Cyber attacks continue to grow and evolve in sophistication. Consequently, it's sometimes difficult to tell who the good guys are when everyone is in the game.
The reality is, the private and public sectors are on the defensive in a battle where the stakes are high and the game is fast, dynamic and elusive, with no rules of engagement. If ever there was a time when we needed to work together, this is it. However, that's easier said than done. Conceptually, it makes a lot of sense, and most will nod their heads in agreement, but organizations don't want to share information. Why can't we work together to make our information more secure? I'll outline some of the challenges I've observed:
Lack of role definition: There are several federal government entities that have or intend to have a predominant role in cyber security and incident response. These are big players with resources and funding, but there appears to be a lack of coordination about what each is specifically responsible for and how they will work together. This is not uncommon, but certainly it is disconcerting. We've seen this lack of coordination reflected during major physical incidents. Entities jockey for power positions, and lots of money is being earmarked for assistance. The end result has not always been satisfactory.
Who would you contact outside your organization if you had a major breach, and why? And, what would you expect them to do? How much would you be willing to share?
Trust: While there may not be a lot of secrets in this digital age, organizations have traditionally been reluctant to provide the government with any information other than what is absolutely required. Once you open that door, it's really hard to close. But sharing is of benefit to all of us. A heads-up on a new threat enables organizations to be more proactive, rather than always reactive.
Interconnectedness: There has been significant discussion about the impact of a major cyber breach on our critical infrastructure and financial sector. If any of those entities experience such an incident, it is likely to affect all of us to some degree. Business continuity and disaster recovery plans are important, but there is so much we don't control.
New rules: New rules or perhaps ‘no rules' are already emerging, but are they evolving in the desired direction? Information is a strategic advantage, and every organization appreciates its value. So, if you have the capability to access information, then is it fair game? Countries are not exactly jumping on the bandwagon to share information. Everyone wants information, but sharing, well now, that's a different story. Among all this mayhem and indecisiveness, the value of sharing is overshadowed. It certainly raises questions about ethics and trust.