“If you can’t do something smart, do something right.”

Shepherd Book said that in Serenity, a lovely movie from 2005 that wrapped up the sadly-too-soon cancelled series Firefly.

I use it a lot when institutional constraints and incentives stop me from doing the smartest and most effective thing possible. There’s still always room to do something right.

I and Adam Shostack wrote a sturdy schnitzel-und-kartoffelkuchen dinner of an article discussing some of the constraints on the institution called the Cyber Security Review Board. It’s up now at the Council on Foreign Relations here:


We suggest that even though a staggering number of institutional obstacles do lie in the way of the CSRB in terms of acting effectively and immediately, there is a lot of room to do something right—to examine still-reverberating cyber incidents with lessons for us all, and to provide meaningful and nonpartisan history that we can build upon.

I’d suggest reading over your breakfast sometime this weekend. When Adam and I get on this carousel we tend to ride it for a while, and we luxuriated in a lack of word count to let us dig meaningfully into the real issues.

It seems near-impossible for the CSRB under the current circumstances to examine ongoing incidents without fear or favor. We propose there’s a hack to be found here by examining historic incidents with still-relevant technical details. After all,

“Things are only impossible until they’re not.” ~ Captain Jean-Luc Picard

Leave a Reply