True Cost – Page 25 – Public Intelligence Blog

2010/12/252010/12/25

Robert Garigue: Truth & Trust as Security Requirements

Advanced Cyber/IO, Historic Contributions, ICT-IT, Innovation, Leadership-Integrity, Multinational Plus, Policies-Harmonization, Reform, Strategy-Holistic Coherence, Tribes, True Cost

Robert Garigue Truthfulness Lite — Click to Enlarge

This is the first and only time we have seen truth & trust properly identified as fundamental to security. The only other related works are those of Dr. Col Max Manwaring, whose edited work, The Search for Security–A U.S. Grand Strategy for the Twenty-First Century makes the point that legitimacy is the core value enabling peace and prosperty; and the Nobel Prize awarded in the 1990's to the scholar that demonstrated that trust lowers the cost of doing business.

Cyber-space, if it is to contribute to the evolution of humanity, must be imbued with truth & trust. THIS is the core focus of any information security program in support of information operations, NOT “mere” “control” of potential data loss or “defeat” of potential enemies. We sorely miss Robert Garigue–he was illuminating a very righteous path, and to our knowledge, none have stepped forth to fill his shoes.

As Found In:

Robert Garigue: The New Information Security Agenda–Managing the Emerging Semantic Risks

2010/12/252010/12/25

Robert Garigue: Feedback for Dynamic System Change

Advanced Cyber/IO, Analysis, Balance, Citizen-Centered, ICT-IT, Innovation, Leadership-Integrity, Multinational Plus, Policies-Harmonization, Processing, Reform, Strategy-Holistic Coherence, Threats, Tribes, True Cost

Robert Garigue Feedback for System Dynamics — Click to Enlarge

Information security is not a static process–you cannot “lock down” information the way the Air Force has tried to do, prohibiting all flash drives because it has failed over decades to actually embed security in every aspect of the process from human to download alerts. Interactive feedback loops are simple and effective. Winn Schwartau pioneered time-based security and risk-based security. Now if we just accept the fact that 80% or more of the information we need to be effective is not secret, not in English, and often not online at all, this represents a 180 degree turn away from the current focus on centralized cyber-security to the exclusion of all else (such as mission effectiveness). As Russell Ackoff put forward: we have been doing the wrong thing righter, and are about to spend $12 billion doing the wrong thing righter, instead of going ALL STOP and redesigning all systems, human to technical, around M4IS2 (multinational, multiagency, multidisciplinary, multidomain information-sharing and sense-making). One can no more merge all the Serious Games into one World Game than one can merge all the stovepipes into one “all-source” system. We have to do a clean-sheet requirements review and design for M4IS2 success, otherwise we automatically default to more of the failures that NSA and its various contractors are so notorious for….

See Also:

Robert Garigue, “Technical Preface” to Book Three

Robert Garigue, CISO Briefing

2010/12/252010/12/25

Robert Garigue: Role of the Chief Information Security Officer

Advanced Cyber/IO, Balance, ICT-IT, Innovation, Leadership-Integrity, Multinational Plus, Policies-Harmonization, Reform, Strategy-Holistic Coherence, Threats, True Cost

Robert Garigue Role of CISO — Click to Enlarge

IMPORTANT: The Chief Information Security Officer (CISO) is not the Chief Knowledge Officer (CKO) nor the Mission Commander or the Mission Logistics Officer or any of the other mission support specialties. The point is that security and knowledge must co-exist and in collaboration with one another, the CISO and CKO need to ensure that the force is trained, equipped, and organized so that the right information is available to the right person at the right time in the right format. If in doubt, err on the side of access, not control. It is much easier to do that if you are honest about NOT classifying the 80% that should NOT be classified.

See Also:

Robert Garigue, “Technical Preface” to Book Three

Robert Garigue, CISO Briefing

2010/12/252010/12/25

Robert Garigue: Three Information Security Domains–the Physical (Old), the Process (Current), and the Content (Future)

Advanced Cyber/IO, Citizen-Centered, ICT-IT, Policies-Harmonization, Strategy-Holistic Coherence, Threats, True Cost

Robert Garigue Three Domains — Click to Enlarge

Core Point: The US national security world is still operating under a two conflicting paradigms: stovepipes within which authorized users have access to everything in the stovepipe (more or less); and isolated stovepipes in which external authorized users have to spend 25% of their time gaining access to 80+ databases (or worse, don't bother), and if they forget their password, a 2-3 day gap while access is restored. What SHOULD have happened between 1986 when this was first pointed out and 1994 when the national alarm was sounded, was full excryption at rest of all documents, and a combination of automated access roles and rules together with anomaly detection at any point in the system including external drives. The good news: 90% or more of what needs to be shared is NOT SECRET. Bad news: someone other than the US Government “owns” that 90%. The US system is not capable of ingesting and then exploiting that 90%.

See Also:

Robert Garigue, “Technical Preface” to Book Three

Robert Garigue, CISO Briefing

2010/12/122010/12/12