Infographic from HIMSS 2013 Security Survey.
Nice video from Scientific American on how Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks work …
PW Singer wrote a great piece for the LA Times last month, “What Americans should fear in cyberspace.” . In the article, Singer drives home the point of the dangers and harm done of equating risks in cyberspace with historical physical and kinetic events such as Pearl Harbor and using language borrowed from the physical space — weapons of mass destruction, Cold War, etc.
By using such language, such poorly contemplated metaphors, actual risk is not communicated. Worse, misinformation (aka statements-&-proclamations-that-are-wrong) is the thread. Singer points out that instead of educating, we fear monger.
In my opinion, one reason for fear mongering with pithy armageddon-esque descriptions instead of providing education is two fold:
None of this is to say that there is not a real challenge in communicating risk. There is a real challenge. As a society, we don’t have a basis for understanding this kind of risk. It’s much too new. In the shipping, financial, some health, and even sports industries, there are decades or centuries of actuarial data to work with. This industry has at most two decades, but even that is not terribly useful given the rate of change of the ecosystem and attack types.
Singer suggests studying other examples of how society has handled new (massive) ideas such as the story of the Centers for Disease Control and Prevention in public health. This seems like a great idea. (Right now, I wish I could think of more).
Singer goes on to say that cyberrisk is here to stay and needs to be viewed as a new perennial management problem. Further, we need to acknowledge that attacks and degradation will happen and we need to plan for this. Planning for this and not wishing it away is building resilience. This, I believe, is the key. And with that enduring problem come the hard decisions of dedicating resources — whether from company revenue streams or ultimately taxpayer funds.
What metaphors can we use to better educate without fear mongering? How do you think national and business resilience should be funded?
(Use the link above & click on Video Lectures on left & then go to Week 9. The video “Bounded Rationality” is a good place to start. Just need e-mail & password to create a Coursera account if you don’t have one).