Those companies engaged in the national infrastructure have also received a wake-up call, and now you see and read more about how SCADA (supervisory control and data acquisition) systems are being targeted and exploited. Regardless of industry, Ill stand by my prior statement: "Potential targets are your employees. Your company is a potential target. Size does not matter."

Power: Or any wider acceptance of our premise that to mitigate this threat the overall approach to security from cyber to physical (and back again) has to be holistic?

Burgess: I was discussing this point with some attendees at the New Digital Economics conference (San Francisco, March 2011) as to how the adversary has all the time they require to scope their problem set, do their analysis, put together their attack plan and then execute. You as the target have to be ready all the time, even when it's inconvenient. The adversary is waiting for you to allow convenience to trump security, and then they take advantage of the window of opportunity you're availing to them.

I also note that companies are buried in their data. They have structured data, unstructured data and are trying to make sense of it all and frankly are often simply overwhelmed. Their inability to maximize the "big data" sitting under their roof, I believe, is to a potential adversary's advantage.

Power: Social media has evolved at a mind-boggling pace, and it has already had a profound impact on politics, geopolitics, culture, media, etc. and this profound impact is on a global scale. For me, Facebook and Twitter are proven to be fascinating laboratories. With social media, the personal and the professional are increasingly entwined, and this entwining has presented us all with unprecedented challenges and opportunities personally and professionally. I know you have taken a deep long look at this subject. What are the essential elements of a practical, effective social media policy for major corporations?