The document discusses how the telephone industry achieved 99.999% reliability ("five nines") and argues that cybersecurity should strive for the same standard of near-perfect reliability. It describes how early telephone networks faced challenges with coordination, monitoring, and service quality due to their decentralized nature, similar to early cybersecurity relying primarily on firewalls. The telephone industry was able to standardize and consolidate, allowing for investments in research, new technologies, and system-wide improvements that delivered highly reliable service. The author argues cybersecurity needs to similarly think on a large, global scale through collaboration and innovation to solve systemic problems and protect data with nearly perfect reliability as more devices connect.

1. 9/16/16, 1:10 PMThe 99.999 percent cybersecurity problem
Page 1 of 6http://fedscoop.com/the-99-999-percent-cybersecurity-problem
September 16, 2016
The 99.999 percent
cybersecurity problem
Commentary: A once-not-so-reliable phone
company set the standard for "five nines" service.
Perhaps it's time to ask how cybersecurity might
achieve the same standard.
BIO
By JR Reagan
JANUARY 29, 2016 3:30 AM
Ex-servicemen receive practical instruction on an operator board in 1946. What can the
cybersecurity industry learn from telephone utilities as it strives to boost reliability?
(State Library of Victoria/Flickr)
CYBERSECURITY
So, you've assumed
compromise. Now
what?
CYBERSECURITY
NSA: no zero days
were used in any
high profile
breaches over last
24 months
HOUSE OF
REPRESENTATIVES
Election systems
safe from
cyberattacks,
experts believe
PRIVACY
White House calls
for updated senior
agency privacy
positions
RELATED ARTICLES
NEWS EVENTS TV RADIO PEOPLE SUBSCRIBE CHANGE SCOOP !"
SUBSCRIBE CONNECT WITH US

2. 9/16/16, 1:10 PMThe 99.999 percent cybersecurity problem
Page 2 of 6http://fedscoop.com/the-99-999-percent-cybersecurity-problem
JR Reagan writes regularly for
FedScoop on technology, innovation
and cybersecurity issues.
Near-perfection is a lofty goal, one utilities strive for. “Five nines” has
become, it’s said, the “holy grail” of reliability: Under this scenario,
customers have service 99.999 percent of the time, with outages
averaging only about five minutes per year. Now, that's service.
A major telephone company set this standard, boasting of its 99.999-
percent reliability. Now, some are calling for “five nines” service from
Internet providers and websites.
Perhaps we should ask how cybersecurity, too, might achieve this
standard. How can our industry protect data with near-perfect
reliability, especially as an ever-growing number of “connected”
devices join the global data network?
Telephones weren’t always so reliable. In its early years, the industry
faced challenges similar to cybersecurity’s. Phone service began as a
strictly local phenomenon: The earliest adopters in 1878 had to buy
the phones they wanted to use on either end — one for home and one
for work, for instance — and hire a telegraph line installer to connect
them. Reliability wasn’t difficult to ensure at this small scale, as long
as someone heard the caller whistle through the line — the pre-ringer
signal that a call was coming in.
Likewise, cybersecurity in its earliest
years relied almost exclusively on
firewalls to filter out “untrusted”
Internet traffic. Safeguarding a single
desktop computer connected by phone
lines to a contained World Wide Web
was fairly simple. As happened in the
telephone industry, however, the
cyber scale is quickly expanding – and
so are the challenges.
According to the book “Seeing What’s
Next,” by Clayton M. Christensen,
telephones first appealed to
businesses, which saw value in
enabling workers to communicate more efficiently among
themselves and with other offices. The trend soon spread to
Cybersecurity Insights &
Perspectives
Invincea's Anup
Ghosh on using
machine learning
to improve
cybersecurity
detection
capabilities
Cybersecurity Insights &
Perspectives
Veracode's Chris
Wysopal talks
about the impact
of '90s hacker
think tank
Content from Sponsors
DHS' Vincent
Sritapan on federal
IT modernization
September 20, 2016
Leveraging Your
Workforce in the
New
Communications
Era
September 28, 2016
Privileged User &
Insider Threat
Federal 2016
Ponemon Survey
Findings
October 05, 2016
VIEW ALL
TV/RADIO
EVENTS

