Communication, collaboration, and coordination are being touted as the keys to success for teleworking during the coronavirus pandemic, but the best frameworks for cyber defense in these modern times may end up coming from old teachings.
Oki Mek, Technical Integration Lead for Reimagine at the Department of Health and Human Services (HHS), explained today at an Institute for Critical IT Fall Virtual Briefing today how he relates three principles from The Art of War by Sun Tzu to cybersecurity posture. Those three main principles are: knowing yourself and knowing your enemy, speed and flexibility, and simplicity.
Mek said that the first principle is “pretty straightforward” in that one must understand their organization. To safeguard from potential cyberattacks, Mek explained it’s important to know the process of your risk management framework, know the people within the organization, and know the technology. Conversely one also must understand the attacker, what process they are using to attack the system, where they are coming from, and their incentive in trying to reach your environment.
Second, Mek explained that speed and flexibility are important to the evolving nature of IT and changing agency mission environments – such as during a pandemic.
“I think if you don’t evolve you will become obsolete,” Mek said. “I think we can – from a cybersecurity perspective – we can lag behind so we kind of have to keep up with the mission and the technology.”
Lastly, Mek talked about simplicity. Cybersecurity can be very complex with a lot of gray areas, Mek said, but it should be viewed as more simple and straightforward.
“It should be clear to the workforce, it should be clear to the assessor, the auditor, so you’re working off the same criteria and requirements and less of that gray area, less of that confusion,” Mek offered. He added, “simplicity also means that you have to reinforce to make sure that the workforce actually understands.”
These principles, Mek said, can be related to cybersecurity, but also expand beyond that use-case as today’s cyber “war” is blending the physical with the cyber as more of the workforce moves online due to the COVID-19 pandemic.