If DARPA's Director Regina Dugan hadn't already admitted that the agency is clueless about how to secure cyberspace, the choice of Richard Clarke as a speaker certainly made that clear. Of all the experts out there, Mr. Clarke has provided some of the worst advice that I've ever heard when it comes to specific cyber-based threats and remediations.
Director Dugan won't find a solution to her problem by speaking to more of the same people that the agency always speaks with. Einstein's oft-repeated definition of insanity is doing the same thing over and over again and expecting different results. The director should stop speaking to hackers, crackers, grey hats, black hats, white hats, and the cyber industrial complex in general. DARPA has done that for years without success. If the director wants a different result, she needs to approach the problem in a completely different way. In fact, I recommend that this problem be completely re-framed. Just like money problems are never about money, and obesity problems are never about food (they both stem from negative belief systems that we've learned as children and reinforced as adults), protecting data is not about cyber security. It's about understanding how we take care of our valuable possessions in the physical world and transferring that understanding to comparable models in the virtual world.
Instead of inviting hackers, Director Dugan should invite experts in personal security like Gavin De Becker or my friend Roderick Jones who understand how to protect high value individuals against multiple unknown attackers. She should invite farmers who have to defend their crops against an unpredictable weather system. Or corner a few MDs at the Centers for Disease Control to learn how virulent bacteria consistently beat the body's immune system. The bottom line here is that we must MUST find a way to break free of the grip that the information security industry has on all things cyber because it is a failure from top to bottom.
I doubt that anyone from DARPA will take this post to heart but I'm convinced that it's the right way to proceed. We're planning a second Suits and Spooks conference for Washington DC this Spring. Perhaps that will be the time to bring farmers, doctors, and personal security specialists together to find some common sense solutions and apply an entirely different mindset to the current cyber-security insanity.
Add to Cart
Director Dugan won't find a solution to her problem by speaking to more of the same people that the agency always speaks with. Einstein's oft-repeated definition of insanity is doing the same thing over and over again and expecting different results. The director should stop speaking to hackers, crackers, grey hats, black hats, white hats, and the cyber industrial complex in general. DARPA has done that for years without success. If the director wants a different result, she needs to approach the problem in a completely different way. In fact, I recommend that this problem be completely re-framed. Just like money problems are never about money, and obesity problems are never about food (they both stem from negative belief systems that we've learned as children and reinforced as adults), protecting data is not about cyber security. It's about understanding how we take care of our valuable possessions in the physical world and transferring that understanding to comparable models in the virtual world.
Instead of inviting hackers, Director Dugan should invite experts in personal security like Gavin De Becker or my friend Roderick Jones who understand how to protect high value individuals against multiple unknown attackers. She should invite farmers who have to defend their crops against an unpredictable weather system. Or corner a few MDs at the Centers for Disease Control to learn how virulent bacteria consistently beat the body's immune system. The bottom line here is that we must MUST find a way to break free of the grip that the information security industry has on all things cyber because it is a failure from top to bottom.
I doubt that anyone from DARPA will take this post to heart but I'm convinced that it's the right way to proceed. We're planning a second Suits and Spooks conference for Washington DC this Spring. Perhaps that will be the time to bring farmers, doctors, and personal security specialists together to find some common sense solutions and apply an entirely different mindset to the current cyber-security insanity.
0 komentar:
Posting Komentar