Time to Toss the Networks

There’s a joke often told to warm up crowds wherever CISOs gather. It goes something like this: an outgoing CISO hands his replacement a series of letters. He tells her to open them when a breach is discovered, one by one. The first one says: “blame me.” The second one says: “Blame China.” The third one says: “write three letters.”

As we move well past the first 100 days of the new Administration, the security of Federal data is now something that the Trump Administration will own in the event of a breach. The window in which Sean Spicer will credibly be able to say, “the infiltration occurred during the last Administration; we detected it and have stopped any further loss of data” is closing.

Estimates vary, but it takes most organizations between 99 and 200 days to detect an intrusion. By that reasoning, sometime after August 8, the Trump Administration won’t have anyone else to blame (the OPM intrusion used up the China excuse… sorry).

In many respects, the Trump Team deserves credit for sticking to the game plan on cybersecurity first laid out by the Bush Administration and expanded by President Obama: a focus on public-private partnership, a recognition that military solutions have limited value, and a heavy emphasis on improving Federal hygiene and modernization. All those elements come through clearly in the executive order of May 11.

But after OPM, the emphasis on patching vulnerabilities and eliminating legacy IT systems always felt misplaced. Yes, the OPM incident showed the poor state of cybersecurity hygiene and exposed the problem of legacy systems that cannot be secured. But more to the point, it showed that Chinese cyber actors had compromised one of our most vital repositories of information. And it begs the question, did they compromise (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Rob Knake. Read the original post at: Cylance Blog