why cybersecurity cannot be achieved in silo
TRANSCRIPT
![Page 1: Why cybersecurity cannot be achieved in silo](https://reader035.vdocuments.us/reader035/viewer/2022071818/55aed9531a28ab183c8b469d/html5/thumbnails/1.jpg)
A Strategic Risk Organization
Connected computers and its ecosystem—that
makes the cyberspace, brings complex
challenges and complexities to everyone.
Technology alone cannot give cyber-security—for
securing cyberspace requires a fine balance of
nations: its governments, industries, organizations,
academia (NGIOA)—its people, process,
proficiency, and prudence.
Jayshree Pandya
Cyber-security
![Page 2: Why cybersecurity cannot be achieved in silo](https://reader035.vdocuments.us/reader035/viewer/2022071818/55aed9531a28ab183c8b469d/html5/thumbnails/2.jpg)
Copyright Risk Group LLC
Why cyber-security cannot
be achieved in silo
![Page 3: Why cybersecurity cannot be achieved in silo](https://reader035.vdocuments.us/reader035/viewer/2022071818/55aed9531a28ab183c8b469d/html5/thumbnails/3.jpg)
Copyright Risk Group LLC
In this era of interconnected and interdependent digitalized global economy,
the nature and definition of security is going through a fundamental
transformation. The revolution in information technologies, processes
and connected computers are altering everything-- from how we communicate
to how we work, how we bank, how we shop and how we go to war. The
emergence of this whole new world of cyberspace has, and is been more or less
like an alien territory today—where there are very few knowns—and mostly
unknowns.
The connected computers, information technology and digitalization capability
of information that is revolutionizing every aspect of society—has brought
nations: its governments, industries, organizations, academia and individuals
(NGIOA-I)—a fundamental ability to connect and access information—without
any obstacle and interference. This has leveled the NGIOA-I playing field and
has brought a possibility of progress, prosperity and pride. What needs to be
seen is whether the connected computers can bring communication and
collaboration or chaos and calamities!
While information technology on connected computers is fundamentally
shaking the status quo and the power structure of NGIOA-I, it has also been
instrumental in shaking the fundamentals of security and pointing out the
inadequacy and ineffectiveness of its current form of definition, structure, nature
and response.
For much of human history, the concept of security has largely revolved around
use of force and territorial integrity. As the definition and meaning of security is
getting fundamentally challenged and changed in the world of cyberspace,
the blurring territorial boundaries and integrity are also becoming hard to define
and maintain. The notion that traditional security is about violence towards
respective nations—from within or across its geographical boundaries is now
outdated, and needs to be evaluated and updated. Just like in any traditional
physical security ecosystem, in cyberspace—and its ecosystem also, one is only
as strong as the weakest link in the chain. It is time nations’ collectively
incorporate a different, more accurate meaning of boundaries-if any, and of
security—irrespective of in space, cyberspace or geo-space.
![Page 4: Why cybersecurity cannot be achieved in silo](https://reader035.vdocuments.us/reader035/viewer/2022071818/55aed9531a28ab183c8b469d/html5/thumbnails/4.jpg)
Copyright Risk Group LLC
The challenges and complexities of evolving threats and security has crossed
the barriers of space, ideology and politics—demanding a constructive
collaborative effort of all stakeholders. When the changing nature of threats are
bringing new sets of challenges and complexities, collective brainstorming is a
necessity and not an option—to have an objective evaluation of what is at
threat and how can it be secured!
While the debate on the structure and role of government, industries,
organizations, academia will continue in the coming years, any attempt to
redefine security needs to begin with identifying, understanding, incorporating
and broadening the definition and nature of threat.
While information technology provides tools and technology to
communicate information on connected computers, it also
provides tools and technology to misuse information.
Connected computers and its ecosystem—that makes the cyberspace, brings
complex challenges and complexities. A cyber-security system –like any system
is made of collection of parts that have complex level of inter-connectivity and
inter-dependencies, designed to achieve a desired goal. In spite of this inter-
connectivity and inter-dependencies of collection of sub-parts of any and all
systems, there is currently no culture of collective brainstorming, identifying,
evaluating or managing risks across nations—and cyber-security is no exception.
Irrespective of whether it is a geo-security system or cyber-security system, any
and all systems needs to be evaluated holistically and collectively—not merely a
sum of its parts (because whole is always more than sum of its parts)—but as a
complete functioning unit. When any complex system that is made up of a
collection of parts, not only the individual parts needs to be evaluated, but the
environment in which the parts operate, its internal and external processes—and
its entire ecosystem needs to be evaluated. The cyber-security system, like the
human body, comprises of different components that interacts in complex
ways—within and across the cyber space. Nations need to understand the
cyber-security atmosphere, technology, processes, people, management,
![Page 5: Why cybersecurity cannot be achieved in silo](https://reader035.vdocuments.us/reader035/viewer/2022071818/55aed9531a28ab183c8b469d/html5/thumbnails/5.jpg)
Copyright Risk Group LLC
governance-- its inter-connectedness and inter-dependencies—within and
across the cyberspace as one complete system. Understanding the cyberspace
completely will help nations improve their cyber-security risk understanding and
capabilities.
At the moment, cyber threats and cyber-security are not clearly
understood by any nations: its governments, industries,
organizations, academia and individuals.
