vulnerabilities
- Continuous Monitoring
To shift the emphasis to the cyber operator, we need to identify who truly is engaged in cybersecurity operations and describe the services they perform and the customers they support.
Since we are now performing daily threat analysis and cybersecurity functions from our Cybersecurity Operations Center, in future blogs, I will discuss the activities and relationships that may be helpful in the evolving cybersecurity operations paradigm. Topics will include:
- Distributed operations and governance
- Benefits and challenges
- Metrics and reporting
- Cybersecurity data management
- Research opportunities
We are on the leading edge of culture change — which is rarely easy to accomplish, but succeed we must. Having a common understanding of who, what, how and when of cybersecurity operations is essential to success. Placing the operator and the Users at the center of our universe is the right approach.
As always, I appreciate your feedback. Simple rules — be nice, be fair and be honest.
Please e-mail your thoughts to cybersecurity@cio.wisc.edu and we will periodically post them with helpful answers.
Next blog: Multi-Factor Authentication