By Ron Marks, March 4, 2013, Originally Posted by Security Debrief
The Jainists of India have a parable. It is the story about the blind men feeling the elephant – each one feels something different. One feels the trunk. Another brushes the tough bristles of its skin. Another feels the long tail. Each comes away with their impression of what an elephant is. In truth, each has only partially succeeded in understand the elephant because each has his own limited perspective.
Watching the Federal government roll out a cyber “strategy” over the past couple of week has felt just that way. The White House had their executive order roll out. The Hill, especially the House Intelligence Committee, had their roll out of the latest cyber bill. Even the Senate, the “stable saucer” to the hot House teacup, had their own languid version of a rollout. The good news is they all spelled “cyber” the same. The bad news is everyone is feeling a different part of this elephant and that is not going to solve much of anything.
The cyber-elephant is a vast and ever-expanding body. It is a field of battle as well as a field of business. It is a field of personal communications and a field of thievery. It is also a field of often misunderstood clichés and terminology – big data, cloud computing, information sharing, firewalls, etc. It even has its myths, such as the perfect “search engine algorithm.”
And so our Federal government bravely feels various parts of the elephant, decrying and declaiming on all issues and matters. The President’s Executive Order gamely tries to line up the vast number of government players who get to look at and feel the elephant from their own perspective – DHS, Commerce, NIST, FBI, etc. The order suggests ways to share information with others in the private sector – but not quite sure how. And if the cyber elephant attacks you, you can report it back to the government and your fellow cyber users– no harm to you. The House and the Senate are suggesting something similar but different because it’s their idea. And our military would like to bomb the elephant but knows it has to be more sophisticated. It just doesn’t know how quite yet nor whether it gets to attack the foreign end of the elephant only.
Washington is mucking around this way not because it is stupid but because of two basic problems – as our Jainist friends’ note, it does not know what the elephant really is and then what it should and should not do about it. In its simplistic form, the first challenge is definitional and the second challenge is doctrinal.