18 April 2020

Single Points of Failure: Interdependencies Unknown...

Organizations such as WashingtonDCFIRST exist in our Nations Capital to address the need for a coalition of private sector companies and people to work on being proactive, not reactive.

"Defend Forward."

This requires leadership to focus on the critical interdependencies you share with your large corporate neighbor down the street or around the corner.

Do you both share the same Central Office from Verizon? Do you have the same pumping station for DC Water? Do you have a shared sub-station for power from Pepco?

If you do, then you both know some of your Single-Points-of-Failure.

While you may never be able to establish walls, or fences high enough and virtual ICS locked gates to totally protect your single-points-of-failure, you can create an architecture that deters attacks and detects changes.

And if you do have an alert or alarm go off, then you must investigate the incident no matter how insignificant it may be. Those organizations who believe that they are not in the bulls eye of some worthy adversary, should pay attention:
  • Shape behavior  - The United States must work with allies and partners to promote responsible behavior in cyberspace. 
  • Deny benefits  - The United States must deny benefits to adversaries who have long exploited cyberspace to their advantage, to American disadvantage, and at little cost to themselves. This new approach requires securing critical networks in collaboration with the private sector to promote national resilience and increase the security of the cyber ecosystem.
  • Impose costs  - The United States must maintain the capability, capacity, and credibility needed to retaliate against actors who target America in and through cyberspace.
Your competitors and even your neighbors realize that this game, is not always about eliminating threats to your own corporate assets. It's about making sure that the attackers choose a much more vulnerable target than your own...