Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/653616
C CYBer SECURITY www.vanguardcanada.com FEBRUARY/MARCH 2016 23 Overall degree of harm: it's not just data While degree of harm is crucial to estab- lishing risk, identifying appropriate coun- termeasures and closing gaps and address- ing vulnerabilities, assigning it is complex. Analysts are required to hypothesize sce- narios of exploit and their immediate and down-stream impacts; the tendency to as- sociate harm with cost (dollar value) of re- placement and recovery and ignore physi- cal harm in this process is always a risk. While immediate impacts may be loss of data loss or loss of reputation and credibil- ity, the broader, secondary impacts may re- sult in financial, economic, competitive or national security implications; physical harm or loss of life may also emerge as an impact. For example, contamination of water source may present a primary impact of physical harm or loss of life but loss of cred- ibility and economic stability may emerge as long term impacts. Broadening analysis and soliciting in-depth detail on immediate and long term impacts helps define effec- tive and prescriptive countermeasures that harden environments based on the their harm potential. single versus all-hazards approaches All-hazards approaches were mostly en- countered with disasters management, such chemical spills or an energy plant fire due to a natural disaster. These static elements make an all-hazards approach a reasonable means to manage and mitigate certain types of emergencies and events. However, where cyber-threats are by na- ture much more fluid and unpredictable due to unknown, and sometimes never known, actors and evolving technologies, single-hazard approaches should be ex- plored and tested. Single-hazard does not imply that for ev- ery threat type there is a custom approach; single hazard approaches should have a mandatory foundation of characteristics and optional characteristics that allow for a properly designed security response - and might best be renamed as cyber-hazard. A cyber-specific approach to the impacts of cyber threats would assist in overall agility, performance measures and would convey a means to collect information and enact appropriate processes, while maintaining those that are repeatable. there is no silver bullet While it is appropriate to question wheth- er we are clinging to what used to work because the prospect of starting anew is monumental, to throw away old axioms in favour of new ones, is only prudent if they are well-researched and designed and gov- erned by effective policy. At the preventative layer, the benefits of adopting cross-sector strategies strengthened by in-depth analysis that address detailed loss and impact will out weigh the commitment of resources and investment in the long run. Renewal should start with new practices, not best practices, that target behavioural change and enhanced capabilities and tools, processes and skills should be assessed to ensure they align with strategic end goals. Realizing the value of efforts at the tactical level starts with an agile security foundation and a communi- cations framework for sharing vulnerability and recovery information. As mentioned earlier, fighting a global threat with a local response is neither smart nor effective. Successfully preventing, de- tecting, identifying and disabling these complex threats will require global perspec- tive in formulating responses and actions that are scalable to cross-sector stakehold- ers and the global community. valarie Findlay has over a decade of senior expertise in Canadian federal government and is President of HumanLed, Inc. (www. HumanLed.com). She is currently develop- ing the Threat Information Gathering and Incident Reporting System (TIGIRS) and its algorithm, with Alphinat and their Smart- Guide solution. She has also produced research papers and preliminary studies on cyber-terrorism, security capabilities and vendor markets in Canada and recently her dissertation, "The Impact of Terrorism on the Transformation of Law Enforcement". She has a masters in Terrorism Studies and is currently working on her doctoral thesis, the sociology of terrorism and the Elias' process of civilisation. She can be contacted at: vfindlay@humanled.com regardless of today's advanced technological countermeasures, military and government departments still feel the pain in implementing and maintaining security frameworks