In-Q-Tel CISO Dan Greer Wants Human Touch in Security Loop

In-Q-Tel CISO Dan Greer Wants Human Touch in Security Loop - top government contractors - best government contracting event
Site: Nist.gov

We no longer live in a time where disconnecting critical infrastructure components from the Internet is a viable options, a top security officer from In-Q-Tel told Boston Source conference attendees Wednesday. 

Disconnecting the power grid and water utilities from the Internet for security is good in theory but is is unrealistic in practice, said IQT Chief Information Security Officer Dan Grer, PC Magazine reports. 

People that do not use the Internet will likely rely on someone who does, a Pew Foundation report has found. 

It may seem intuitive to assume critical infrastructure components should not be accessible over the Internet in order to maintain security, but Greer said that is unrealistic.

It may be better in some cases if people still play a role in systems’ security, Greer said. 

All systems should have a manual fallback that would allow humans to step in when necessary, Greer suggested.

He said he wants humans back in the security loop, especially in systems where they have been removed.

Greer cited a financial institution that would only complete his written request if he re-submitted it electronically. 

By completing processes in an automated way, the institution introduces risk, since requests submitted this way do not have a method for signature verification, Greer said. 

Greer highlighted a hospital computer outage where doctors and laboratory personnel were forced to revert to paper for four days.

People with experience in the traditional processes were able to cope while others could not, he said. 

The staff’s ability to complete tasks manually was a huge factor, according to Greer.

He suggests financial institutions as well as others should have the same capabilities.

Shawn Henry, the FBI’s former executive assistant director for cybersecurity, previously suggested the U.S. cybersecurity method is unsustainable

You may also be interested in...

Red Hat's David Egts: Open-Source Training, “˜Sense of Mission' Could Help Agencies Address Cyber Skills Gap - top government contractors - best government contracting event

Red Hat's David Egts: Open-Source Training, “˜Sense of Mission' Could Help Agencies Address Cyber Skills Gap

David Egts, chief technologist for Red Hat's North American public sector, has said there are several options …

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication - top government contractors - best government contracting event

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication

The Department of Health and Human Services has released a four-volume document that outlines 10 …

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019 - top government contractors - best government contracting event

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019

Some of the trends in the cybersecurity market to watch in 2019 include the availability …