1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cybersecurity Lessons Learned from the 9/11 Commission Report

Discussion in 'Network World' started by RSS, Nov 19, 2015.

  1. RSS

    RSS New Member Member

    Cybersecurity and IT professionals would be wise to review the findings of the 9/11 Commission report published in 2004. The report provides a comprehensive analysis of events surrounding the attacks and points to a number of systemic problems in several areas:

    • Management. “The missed opportunities to thwart the 9/11 plot were symptoms of a broader inability to adapt the way government manages problems to the new challenges of the twenty-first century… Management should have ensured that information was shared and duties were clearly assigned across agencies, and across the foreign-domestic divide.”
    • The chain of command. “At more senior levels, communication was poor. Senior military and FAA leaders had no effective communication with each other. The chain of command did not function well.”
    • Emergency response. “Effective decision making in New York was hampered by problems in command and control and in internal communications. Within the Fire Department of New York, this was true for several reasons: the magnitude of the incident was unforeseen; commanders had difficulty communicating with their units; more units were actually dispatched than were ordered by the chiefs; some units self-dispatched; and once units arrived at the World Trade Center, they were neither comprehensively accounted for nor coordinated.”

    These findings are frighteningly similar to what I observe at enterprise organizations all the time. Cybersecurity organizations continue to address risks as they did in 2005 with an assortment of disconnected point tools and manual processes. Enterprise organizations struggle to operationalize and share threat intelligence efficiently or effectively. Incident response processes are haphazard and IT-centric, while emergency response is often hampered by organizational friction and communication/collaboration issues between cybersecurity and network operations teams.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page