Jul 212012

There are plenty of definitions for “cybersecurity” which various groups assert as authoritative … each in order to serve one of those groups. Feel free to shop for a definition of nails that works best for your hammer.

Maryland’s perspective on the meaning of “cybersecurity” is pretty focused on intrusion detection on systems and their integrity. No surprise with this. Local industries are optimized for this since the government contracts they serve are optimized for this, rightly or wrongly. The university system follows accordingly. In the 2010 report of the University System of Maryland, officials adopted the NSA definition: “measures that protect and defend information and information systems by ensuring their availability, integrity, authenticity, confidentiality and non-repudiability.” Yup … information systems.

But cook up a definition of cybersecurity by first principles – for example, by checking a dictionary on the word parts – and you can easily derive a generic description, which is security involving computers. From there it is not much of a stretch to even be security involving technology. Using this definition, Maryland comes up pretty short. There are plenty of security issues which involve computers or related technologies but are not “information systems.”

Two recent TED talks illustrate the point. First, Todd Humphreys gives a great description of where we are going with GPS accuracy and integrity. It is all about how to spoof a GPS. None of the traditional views of hacking apply in this example – it just illustrates a new form of Garbage-In-Garbage-Out. And none of the traditional “information systems” approaches to defending this apply either. Staid network-centric technologists are still left flat footed wondering how to respond.

If you argue that is still an information system which fits inside traditional definitions, then no problem. Step outside of network or information system examples entirely with some of the chilling thoughts of another great TED talk, by Marc Goodman, on crimes of the future. The vision he relates is becoming real at a faster pace than most might think.

Just like generals always train for how to fight their previous war, Maryland focuses resources – and cultivates educational systems – on a narrow information system model of security. This may serve the federal agencies with which state industry has big contracts – if you pay the piper, you call the tune – but it is not how to take the lead on behalf of constituents and stakeholders.

 Posted by at 8:41 am on July 21, 2012