2009 had all the makings to be a banner year for cybersecurity: The need had been identified, guidance was promised, appointments were planned and mandates were discussed. Unfortunately, 2009 will be remembered as the year that wasn't, and the challenge facing us now is to make sure 2010 doesn't follow suit. Keith Rhodes, Cybersecurity: Make It Work This Year, Defense News, 1-11-10
Cybersecurity begins with disciplined, methodical risk analysis. Each business or agency needs a clear mission profile. Its decision-makers need a comprehensive analysis of their assets that includes an understanding of vulnerabilities and dependencies. First-hand, experiential mission knowledge helps ensure analytical accuracy. Keith Rhodes, Cybersecurity must start with mission assurance, Washington Technology, 1-15-10
Vital to Cyber Security in 2010 & Beyond: Mission Understanding & Mission Assurance
By Richard Power
In his years with the U.S. General Accounting Office (GAO), which was eventually re-named U.S. Government Accountability Office, Keith Rhodes was responsible for some very important assessments the profound implications of which have yet to be adequately addressed. During his career in government, he served as the first director for the GAO's Center for Technology and Engineering. Currently, Rhodes is Senior Vice President and Chief Technology Officer (CTO) for QinetiQ North America' Mission Solutions Group. (QinetiQ is one of CyLab's corporate partners.)
Rhodes has written two compelling Op-Ed pieces on cyber security in 2010 and beyond.
His insights are invaluable.
Here are some excerpts, with links to the full texts.
In his Defense News Op-Ed, Rhodes outlines "four ways in which cyber defense can move forward," including three that many of us think we understand better than we actually do, "Education," "Communication," and "Partnerships," and a fourth that is rarely grokked thoroughly, "Mission Understanding."
Mission Understanding ... is the most important piece of the puzzle. Without knowing what needs to be done, we cannot know what needs to be protected. Mission understanding needs to be the fabric that cybersecurity is made out of. Information isn't protected just because it exists, it is protected because it is necessary to a mission." Keith Rhodes, Cybersecurity: Make It Work This Year, Defense News, 1-11-10
In his Washington Technology Op-Ed, Rhodes articulates the companion concept of "Mission Assurance" and its relationship to cyber security.
I would argue that cybersecurity cannot be understood, much less addressed, except as part of a larger mission assurance whole. You want cybersecurity because you want to be able to use information to get something done. And you want to protect that information because you want to prevent others from damaging your ability to get things done. So the point is really mission assurance; that’s the holistic context in which cybersecurity makes sense. Keith Rhodes, Cybersecurity must start with mission assurance, Washington Technology, 1-15-10