In the cyberspace, information is critical for not only survival but also
sustainability—and hence becomes a critical necessity to protect it at all costs.
When the cyber space is riddled with challenges and complexities, it is vital to
have a cyber-security model that is dynamic, holistic, and collective-- and that
considers all variables and integration points of NGIO-I.
Cyber-security vulnerabilities does not arise only from only technology, but also
from inadequacies in governance, processes, management, culture, inter-
dependencies and integration. When each nation: its government, industries,
organizations, academia and individuals are now vulnerable to cyber-attacks, it
is important to understand that short term fixes, that are preferred over
identifying and fixing root cause of the problems generally do not work. The
approach to security is currently reactive—not only governments, but most of
the industries and organizations do not give importance to securing their
information data and are reactive in their response and do not invest
proactively in cyber-security. This reactive response approach limits entire
nation’s ability to have a proactive cyber- security risk management
capabilities.
Information—irrespective of individuals, industries, organizations, academia or
governments across nations is at risk. Unless security becomes a collective
proactive initiative, there will be recurring incidents of cyber-attacks with varied
levels of impact and intensity. The increasing level of cyber-security challenges
from integration within, between and across NGIOA-I forces a collective mindset
and efforts for securing cyberspace.
![Page 6: Why cybersecurity cannot be achieved in silo](https://reader035.vdocuments.us/reader035/viewer/2022071818/55aed9531a28ab183c8b469d/html5/thumbnails/6.jpg)
Copyright Risk Group LLC
In order to be able to minimize and manage-- any and all cyber-security risks, it
is important to understand every possible building block of cyberspace: its
framework, associated processes, technology, people and ecosystem. When
managing cyber security seems to be near impossible at the moment, it is
important to acknowledge that there is a need for collective understanding and
integrated NGIOA-I cyber-security framework without which, any and all efforts
will be meaningless.
Cyber-security requires an integrated approach with a common language.
While appropriate hardware and software is a fundamental necessity,
establishing effective cyber-security framework, integrated NGIOA-I approach,
structured processes is even more important.
What do we know about the cyberspace? Who does it belong
to? Who is accountable? Governments-Department of Defense?
Homeland Security? Industries? Organizations? Academia?
While going digital is a global age necessity, the question is whether going
digital is wise through open internet -- especially when nation’s digital
infrastructure is put together in a haste in silo—with no coordinated framework,
standards, policies and regulations. Unless there are significant advances in the
nature of digital infrastructure, its processes, technology, tools, accountability
and oversight, it is not only the privacy of NGIOA-I that is @ risk—everything is at
risk.
In an interconnected world, NGIOA-I need to be responsible for securing the
cyberspace. Relying on government alone to provide and enforce cyber-
security is like asking a thief to break in with doors and windows wide open. Each
one of us—each NGIOA-I has a responsibility towards securing the cyber
space—just like each one of us has responsibility towards securing our valuables,
homes and businesses!!
Cyberspace cannot be secured if nations and its governments work in silo within
and across its national boundaries. The need for integration and collaboration
![Page 7: Why cybersecurity cannot be achieved in silo](https://reader035.vdocuments.us/reader035/viewer/2022071818/55aed9531a28ab183c8b469d/html5/thumbnails/7.jpg)
Copyright Risk Group LLC
between NGIOA-I—within and across nation’s geographical boundaries is a
fundamental necessity for not only managing the cyberspace but to manage
any global threat! Time for NGIOA integration and collaboration is now!
About the Author
Jayshree Pandya (née Bhatt) is a Strategic Risk Management leader well known
for her work on risks involving nations: its government, industries, organizations,
and academia (NGIOA). With over 20 years of diversified experience, Jayshree
has worn multiple hats as a visionary, founder, published author, thought leader,
columnist, editor, scientist, risk auditor, risk researcher, risk advisor, risk consultant
and invited speaker at international conferences. She launched and
managed Risk Management Matters, an online Risk Journal and one of the first
Risk Publications, publishing Industry Risk Reports of Biotechnology, Energy,
Healthcare, Nanotechnology, and Natural Disasters over the course of five
years. Jayshree’s inaugural book, The Global Age: NGIOA @ Risk, was published
by Springer in 2012.
At Risk Group, Jayshree is defining the language of risks and currently
developing thought leadership, researching needed practices, tools, framework
and systems to manage Strategic Risks facing nations in a Global Age. In
addition, she is developing an advanced global Strategic Risk Advisory
specializing in the design and delivery of Strategic Risk Solutions. She is also
developing Strategic Risk Management programs, courses and training to
educate nations to the need for new risk governance framework, systems and
processes to better manage the strategic risks. Her efforts are beginning to
influence the Global Risk Dialogue.
Beginning her career as a scientist, Jayshree received India's National Young
Scientist Award in Biochemistry. The U.S. Department of Energy and the World
Health Organization have referenced her work on energy production and anti-
cancer drugs. Jayshree resides in Sugar Land, TX with her husband Pradip, and
three children, Shree, Shivani and Shiv.
![Page 8: Why cybersecurity cannot be achieved in silo](https://reader035.vdocuments.us/reader035/viewer/2022071818/55aed9531a28ab183c8b469d/html5/thumbnails/8.jpg)
Copyright Risk Group LLC
Contact Risk Group
Jayshree Pandya
+8329718322
Copyright Risk Group LLC. All rights reserved