back to article What should we do about 'systemic' cyber risks? Wait, what even are those

In a report published this week addressing "systemic" cybersecurity risks, several infosec experts noted that as the number of significant network intrusions rises, an understanding of the problem and the ability to address the larger issues remain lacking. Even something as basic as defining which online security risks are …

  1. amanfromMars 1 Silver badge

    Just Hope for the Best when it's all you can do if things are getting worse

    Quite so. For some, who may be many, is it certainly a hellish problem to beware and made aware of. However, to others with all necessary smarts though, a whole host of heaven sent opportunities to exploit and expand upon.

  2. Mike 137 Silver badge

    efforts to reduce or manage system cyber risk are ad hoc and uncoordinated

    Indeed so. "Band-Aid" point fixes for narrowly specific technical problems keep emerging, making the infrastructure ever more complicated. Unfortunately, complexity tends to make things less secure because it increases both the attack surface and opportunities for unforeseen interactions and side effects to occur. That trend also assists in driving constant 'upgrade' churn which keeps everyone on a permanent learning curve - the opposite of good security as thorough familiarity with the idiosyncrasies on one's systems assists their robust management. Furthermore, the growing tendency to replace human decision making and judgement with (inevitably attackable) automation is causing us to lose touch with the adversary at the metal level where it's most important to be clear about what's going on. The result is that we become increasingly reactive, rather than pre-emptively resilient.

  3. GSTZ

    Architecture change needed to prevent major systemic risk

    The majority of cybersecurity incidents is triggered by malware infections at end user devices. Endpoint security software is a major market but has essentially failed to reliably prevent such malware infections, and there is no hope whatsoever that this will change in the future.

    The root cause: All of today's end user devices are software-controlled, and hence are threatened by malicious software. In addition, they do accept code downloads via the network. Furthermore, typical end users just aren't security experts and sometimes can be tricked, and there are so many more vulnerable end user devices than those usually better protected central applications. The latter can be infeted too (eg. by ransomware), but this very often happens via an previously infected end user device.

    The cure: For critical applications, we ought to switch to hardware-controlled end user devices. This is very good and proven practice: Before PCs were introduced, all our end user devices were hardware controlled - and we then had no malware problems whatsoever.

    We would need to develop new hardware-controlled devices supporting today's needs including grahics, multiple screen windows, multimedia, teleconferencing etc., which is entirely possible but requires a significant architecture change. Those new and secure end user devices would be cloud/edge-oriented, and wouldn't contain an OS such as Windows or some Linux variant. This results in much better functional stability, reliability and ease of use.

  4. amanfromMars 1 Silver badge

    A Universal Opportunity for Unilateral Expansion

    An article in the [US] National Defense Industrial Association magazine ...... ..... highlights the same sort of problems which be valid causes and sources of real concern for there is scant, if any at all, effective risk mitigation, ergo is there a catastrophic vulnerability present for exercise and unhindered development/0day exploitation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like