Focus on Critical Services, Not Infrastructure, to Defend Cyberspace
The greater threat from cybermarauders is to the activities enabled online, not the networks themselves.
Defenders of cyberspace need to concentrate on the critical services provided by the critical infrastructure, not the infrastructure itself, according to a leading cyber expert. Melissa Hathaway, president of Hathaway Global Strategies and former acting senior director for cyberspace with the National Security Council, said that the future of the West is held hostage by the fact that its security and resilience are threatened.
Speaking during the Wednesday morning keynote panel at the AFCEA International Cyber Symposium, being held June 24-25 in Baltimore, Hathaway described how the NATO Workshop on Computer Network Defense outlines the threat to critical services as one of five major findings. In particularly, Hathaway allowed that a focus on the critical infrastructure may lead to officials missing the vulnerabilities and money allocations needed for protecting critical services.
“It’s time to stop talking about infrastructure and time to start talking about services,” she declared.
She outlined four other points in the publication: A baseline assessment is necessary to measure current and future effectiveness; acquisition, purchasing and security decisions are not mutually reinforcing—these are not done with a security overlay; advanced, effective techniques for defense are operating in industry and showing promising results—industry is way ahead of government and these technologies are affordable; and detection has replaced defense as a strategy. “We accept it as a fait accompli that we will be penetrated,” she observed. “We need to change that to prevention.”