Expert suggests holistic approach to security

MYRTLE BEACH, S.C.'IT security professionals have to find a way to move from reacting to threats to proactive protection, according to a leading security expert speaking at the eighth annual Techno Security conference.

Eric Cole, a senior scientist with Lockheed Martin Corp.'s information technology group and author of numerous books on information security, told the audience that organizations have to first identify their core intellectual property; then they can take the steps needed to guard it.

'If you don't know what you're trying to secure, how can you [know] you have secured it?' he said. 'Just because you're putting money and energy into a problem doesn't mean you're addressing the problem.'

Cole compared many organizations' security efforts to young children's report cards. 'A lot of companies would get E for effort, but unlike elementary school, there is no E for effort,' he said.

Cole suggested that organizations should put far more effort into identifying vulnerabilities and securing them as the only effective way to protect against multiplying threats. He also emphasized that security has to be fully integrated into every layer of IT in an organization.

'In this day and age, you shouldn't be able to isolate out your security on your network,' he said. 'If you can [do it], what's to stop the threat, which can do the same thing?'

Cole suggested that organizations should pay more attention to extending 'least privilege''the least amount of access a person needs to get his or her job done. He cited the Aldridge Ames spy case at the CIA in the 1990s as a very costly example.

Ames' betrayal actually cost lives, yet, 'about 55 percent of the damage that he did was with information he had access to that he didn't need to do his job,' Cole said. The Ames case also demonstrates that organizations need to focus more of their security efforts on the insider threat, he said.

One way to frame the approach to integrating security is to consider it a 'digital watermark,' he said. 'If you remove it, the network should be useless.'


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected