of business, societies, and global economies that operate at the speed of light means that the factors and issues that determine how and what we protect are like a living, breathing organism. It is always thinking, consuming, and growing in many different ways. First, the environment you work in is not a controlled and managed architecture of systems and software encased in a protected data center with limited exposure. From the interconnection of data platforms between organizations to the extended components of the Internet, and even through the introduction of self-learning and decision-making software, digital infrastructures and operations are affected by the speed at which the globe is connected. To further complicate these scenarios, the human element cannot be forgotten. Decisions and actions made by humans can readily and starkly change the environment you protect through a limitless number of potential social and physical interactions.
Speed is also a critical element in the pace of change. Technology from a pure business asset perspective is often measured in years. Today, however, through the adaptation of advanced technology for criminal means, some cyberdefensive technologies may have a realistic effectiveness of only less than a year, and in some cases, days. The speed of the threat actor, your own technology environment, and your ability to defend it is entirely predicated on the speed of change. That pace of change also includes the necessary changes to our speed of making decisions. The critical actions of stopping, impeding, disrupting, and responding to cybersecurity risk and events that affect privacy in a digital world force us to make rapid and accurate decisions never required in previous decades. New methods of data acquisition and analysis for decision support are critical aspects of creating these new strategies for success in a digital age.
Finally, speed is a significant financial lever. Beyond the normal cost considerations of time to acquisition, time to deployment, and other accounting mechanisms that manage the total operating cost of programs, projects, and operations, the reality is that the speed of the next generational digital economy and the infrastructures you protect will essentially shorten the lifespan of any given technology or capital investment in your cybersecurity defense architecture. Technology in a normalized information technology portfolio is rationalized into a three- to five-year investment with a depreciation scheme that has been the standard for multiple decades. However, with the advancement of the criminal use of technology, protective and defense technology lifespans have been greatly reduced. Through artificial intelligence (AI) and machine learning (ML), and the use of intelligence services, criminals can now identify, recalculate, and react to technology in record time, sometimes reducing the expected lifetime of a cybersecurity asset and investment from years to months or even days.
This chapter focuses on strategies to understand, plan for, and affect the impact of speed on how you think about and execute your responsibilities in defending your business or agency.
THE STRATEGIC IMPERATIVES
You may think that to align to the change in speed, you simply have to move and act faster. Although in some cases that is true, there are better ways to approach operational acceleration and excellence in the face of dynamic change than fighting speed with more speed. How we think, act, and instrument our protection portfolio and operations are all key aspects in making this dynamic shift to operational enablement in the age of speed. The reality is that the world, technology, and threats will only continue to gain momentum, and if the only tool in your toolbox is an ability to run faster, you'll soon realize the limits of that way of thinking. Strategic imperatives such as risk, intelligence, transparency, and action-based decision making are additional tools that when learned, practiced, and mastered will create new capabilities that are far more effective and sustainable than speed itself.
THE PURPOSE OF YOUR MISSION
Before you can decide how to best apply your newfound strategic tools, you must know the “why” of the “how and when” you will need to use them. Every business, industry, and organization is different. The reasons you need to protect your organization and how you protect it are important. Why you do what you do feeds into your organizational risk appetite, defines your value at risk, and informs key decision-making points such as the level of accuracy needed versus speed and financial investments. Working through a normalized risk process, or even something as simple as sitting down with your business leaders and discussing the downstream residual impact of cybersecurity failure, will help inform and shape your mission parameters. Are you part of critical infrastructure? Would intellectual property loss ruin your business? Can your business ecosystem outside your control cause irreparable damage? These questions and many others should be the foundational elements of how you describe your “business of security” and what your mission focus is. In turn, as you begin to consider the implication of the speed used against you and the speed that will help you accelerate your effectiveness, a deep understanding of your mission imperatives in alignment with the following five critical areas of planning will ensure your success in the hyperconnected and hyperspeed world in which you operate:
1 Understand your environment. Your success depends on your direct ability to succeed within the environment in which you operate. To do that, you need to understand your environment through transparency, knowledge, and access. This includes crucial elements such as understanding your critical assets, a holistic understanding of the resources and technology deployed through a comprehensive configuration management database (CMDB), and data flow diagrams that detail how information flows through your business. Just as important is the understanding of your third-party ecosystem, your supply chain, and how your services are in effect an integrated component of your customers' supply chains. Your ability to quickly understand the impact of any given event through this level of transparency is a fundamental component to being able to think and act quickly.
2 Drive safely at high speed. Your business success depends on speed to market and speed to respond. Your job is to get everyone there safely. This sense of speed enablement, or acting like the brakes on the car so your business is confident to go faster, requires a mature risk process. Effective risk programs have tiers of risk considerations and actions that create broad bands of flexibility and enable decision making based on preselected and informed risk formulas that serve as guiding principles. Spending time developing those mechanisms and allowing them to mature, educating your business, and just as importantly, educating your team will empower and enable all levels of the organization to recognize and facilitate business-based risk decision making at speed.
3 Plan ahead. Your opposition is well funded, utilizing capabilities and decisioning guiderails that are faster than yours. As in an old-fashioned gunfight, the first one to put lead on the target wins. This means that you need to be comfortable with rapid decision making based on accumulated knowledge rather than absolutes and have a “gun belt” of premade decisions, actions, and plans on your side. For instance, if you have a ransomware incident that is less than x% contained, do you shut down your data center? If you are suffering a financial crimes attack, will you call law enforcement, and if so, what agency and what is their number? Simple efforts such as tabletop exercises or defining preplanned partners significantly add to your ability to react fast in times of crisis. Prepositioned decision making agreed to by your leadership also ensures that your business will understand, support, and expect clear action and leadership from you when needed.
4 See the big picture. You need over-the-horizon threat modeling. I think everyone would agree that seeing a speeding train coming at you is better than getting run over by one. Unfortunately, too many people concentrate too myopically on their own operating environment and never look up long enough to see the train coming down the tracks. The use of intelligence services, information-sharing partnerships, and other mechanisms that give you a view outside your business into adjacent industries, like competitors or aligned ecosystems, are great ways to measure and prepare for the potential impact of issues not yet affecting your business. This greatly enhances your time to prepare, plan, and react to situations and opportunities that too often are missed because of insular behaviors.
5 Make the most of limited resources. Managing a business with limited
