You CAN Stop Stupid. Ira Winkler
Читать онлайн книгу.
damage and 7 deaths. Another destroyer, the USS John S. McCain, crashed into another large ship 9 weeks later, resulting in massive damage and 10 deaths. Investigations determined that there were major failures in leadership and communications on the individual vessels. (See “Worse Than You Thought: Inside the Secret Fitzgerald Probe the Navy Doesn't Want You to Read,” Navy Times,
www.navytimes.com/news/your-navy/2019/01/14/worse-than-you-thought-inside-the-secret-fitzgerald-probe-the-navy-doesnt-want-you-to-read/.) Essentially, the investigators determined that there was a culture on the ship that created those failures. Further studies found that the problems resulting in these collisions were due to a culture that created systematic failings throughout the 7th Fleet, creating poorly trained sailors, failing equipment, and other failures. (See “Years of Warning, Then Death and Disaster,” ProPublica, features.propublica.org/navy-accidents/us-navy-crashes-japan-cause-mccain/.)
In the cybersecurity world, there are many massive failings due to cultural causes. The Equifax hack demonstrated systematic failures that went beyond a straight failing of technologies. (See “Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach,” U.S. Government Accountability Office, www.warren.senate.gov/imo/media/doc/2018.09.06%20GAO%20Equifax%20report.pdf.) The technological failures would not have occurred without a management infrastructure that allowed them to take place. Some people claimed the Equifax CISO was made a scapegoat and fired, but it is clear that there were management failings.
There is a wide spectrum to the forms that culture-based UIL can take, from small behaviors to widespread negligence. Strong cultures tend to be consistently strong, although they may have some isolated shortcomings to address. Likewise, when you have a weak culture with regard to control of loss, you will find the culture to be consistently weak. Even so, culture is not static. It evolves and changes. If you let culture change organically on its own, you will more likely increase loss. If you take an active role in understanding and influencing culture by determining the desired user behaviors, taking steps to architect those behaviors, establishing open channels of communication for feedback, initiating and improving training, and so on, you can improve your culture and reduce UIL.
Chapter 9, “Security Culture Defined,” explores culture further.
Physical Losses
Physical losses are generally straightforward to categorize. If a user leaves a computer behind on an airplane, it is technically a physical loss. An automobile accident can be considered a physical loss. If a user is somehow responsible for creating a fire, or at least ignoring conditions that would lead to a fire, the resulting damages can be considered a physical UIL.
While there may be some overlap with culture, the USS Fitzgerald is arguably a physical UIL, at least with regard to the resulting damage. We categorize losses in order to determine how the potential loss might be mitigated in any applicable category. Even if the U.S. Navy culture was perfect, it is possible that the freighter could have still steered toward the USS Fitzgerald. No matter what the cause of the accident was, deaths resulted from the actual collision, and it would be legitimate to ask if the construction of the ship could be improved to stand up to future collisions.
We can dissect the 9/11 terrorist attacks to determine many categories of UIL, but there was clearly a successful countermeasure that saved lives. Specifically, prior to the attacks, the Pentagon was renovated to include blast resistant walls and glass. (See “September 11, 2001,” U.S. Department of Defense Pentagon Tours Office, pentagontours.osd.mil/Tours/september11.jsp.) Those renovations were credited with saving lives when an airplane flew directly into the side of the building. Although there were still deaths, the trauma was greatly contained.
The Pentagon renovations were specifically designed to prevent hostile attacks, but they also prepared for other forms of physical damage. Similarly, other building construction often takes into account fire and earthquake protection.
People often think of planning for physical loss in terms of their own immediate organization, but it extends beyond that. If a cloud computer center isn't adequately air-conditioned, the servers can be damaged, affecting an organization's data. To prevent that type of loss, the organization needs to consider not only their own immediate physical assets but those of users in partner organizations as well.
Huge, dramatic losses get a lot of attention, but seemingly small losses accumulate quickly and can be even more damaging. This is what we refer to as “death by 1,000 cuts.” With death by 1,000 cuts, small, inconsequential losses can add up to significant losses. International grocery chains operate on a tiny profit margin. Their meat, produce, deli, and dairy products are highly perishable and have a limited shelf life. Those are physical assets, and any increase in their loss can drastically damage the company's profit. To safeguard that product against loss, many factors need to be considered such as proper training of employees on stock rotation and inventory control, regular maintenance of refrigeration units, and partnering with vendors that will provide the freshest, most reliable product possible.
If an organization has a fleet of delivery trucks, those trucks age. If you don't regularly change the oil, you replace expensive engine parts more quickly. If you don't occasionally balance and rotate the tires, they wear unevenly, and you buy expensive truck tires more often. When equipment wears out and needs to be replaced, that is still a physical loss, and it can be planned for and minimized.
Also consider that people exist physically and thus, are themselves physical resources. If an organization has a high turnover rate, they enter into a constant cycle of acquiring and training new employees. Even if employee retention isn't a problem, it is important to maintain the condition of your people just as you do any other physical resource. For example, one study found that 98 percent of medical residents made a medical error in large part because of the lack of sleep incurred by their required and strenuous schedules (see journalofethics.ama-assn.org/article/after-apology-coping-and-recovery-after-errors/2011-09). Organizations that use trucks or airplanes perform oil changes, tire inflation, and other routine maintenance on their vehicles to keep them working efficiently as physical components in the system. Similarly, regularly addressing the processes, culture, and training maintains an organization's physical users to maximize their efficiency and effectiveness, thereby reducing loss.
To properly mitigate a physical loss, you need to consider what physically exists and how to best safeguard it. Often, this needs to be done in conjunction with addressing other categories that contribute to loss as well, such as training, processes, culture, and so on.
Crime
Criminal acts are unfortunately a part of business operations that need to be accounted for. There are many types of crime that affect an organization. Some crimes are the theft of equipment. Others involve embezzlement of money. Still others include a robbery of an employee traveling for work or a robbery intended to steal company assets. Whatever the type of crime, it should be something to account for in your risk reduction programs.
Some users can be malicious and have clear intent to cause loss, while others are normal users who simply want to perform their ordinary functions. Regardless, both are frequently a conduit for crime. The studies cited in Chapter 1, “Failure: The Most Common Option,” indicate that in the majority of significant computer-related losses, users were the primary attack vector. This impacts the tactics you need to use to mitigate the threats.
From a more comprehensive perspective, crime impacts a variety of operations. Disrupted supply chains, depending on their nature and scope, can cause operations to cease. Theft of funds can cripple an organization's cash flow, which can cause an organization to go bankrupt. Data theft involving intellectual property cause organizations to go out of business, particularly when it enables competitors to make the same products at significantly cheaper prices. Data theft involving personally identifiable information (PII) can cause significant fines and embarrassment for an organization.