3. 9/16/16, 1:10 PMThe 99.999 percent cybersecurity problem
Page 3 of 6http://fedscoop.com/the-99-999-percent-cybersecurity-problem
households, and by 1900, the number of phone users reached 1
million. By 1904, more than 6,000 telephone companies
independently provided phone service, which, by most accounts, fell
far short of the “five nines.”
“Coordination was difficult, network monitoring was next to
impossible, operators experienced diseconomies of scale, and service
quality suffered,” Christensen writes. Sound quality also suffered,
shared “party lines” often forced people to wait to make calls, and
long distance calling was extremely difficult, complicated and
expensive.
And yet — the industry reached “five nines” availability. How?
Consolidation is one answer: As Christensen's book details, the Bell
Telephone Co. bought its competitors, forming a virtual monopoly
throughout the U.S. One positive result was standardization, which
enabled the utility to invest heavily in research and development. It
also led to new technologies for use across its ever-expanding service
area: private phone lines, direct dialing as opposed to placing calls via
operators, long-distance calling and 99.999 percent reliability.
As a result, the telephone has become an essential item for all, even
given for free to low-income residents under a federal program.
The telephone’s success happened, in part, because innovators moved
beyond a piecemeal approach to design on a grand scale, engineering
improvements across the entire network. At the same time, they
figured out how to give people what they want: around-the-clock
reliability, with the phone company — not the customer — held
responsible when things go wrong; ease of use – making a call today,
even long distance, today is a simple, intuitive task , requiring no
special training; and quality experiences, without the frustrations of
dropped calls or distorted sound.
What can we in cybersecurity learn from this success story? In many
ways, our profession seems still in the early, “piecemeal” phase, with
many focusing on protecting their own organizations’ data and that
of their customers, or on developing apps to secure a single device or
network.
But as the telephone’s history indicates, success may come only when
October 05, 2016
What Hackers
Reveal About IT
Vulnerabilities
VIEW ALL

4. 9/16/16, 1:10 PMThe 99.999 percent cybersecurity problem
Page 4 of 6http://fedscoop.com/the-99-999-percent-cybersecurity-problem
-In this Story-
Government IT News, Innovation, Tech, Cybersecurity, Commentary, Guest
Columns
Stay alert to all the latest government IT news.
SIGN UP TODAY
we “think big,” enlarging our scale, moving beyond the local
(company-focused or product-focused) to the global (industry- or even
Internet-focused). To get there, we might collaborate with one
another for a common good — such as data protection — and
innovate strategies and solutions to thwart intrusions systemwide.
And, like the phone industry, we ought to always keep the customer
front and center in whatever we design, aiming for easy-to-use
cybersecurity with nearly perfect reliability.
It’s one thing to manage cybersecurity on a single cell phone, tablet or
laptop. It’s more difficult when you’re protecting all the devices in a
single business. And it’s exponentially more challenging to design
security for systems used by millions and billions of users.
The Internet of Things, with connected devices perhaps numbering in
the trillions someday — potentially serving as hackable portals to our
networks and data, could explode the cyber scale almost beyond
comprehension. Do we wait until that happens to finally figure out
how to keep data safe?
For truly effective cybersecurity design, scale is becoming a critical
factor. Ironically, as the telephone’s narrative shows, large-scale
solutions can be not only the most difficult to devise, but, once
achieved, the most effective. Now, as never before, we in the
profession need to ask: How do we solve for the really big problems?
JR Reagan is the global chief information security officer of Deloitte. He
also serves as professional faculty at Johns Hopkins, Cornell and Columbia
universities. Follow him @IdeaXplorer. Read more from JR Reagan.

5. 9/16/16, 1:10 PMThe 99.999 percent cybersecurity problem
Page 5 of 6http://fedscoop.com/the-99-999-percent-cybersecurity-problem
-Explore Stories in Tech- NEWS > TECH
JOIN THE CONVERSATION
So, you've
assumed
compromise. Now
what?
NSA: no zero days
were used in any
high profile
breaches over last
24 months
Election systems
safe from
cyberattacks,
experts believe

6. 9/16/16, 1:10 PMThe 99.999 percent cybersecurity problem
Page 6 of 6http://fedscoop.com/the-99-999-percent-cybersecurity-problem
3 Comments FedScoop SherryJones!
Share⤤ Sort by Best
Join the discussion…
• Reply •
Merovech • 8 months ago
If one out of 100,000 security attacks succeeds, then we have 99.999%
success. However, we still fail because they have complete success.
1 △ ▽
• Reply •
rbag • 8 months ago
We already tried big scale. We gave Microsoft nearly total control of
internet devices. And that was the beginning of our cybersecurity
problems.
The phone company achieved reliability by squashing diversity. That's
great when you have a specific need to meet and your problem is device
failure. That is exactly the opposite of what's needed. When you've got a
general purpose tool and your enemy is bad actors, diversity is what you
need.
1 △ ▽
• Reply •
Jeff N • 8 months ago
The phone system, while reliable, was far from secure. Line tapping for
unauthorized devices was simple, and in band signalling and switching
relied on security via obscurity. Once the signal tones leaked out came the
rise of the famous blue and red boxes. Long distance calls were horribly
expensive with ridiculous time of day rates. Service in smaller markets
could easily result in an "all circuits busy" message. In the late 1960s
businesses in New York City were taking out full page newspaper ads
demanding better phone service. In 1974 Bell suffered a major fire at the
NYC 2ND Avenue switching center that severed major lines and knocked
out phone service to lower Manhattan for weeks. They had no disaster plan
to cover situations like this.
△ ▽
Subscribe✉ Add Disqus to your site Add Disqus Addd Privacy%
Recommend♥
Share ›
Share ›
Share ›
ABOUT / CONTACT LEADERSHIP TEAM EDITORIAL TEAM
CONTRIBUTE CAREERS
# $ % & ' + )
BACK TO TOPCOPYRIGHT 2008-2016 FEDSCOOP. ALL RIGHTS RESERVED. ∠