In February 2011 we reported on a Department of Homeland Security research agenda for cyber security, providing the opinion that this was “the most mature research agenda on the topic of cyber security.” That research agenda is fantastic and should help shape the future cyber ecosystem in very positive ways.
Now in March 2011, DHS has produced another significant, positive, virtuous document on the topic of Cybersecurity that deserves the attention of leaders, planners and technologists from across the country. They have given us a white paper titled “Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action.” This paper flows from discussion, dialog and workshops that collegially fleshed out concepts. It is well worth a read and should help us all move towards a better IT environment.
Things I liked about this paper:
- It is collegial. It is not about “command and control,” it is about vision and collaboration.
- It uses relevant models for complex systems like modern IT. Relevant models, like those based on life, can really help in our understanding of how to design for success.
- It is well written, so it is easy to follow and fast to read
- It focuses on the most critical threats, in my opinion. With no hype or hyperbole, it spells out clearly what the threat is and why we must rise to mitigate it.
- It articulates “Resiliency,” an important emerging way of descirbing the state we need in IT that realizes attacks will always be with us.
- It simply describes and moves out on concepts of healthy devices, strong authentication, automation, and interoperability.
I hope that has been enough to grab your interest. I think the authors would like your review and would appreciate your feedback. They are clearly writers and thinkers with open minds, and the document contains contact information you can use to connect with them.
You can also read context by Phil Reitinger (Deputy Under Secretary, National Protection and Programs Directorate) on the DHS blog at: http://blog.dhs.gov/2011/03/enabling-distributed-security-in.html
Related Reading
Moving Toward a Framework for Resilient Cybersecurity: Expanding to a Hybrid Security Architecture
Moving Toward a Framework for Resilient Cybersecurity: Evaluating the Threat Landscape