02 November 2004

Advanced Citizenship in Critical Infrastructure Protection...

The dialogue from a recent CSO Conference that focused on information sharing keeps coming back to why it is so hard to accomplish.

Only Bill Boni from Motorola was bold enough to tell the real reason why the cyber world is still not getting the attention it deserves.

Boni: I think the real driving issue here, if you go back and look at [how sprinkler systems came to be in factories], such safeguards come out of the experience of factories burning down and people dying. And until we see mass-casualty events that are critical to information security failures, I don't think you're going to have that same sense of urgency. And, probably, as a society we shouldn't. But, the challenge is to make sure that organizations are doing their reasonable best to not be the cause of part of that event. But my belief is that until we see mass casualty situations that arise from information security, we won't make that transition, and we shouldn't. Unfortunately, I think that it is going to happen at some point. Whether that's before or after I retire from my current employment is a very important deliverable.

It's amazing to find out that even as we speak there are people who are still unprepared to handle the zero day exploit or the next catastrophic incident. Even when they are considered a "soft target" they still have not exercised and tested to the degree necessary to improve their defense and to plan for the various outcomes possible. Boni is right, if it doesn't happen to me then why should I spend the time and resources to prepare? For the same reason you pray at your place of worship. You know it's inevitable and yet you don't know when it is going to happen to you.

No comments:

Post a Comment