Tuesday, January 7, 2014

Singer & Brookings on the Security Governance/Ownership Vacuum

Analyst and author Peter Singer of the Brookings Institute has a new book out intended for everyman. And everywoman. To include particularly those types who consider themselves non technical, or as I've heard cyber folks in DOD refer to them - tech immigrants (vs. typically younger tech natives).

The net he casts is wide enough to captures senior government and business leaders too.  Below are excerpts from a recent interview with CNN/Fortune that really resonated with me, with particular applicability to our sector:
"Stop looking for others to solve it for you, stop looking for silver bullet solutions, and stop ignoring it." 
"I would argue that there's no issue that's become more important that's less understood than cyber. You can see this gap in all sorts of areas, including on the business side." 
"Cybersecurity and cyberwar questions are going to be with us as long as we use the Internet, so we have to stop being scared and start figuring out how to manage it. And when I say "we," I mean it's not just for the IT crowd anymore." 
"First, the people that sit in the C-suite, the people sitting on the Supreme Court, the people who are generals -- they likely didn't use computers when they were in college." 
"It's about getting the human side of this right -- the people and the processes and the way they fit in with the technology." 
"Whether you're working in the IT department or you're a lawyer or you're working in operations or wherever, you're increasingly going to be dealing with cybersecurity questions, whether it's managing people who work on them or figuring out how to protect yourself and your company from threats to your intellectual property, to your services, to your contract negotiations, or deciding "how much should I spend on this in my budget? Who should I be hiring?"
And for me this is the biggest / best one, especially for energy sector execs and boards:
"Most worrisome to me is the notion that this is for the IT crowd. This is for the nerds to handle. That's how it's been treated before: 'I don't understand this stuff so I'm going to hand it over to the techies' First, that's an abdication of leadership. Secondly, the IT crowd understands the software and hardware, but they don't understand the wetware. They don't understand the humans and the organizations and the ripple effects around them that are equally, and in many cases more, important."
It's a great roll-up of many of the awareness, leadership and governance concepts you've seen on this blog, but in a more visible medium.  Hope it sells well and gets read by lots of folks.

Co-authored by Singer and Allan Friedman, the book is called Cybersecurity and Cyberwar: What EveryOne Needs to Know.

No comments: