Most of the sources I interviewed for this issue’s cover story, “Everyday cybersecurity” (p.16), reminded me that avoiding cyber-threats and preventing probes, intrusions and attacks is relatively easy in the short-term, but increasingly difficult as time goes by.
The basic best practices—using passwords and authentications, implementing antivirus software, segmenting networks with firewalls, and enabling network traffic monitoring and threat detection—are always good advice and certainly worth repeating. However, they're just the table stakes for getting into a game that runs all night, throughout the next weeks and months, and for all of our foreseeable futures.
Similar to most things we build, a little time goes by, and rust, weeds, version creep, erosion, maintenance gaps and other problems crop up. This happens to everyone, in this case, even the best cyberspace experts and most proactive organizations.
For example, a few highly qualified sources for this month's cover article tried to pass off the same old slides and bullet points they'd already providing for years. I know it helps to repeat the essentials, but the cybersecurity field evolves quickly, and I figured there had to be more detailed news about the profound ways that software is automating cybersecurity. Not so much.
I’m pretty sure there’s more up-to-date information and best practices that apparently aren't getting out, or at least aren't reaching me—and I apologize for not finding them and relaying them to you. I’m aware pesky reporters may not get the latest intel, but I shudder to think that many users may not be getting what they need to protect their people, processes and facilities.
This situation triggered my own mental alarm because it was similar to when the U.S. Dept. of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) started out years ago as the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). I recall they initially posted a bunch of generalized whitepapers, and then nothing for a while. It looked like they were scrambling to put anything up on their website to cover their rear ends. Not a good omen. Since that time, they eventually rallied, and now regularly provide updated alerts and other useful cybersecurity guidance.
In both cases and others, expertise can get stale and lag behind accelerating technical advances. Many sources, myself included, have to look like we still know what we’re doing, and fall back on old information. I remember that some of the surgeons I used to interview telling me that crucial sections of their know-how were one breakthrough study away from being obsolete, especially in the mid-1990s when innovations in minimally invasive surgery procedures were developed and improved in rapid succession. Sound familiar?
What to do? Well, first off, don’t wait for me or others when we apparently don’t have useful input on cybersecurity or any other topic that can help users do their jobs more securely and effectively.
Go out and get second, third and fourth opinions about cybersecurity software and other tools to will be the most helpful to you and your colleagues, processes, facilities and organizations. You can’t wait for useful solutions to just come to you. Trust me. Almost everything that comes in unsolicited are sales pitches, which logically require promotion because they’re almost entirely useless.
Likewise, aggressive initiative is also required as cybersecurity policies and procedures transition from being responses to one-off incidents to regular jobs like process safety and routine maintenance. As usual, it’s easier to jump up for an exciting novelty than it is to maintain long-term focus on routine tasks we should have been doing all along, especially when many of them have been neglected up until now. In fact, I think this may be why reluctance to adopt cybersecurity, digitalization and other productive change is so persistent. We aren’t just resisting what’s new and different. We resent that they turn the light on and make visible what we’ve been neglecting all along.