Why cyber-security cannot be achieved in silo!

In this era of interconnected and interdependent digitalized global economy, the nature and definition of security is going through a fundamental transformation. The revolution in information technologies, processes and connected computers are altering everything-- from how we communicate to how we work, how we bank, how we shop and how we go to war. The emergence of this whole new world of cyberspace has, and is been more or less like an alien territory today—where there are very few knowns—and mostly unknowns.

The connected computers, information technology and digitalization capability of information that is revolutionizing every aspect of society—has brought nations: its governments, industries, organizations, academia and individuals (NGIOA-I)—a fundamental ability to connect and access information—without any obstacle and interference. This has leveled the NGIOA-I playing field and has brought a possibility of progress, prosperity and pride. What needs to be seen is whether the connected computers can bring communication and collaboration or chaos and calamities!

While information technology on connected computers is fundamentally shaking the status quo and the power structure of NGIOA-I, it has also been instrumental in shaking the fundamentals of security and pointing out the inadequacy and ineffectiveness of its current form of definition, structure, nature and response.

For much of human history, the concept of security has largely revolved around use of force and territorial integrity. As the definition and meaning of security is getting fundamentally challenged and changed in the world of cyberspace, the blurring territorial boundaries and integrity are also becoming hard to define and maintain. The notion that traditional security is about violence towards respective nations—from within or across its geographical boundaries is now outdated, and needs to be evaluated and updated. Just like in any traditional physical security ecosystem, in cyberspace—and its ecosystem also, one is only as strong as the weakest link in the chain. It is time nations’ collectively incorporate a different, more accurate meaning of boundaries-if any, and of security—irrespective of in space, cyberspace or geo-space.

The challenges and complexities of evolving threats and security has crossed the barriers of space, ideology and politics—demanding a constructive collaborative effort of all stakeholders. When the changing nature of threats are bringing new sets of challenges and complexities, collective brainstorming is a necessity and not an option—to have an objective evaluation of what is at threat and how can it be secured!

While the debate on the structure and role of government, industries, organizations, academia will continue in the coming years, any attempt to redefine security needs to begin with identifying, understanding, incorporating and broadening the definition and nature of threat.

While information technology provides tools and technology to communicate information on connected computers, it also provides tools and technology to misuse information.

Connected computers and its ecosystem—that makes the cyberspace, brings complex challenges and complexities. A cyber-security system –like any system is made of collection of parts that have complex level of inter-connectivity and inter-dependencies, designed to achieve a desired goal. In spite of this inter-connectivity and inter-dependencies of collection of sub-parts of any and all systems, there is currently no culture of collective brainstorming, identifying, evaluating or managing risks across nations—and cyber-security is no exception.

Irrespective of whether it is a geo-security system or cyber-security system, any and all systems needs to be evaluated holistically and collectively—not merely a sum of its parts (because whole is always more than sum of its parts)—but as a complete functioning unit. When any complex system that is made up of a collection of parts, not only the individual parts needs to be evaluated, but the environment in which the parts operate, its internal and external processes—and its entire ecosystem needs to be evaluated. The cyber-security system, like the human body, comprises of different components that interacts in complex ways—within and across the cyber space. Nations need to understand the cyber-security atmosphere, technology, processes, people, management, governance-- its inter-connectedness and inter-dependencies—within and across the cyberspace as one complete system. Understanding the cyberspace completely will help nations improve their cyber-security risk understanding and capabilities.

At the moment, cyber threats and cyber-security are not clearly understood by any nations: its governments, industries, organizations, academia and individuals.

In the cyberspace, information is critical for not only survival but also sustainability—and hence becomes a critical necessity to protect it at all costs. When the cyber space is riddled with challenges and complexities, it is vital to have a cyber-security model that is dynamic, holistic, and collective-- and that considers all variables and integration points of NGIO-I.

Cyber-security vulnerabilities does not arise only from only technology, but also from inadequacies in governance, processes, management, culture, inter-dependencies and integration. When each nation: its government, industries, organizations, academia and individuals are now vulnerable to cyber-attacks, it is important to understand that short term fixes, that are preferred over identifying and fixing root cause of the problems generally do not work. The approach to security is currently reactive—not only governments, but most of the industries and organizations do not give importance to securing their information data and are reactive in their response and do not invest proactively in cyber-security. This reactive response approach limits entire nation’s ability to have a proactive cyber- security risk management capabilities.

Information—irrespective of individuals, industries, organizations, academia or governments across nations is at risk. Unless security becomes a collective proactive initiative, there will be recurring incidents of cyber-attacks with varied levels of impact and intensity. The increasing level of cyber-security challenges from integration within, between and across NGIOA-I forces a collective mindset and efforts for securing cyberspace.

In order to be able to minimize and manage-- any and all cyber-security risks, it is important to understand every possible building block of cyberspace: its framework, associated processes, technology, people and ecosystem. When managing cyber security seems to be near impossible at the moment, it is important to acknowledge that there is a need for collective understanding and integrated NGIOA-I cyber-security framework without which, any and all efforts will be meaningless.

Cyber-security requires an integrated approach with a common language. While appropriate hardware and software is a fundamental necessity, establishing effective cyber-security framework, integrated NGIOA-I approach, structured processes is even more important.

What do we know about the cyberspace? Who does it belong to? Who is accountable? Governments-Department of Defense? Homeland Security? Industries? Organizations? Academia?

While going digital is a global age necessity, the question is whether going digital is wise through open internet -- especially when nation’s digital infrastructure is put together in a haste in silo—with no coordinated framework, standards, policies and regulations. Unless there are significant advances in the nature of digital infrastructure, its processes, technology, tools, accountability and oversight, it is not only the privacy of NGIOA-I that is @ risk—everything is at risk.

In an interconnected world, NGIOA-I need to be responsible for securing the cyberspace. Relying on government alone to provide and enforce cyber-security is like asking a thief to break in with doors and windows wide open. Each one of us—each NGIOA-I has a responsibility towards securing the cyber space—just like each one of us has responsibility towards securing our valuables, homes and businesses!!

Cyberspace cannot be secured if nations and its governments work in silo within and across its national boundaries. The need for integration and collaboration between NGIOA-I—within and across nation’s geographical boundaries is a fundamental necessity for not only managing the cyberspace but to manage any global threat! Time for NGIOA integration and collaboration is now!

About the Author

Jayshree Pandya (née Bhatt) is a Strategic Risk Management leader well known for her work on risks involving nations: its government, industries, organizations, and academia (NGIOA). With over 20 years of diversified experience, Jayshree has worn multiple hats as a visionary, founder, published author, thought leader, columnist, editor, scientist, risk auditor, risk researcher, risk advisor, risk consultant and invited speaker at international conferences. She launched and managed Risk Management Matters, an online Risk Journal and one of the first Risk Publications, publishing Industry Risk Reports of Biotechnology, Energy, Healthcare, Nanotechnology, and Natural Disasters over the course of five years. Jayshree’s inaugural book, The Global Age: NGIOA @ Risk, was published by Springer in 2012.

At Risk Group, Jayshree is defining the language of risks and currently developing thought leadership, researching needed practices, tools, framework and systems to manage Strategic Risks facing nations in a Global Age. In addition, she is developing an advanced global Strategic Risk Advisory specializing in the design and delivery of Strategic Risk Solutions. She is also developing Strategic Risk Management programs, courses and training to educate nations to the need for new risk governance framework, systems and processes to better manage the strategic risks. Her efforts are beginning to influence the Global Risk Dialogue.

Beginning her career as a scientist, Jayshree received India's National Young Scientist Award in Biochemistry. The U.S. Department of Energy and the World Health Organization have referenced her work on energy production and anti-cancer drugs.

Jayshree resides in Sugar Land, TX with her husband Pradip, and three children, Shree, Shivani and Shiv.

Copyright Risk Group LLC. All rights reserved