Search FCW

Advanced Search
Subscribe Now!
Table of Contents
Sprint
Business
BPM
CXOs
Columns
Columnists
Defense
E-Government
Elections 2008
Enterprise Architecture
Funding
Homeland Security
Health IT
IPv6
LOB
Management
Procurement
Privacy
Policy
Program Management
State and Local
Security
Technology
Telework
Training and Certification
Workforce

More Topics
resourcecenter
Home
Letters to the Editor
Current Issue/Download
Print/Online Archives
Editorial Calendar
researchstore
resourcecenter
Communications for Continuity Operations

Oracle Resource Center
NEW - Security Management
NEW - DOD and Security Guide
Networx Contract Guide
SEWP IV Contract Guide
Priority Report: Virtualization
NEW! CHESS formerly ASCP
New - SATCOM II

More >>


FCW.com BLOG

Latest News
ADVERTISEMENT




 
The Lectern:

The Lectern: Cyber-security -- protection vs. resilience

By Steve Kelman
Published on May 21, 2008 - 11:25 AM

Comment

Click here to comment on this blog

Newsletters

You might also be interested in these FCW newsletters:

Daily
Security

To learn more, click here.

I had dinner recently with Dan Mintz, the Department of Transportation's delightfully smart and contrarian chief information officer, and asked him about what his priorities were going to be for the waning months of the administration. Security, he said. Sort of a conventional response. But Dan's not a conventional guy, and he proceeded to develop his frankly unconventional views on cyber-security priorities.

We need to avoid putting too large a percentage of our cyber-security resources into firewalls and other forms of protection against people breaching the fortress and getting access to the system, in Mintz's view. No matter how hard we try, we will not be completely successful, and the concentration on defending the fortress acts psychologically to create a Maginot Line mentality where we don't think enough about what we should be doing behind these firewalls.

He argues that we should be putting a greater proportion of resources into what he called "resilience," increasing our ability to survive successful breaches; What does he include under this rubric? Partly, getting better at detecting breeches, to give us more time and ability to react. Partly, getting data kept in more dispersed locations, so crucial parts of our systems are more backed up. And partly, architecting our systems to be more resilient to attack, which broadly speaking involves getting them more Internet-based architecturally, so they become more decentralized and thus harder to bring down.
View Comments

I agree with Dan Mintz's comments, but I disagree that these views are "contrarian." Many writers, CIOs and CISOs have been talking about these same trends for over a year.

Posted by Dan Lohrmann on May 22, 2008 - 07:01 AM

Post a Comment

To post a comment, you must be a registered user of FCW.com and be logged in. Use one of the forms below to login or register for FREE to FCW.com. To protect your privacy, you can use an alias as your username.

Login to FCW.com

E-mail Address:
Password:
Forgot your password?
Register and Post Comment

* First Name:
* Last Name:
* E-mail Address:
* Password:
* Retype Password:
* Blog Username:
* Comments:


E-mail me when new comments are posted in this thread?


upcoming event

Enterprise Architecture 2008 - Washington, DC
September 9 - September 10, 2008

Occupational Health & Safety Executive Summit - Arlington, VA
October 6 - October 7, 2008


 

head
fcw
issue
First Name State
Last Name Zip
Title Email
     

Home | About | Contact | Customer Help | Privacy Policy | Editorial Info | Advertise | Link policy / Reprints | Site Map


1105 Media, Inc.

© 1996-2008 1105 Media, Inc. All Rights Reserved.