Roots of CyberSecurity
So many people complain bout the forest and trees in the world of cybersecurity. Some look to the trees and can write 5,000 word essays pulling about the etymology of a single word. They never see the forest.
“Forest Turnover” by Nicholas_T is licensed under CC BY
Others claim cybersecurity frameworks such as the Department of Defense’s Cybersecurity Maturity Model Certification will rise only to find itelf destined to fail. These critics note a piling up of assumptions and technical debt. They point to the Forest of compliance efforts like ISO or unjustly complain SOC2 compliance comes from gumball machines. They never take the time to see the trees.
Yet we need to stop worrying about the forest and trees of CMMC. Cybersecurity happens underground, through your culture. You must grow cyber hygiene in rich soil. Do not look to the forest or the trees. Instead get to the roots of cybersecurity and the fungus that keeps it alive.
Roots of Cybersecurity
The root system of any tree expands 20 times the size of the canopy. Often when we think trees have died around us, being returned to the earth by, you guessed it fungus, the trees go on living underground. Their roots living for years, decades, possibly centuries keeping other trees alive. Connected through a network of fungus.“DSC01648” by Clearly Ambiguous is licensed under CC BY
We must see cybersecurity as a symbiotic relationship between the public and the private sectors. You as a business owner need to understand that without some basics you can never secure sensitive data, and if you can’t secure sensitive data you will never get past the basics.
Around 90% of land plants thrive in mutually-beneficial relationships with fungi. Yet we do not see it. The mycelium, network of fine white filaments that make up the vegetative part of fung, exist out of sight. It just happens. We need this in cybersecurity.
“Mushroom, NCI Sourdough trail” by furtwangl is licensed under CC BY
Symbiotic relationships.
The plants and trees allow the fungus to siphon off food and the fungus help the plants eat, act as a network of advanced persistent threat, and fight of pests. In a cubic inch of soil you can find 8 miles of mycelium. We must get to a similar state of cybersecurity, hidden underground protecting our networks.
To deliver food plants provide fungi with carbohydrates. The fungi suck up water, and provide nutrients like phosphorus and nitrogen, via their mycelia.
The fungi also create a network to support each other. Paul Stamets, back in 1970 compared the mycelia of root systems to ARPANet, what we now call the Internet. Further According to Suzanne Simard older trees adjust the fungal network to help younger trees. They can redirect carbon they collect in their canopies to children of the forest floor who hide in the shadows. Protected by larger organisms.
“Rhizomic” by mikecogh is licensed under CC BY
The Wood Wide Web, also like cybersecurity provides advanced persistent threat analysis. When fungus in the roots recognize a threat they trigger the production of defense-related chemicals. These make later immune system responses quicker. When one tree gets attacked by harmful pests or deadly fungi, the mycelium can set off a chemical response in the root system to warn other trees.
We need to get to the roots of cybersecurity and this this includes five elements. You must do every one of these first.
Governance
First in terms of Governance who owns your data, who owns your systems, who maintains the System Security Plan? The mycelium under the trees acts as a microbial neural background. The management.
When you look at mycelium and a node breaks the network moves around it. You must have a plan to handle cybersecurity and know who will enforce policies.
Policy
Fungus migrated from the sea to land millions of years before plant life. The acids they produce broke down calcium in the rocks and produced soil. Your policy does the same thing.
The fungi worked by acting as carbon sinks. Fungus got the system working just as your policy is required for cybersecurity. In fact you should begin with writing a policy of how your company writes policy. You may in fact have a ton of existing policy but you can not protect what you don’t know you have.
Inventory
After the great extinction event that killed the dinosaurs the fungi inherited the earth. They could grow in the dark and even use radiation as food. The largest mycelium organism sprawls across 2,200 acres of Oregon and has lived before the time of the Christian Era. You need to know the spread of sensitive data, endpoints, and people.
Have you counted them all? If you do not have a solid inventory system you can not have security. You need to know how sensitive data spread through your network for without an inventory it will spread like a rhizome, like mcyelliumn
Access Control
Paul Stamets has long argued that the Internet just provides proof of concepts that already exist. The mapping of Internet traffic and Dark Matter all reflect the mapping of the rhizomatic spread of the rhizome.
You will need to keep a compliance machete at the ready to control access to sensitive data. Fungus act gateway species. Stamets note they let other life in. In fact he creates physical and logical barriers of mycelium downstream from farm to remove excess fertilizer and deadly diseases like e. Coli.
Awareness and Training
As he studies the fungus of the world Stametz tries to preserve the genome. In fact in collaboration with the Department of Defense they discovered five ancient and almost extinct fungi in the old growth forests that could help fight poxxed based diseases.
Ancient forests in China contain fungi that fight Flu and SARS.
Saving our old growth forest is a matter of national security. Just like your cyber security.
Let’s get to the root of the issue