Friday, 28 March 2008

Decentralised Cybersecurity

There have been plenty of articles written about the centralisation of U.S. Intelligence after the 9/11 attacks, arguing back and forth whether this was a sensible reaction. I've been taking a keen interest in decentralisation at Enterprise level, and it's interesting to see the same problems being tackled at a government level. Which is why I found this Ars Technica article, about the new U.S. head of cybersecurity so fascinating.

At Enterprise level, one management responsibility is to look for evidence that the organisational structure is failing, and take steps to correct it. But what kind of evidence should one look for? Stock price is one example, although some might argue the problem should've been spotted before shares take a tumble. I suspect in many cases the effect of poor organisation will be gradual, and will manifest themselves in less obvious ways, such as failure to innovate, or poor time to market, or a drop in sales. Note these problems might make it obvious that a problem exists, but tying the problem back to organisational structure - and finding a solution - is altogether more difficult.

But, blimey, the stakes couldn't be higher for the U.S. cybersecurity community. It's fascinating that they've hired a proponent of decentralised management (presumably the decentralised nature of the web has a lot to do with it) and it'll be fascinating to track his progress. One thing's for sure; organisational failure in this area could be both quick and public.

(Photo "black hats" from BitHead's flickrstream, with thanks)

No comments: