eBook - ePub
The Digital Big Bang
The Hard Stuff, the Soft Stuff, and the Future of Cybersecurity
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
About this book
Cybersecurity experts from across industries and sectors share insights on how to think like scientists to master cybersecurity challenges
Humankind's efforts to explain the origin of the cosmos birthed disciplines such as physics and chemistry. Scientists conceived of the cosmic 'Big Bang' as an explosion of particles—everything in the universe centered around core elements and governed by laws of matter and gravity. In the modern era of digital technology, we are experiencing a similar explosion of ones and zeros, an exponentially expanding universe of bits of data centered around the core elements of speed and connectivity. One of the disciplines to emerge from our efforts to make sense of this new universe is the science of cybersecurity. Cybersecurity is as central to the Digital Age as physics and chemistry were to the Scientific Age. The Digital Big Bang explores current and emerging knowledge in the field of cybersecurity, helping readers think like scientists to master cybersecurity principles and overcome cybersecurity challenges.
This innovative text adopts a scientific approach to cybersecurity, identifying the science's fundamental elements and examining how these elements intersect and interact with each other. Author Phil Quade distills his over three decades of cyber intelligence, defense, and attack experience into an accessible, yet detailed, single-volume resource. Designed for non-specialist business leaders and cybersecurity practitioners alike, this authoritative book is packed with real-world examples, techniques, and strategies no organization should be without. Contributions from many of the world's leading cybersecurity experts and policymakers enable readers to firmly grasp vital cybersecurity concepts, methods, and practices. This important book:
- Guides readers on both fundamental tactics and advanced strategies
- Features observations, hypotheses, and conclusions on a wide range of cybersecurity issues
- Helps readers work with the central elements of cybersecurity, rather than fight or ignore them
- Includes content by cybersecurity leaders from organizations such as Microsoft, Target, ADP, Capital One, Verisign, AT&T, Samsung, and many others
- Offers insights from national-level security experts including former Secretary of Homeland Security Michael Chertoff and former Director of National Intelligence Mike McConnell
The Digital Big Bang is an invaluable source of information for anyone faced with the challenges of 21 st century cybersecurity in all industries and sectors, including business leaders, policy makers, analysts and researchers as well as IT professionals, educators, and students.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Digital Big Bang by Phil Quade in PDF and/or ePUB format, as well as other popular books in Computer Science & Cryptography. We have over one million books available in our catalogue for you to explore.
Information
SECTION 1
BINDING STRATEGIES:THE CORE OF CYBERSECURITY
The central parallel between the cosmic big bang and the digital big bang rests in their origins. The cosmic big bang unleashed the two central forces of matter and energy, inexorably connecting them in a way that has shaped and driven our entire existence. The invention of the Internet harnessed technological innovation to weld speed and connectivity—the central forces of the digital big bang equivalent to matter and energy—as a means of communication so powerful it has the potential to change the future of the human race.
Because speed and connectivity are the two primary elements of the Internet, harnessing their strengths and managing their risks must be the primary elements of any effective security strategy.
But too often cybersecurity is at odds with speed and connectivity.
THE NEED FOR SPEED
The Internet created a game-changing means to increase the velocity of information and the speed at which business can be done—to send data faster, accelerating the rate at which we can connect and communicate with others. Remember the days of sending data on disks through the mail? From those early academic uses, that connection has grown. Now the connection includes large-scale business and personal interests, contains our most sensitive health and financial information, and falls within the private and public sectors. Or we may use that connection for sheer entertainment.
The velocity with which we can now send and receive even massive amounts of data is staggering and getting faster every day. We can search for obscure facts, with answers in seconds; communicate in real time with people all over the world; and buy products with one easy click. Regardless of their use and application, today's systems of digital data transmission were designed to be faster than any other means at the time, and they have consistently exceeded that goal.
