Moving forward. This is the direction that information security needs to move today to have an even more secure cyberspace tomorrow. Moving forward means that we need to continue to innovate and be creative. In the past, people have innovated when they believed that they had a better way of doing something and they thought that they could make a difference. This book is about security innovation—it’s about doing something new and making a difference.
We need new tools if we are to continue to secure our critical infrastructure from those who would do us harm. Today’s security world isn’t just about hackers and thieves. We have to add to that list organized criminals, spies, and even “hactivists.” A day doesn’t go by when some part of our critical cyber infrastructure isn’t under attack. Nation states are trying to steal trade secrets and military secrets. Organized criminals are constantly chipping away at our cyber security with the hope of breaking through to a system that will afford them the opportunity to do some real damage. Organized crime is also turn-ing the personal information of everyone into a commodity that can be raded, exploited, and hedged.
How we innovate is going to be the key to success in this battle, and part of that inno-vation is going to involve looking at things a little differently than how we have in the past. We need to be more than one step ahead of our enemies.
We need to move forward and quickly.
Information security has often been considered something between dark magic and art for quite some time, whereas the underlying technology has been considered an engineering discipline. The circuits and chips are all part of the world of electrical engi-neering; the software is generally considered the domain of software engineers.
Encarta 1 says that an engineer is
- Somebody who is trained in a branch of professional engineering
- A member of a unit of the armed forces that specializes in building and sometimes destroying bridges, fortifications, and other large structures
- Somebody who plans, oversees, or brings about something, especially something that is achieved with ingenuity or secretiveness.
I like these definitions because we are truly professionals. But, besides being profession-als, we are also engineers. We don’t guess at what an answer might be. We analyze, we test, and when we believe that we have an answer, we act. We are the ones who are build-ing the fortifications that protect our networks. We are the ones who work to destroy the logical fortifications that hackers create and hide behind while they attack our end-points. We are the overseers and protectors of everyone’s privacy.
The fact that information security is a science and discipline in its own right is clear. We are beginning to see this reflected in the curriculums at colleges. Institutes of learn-ing are providing master’s degrees and doctorate programs in information security. More people are learning our engineering discipline, and they are learning about the processes and tools that we use to secure cyberspace.
This book adds to that by explaining why things are presently not completely work-ing, and it provides an engineering framework that explains how things could work bet-ter and with more predictable results. This book serves as another tile in the mosaic foundation of our engineering discipline. We have another powerful tool in our battle to secure cyberspace so that we can continue to enjoy it and benefit from all it brings us all.
