The following post was written by Andy Bochman, Grid Strategist-Infrastructure Defender for Idaho National Laboratory’s National & Homeland Security Directorate. Andy will serve as a provocateur at the March 19 Moving From Cyber Security to Cyber Resilience Summit.
Whatever primary hat you wear (engineer, attorney, cyber guru, standards writer, regulator, or end user), imagine for a moment the challenge of cybersecurity from the perspective of each of those other folks. You are familiar, I take it, with the parable of the elephant in the dark room, and how one’s impression of what animal it is depends on which part they encounter first as they feel their way around.
Speaking of elephants, as framed by the engineering standard of care, if one were designing a bridge capable of safely and reliably supporting the passage of up to 100 elephants at a time, the normal best practice thing to do is design and build it with a safety factor — let’s say a structural design and materials selected to support 140 standard elephants. Of course, we need to define whether we are talking African or Asian elephants, as there’s a not insignificant weight difference, with Africans often reaching seven tons and the Asian species topping out at a bit over five.
In other words, details matter. We must pay attention to how initial assumptions about users can be proved wrong by future shifts: in technology, regulation, user behavior, or weather patterns for that matter…. Read More