In your experience, do different enterprise stakeholder groups ever operate at cross purposes in cyber defense?
"The 1967 USS Forrestal fire was a devastating fire and series of chain-reaction explosions on 29 July 1967, that killed 134 sailors and injured 161 on the aircraft carrier USS Forrestal (CVA-59), after an electrical anomaly discharged a Zuni rocket on the flight deck. Forrestal was engaged in combat operations in the Gulf of Tonkin during the Vietnam War at the time, and the damage exceeded US$72 million (equivalent to $509 million today) not including the damage to aircraft. Future United States Senator John McCain was among the survivors."
- Source Wikipedia
Doug Gould (my good friend and developer of Adaptive Cyber Risk Management) often starts his cyber talks by telling the Forrestal fire story.
Now I understand why he uses the story to illustrate common challenges to enterprise cyber defenders.
As Doug tells the story, there are 2 ways to fight a fire on a ship. Foam and water. Both methods work.
In the story, the foam team got there first and was making progress in fighting the fire. Then the water team arrived and essentially washed the foam away. The resulting damage, injury and loss of life was greater than it should have been had the foam team and the water not run over each other.
The Forrestal fiasco caused the United States Navy to re-think its procedures, resulting in radically more effective approaches to ship board explosions and fires.
Cyber analogy: In my experience I have seen enterprise business unit cyber teams acting at cross purpose with the corporate CISO office way too many times.
When supported and mandated by executive management, Doug Gould's Adaptive Cyber Risk Management creates a common shared vision and basis for true multi-stakeholder collaboration.
PLEASE. LET'S AVOID A REPEAT OF THE USS FORRESTAL FIASCO IN CYBER DEFENSE.
No comments:
Post a Comment