Bob Blakely on the Cybersecurity Conversation
Bob Blakely has a thought-provoking blog post which starts:
The Cyberspace Policy Review says “The national dialog on cyber-security must begin today.” I agree. Let’s start the dialog with a conversation about what sacrifices we’re willing to make to get to an acceptable worst-case performance. Here are four questions to get the ball rolling:
Question 1: Are we willing to give anything up?
Question 2: Are we willing to do anything different?
Question 3: Are we willing to take any blame?
Question 4: Are we willing to give any guarantees?
I’d trade 3 & 4 (today) for are we willing to broadly share information about outcomes? I understand that the review (which I’ve yet to read) calls for effective information sharing, which is a goal I support. Will the government lead, and share its own information?
Before we can get to blame and guarantees, we have to have something beyond “best practices” to work from. Without knowing which practices work and which don’t, it makes little sense to distribute blame or to offer a guarantee.