Cybersecurity Information Overload: Is There a Solution?

Sign Up for the Cybersecurity Magazine 
For at least the past two years, I've been fascinated by the highly fractured nature of information in the cybersecurity world, which is in a state of overwhelming onslaught of constant developments, studies, reports, meetings, breaking news, standards developments and government activity.  I've spent my entire career creating information products, conferences and advisory services focused on technology-related industries and corresponding complex policy topics (albeit in the comparatively easy-to-grasp media, communications, consumer electronics and, more recently, energy sectors).

But nothing beats cybersecurity as a tough topic, an issue that few people feel, deep down inside, they adequately grasp.  This vague sense of not-knowing is true for both the technology professionals responsible for implementing cybersecurity within their organizations and, most emphatically, the non-technologists who run organizations, government agencies and corporations and who are increasingly held responsible for the cyber breaches that occur on their watches.  Part of the problem is that there is just too much stuff  bombarding all of us and the information overload is accelerating.

Hundreds of good (and not so good) journalists crank out important cybersecurity news pieces every day across at least several dozen, if not hundreds, of bona fide publications (My slightly outdated must-read list is here).  Hundreds of consulting, engineering and law firms release reports, updates, advisories and white papers.  Endless meetings with thousands of participants are held across government and affiliated working groups, centers and labs of all stripes and sizes and all industry sectors. A day doesn't go by without at least a dozen important webinars, conferences or hearings on some important cybersecurity topic.

Trying to keep track of the day's developments is alone a herculean challenge.  A while back, I launched a Twitter feed and a corresponding nifty online Flipboard magazine (best seen on tablets and smartphones) that seeks to sift through the day's endless streams of information for only the most important, most interesting and most useful information.  Unlike some people who have brilliantly developed scripts to sift useful information from the repetitive, derivative and not-so-valuable gunk, I manually go through news feeds, emails, LinkedIn group reports and other sources and pick what to put in these curated resources. This process can consume many hours of my day if I don't watch it.

A few years back I interviewed over a dozen utility cybersecurity executives about the problems they faced. Information overload was consistently ranked among the top impediments to getting their jobs done. Typical of the responses I received was one top cybersecurity technologist. “A lot of stuff comes into our email inbox," he said. "There is a huge quantity of information out there saying 'we know what’s best.' Quite honestly, for me it’s fairly overwhelming to see that much information come in,”

And the situation has only deteriorated in the three years since I conducted that project. So, what's the solution? Is there a solution or is cybersecurity just too vast, just too endemic to everything in the world now that it's impossible to develop a comprehensive resource that hits the high-points and pulls it all together as best as possible in a reasonable time-frame?

These are the questions in the back of my mind as I work on a plan that proposes to do precisely that. Pull it all together and produce ongoing reports, data and analysis in a way that makes sense and reflects expertise and high-caliber thinking.

But if any of you have any answers to the question about information overload - is there a solution and what is it? -- or if there is a key piece of data or aggregated information that you wish you could see, drop me a line and share your thoughts.

Twitter Delicious Facebook Digg Stumbleupon Favorites More