By Michael Daniel, CTA President & CEO
The September 11th attacks changed our view of physical security. As a result, everyone had to invest more in protecting their people and facilities. At the time I was in charge of the Office of Management and Budget’s Intelligence branch, and we received numerous requests to fund physical security upgrades. What was interesting to me, though, was that the proposed investments were not consistent. Some agencies requested funding to concentrate their people and facilities in one location, because consolidation would allow them to protect those people and buildings more effectively and reduce risk. Other agencies asked for funding to spread out their people and buildings, because having them all in one location was too risky. These varying approaches to physical security reflected a tension between two types of risk, complexity and concentration, and which one to prioritize eliminating. There is not necessarily a “right” way to resolve this tension; rather, leaders have to continuously make choices about which risk is most important to address at a particular time.
This same tension plays out almost every day in cybersecurity. Complexity is the enemy of cybersecurity, but so are monocultures and flat networks. In an ideal world, organizations would have just enough complexity in their networks, applications, and tools to make it challenging for the adversary, but not so much complexity that it interferes with productivity or the ability to defend against threats. Sourcing your cybersecurity from multiple vendors helps ensure that you are protected against a wide array of threats, but if those vendors don’t work well together, then those benefits may be outweighed by the complexity of being your own integrator. Organizations face both complexity and concentration risks in their cybersecurity efforts. At any given point, they have to decide which risk to prioritize reducing.
CTA helps cybersecurity providers navigate their version of the concentration versus complexity trade off. We want cybersecurity providers to gain the benefits of concentration through threat intelligence sharing, while avoiding the risks associated with single points of failure. Conversely, we enable members to share threat intelligence with low friction, thereby reducing complexity, yet still retaining their unique perspectives and capabilities. All of CTA’s activities balance this mix of complexity and concentration.
These characteristics are hallmarks of Community Driven Defense, the theme of this quarter’s newsletter. This kind of defense requires organizations to work across boundaries without concentrating security in just one company or platform. It’s not an easy task. Reducing complexity enough to make effective cybersecurity possible without elevating concentration risk too high is delicate balance. Organizations dedicated to this purpose, like CTA, make this task just a little bit easier and it’s one of our primary roles in the ecosystem. I hope you enjoy reading about why and how our members are contributing to making Community Driven Defense a reality through CTA.