Advertisement

You will be redirected to the page you want to view in  seconds.

Cybersecurity reality check

Dec. 2, 2013 - 03:22PM   |  
By KEVIN COLEMAN   |   Comments
Kevin Coleman is a senior fellow at the Technolytics Institute and former chief strategist at Netscape. (File)
Kevin Coleman is a senior fellow at the Technolytics Institute and former chief strategist at Netscape. (File) ()
  • Filed Under

A very interesting discussion arose with a chief information security officer (CISO) of a critical infrastructure facility within the United States. The topic was the current reality of our cyber defense posture. After thinking about the conversation for some time, a few themes began to crystallize. After boiling them down they fell into three distinct themes that, based on my experience, paint a realistic picture of the current challenges a CISO faces in today’s environment.

The first theme was that when you are a CISO, you don’t have time. Stop for a moment and consider the common issues that hit today’s CISO. Compliance issues, user problems, new systems and software, software patch incompatibilities, vendor security issues — and that was the short list. At the top of his list was keeping up with cyber threats. With everything on the CISO’s plate these days, they cannot take the time to read a multi-page cyber threat report. He began to talk about a security vendor cyber threat report that was 80 pages long, and I had actually seen and read that report. He said, “Get to the main points and just give me a one-pager!” If you look at all that is out there, you can see how easy a CISO could suffer from information overload.

The second theme was about how everyone is focused on the advanced stuff when many CISOs are struggling with the basics. More times than not IT organizations do not have the resources to keep up with the pace of advancement in computer technology and they fall behind. All too often the attention is given to the latest and greatest hardware and software when their current technology environment has old, unsupported software operating in it. In fact at one client, the security staff was told they could not uninstall the old, unsupported program because they were not sure what doing that would break.

The third theme was that they don’t have the money. With the sluggish economy, budgets are tight and cyber security is not cheap. In fact the cost is rising. In some cases, the cost of maintaining what the organization has consumes the majority of the CISO’s budget. Given all of this, our current cyber defense posture could not be more evident. Bottom line: It is all about money.

The picture those three themes project is not pretty and all indications are this will not dramatically change any time soon.

More In C4ISR & Networks

Start your day with a roundup of top defense news.

Subscribe!

Subscribe!

Login to This Week's Digital Edition

Subscribe for Print or Digital delivery today!

Exclusive Events Coverage

In-depth news and multimedia coverage of industry trade shows and conferences.

TRADE SHOWS:

CONFERENCES:

Defensenews TV

  • Sign-up to receive weekly email updates about Vago's guests and the topics they will discuss.