Shopping Cart | Training Portal | Contact Us | 1-800-473-5181

Security by Insanity

Posted on June 27th, by Ken Kousky in Security Blog. No Comments

A dear friend found a reason to remind me what Einstein (or somebody important) said was insanity - doing the same thing and expecting something different. Well, this got me thinking. All my life people have found probable cause to call me crazy …. but not insane. There’s something more clinical and more considered in the diagnosis of insanity.

I’ve spent over a decade delivering executive summaries on issues in information assurance and IT security. I’ve worked with the vendor community, academics and corporate IT staff studying threats associated with emerging technologies.

For example, when cars become “wired” systems with steering and breaking being driven by software rather than direct physical linkages, there are certain risks that should be understood and analyzed. We framed the risks for remote automotive systems access through OnStar as well as vulnerabilities in network addressable controllers of medical devices.

We were one of the first groups to study SCADA vulnerabilities years before Stuxnet hit. As we evolve processes similar to SCADA for advanced medical devices like a Pacemaker, should somebody be thinking about securing it?

As an economist who spent several years teaching in an engineering school, I’ve developed a passion for root cause analysis. And, when things continue to break, I seek the pattern, the system drivers behind the break down. It seems we’re doing the same thing with each new threat, with each new technology.

But over the past year, there’s been too much insanity - too much doing the same thing and expecting different results.

Maybe the system itself is flawed. Maybe this is beyond crazy and actually insane. What are your thoughts?

Leave a Reply

Security Blog

Does your smartphone app discover all your accounts?

There’s a chill in the air, and it’s not just the normal fall morning breeze. In the era of NSA Prism/Xkeyscore/whatnext surveillance, and...

Ethical implications of whistle blowing

(ISC)2 code of ethics; Protect society, the commonwealth, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Advance and protect...

The Great ATM Heist - is it really newsworthy?

On Friday, May 10, we saw many headlines about the latest great ATM bank robbery. Apparently these types of attacks are being regarded as...