Print this page

Securing the Entire Elephant: Where a program of education can make a difference

The global economy rests on a technology base. So, it is common sense to make certain that that technology is secure. Sadly, current data from almost any source indicates that our systems are not secure.

The principal cause seems to be what might be called the "Six Blind Men and the Elephant" syndrome. In that old story six blind men are asked to describe an elephant based on what they are touching. So to one it's a snake, to another a wall, and to another a tree, etcetera. In the end, "Though each was partly in the right, all were entirely wrong". We have the same problem with cybersecurity. There are established elements of the field that know how to secure the part of the technology that they touch. But until we are able to coordinate that knowledge to secure the whole elephant, we can't realistically say we are secure. Or in pragmatic terms, "partly" secure simply does not suffice. Probably the best illustration of that old adage is the U.S. National Security Agency, which was done in by an insider exploit, not the electronic one that they were set up to prevent. This is where formal education comes in. Education shapes behaviour. For that reason, education can be an extremely powerful force for ensuring correct practice. Also, it is education's historical impact on society at large that makes it the most likely place to address the need for comprehensive cybersecurity.

The complete article can be found on page 14 and 15 of the following publication: