“Offense has overwhelmed defense [leading] to a sense of helplessness . . . If we accept defense is futile because offense always wins, then we all stop trying as hard. We focus on cleanup instead of prevention.” – Jeff Moss (aka The Dark Tangent), Founder of DEF CON and the Black Hat conferences
Creating a more defensible, agile, and resilient cyberspace is achievable, “but only through leverage innovations that give defenders the most advantage at the greatest scale at least cost,” according to a new report released Sept.28th by the New York Cyber Task Force, organized by the Columbia University’s School of International and Public Affairs.
The report entitled, Building a Defensible Cyberspace, which included 30 senior-level experts from New York City and other places, urges for transparency, risk-based governance, increased cloud computing use and other new technologies, as well as emphasizes the significance of federal funding, collaboration across sectors, and flexibility and resilience.
Recommendations include:
For the U.S. Government:
- Create a new cyber strategy based on leverage
- Focus on transparency and riskbased governance, especially where these align market forces
- Migrate to cloud & other new techs which will deliver leverage
- Use federal funding to support leverage in the private sector For IT and Security Companies
For IT and Security Companies
- Never stop implementing the highest leverage innovations
- Don’t just share, but collaborate, including with funding to non-profits doing critical work
For IT-Dependent Organizations
- Start from the board down, not the technology up
- Leverage the most highleverage innovations
- Emphasize agility and resilience, two of the most general-purpose investments available