Fixing cyber security requires a paradigm shift

 

A GCN article by Sean Carberry and Mark Rockwell titled What Trump Means for Government Tech? examined the presidents’ thoughts on improving cyber security.

As someone who may have famously benefited from the highly flawed IT security landscape, Mr. Trump is now, ironically, in a position to have enormous influence and impact on implementing positive change.

And while his initial reaction and comments about our ability to fix cyber security (“it’s hardly doable”) did not bode well, more recently Mr. Trump expressed a more positive commitment saying, “As President, improving cybersecurity will be an immediate and top priority for my Administration. One of the very first things I will do is to order a thorough review of our cyber defenses and weaknesses, including all vital infrastructures.”

He went on to emphasize that he and his Cyber Review Team will “provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will followed up regularly at various Federal agencies and departments.”

This is great news!  As an R&D organization focused on changing the paradigm of cyber security and risk reduction, we at Waverley Labs applaud this commitment.

As a company, Waverley Labs has addressed and participated in generational changes in IT security technologies and frameworks and we have strong opinions about how we arrived at this current state we are now in and the changes that need to be made including a paradigm shift in how we fundamentally think about cybersecurity.

So if you are reading this Mr. Trump, we suggest that you to ask your Cyber Review Team to address the following questions.  We believe these are the three pillars around which change needs to happen.

• What can we do to increase industry confidence to replace point products with protection that is designed into the application/business infrastructure?
•  How can we increase development of technology that automatically, and at high speed, analyzes data with greater certainty to manage the insider threats?
• How can we begin formalizing industry specific failure scenarios configurable for each enterprise?

And success is already in the making.

• As part of your review of vital infrastructure, consider the NIST Cybersecurity Framework widely recognized as a key voluntary framework to help organizations manage cybersecurity risk in the nation’s critical infrastructure.

• Check out what DHS has already done for formally defining critical infrastructure. Their next step should be to increase emphasis on understanding failure scenarios of how these critical infrastructures can fail.

• And look at what the Cloud Security Alliance is doing developing reference architecture for new risk reduction solutions such as software defined perimeters that employ a paradigm changing “authenticate first” approach proven highly effective in preventing DDoS attacks.

As the president, you and your advisory team have the ability to pull this it together. If you are interested, I will gladly speak with you and your team to provide additional thoughts based on a career spent developing next generation cyber security and digital risk solutions that typically turned conventional thinking on its head.

###