Politico quotes Cyber Statecraft Initiative Director Jason Healey on a new report from the Atlantic Council and the Zurich Insurance Group which urges risks to be assessed systemwide instead of on an ad hoc basis:
The report from the Atlantic Council and the Zurich Insurance Group urges risks be assessed across the system.
“We all went to bed April 6 thinking we’d all done cybersecurity pretty well, but the next morning, we all wake up and it turns out we’re insecure because of this obscure part of the Internet that most of us have probably never heard of and, frankly, a function that’s 10 years old and has had lots of eyeballs looking at it,” said Jason Healey, director of Atlantic Council’s Cyber Statecraft Initiative. “Things are so interconnected [yet] still folks missed this.”
[…]
“People say, ‘Yes, that makes a lot of sense,’” Healey said. “I still don’t think that we’re getting ready that the Internet of tomorrow, there’s a good chance it’s going to be less secure, less resilient, less available than today. We’re more likely to be getting these Heartbleeds every year, every couple of months. And when we have those, it’s not going to be just everybody change your password. We’re now connecting the electrical grid to the Internet. … We’ve got a lot less experience with the stuff we’re connecting to the grid or driverless cars or the cloud or all that [than Heartbleed]. I don’t think we’re getting ready for the implications.”