Approaching cyber security as a cross-functional, interdisciplinary, holistic issue.
Today, we are ever-increasingly interconnected over the public, borderless, and untrusted mechanism of the internet, that is, in the cyber domain. Cyber attackers, now without borders and with a powerful opportunity for reach and scale, leverage this value for their gain leaving businesses and citizens very vulnerable.
The complexity of protecting the cyber domain from these attackers is that one of the most effective ways is to cut access. However removing interconnectedness and collaboration, exponentially removes from organisations and lives the very value we seek to protect. The alternative solution is to protect ourselves and assure those we are interconnecting with are also protected – a parallel concept to Herd Immunity.
“Herd Immunity: General immunity to a pathogen in a population based on the acquired immunity to it by a high proportion of members over time.”
Herd Immunity requires that the critical mass of the critical masses become ‘immune’ over time, and sustain that immunity. So, too, does cyber security (Figure 1).
For cyber security to be effective, then, it requires a cross-functional, interdisciplinary approach to address people from all walks of life; and, levels within organisations regardless of size or sector. As cyber security is a people problem, we need to bring it to the people. Just like Herd Immunity, we can’t address one niche area at a single point in time and expect to make any, let alone sustained, difference to the whole.
In a 2014 environmental scan, there appeared to be no other single institution addressing a holistic approach (Figure 2).
Figure 2: Environmental Scan (2014/15)
The proposed framework for holistic immunity did not appear at that time to be provided in any other research. Many universities at the time of scanning stated collaboration but with the exception of perhaps Maryland appeared limited in practice. The UK was at that time bringing together a number of universities under the EPSRC-ACE Program. This environmental scan does not cover them all and so between them they may provide more services, which could create an effective approach and may be considered as part of the Centre collaboration in Australia (note here this summary from 2014/15). However, there was, at the time, no single research centre that appears to be looking at holistic or “herd” immunity.
Some models, therefore for university centre development were proposed for discussion (Figures 3 and 4) and are still relevant today.
Figure 3: Centre model approach to protecting interconnectedness (2014/15)
Figure 4: Centre model for interrelated pillars (2014/15)