Cybersecurity Stovepiping

Authors

David Thaw, University of PittsburghFollow

Abstract

I. Introduction

II. The Concept of Stovepiping

III. Stovepiping in Cybersecurity ... A. Policy Making, Complexity, and Change ... B. Complex Passwords: A Case Study ... 1. Fundamentals of Password Complexity ... 2. “Guessability”—the False Assumption ... a. Password Guessing via Authentication (Login) Interfaces ... b. Password Guessing via Unprotected/Unsanitized Service ... c. Offline Password Attacks ... 3. “Defense in Depth”—Measuring Marginal Benefit

IV. Implications of the Stovepiping Disjuncture ... A. Addressing the Same Question … B. Overcoming Policy Entrenchment ... C. Risk-Analytic Framework for Cybersecurity

V. Conclusion

Recommended Citation

David Thaw, Cybersecurity Stovepiping, 96 Neb. L. Rev. 339 (2017)
Available at: https://digitalcommons.unl.edu/nlr/vol96/iss2/6