© Critical Informatics Inc., All Right Reserved 2016

Threat Intelligence Blog

The   Been   There,   Bled   There    Blog   that   covers,   well,   just   about   anything   that   we   feel   you   can gain   critical   insight   from.      We   wear   our   battle   scars   with   pride   and   are   grizzled   enough   to occasionally yell, “Get off of my Lawn!” As they say, “You Can’t Make This Stuff Up!”
(206) 687-9100
As   many   of   you   know,   I've   been   involved   in   a   project   in   Washington   that   is   unique   in   the   nation.   The   pilot   PRISEM project   is   now   being   incorporated   as   PISCES:   the   Public   Infrastructure   Security   Collaboration   and   Exchange   System. Basically,   it's   a   public   option   for   monitoring   local   government,   public   utilities,   and   other   down-market   quasi-public organizations. I'm   convinced   that   because   of   the   critical   infrastructure   and   services   provided   by   this   poorly-protected   sector,   the potential   impact   of   disruption,   and   the   lack   of   affordable   solutions   for   monitoring   and   response,   there   is   a   need   that has   to   be   filled.   I   can   say   with   some   authority   that   private   sector   managed   security   providers   don't   prefer   this   market (underfunded,   biennial   budgets,   government   procurement   rules,   long   sales   cycle,   etc.),   yet   the   criticality   remains   and risk grows with time. In    my    view,    this    is    something    that    should    be    provided    as    a    service    -    not    necessarily    by    government,    but    by    a consortium    of    government    (because    infrastructure    protection),    academia    (because    research    and    work    force development),   and   other   stakeholders.   There's   more   to   this   than   I   can   write   up   in   this   blog,   but   suffice   it   to   say   that there   is   a   goodly   amount   of   enthusiasm   in   a   number   of   states   for   replicating   this   model,   and   there   will   soon   be   a   white paper released that says as much. So   here's   my   point.   Rather   than   doing   marketing,   outreach   and   "sales"   to   acquire   "customers",   why   couldn't   the   whole thing   be   done   through   public   disclosure?   Granted,   this   tactic   wouldn't   make   any   friends   (at   first),   but   hear   me   out. Many   in   WA   know   about   the   public   disclosure   requests   for   EVERY   PUBLIC   RECORD   from   EVERY   JURISDICTION   in King   County.   You   may   also   know   that   a   precedent   in   Jefferson   County   established   that,   yes,   firewall   logs   are   subject to   public   disclosure.   You   may   also   know   that   this   is   a   big   open   data   state,   and   we   actually   encourage   (for   the   most part) publicly-available data for transparency, and to avoid the expensive public disclosure dance. So   why   not   request   all   firewall   logs   from   all   public   entities   in   the   state,   for   the   purpose   of   mining   for   security   events and   communicating   that   information   back?   I   think   this   would   be   legal   in   at   least   our   state,   and   would   be   a   way   to create disruptive change that moves the needle. Nothing    changes    by    doing    the    same    thing    over    and    over,    and    right    now    that's    what    we    are    collectively    doing. Managing   by   landmine,   rather   than   taking   steps   to   get   in   front   of   the   problem.   I'd   like   someone   to   tell   me   why   this wouldn't work. I think it bears discussion.
Grab the Third Rail and Hang On!   2/04/2016 By Michael Hamilton CISSP CEO
Threat Intelligence Blog CRITICAL INFORMATICS INC.
(206) 687-9100
© Critical Informatics Inc. 2016 All Rights Reserved

News

Critical Informatics IT Security

Daily News Blast

Sign   up   for   a   truly   essential   Daily   Briefing   on   all the      Industry,      National      and      International Cybersecurity   and   Information   Security   events you need to know and be able to act on today!

Search the Blast Archive

Search by Date, Range, or Keyword September 2015 August 2015 June 2015 May 2015 April 2015 March 2015 February 2015 December 2014 October 2014 September 2014 August 2014 July 2014 May 2014 April 2014 February 2014 December 2013 November 2013 August 2013 July 2013 June 2013

Threat

Intelligence Blog

The   Been   There,   Bled   There    Blog   that   covers, well,   just   about   anything   that   we   feel   you   can gain   critical   insight   from.      We   wear   our   battle scars    with    pride    and    are    grizzled    enough    to occasionally yell, “Get off of my Lawn!” As they say, “You Can’t Make This Stuff Up!”
(206) 687-9100