why cybersecurity cannot be achieved in silo

A Strategic Risk Organization

Connected computers and its ecosystem—that

makes the cyberspace, brings complex

challenges and complexities to everyone.

Technology alone cannot give cyber-security—for

securing cyberspace requires a fine balance of

nations: its governments, industries, organizations,

academia (NGIOA)—its people, process,

proficiency, and prudence.

Jayshree Pandya

Cyber-security

Copyright Risk Group LLC

Why cyber-security cannot

be achieved in silo


In this era of interconnected and interdependent digitalized global economy,

the nature and definition of security is going through a fundamental

transformation. The revolution in information technologies, processes

and connected computers are altering everything-- from how we communicate

to how we work, how we bank, how we shop and how we go to war. The

emergence of this whole new world of cyberspace has, and is been more or less

like an alien territory today—where there are very few knowns—and mostly

unknowns.

The connected computers, information technology and digitalization capability

of information that is revolutionizing every aspect of society—has brought

nations: its governments, industries, organizations, academia and individuals

(NGIOA-I)—a fundamental ability to connect and access information—without

any obstacle and interference. This has leveled the NGIOA-I playing field and

has brought a possibility of progress, prosperity and pride. What needs to be

seen is whether the connected computers can bring communication and

collaboration or chaos and calamities!

While information technology on connected computers is fundamentally

shaking the status quo and the power structure of NGIOA-I, it has also been

instrumental in shaking the fundamentals of security and pointing out the

inadequacy and ineffectiveness of its current form of definition, structure, nature

and response.

For much of human history, the concept of security has largely revolved around

use of force and territorial integrity. As the definition and meaning of security is

getting fundamentally challenged and changed in the world of cyberspace,

the blurring territorial boundaries and integrity are also becoming hard to define

and maintain. The notion that traditional security is about violence towards

respective nations—from within or across its geographical boundaries is now

outdated, and needs to be evaluated and updated. Just like in any traditional

physical security ecosystem, in cyberspace—and its ecosystem also, one is only

as strong as the weakest link in the chain. It is time nations’ collectively

incorporate a different, more accurate meaning of boundaries-if any, and of

security—irrespective of in space, cyberspace or geo-space.


The challenges and complexities of evolving threats and security has crossed

the barriers of space, ideology and politics—demanding a constructive

collaborative effort of all stakeholders. When the changing nature of threats are

bringing new sets of challenges and complexities, collective brainstorming is a

necessity and not an option—to have an objective evaluation of what is at

threat and how can it be secured!

While the debate on the structure and role of government, industries,

organizations, academia will continue in the coming years, any attempt to

redefine security needs to begin with identifying, understanding, incorporating

and broadening the definition and nature of threat.

While information technology provides tools and technology to

communicate information on connected computers, it also

provides tools and technology to misuse information.

Connected computers and its ecosystem—that makes the cyberspace, brings

complex challenges and complexities. A cyber-security system –like any system

is made of collection of parts that have complex level of inter-connectivity and

inter-dependencies, designed to achieve a desired goal. In spite of this inter-

connectivity and inter-dependencies of collection of sub-parts of any and all

systems, there is currently no culture of collective brainstorming, identifying,

evaluating or managing risks across nations—and cyber-security is no exception.

Irrespective of whether it is a geo-security system or cyber-security system, any

and all systems needs to be evaluated holistically and collectively—not merely a

sum of its parts (because whole is always more than sum of its parts)—but as a

complete functioning unit. When any complex system that is made up of a

collection of parts, not only the individual parts needs to be evaluated, but the

environment in which the parts operate, its internal and external processes—and

its entire ecosystem needs to be evaluated. The cyber-security system, like the

human body, comprises of different components that interacts in complex

ways—within and across the cyber space. Nations need to understand the

cyber-security atmosphere, technology, processes, people, management,


governance-- its inter-connectedness and inter-dependencies—within and

across the cyberspace as one complete system. Understanding the cyberspace

completely will help nations improve their cyber-security risk understanding and

capabilities.

At the moment, cyber threats and cyber-security are not clearly

understood by any nations: its governments, industries,

organizations, academia and individuals.

In the cyberspace, information is critical for not only survival but also

sustainability—and hence becomes a critical necessity to protect it at all costs.

When the cyber space is riddled with challenges and complexities, it is vital to

have a cyber-security model that is dynamic, holistic, and collective-- and that

considers all variables and integration points of NGIO-I.

Cyber-security vulnerabilities does not arise only from only technology, but also

from inadequacies in governance, processes, management, culture, inter-

dependencies and integration. When each nation: its government, industries,

organizations, academia and individuals are now vulnerable to cyber-attacks, it

is important to understand that short term fixes, that are preferred over

identifying and fixing root cause of the problems generally do not work. The

approach to security is currently reactive—not only governments, but most of

the industries and organizations do not give importance to securing their

information data and are reactive in their response and do not invest

proactively in cyber-security. This reactive response approach limits entire

nation’s ability to have a proactive cyber- security risk management

capabilities.

Information—irrespective of individuals, industries, organizations, academia or

governments across nations is at risk. Unless security becomes a collective

proactive initiative, there will be recurring incidents of cyber-attacks with varied

levels of impact and intensity. The increasing level of cyber-security challenges

from integration within, between and across NGIOA-I forces a collective mindset

and efforts for securing cyberspace.


In order to be able to minimize and manage-- any and all cyber-security risks, it

is important to understand every possible building block of cyberspace: its

framework, associated processes, technology, people and ecosystem. When

managing cyber security seems to be near impossible at the moment, it is

important to acknowledge that there is a need for collective understanding and

integrated NGIOA-I cyber-security framework without which, any and all efforts

will be meaningless.

Cyber-security requires an integrated approach with a common language.

While appropriate hardware and software is a fundamental necessity,

establishing effective cyber-security framework, integrated NGIOA-I approach,

structured processes is even more important.

What do we know about the cyberspace? Who does it belong

to? Who is accountable? Governments-Department of Defense?

Homeland Security? Industries? Organizations? Academia?

While going digital is a global age necessity, the question is whether going

digital is wise through open internet -- especially when nation’s digital

infrastructure is put together in a haste in silo—with no coordinated framework,

standards, policies and regulations. Unless there are significant advances in the

nature of digital infrastructure, its processes, technology, tools, accountability

and oversight, it is not only the privacy of NGIOA-I that is @ risk—everything is at

risk.

In an interconnected world, NGIOA-I need to be responsible for securing the

cyberspace. Relying on government alone to provide and enforce cyber-

security is like asking a thief to break in with doors and windows wide open. Each

one of us—each NGIOA-I has a responsibility towards securing the cyber

space—just like each one of us has responsibility towards securing our valuables,

homes and businesses!!

Cyberspace cannot be secured if nations and its governments work in silo within

and across its national boundaries. The need for integration and collaboration


between NGIOA-I—within and across nation’s geographical boundaries is a

fundamental necessity for not only managing the cyberspace but to manage

any global threat! Time for NGIOA integration and collaboration is now!

About the Author

Jayshree Pandya (née Bhatt) is a Strategic Risk Management leader well known

for her work on risks involving nations: its government, industries, organizations,

and academia (NGIOA). With over 20 years of diversified experience, Jayshree

has worn multiple hats as a visionary, founder, published author, thought leader,

columnist, editor, scientist, risk auditor, risk researcher, risk advisor, risk consultant

and invited speaker at international conferences. She launched and

managed Risk Management Matters, an online Risk Journal and one of the first

Risk Publications, publishing Industry Risk Reports of Biotechnology, Energy,

Healthcare, Nanotechnology, and Natural Disasters over the course of five

years. Jayshree’s inaugural book, The Global Age: NGIOA @ Risk, was published

by Springer in 2012.

At Risk Group, Jayshree is defining the language of risks and currently

developing thought leadership, researching needed practices, tools, framework

and systems to manage Strategic Risks facing nations in a Global Age. In

addition, she is developing an advanced global Strategic Risk Advisory

specializing in the design and delivery of Strategic Risk Solutions. She is also

developing Strategic Risk Management programs, courses and training to

educate nations to the need for new risk governance framework, systems and

processes to better manage the strategic risks. Her efforts are beginning to

influence the Global Risk Dialogue.

Beginning her career as a scientist, Jayshree received India's National Young

Scientist Award in Biochemistry. The U.S. Department of Energy and the World

Health Organization have referenced her work on energy production and anti-

cancer drugs. Jayshree resides in Sugar Land, TX with her husband Pradip, and

three children, Shree, Shivani and Shiv.

why cybersecurity cannot be achieved in silo

Education