BOSTON -- In accordance with among the information security industry's Most worthy experts, despite the United States' growing dependence on the web, IT infrastructure risks should be mitigated by establishing better redundancy for critical IT systems and maintaining manual processes.
Forget the banks; it is the Internet that's too big to fail.
Dan Geer
Speaking to attendees on the 2012 SOURCE Boston Conference this week, Dan Geer, CISO at In-Q-Tel, the not-for-profit venture capital arm of the CIA, mentioned that addressing security by restricting an open Internet is not really desirable, nor an efficient way of addressing the threat posed by cyberattacks on a critical infrastructure.
Geer, widely considered to be most of the most innovative thinkers within the industry, said instead that maintaining redundancy â€" backup systems and manual processes â€" is critical not to only secure the nation's critical infrastructure, but in addition to offer the required fallback mechanisms for the country to run properly inside the event of a catastrophic Internet disruption.
“Forget the banks; it is the Internet that's too big to fail,†Geer said. “While there isn't a entity that may bail out the web, there isn't any meaningful country that isn't today researching easy methods to disrupt the web use of its potential adversaries. The foremost a rustic can hope to do is to maintain the net interior to itself.â€
< align='right' border='0' style='padding-left:10px;' border=0 > Compounding the issue is that the growing technical complexity of Internet-connected systems has created unintended mutual dependences, making it increasingly difficult to inform when failures occur. Geer cited that Internet rejectionists -- people that stay off the “grid†-- could play a failsafe role within the event of a few catastrophic Internet failure. But it surely is becoming increasingly difficult to prevent reliance on the web, he said. From banking to paying a utility bill, some businesses are forcing consumers to make use of online services. With more people depending on the Internet, he said the private sector and the nation's infrastructure gives up a kind of “societal resilience.â€
 “Accommodating rejectionists preserves alternate, less complex, more durable means and therefore balances dependence as a society,†Geer said.
Geer described the interdependencies necessary for electronic health records and smart grid technology for electric utilities. With respect to the electronic health records initiative, he said the technology relies on the smooth functioning of electric power and network displays, while smart grid technology still depends on a wide range of industrial controls to function properly. Together they add new levels of risk exposure failure modes to the world.
“Because both of these involve new levels of exposure to common-mode risk, and some of those are risks that electronic health records share with smart grids, they will add new failure modes to the world we live in,†Geer said. “On good days both will deliver far better, more cost-effective benefits than those we now have; on bad days, the reverse will be true.â€
Preservation of processes that don't rely on the web gives the nation “a guarantee of fallback mechanisms that do not have a common mode failure with the rest of the interconnections usually vulnerable in the Internet world,†Geer said.  There is no easy way to preserve manual processes, and Geer admits he doesn't have a fully working model. Security technology cannot keep pace with cyberattackers, so “preserving fallback is prudent if not essential,†he said. Adding more expensive security systems will only exacerbate the complexity problem.
“If we are to practice evidence-based medicine at the Internet, it may well be that expensive therapy is not anyt always the solution,†Geer said.
Nessun commento:
Posta un commento
Comments links could be nofollow free