Preparing students for the new normal: Cyber readiness and disaster recovery

It may seem bizarre that early summer discussions in the halls of academe have turned to warfare — cyber attacks and cyber counter-attacks to be exact. But since The New York Times reported on Stuxnet and Flame, where the weapons delivery system was apparently a thumb drive, the vulnerability of major corporations to similar attacks has become even more apparent.

By Michael Goul, Chairman, Department of Information Systems

It may seem bizarre that early summer discussions in the halls of academe have turned to warfare — cyber attacks and cyber counter-attacks to be exact. But since The New York Times reported on Stuxnet and Flame, where the weapons delivery system was apparently a thumb drive, the vulnerability of major corporations to similar attacks has become even more apparent. In a disturbing Al Qaeda video posted on the Senate Committee on Homeland Security website on May 22, 2012, terrorists exhort individuals to become cyber attackers. Some analysts claim the most recent Flame attack has been overblown, but nevertheless serves as a harbinger of more to come.

How are companies responding? Intel’s McAfee security division recently announced a project to protect utilities from cyber attacks . Also, Microsoft is said to have taken action to correct the bug that evidently lead to Flame’s use of fake certificates. Meanwhile, Britain’s armed forces minister stated that pre-emptive cyber strikes against perceived national security threats are a “civilized option” to neutralize potential attacks.

Many industry consultants are advising companies to prepare anew or at least refresh their disaster recovery plans. Simulating cyber attacks and testing response capabilities will be important because learning through experience is anticipated to be key. Deliotte is suggesting that “cyber readiness” is the new normal. Tradeoff considerations between privacy and cybersecurity are heating up at the national level, causing analysts Todd Hinnen and Michael Sussman to tell us on May 18, 2012 to “Stay tuned as the Senate takes up sausage making.” The comment references the proposed Cybersecurity Act of 2012.

Whether it’s new laws or companies working hard to prepare new cyber readiness products and services, disaster recovery planning and business continuity management won’t ever be the same. The complexity has all of a sudden skyrocketed. A challenge will be to train the next generation of information management students for this new complexity — getting them ready for what will be their new normal.