The chief information officer at the Department of Defense says that looking at cybersecurity through the lens of risk management was one of the first things he did after assuming the role. Applying risk management strategies to an organization as large as the Pentagon requires a tight partnership between cyber stakeholders. Katell Thielemann, Research Vice President at Gartner, says that recognizing physical risks to cyber infrastructure becomes incredibly important as more systems become connected.
“Everything is becoming connected. We spend a lot of time talking about cyber physical systems and their security. The cyber element is important. The data, the information. Traditionally security practitioners have focused on the CIA triad. Confidentiality, integrity, availability of the data,” Thielemann said. “But, now systems are connected. So, we see for instance hacks of high roller databases in casinos that are affected through an aquarium system. The target hack was through the HVAC system. Everything is connected. So, the idea of thinking about security through that cyber-physical continuum, and that everything is bi-directional, is really important.”