Blog

Diagnosis: The United States of “Cyber Debility”

Americans are suffering from an undiagnosed condition. Let’s call it national “cyber debility.” We can see it in a public overwhelmed and outmatched by the allure, complexity, and insecurity of its networked technologies, and consequently left confused and compromised across multiple faultlines. Indeed, the public’s poor aptitude for digital life has moved beyond the realm of …

What the Trump Administration Doesn’t Get About Securing the Homeland

When I began working at the Department of Homeland Security in 2009 there were left-over posters lying around showing DHS employees or officials pictured above the bolded words, “We Secure America.” These agency-printed materials are a staple across the federal government. But that particular phrase seemed a bit off to me, and became more inaccurate …

Are (Trained) Humans the Weakest Link?

It’s an old standby among security experts: “Humans are the weakest link.” My sense is people say this without irony, by which I mean they aren’t suggesting their own type of human (highly skilled cybersecurity professionals) are at fault, but that ordinary users are. But does that hold water? Consider these incidents: Last week’s Amazon …

Super smart piece on security by Bruce Schneier (plus a suggestion)

We’ve created an internet that senses, thinks, and acts. How can we protect ourselves if it goes wrong? Source: We’re Building a World-Size Robot, and We Don’t Even Realize   This piece is long, but if you’ve read some of his work, smart and well-worth the read.  I would suggest another truism, however, that could …

Will “the Public”​ Be Part of Trump’s Cybersecurity Plan?

President Trump and his Cabinet officials have save relatively little about cybersecurity during the transition and first days in office. What they have said focused largely on the military’s role in cyber defense and offense. And their draft executive order on cybersecurity sounds either naive, or else disingenuous, since, as New America expert Peter Singer …

Ignoring the Human Lessons of the Russian Hack

One of the conclusions I’ve drawn in recent years (and will be addressing more fully in coming weeks) is that the technological, and to an extent, legal, aspects of cybersecurity thoroughly overshadow behavioral and human-centered ones. This is a big problem. A couple years ago I sat stunned as a successful Silicon Valley entrepreneur spoke …

Ready for takeoff

Last week I said goodbye to DHS after more than seven years, several hundred speeches and other written pieces, a few failures, and hopefully some successes as well. I’m looking forward to sharing some of the lessons from communicating on the frontlines of today’s emerging threats. Why? First, to help groups and individuals assess, and understand, their …

First Lesson: Think “Purpose” Before “Product”

I still remember as a kid helping a neighbor make invitations for a big event.  It was an annual dog show for a pet organization she helped run near our town of Elma, NY.  As my friends and I stuffed, sealed, and stamped hundreds of invitation letters, I remember wondering whether this was truly the best way …