Handing Over the Keys to the Castle – OPM Demonstrated that Antiquated Security Practices Harm National Security. Institute for Critical Infrastructure Technology. July 2015.

“In this digital age, information is secured, coveted, and exfiltrated by nation states, hacktivists, and ambitious actors because, now more than ever, knowledge is power. Modern needs dictate that only authorized users know information, that authorized users can access information instantaneously, and that the integrity of information is certain. In opposition to these aspirations, an incessant tide of cybersecurity threats, spread across an unfathomably complex cyber-threat landscape, batter the defenses a round any valuable store of information. Adversaries seek to discern and exploit any minute vulnerability that could compromise the defenses and expose the wealth of knowledge inside. Information security professionals often view convenience and security as a tug-o-war over controls and resources. A fickle balance between convenience and security actually exists for the organizations with the knowledge to pursue it and vigilance to adapt their defenses to emerging changes in the threat landscape. The increasing annual number of successful breaches indicates that organizations and governments alike are not correctly balancing security with convenience due to antiquated systems and decades of poor security practices. If information is seen as a treasure hoard, then the cybersecurity infrastructure around it is the great fortress that is built by its people, founded on their technology, and maintained by their security practices. The employment of reliable technology, superlative security practices, and knowledgeable people culminates in a multilayered, integrated defense that is resilient to threats. The majority of in bound threats are thereby thwarted against its ramparts and the impact of the few successful breaches is minimized to acceptable losses. No adversary or persistent attack compromises either the cybersecurity infrastructure or the integrity of the information secured within.”