But to date, that speed has been a problem for defenders. Defensive systems often leach CPU cycles, forcing communication to slow down. When that happens, users often will simply turn off security features, leaving the network and its data vulnerable to attackers. To succeed, our security strategies must be based on leveraging that core philosophy of doing things at Internet speed.
THE DRIVE TO CONNECT
The Internet's creation was a testament to the power of collaboration. Researchers realized that they could achieve more insightful results by comparing and combining their efforts and getting access to remote computing resources.
The resulting architecture was designed around rich and resilient connectivity. As it matured, the Internet fulfilled deep needs for speed and connectivity—organizational, financial, physical, mental, and even emotional—which catalyzed its unprecedented proliferation.
But that highly desired connectivity also opened the door to attacks. Attackers soon learned that they could use connectivity to their advantage to achieve a malicious effect without being near their actual target. Adversaries now can launch attacks from multiple places, focusing their multifaceted barrage on points of weakness. Perhaps it is the central dilemma of cybersecurity: if you can connect with everybody, you can be reached by anybody.
Defenders should take the same architectural approach: design security that leverages connectivity.
HARNESSING SPEED AND CONNECTIVITY
Just as the cosmic big bang's fundamental forces of energy and matter must be carefully managed to achieve intended results, so too must speed and connectivity in the digital universe. For example, a split atom can do one of these two things:
- Blast and heat whole cities—Generate cool air in the summer and heated air in the winter via clean electricity from nuclear power plants
- Heat and blast whole cities—Generate fire and concussion via a nuclear weapon
Cybersecurity implementations must be efficient enough to enable both the highest possible safe speed at all times and the maximum reach and scope of connectivity.
Trying to build cybersecurity solutions that do not maintain speed and connectivity will fail, like an engineer who tries to ignore the laws of physics and chemistry. Just as the communication infrastructure of the Internet is based on a connected fabric of fast communication mechanisms, the security fabric that underpins communications also must be based on an integrated security strategy. Because speed and connectivity are the two primary elements of the Internet, harnessing their strengths and managing their risks must be the primary elements of any effective security strategy.
1
SPEED
“Speed is at the nucleus of the cyberfrontier.”Roland Cloutier,
ADP
“Greater connectivity, faster transmission and processing speeds, and machine algorithms result in faster and potentially more accurate decisions.”Scott Charney,
Microsoft
Speed must be viewed and treated like the fundamental element it is. But by its very nature, security slows things down. When you're in the security business, you're fundamentally in the business of slowing people down, and that's a horrible business to be in. Security must harness the power of speed to secure information while protecting against cyberattacks at the same rates.
Simply put, all cybersecurity must be extremely fast.
Security without speed is a losing proposition. In fact, slow security is often no security. Good security strategy must be based on leveraging speed, specifically
- Raw speed to detect and mitigate attacks in real time
- Processing capacity with more sensors, more data, and more insights to parse data more efficiently and find the smallest anomalies in system functionality
- Forward compatibility to create the headroom to implement future solutions that could involve even greater speed
Good security strategy must achieve these goals with as little impact as possible on the speed users have come to expect and demand. That's because in addition to the operational reason for speed, there is a practical reason: Users aren't willing to wait.
A consistent consequence results from that user impatience paired with cybersecurity techniques that don't feature speed as a fundamental component: Slow security solutions get shut off, either because they are too cumbersome or because they simply can't keep up. A security solution that lacks speed and thus is turned off provides zero benefit. Thus, slow cybersecurity techniques become greater impediments than benefits.
If organizations are forced to adopt tools that do not meet the needs and standards of fast data transfer, the odds are that not only will those organizations become less safe, but they will carry that lack of safety to every point of connectivity they share, endangering other organizations.
Acknowledging the inherent conflict between security and speed requires us to strategically design how, where, and when to slow things down, while maintaining and preserving as much velocity and efficiency as possible.
When it comes to cybersecurity, without speed, there is nothing. Users will, however, embrace a solution with speed as its key component.
