Now, in order to understand it, go here:
….I think that we’re diverging significantly from the old world of cyberspace into a newer set of taxonomical and ontological concepts. Perhaps we’re finally beginning to mature the thinking of the domain. The focus on offense is not yet nearly the focus we need. In my opinion we do focus to much on defense. The problem is we have continued to focus on information security as if that is a form of cyber war. The focus on computer security artificially limits what could be considered valid forms of attack and most obviously has nothing to do with nation state attackers. In reverse the language of war being applied to the management principles of information systems causes inappropriate risk calculations, increases costs outside the requirements, and inhibits innovation and efficiency at significant social costs.
Basically, information security is a form of management and cyber war is a form of conflict. That they happen in the same domain and have different goals is no different than the gate guards that protect your gated community from bad guys. The Wackenhut security guys carry guns, but their entire mission set is quite different from the rather impressive troops of say Seal Team 6. As a community of interest we continue to conflate these two roles at extreme cost and significant increase in strategic level risk.
Excellent! Read the rest here.
Hat tip to Adam Elkus