Last week I mentioned the first NCSAM topic of “Own IT”, the second topic is “Secure IT”, in the Navy this has several meanings; “Secure the P-way” (make sure no one traverses this passage way sailor, Hooyah) or “Secure for Sea” (tie down, fasten, or relocate everything that isn’t bolted to the hull), because the ocean likes to rock you to sleep as much as she likes to throw you down a ladderwell; these are just a few examples, but securing IT (information technology) is a whole other beast entirely.

You see gravity is a predictable thing, a little less predictable on a warship getting pounded by ocean waves in the middle of the pacific, but “what goes up, must come down” is a generally accepted truth; however, cybersecurity is far from black and white, so far that we call ourselves “white hats” and “black hats” so you can, maybe, understand what we are trying to do (spoiler: there are many more hats). Let me be less abstract, if you don’t fasten down the bracket on that fire extinguisher “secure”ing it to the bulkhead before we get underway, there is a real possibility that metal cylinder full of AFFF is going to flop around and slap you in the head; landing you a seat at sick call, and probably a prescription of the omnipotent “Motrin and water”.

The same is unquestionably true in Cyberspace, though its lacking in the gravity department, there are certain measures, procedures, and postures you can take that exponentially increase your ability to "not get whacked in the head". The most important idea to take away from this is entropy; no not thermodynamic heat death, the principle that “lack of order or predictability; gradual decline into disorder.” (as defined by Oxford) is pervasive throughout space/time, including IT. So you bought a fancy new NGFW, you’re implementing segmentation on the network, you are integrating SIEM, and...etc., ad nauseam, until the next “Silver Bullet” is developed; there is someone out there who knows exactly how to crack IT, and if they want in, it’s just a matter of time. What I mean to say is, there is always a way around the latest and greatest piece of tech, all we can do is put as many barriers, checks, and procedures in the way to hold back entropy as long as we can, to keep data confidential, available, and ensure its integrity. 

Security Bites, Don’t be Next,

Jim Howard