I was part of a conversation recently where someone stated that they were tired of all this cyber $%^t. It wasn’t the first time I heard such a sentiment expressed. It’s quite common to hear complaints about the importance placed on cybersecurity today.
Unfortunately, those views ignore the rapid changes occurring in our society which are being supported through the adoption of digital technologies. The reality is that most critical/ sensitive information held by organizations is digital. The sad fact is that information has never been so readily accessible by criminals while being so incredibly unprotected.
There was a time when the things you really cared about were not on the network. Then, it was easier to argue that you did not need cyber protection.
But recent developments have highlighted the need for change related to organizations’ cyber practices. We have seen many large and small breaches in the public and private sector lately. These breaches are a symptom of under-planning /under-costing of the actual scope of a system.
IT Modernization and Cybersecurity
IT modernization and cybersecurity are absolutely tied together. Do not make the mistake of taking on technical debt during this crucial stage in your organization’s development. Modernize your expensive legacy infrastructures while ensuring resilience and security for your organization.
The reality is that an information system costs more in many cases than those who want the system are willing to accept. The cost of properly securing a system is the cost of building a system in our modern era.
As a leader, when you defer important decisions related to your program or information system, you incur technical debt in your environment. Saving money now through inaction or poor decision-making will result in increased costs with interest in the future – when the results of those poor decisions or inaction become a reality.
Cyber Requirements Do Not Exist.
What? Cyber requirements are simply functional requirements that need to be integrated into information systems, tested for effectiveness, and managed throughout the systems life cycle.
As a result, funds must be planned and secured to build your information systems. Since the security of your system is a foundational /functional requirement, the cost of cyber should be built into the system.
When cyber is not accounted for in the planning of an information system, then you have not fully planned for the system.
The reality is that most of the cyber activities you are dealing with are foundational ones, and not the “gold-plated” add-ons that your information security professionals would like to implement.
If you have authority in your organization (Director+, GS15+, etc.) the concepts of cyber are there to protect you and your organization. Use cybersecurity as a tool to improve your organization and ensure that it has resilience.
We Are All in This Together
National security is a shared responsibility. Most of us look at this as something that “they” in government do to protect “us” the citizens.
While that statement is certainly true, we must shift our mindset to see national security as something where we are all doing our part to support the mission of keeping our country strong and reducing the number of weak links in the chain.
We all must insist on secure coding practices, well-patched systems, strong security baselines and so on.
Remember: We have very real and present problems, from the home PC to the largest public or private information systems. The focus on cyber is a response to the incredible and rapid changes that are going on around us every day.