SPEED: THE NUCLEUS OF THE CYBERFRONTIER
Roland Cloutier, ADP
Context is king when providing tangible models of reference to complex issues like cybersecurity. Even as security practitioners, we are faced with an onslaught of information, intelligence, data points, and other exceptional information with a need for action or decision, but we often lack the availability of context to make sense of the environmental settings that help us make great decisions.
WHAT DO WE MEAN BY SPEED?
As we begin to discuss speed as a binding strategy and guiding principle for approaching cybersecurity, we must take the time to truly understand the implications and context of the meaning of speed as a multifaceted component of the threat, of what we are protecting, of how we protect, and of the impact on our ability to be successful.
Speed is in fact at the nucleus of the cyberfrontier. As a term, it can be considered a noun (the rate at which something is measured for movement) or a verb (describing an action of movement). In either case, when linked to the defense of technology, it is speed that dictates our plans, actions, and, often, outcomes. It is speed that supports measures of priority along with residual risk measures. And it is speed that impacts basic program considerations such as cost, services, and urgency.
We'll now explore key areas of speed as a binding strategy and the key strategic elements that you can focus on to help you make better decisions, deliver better results, and have a greater impact in protecting your charge.
HOW SPEED IMPACTS SECURITY
Living in a digitally connected ecosystem of business, societies, and global economies that operate at the speed of light means that the factors and issues that determine how and what we protect are like a living, breathing organism. It is always thinking, consuming, and growing in many different ways. First, the environment you work in is not a controlled and managed architecture of systems and software encased in a protected data center with limited exposure. From the interconnection of data platforms between organizations to the extended components of the Internet, and even through the introduction of self-learning and decision-making software, digital infrastructures and operations are affected by the speed at which the globe is connected. To further complicate these scenarios, the human element cannot be forgotten. Decisions and actions made by humans can readily and starkly change the environment you protect through a limitless number of potential social and physical interactions.
Speed is also a critical element in the pace of change. Technology from a pure business asset perspective is often measured in years. Today, however, through the adaptation of advanced technology for criminal means, some cyberdefensive technologies may have a realistic effectiveness of only less than a year, and in some cases, days. The speed of the threat actor, your own technology environment, and your ability to defend it is entirely predicated on the speed of change. That pace of change also includes the necessary changes to our speed of making decisions. The critical actions of stopping, impeding, disrupting, and responding to cybersecurity risk and events that affect privacy in a digital world force us to make rapid and accurate decisions never required in previous decades. New methods of data acquisition and analysis for decision support are critical aspects of creating these new strategies for success in a digital age.
Finally, speed is a significant financial lever. Beyond the normal cost considerations of time to acquisition, time to deployment, and other accounting mechanisms that manage the total operating cost of programs, projects, and operations, the reality is that the speed of the next generational digital economy and the infrastructures you protect will essentially shorten the lifespan of any given technology or capital investment in your cybersecurity defense architecture. Technology in a normalized information technology portf...
Table of contents
- Cover
- Table of Contents
- ABOUT THE AUTHOR
- CONTRIBUTORS
- ACKNOWLEDGMENTS
- INTRODUCTION
- SECTION 1: BINDING STRATEGIES:THE CORE OF CYBERSECURITY
- SECTION 2: ELEMENTARY SHORTFALLS:THE THINGS WE DIDN'T GET RIGHT AT THE BEGINNING
- SECTION 3: FUNDAMENTAL STRATEGIES:PROVEN STRATEGIES THAT DON'T LET US DOWN
- SECTION 4: ADVANCED STRATEGIES:SOPHISTICATED CYBERSECURITY OPERATIONS
- SECTION 5: HIGHER-ORDER DIMENSIONS:WHERE HUMAN FACTORS CAN ECLIPSE COMPUTING WIZARDRY
- THE FUTURE
- INDEX
- End User License Agreement