Reply to post: efforts to reduce or manage system cyber risk are ad hoc and uncoordinated

What should we do about 'systemic' cyber risks? Wait, what even are those

Mike 137 Silver badge

efforts to reduce or manage system cyber risk are ad hoc and uncoordinated

Indeed so. "Band-Aid" point fixes for narrowly specific technical problems keep emerging, making the infrastructure ever more complicated. Unfortunately, complexity tends to make things less secure because it increases both the attack surface and opportunities for unforeseen interactions and side effects to occur. That trend also assists in driving constant 'upgrade' churn which keeps everyone on a permanent learning curve - the opposite of good security as thorough familiarity with the idiosyncrasies on one's systems assists their robust management. Furthermore, the growing tendency to replace human decision making and judgement with (inevitably attackable) automation is causing us to lose touch with the adversary at the metal level where it's most important to be clear about what's going on. The result is that we become increasingly reactive, rather than pre-emptively resilient.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022