Will Low-Cyber Diet Improve Security?Ex-Navy Secretary Prescribes New Approach to Infrastructure Protection
Former Navy Secretary Richard Danzig likens society's growing dependence on information technology to surviving on a diet of poisoned fruit. He says we're taking risks with critical cyber-systems that ultimately can cause irreparable harm.
Danzig, in a new report titled Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risk of Cyber Dependencies, characterizes digital technologies as a security paradox that grants unprecedented powers while making society less safe.
How to resolve this paradox? Danzig, in an interview with Information Security Media Group, says the nation should rely less on cybersystems designed for its critical infrastructure.
"To get to a higher state for critical systems, we need to cut back in our use of cyber, mix into those systems analog, non-digital components, or [incorporate] human variables in the loop," says Danzig, vice chairman of the board of trustees of the defense-oriented think tank The Rand Corp. and former chairman of the Center for a New American Security, another think tank that published his paper.
"We need to build in resiliency which anticipates failure because ultimately insecurity is ineradicable," he says.
A "mundane" example: the printer found in most offices. In a high-security environment, printing could be essential. But most printers contain memory chips, are network connected and can make copies of highly sensitive or top-secret documents as well as fax them. "If you ripped out all of those attributes, you'd have a more secure system," Danzig says.
Stripping down technologies to enhance security comes at a cost by making organizations less efficient and effective. But organizations, Danzig says, especially ones critical to the nation, must assess risks when buying "nice-to-have-things" by making "more self-conscious choices." Not doing so, Danzig warns, heightens insecurity or - put another way - increases the number of attack surfaces cyber-assailants could exploit. "We have to be very self-aware," he says.
In the interview, Danzig discusses how:
- Leaks by former National Security Agency contractor Edward Snowden demonstrate the need for critical systems not to be so connected to the cyberworld;
- Mutually assured destruction, the concept that kept the Soviet Union and United States from destroying each other with nuclear weapons during the Cold War, could be applied to cybersecurity;
- The nation's public health system serves as a model for businesses taking the lead on securing their critical IT systems with support from the federal government.
Danzig served as the 71st secretary of the Navy from 1998 to 2001 under President Clinton. Earlier in the Clinton administration, he served as the Navy undersecretary. In 2007 and 2008, Danzig served a senior adviser on national security issues to presidential candidate Barack Obama.
He received a BA from Reed College, a law degree from Yale Law School and bachelor and doctoral degrees from Oxford University, where he was a Rhodes Scholar. Danzig served as a law clerk to U.S. Supreme Court Justice Byron White.