Thomas DonahueFormer Senior Director for Cyber Operations, National Security Council
Cyber events of the past two years—perpetrated by state actors in several notable cases, according to public statements by the U.S. and British Governments— have demonstrated the potential for damaging impact to national security, critical infrastructures, and the global economy.
Electric power distribution, healthcare services, pharmaceutical manufacturing and global shipping have all suffered significant disruptions, in some cases requiring days to even months for full recovery. Databases with all manner of sensitive information with privacy and financial implications have been pillaged even from commercial and government organizations whose entire business models center on the protection of information.
These occurrences have become so common that we are no longer surprised, yet we continue to approach the challenge of protecting processes and data as if some magic technical solution exists for computers or networks. Networks and computers are complex technical systems that are constantly evolving and delivered through an opaque global supply chain, yet we maintain the fantasy…