Cyber: A key to unlocking IT savings
Last week, I attended a cybersecurity briefing put on by Northrop Grumman. Their theme was embedded cyber in defense platforms, particularly the command and control systems that run weapon systems.
One major point was the need to build cyber into these systems from the start, and to use open standards and enterprise architecture so the systems remain flexible and adaptable going forward. This way, they can evolve and be updated as new cyber threats emerge.
As the Northrop folks described this approach, they used the term "situational awareness" several times. At first, I was thinking about the traditional situational awareness of the battlefield, where you know where to keep track of foes and friendlies, but it was quickly apparent that they were talking not about the physical battlefield domain, but the cyber domain.
Situational awareness in the cyber domain isn’t that different than in the physical domain; it’s controlling your perimeter, it is identifying foes and friendlies and tracking where they are and it’s about managing your risks.
All of these are buzzwords for today’s cybersecurity philosophy.
This shift to a situational awareness approach to cyber might have some other benefits besides mitigating cybersecurity risks; it actually might make for better-managed and more cost-effective IT systems.
To have situational awareness, you have to be able to identify and track what is in your domain, from laptops, PCs and servers to smartphones, mobile devices and routers. Now, I know that it is a herculean task to inventory all the parts and pieces of a network, but isn’t that a requirement for understanding the risks you face?
Addressing cybersecurity risks is going to drive more agencies and organizations to take on this inventory effort because their missions are threatened by cyber risks. The focus on mission is a powerful motivator.
As more agencies adopt this situational awareness approach to cybersecurity, they’ll be collecting tons of valuable information about their networks and systems. While the primary use of the information will be cyber-related, it also will have additional value.
The icing is that the same information used to mitigate cyber risks also can help agencies better manage their IT and bring reduced costs and greater efficiency.
In other words, the push for cyber can have other added benefits beyond security.
Posted by Nick Wakeman on May 28, 2013 at 7:24 PM