news from Cyber 6.0 and the Second Annual Executive Cyber Security Conference
Two conferences yesterday offered perspective on the growth of information sharing and its implications for privacy and security. You'll find full reports from the CyberWire on both Cyber 6.0 and the 2nd Annual Senior Executive Cyber Security Conference linked below, but there were several interesting points of emerging consensus among the symposiasts. Agreement is as close to universal as agreement ever is that cyber security is, in its essence, an exercise in risk management, and that any movement toward greater information sharing and increased migration to the cloud must be evaluated in that light.
Policy, law, and practice, as well as convenience and economy, drive enterprises to replicate data, both in the cloud and through various information-sharing schemes. While the cloud's appeal lies in its economy, and while information sharing is usually seen as a way of enhancing security, they're not unmixed goods: both can erode data ownership and control, and pose risks to privacy and even security.
Privacy and security, while often in tension, might (at least in the view of the US National Security Council's cyber security lead) be better conceived as mutually reinforcing. How that would play out given the sharply opposed views of the wisdom of ubiquitous strong encryption remains to be seen, but most of the people we listened to yesterday thought there was much to be gained from sound risk management, data minimization, good cyber hygiene, and (again) encryption.
See our reports for full accounts of both conferences.