Earlier than I ever held a security title, I used to be a software program engineer implementing vertically built-in automation techniques for industrial manufacturing, warehouse-scale conveyor networks, robotic materials dealing with, bodily infrastructure managed by software program on more and more related networks. I realized early that tightly coupled techniques produce tightly coupled failures. When a single software program fault might halt a distribution middle, you designed for swish degradation. You assumed elements would break and constructed the system to soak up it.
That intuition adopted me into cybersecurity and finally into CISO roles throughout healthcare, monetary providers and international manufacturing. These industries function below totally different regulatory regimes, face totally different menace profiles and outline danger in numerous phrases. However in each certainly one of them, I encountered the identical structural downside: Cyber danger wasn’t ruled as a unified self-discipline. It was adopted piecemeal by techniques that already existed, product markets, regulators, auditors, insurers and boards, every constructing frameworks by itself timeline, in its personal language, towards its personal definition of “safe.” The sample rhymes with early actuarial science, the place separate branches of insurance coverage every modeled danger in isolation earlier than discovering that correlated losses had been the actual menace.
Inside any particular person silo, the logic was sound. However the seams between them had been by no means reconciled. The place one system’s blind spot turns into one other’s unpriced publicity, there was no shared language to call it. And as digital transformation has accelerated the interconnection between industries, provide chains and demanding infrastructure, these seams have widened into the precise fashionable danger floor.
