Security News > 2022 > August > Security needs to learn from the aviation biz to avoid crashing

Security needs to learn from the aviation biz to avoid crashing
2022-08-11 22:30

The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems.

In a presentation at the Black Hat security conference in Las Vegas Tarah Wheeler, an advisor to the US Council of Foreign Relations and founder of security startup Red Queen Dynamics, and Harvard Kennedy School researcher Victoria Ontiveros, unveiled a project that takes the exhaustive incident investigation processes used in the aviation industry and apply them to information security.

There's too much concentration on a single point of failure as an explanation for security failing, she said, but that's almost never the case.

When a security system fails massively, like in the case of the Equifax hack, the point of blame is too often a single or small group of employees who are fired and too many people see that as the end of the job.

To that end the two have now released the Major Cyber Incident Investigations Playbook, which is based on Harvard research and provides a structured format to log facts about a security incident, that can be analyzed and shared.

The fact that government is finally hiring proper engineers to key posts was also a hopeful sign for better security, as was that the industry as a whole is getting better at communication between technical and non-techie audiences.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/11/wheeler_black_hat/