In military cyber security, one of the issues we struggle with is groups that are not permanently assigned to ships bringing un-assessed equipment into the ship’s network. For example: an aircraft carrier goes through a number of cyber assessments, assist visits and inspections while preparing for deployment, and achieves the required readiness level before the Carrier Strike Group Admiral’s Staff and/or Air Wing embarks.
Let’s assume that the aircraft carrier comes out of its compliance inspection with flying colors.If the Staff or Air Wing comes aboard the ship with network segments that aren’t up to standards, the aircraft carrier network readiness is immediately reduced to the level of whichever network segment is worse. Amphibious Ready Groups struggle with the same issues but with the embarked Marine Expeditionary Unit (MEU). Like their Navy partners, the Marines focus on war fighting, but also have security issues with an infinite number of interconnected moving parts.
Operationally, the military and industry have much in common. Integration and network compliance pose challenges because we are in constant motion, carrying out our primary missions. Affiliate network security is supposed to be a given; but if their standards, equipment, skills, and systems vary, how can it be?
In the Healthcare sector, under the new HIPAA Final Omnibus Rule, organizations, vendors and business affiliates who fail “to perform a comprehensive and thorough risk analysis, and subsequently fail to apply the results of that analysis” to protect patient health information can be fined up to $1.5 million annually.
POS vendors who aren’t deploying point-to-point encryption systems are the weak link in the retail and financial chain.
In manufacturing, supply chain interruptions are a concern. Outsourcers, vendors, counter-parties, and transportation entities all have varying degrees of cyber readiness. How many of your affiliates still run older PCs with XP? Does anyone know how secure their business partners are?
I see a tremendous amount of overlap between military cyber warfare and the private sector’s battle for cyber security. Interdependencies and connections in both environments create both opportunities and risks: the actions of one small component can cause repercussions throughout an entire organization. That is why at EdgeWave, we apply combat proven, military principles and strategies to defend organizations throughout commercial industry. Our Team of security analysts are vigilant 24 hours a day, seven days a week, protecting businesses, schools, healthcare organizations and manufacturers from cyber attacks.
Read more about EdgeWave’s Military Grade cyber security systems at www.edgewave.com.