This is probably why we can't have nice things!
Darren Mott, FBI Special Agent (Ret.), "The CyBUr Guy"
I help elder care, real estate, family law, and tax law firms protect their critical data and reputation through my S.E.C.U.R.E. cybersecurity program.
(NOTE: This article was originally posted at https://cyburguy.substack.com/p/this-is-probably-why-we-cant-have)
On the most recent edition of my daily podcast, the CyBUr Smart Morning News Update (available at all your favorite podcast providers) I talked about these two headlines:
I highlighted these articles because the US government and NATO have “cyber strategies” that they would like to impose upon everyone because they have an inflated belief in their own capabilities and “knowledge” of what cyber even means or how to address it.
领英推荐
Now admittedly, this sentiment is coming from a career of 20 years seeing the government from the inside: the good (the people doing the day-to-day business) and the bad (leaders and decision-makers, not all - but enough to set a standard). And to be honest, I am sure the decision-makers coming up with cybersecurity standards, policies, requirements, EOs and the like, are, for the most part, well-meaning, but they run headlong into the fire, without understanding the full scope of the problem and therefore not really poised to develop the right strategy to address it.
The two articles referenced show that both NATO and the USG have pretty crappy internal cybersecurity controls, and likely strategies to deal with the the world of cyber bad actors. Granted the first article only references the State Department, but I would wager their issues are repeated across many other USG departments (do a quick Google search - reports are plenty) and the news on other agencies bad practices are coming. So I do think that incidents like this tend to undermine the trust and faith that overarching cybersecurity strategies these entities reign down from on high are worth paying attention to. Perhaps policymakers should take some time to gauge if they truly have a handle on the depth and breadth of the problem and can create solutions to address it.
IMHO, the only way to really get on a true path towards a solution of creating cybersecurity strategies that can be globally accepted is to partner with entities outside the federal playground to evaluate intelligence, anticipate cyber evolutionary changes, and create solutions that they use themselves and have a track record of success. History shows the way they are currently doing it does not have such a track record. And sadly, I’m not sure much will change soon.
Opposing opinions and thoughts are welcome.
M.S. in Cybersecurity Operations | Regulatory Compliance | Cybersecurity Content Creator | First Responder | System Administrator | Airfield Operations Specialist | Air Force Veteran
1 年I would love to have an opposing opinion but I totally agree that the USG has pretty crappy cybersecurity controls. I noticed it about a year ago researching content regarding cybersecurity news in the federal space. It honestly blew my mind at first.