Responding Strategically to Cyber Attacks

Bob Gourley March 23, 2009

The last 12 months has seen a significant amount of progress in our nation’s awareness of cyber threats and in our collective actions to address the security of our IT systems. However, a huge amount of work remains to be done.

In a cyber context, the situation is a little like the one Winston Churchill described when he said: “This is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.” We in the cyber world have taken some serious blows, and we are shoring up our defenses. But there is a long long way to go before our objectives are met.

With this post I want to provide a snapshot of some of the progress of late.

1) CNCI: The Comprehensive National Cybersecurity Initiative provided a kickstart to many elements of the federal enterprise and facilitated coordination action by multiple agencies. It was also an important evolution for Congress. The changes to the federal budget and the intentions of agencies was very positive. It is my opinion that the CNCI made a lasting positive difference in reducing unauthorized access into the federal enterprise and in enhancing resiliency of our systems. For more info see:

CNCI reporting at CTOvision.com

2) The CSIS report and related actions/studies: This 8 Dec 2008 report is the result of hard work and collective study by some of the best brains in the cyber security world. Commissioners on the study are a who’s-who of security and the quality of this report is a direct reflection of this fact. The report offers recommendations on multiple hard areas and should be referenced by anyone making decisions in the IT arena. A recent related development is the posting by SANS of the Common Audit Guidelines. This is a fantastic step towards providing guidelines to enhancing security and functionality. For more info see:

3) GAO Reports: Never in my life have I been so pleased with the quality of GAO reporting. They have been doing fantastic work pulling together information on a wide range of technology issues. Key among them is reporting on cyber security. For example, the 10 March 2009 report on “National Cybersecurity Strategy.” This report captures a statement by David Powner, Director of Information Technology Management Issues for GAO. The report recommends twelve key strategy improvements needed now, most of which are in total consonance with the CSIS report.

4) The Obama Administration Review: Being true to promises during the campaign, the Obama administration began a review of cyber in a way that is open and is proactively seeking out inputs from all quarters. Great work in liaison with industry, academia and internal in the federal government is underway. This type of liaison has immediate benefit in building bridges with large teams of people who need to work well together to engineer enduring solutions, so it has already delivered benefits. For more info see:

White House Conducting Review of Cyber

The four topics above are all things that are translating to real action to improve the security posture of both the federal IT enterprise and the critical infrastructures of the nation. In my opinion, great progress is being made.

But now is not the time to rest on our laurels. The battle has just begun.

“This is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.”

For more on these topics see the CTOvision Guide to National Security Technology and

About Bob Gourley

Bob Gourley is the CTO and Co-Founder of the due diligence and cybersecurity consultancy OODA LLC , which publishes CTOvision.com and OODAloop.com. Bob's background is as an all source intelligence analyst and an enterprise CTO.

Gain Decision Advantage With Innovative Enterprise Software

For over 10 years CTOvision has consistently provided strategic context on the nature of technology and how to best leverage it for your personal and business objectives. We maintain the site in a way meant to help you find insights you need as fast as possible. To kick off a search use the search box […]

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

Mitigating Advanced Threats with Scalable and Automated Malware Analysis: An interview of Chad Loeven and Mike Hylton

Mitigating Advanced Threats with Scalable and Automated Malware Analysis: An interview of Chad Loeven and Mike Hylton Scalable automated malware analysis has become a critical component of enterprise defense. When properly implemented it can be key to mitigating malware threats that otherwise bypass perimeter defenses. In this post we provide context enterprise architects and security […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

The Short Story From Arthur C. Clarke Every Officer in The Military Should Read and Heed

Like so many others in the national security domain I am tracking what I can about the new US Space Force, the newest US military force. I believe their mission is important and establishing Space Force was the right move. Space is, by definition, a domain that will require deep technological expertise to enable mission […]

This One Little Configuration Change Will Make It Harder For People To Steal Your Information

Editor’s note: We are aiming this tutorial at the non-technical person. Please share with anyone in your life who could benefit from this. -bg Cyberspace is a complex domain and our adversaries are always seeking new ways to steal information or spread their malicious code or hold our data for ransom. This is the big reason […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Science Fiction Gadgets You Can Get Today

Technology is advancing pretty fast, at times influenced by the exciting world of Science Fiction. This video captures 10 of the tech developments first seen in SciFi that are available now. A key point of this, if you want to know what is in our future, watch more SciFi!

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

Related