Third, and most important, cyber security suffers from lack of a great transformative metaphor. We need to find a 21st Century vision worthy of this 21st Century challenge. Cyber security suffers from being conceptualized as an architecture, and indeed as merely a subset of IT architecture, i.e., on the white board, all that an IT architecture is a orderly representation of networks, hubs, servers, workstations and clouds, and cyber security is simply another layer within that representation, i.e., a strata of firewalls, authentication servers, intrusion detection devices, etc. positioned strategically throughout the greater IT architecture. This view of cyber security as simply flat, technology-centric and wholly subservient to the general IT environment limits and distorts the role of cyber security. A truly 21st Century cyber security architecture for the enterprise would not take as its model the blueprint of a building, or present itself as a simply a sub-set of IT. A truly 21st Century cyber security architecture would take into account the physical space and the psychological space as well as the digital space; it will be informed not only by technology, but also by economics, psychology, anthropology, criminology, and other disciplines. The vision of cyber security as a web, an organic structure, would be more useful than that of cyber security as a blueprint. After all, in the 21st Century, the web of life has become interdependent and intertwined with the web of digital information; therefore, we envision the web of security as a third dimension, one that also becomes interdependent and intertwined and serves to strengthen and enhance the vibrancy, resiliency and health of the other two webs.
Richard Power is a Distinguished Fellow at Carnegie Mellon CyLab and a frequent contributor to CSO Magazine. He writes, speaks and consults on security, risk and intelligence issues. He has conducted executive briefings and led professional training in forty countries. Power is the author of five books. Prior to joining Carnegie Mellon, Power served as Director of Security Management and Security Intelligence for the Global Security Office (GSO) of Deloitte Touche Tomatsu and Editorial Director of the Computer Security Institute.
This story, "A Profound Moment in Cybersecurity" was originally published by CSO.