Small Bytes

February 22, 2016
An editorial from the PSA Cybersecurity Advisory Committee ChairmanAndrew LanningBy: Andrew Lanning, Co-founder, Integrated Security Technologies

So we’re kicking the tires at our PSA Cybersecurity Advisory Committee meeting and it’s clear that our industry’s road to cyber maturity is cracked in places, potholed in others, with frequent stretches of limited visibility.  Not a comfortable ride.  The vehicles traveling our roads from R&D to manufacturing, through distribution, and on to integrators for installation/testing somewhere during that final mile, represent the collective assumption that we’re conducting business with the very best security and safety interests of our customers at heart.  We are the security industry after all.

Recent poll data from a variety of industry media sources indicates that we’ve actually been doing very little to protect our clients “cyber hygiene.”  Cyber hygiene is nothing more than information security and we should be calling it that.  It’s not new, it’s just new to our businesses, new to our thought processes and now poses new challenges to our integrity as an industry. If we’re going to travel these roads, and our clients are telling us that we must if we want their business, I believe it’s time to invest our money in signage, asphalt, and paving equipment.

Whatever journey we choose, one thing is clear.  If we don’t start taking care of the roads we’re traveling on, we will pound our vehicles into disrepair.

Fortunately, this journey has been taken before.  The regulations, the practical guidance, and the certified learning paths, uphill’s and curves aside, already stretch out before us.  We can’t let our past industry performance (really just ego) get in the way of new possibilities.  Technology moves fast and our roads are slowing us down.  If we’re not the smartest tech guys in the room any more, that doesn’t mean we can’t learn. We learned the hard stuff before, and this is just new hard stuff.  Remember terminating your very first CatV cable 20 years ago, or spinning up your first Exchange server? We’ve all grown smarter over time.

We must plan for our Information Security delivery path to be as smooth as possible, for ourselves and for our clients.  We can adopt the NIST cyber security framework as our regulatory

A winding road down through sage brush and wildflowers.

The road we're on is curvy and unpredictable

signpost.  We can study the SANS Top 20 for practical maps to get us started on our maturation journey.  We can swerve into new knowledge by way of Security+ courses, there’s plenty of free online training available. Finally, we can run NMAP or download Zenmap (if we’re Linux-challenged) and learn about the vulnerabilities those scans reveal.  Be it in a network test environment, our own environment, or our client’s environment if we’re heading down this road for the long haul, it’s time for us to do a better job smoothing out these roads.

Whatever journey we choose, one thing is clear.  If we don’t start taking care of the roads we’re traveling on, we will pound our vehicles into disrepair.  The PSA Cybersecurity Advisory Committee is doing our part to provide tools to fix the pavement and prepare for breakdowns or emergency stops along the way. As a team, we are developing resources and best practices to keep PSA members educated and aware of how to stay on course while traveling towards cyber maturity.

If you’re headed to TEC 2016, the committee is hosting a session led by a panel of experts who will be prepared to help you understand and mitigate the risks associated with cybersecurity in accordance with NIST’s Risk Management Framework. You can expect to walk away from the session with applicable next steps for creating a higher level of internal cyber hygiene. The road is curvy and unpredictable, but together we can help each other weather the ride.

For more information about the TEC session visit: