What We Should Learn from the Equifax Hack

It Will Always Be People and “Little Things” that Matter Most

Image for post
Image for post

How the Bureaucratic “Tragedy of the Commons” Crippled Equifax

The “tragedy of the commons” is a concept from philosophy which can be roughly described by noting that when something is broken, and nobody owns it, fixing it is always someone else’s job.

A Good Cybersecurity Plan Accounts for Conflicts of Perspective

As a result, the “what,” “who,” and “how” of Equifax’s security plan devolved into an incoherent bureaucratic maze. A good cybersecurity plan will have three components: The system itself will be described and include a system boundary. Inside that boundary will be all aspects of the system which will be controlled by the plan. This answers the essential question of “what” the system is.

Public Key Infrastructure (PKI) Certificates — the “Little Things” in Cyber

Equifax’s system included sophisticated tools to detect this kind of intrusion. But these systems failed because something many tech people consider a “little thing” was left unaddressed.

Image for post
Image for post
Image for post
Image for post

Conclusion: Cybersecurity Must Plan for Conflicting Perspectives and Attend to the Little Things

Equifax’s experience teaches us this can be very costly. But perhaps most important is what we learn about the inevitable conflicts between security and productivity. These conflicts will happen, and a cybersecurity plan should be conceived with this inevitability in mind. Cybersecurity professionals should seek to become expert in the operational domain(s) of their company or clients. In this way, the cybersecurity professional can keep the focus on “how we can” operate profitably and securely.

I am a charter member of the pocket-protector set, but old enough to make fun of them and otherwise have a healthy skepticism of tech. https://goo.gl/2z5Snr

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store