Systemic Failures in Cyber Security


My reaction to a piece by George Hulme at Information Week’s security blog titled: National Cyber Security: Are we focused on the right stuff?

Clips from George’s post:

“Sensitive information is stolen daily from both government and private sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey,” said Blair in prepared remarks outlining the U.S. intelligence community’s annual assessment of threats.

“It’s a systemic problem throughout the software industry. Pick a major software maker – any one – and you are going to find security flaws a Navy armada could pass through.”

“As it stands now, it’s the software companies customers that pay the tax in the form of unending patch updates and attacks on their systems.”

“And it’s time to put more ideas on the table. And we should be open to consider anything, as the status quo of software quality can’t stand as it is.”

My response and comment:

I’d like to offer a very important point that most are missing in this and other similar issues.

You correctly describe the problem as systemic, which is a term we’ve been using for well over a decade to describe a myriad of problems, including security in computer networks.

If the problem is truly systemic, and I think it is, then it can only be addressed successfully with a systemic cure. Central to the core of this challenge is the anonymity of the Internet, which identifies computers, networks, and web sites, but not the humans that abuse them.

Despite populism, comfort zones, and conflicting business models, human identity is a corner stone of the Internet that was never built into the system design, and so ever since all manner of temporary brace has been employed to shore up the fragile architecture.

Unfortunately I think part of the cause was the culture the technology emerged from, which then created a large industry of maintenance/security firms, but what we really need is a stronger architectural design from the ground up.

Mark Montgomery
Founder & CEO – Kyield
Web: http://www.kyield.com
Blog: https://kyield.wordpress.com
email: markm@kyield.com
Twitter: @kyield

Advertisements

About Mark Montgomery
I am a technologist, serial entrepreneur, business consultant, recovered VC, and inventor with interests that are both broad and deep across multiple disciplines, including organizational management, computing, communications, economics, sociology, science and nature, among others. For the past several years I have been founder and CEO of Kyield, which offers a distributed operating system for achieving optimal yield of executable knowledge across large data networks. The patented AI system core acts to unify networks with adaptive data tailored to each entity with continuous predictive analytics designed to significantly reduce ongoing costs while accelerating productivity, and generally make life more satisfying and productive for knowledge workers and their organizations. We provide popular free white papers, use case scenarios, and other information at http://www.kyield.com .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: