Responsive Resilience

FirefighterIt’s been over a year since security guru Bruce Schneier declared that this is the decade of incident response.

The 90s saw the mass internetworking of previously sheltered IT systems and local networks. Firewalls and IP masquerading (SNAT) were installed to “keep the bad guys out”, ushering in the decade of incident protection. From around the turn of the century, in response to increasingly pervasive and sophisticated attacks, firewalls were beefed up with deep packet inspection and intrusion detection capabilities – this was the decade of incident prevention.

Flash forward to the present day.  It’s been an article of faith in the open source community that “many eyes” examining freely available source code leads to more secure software. While it has been effective particularly in mitigating nefarious backdoors (whether malicious or well-meaning, one can only imagine the impact of PRISM in a closed source parallel universe), high profile and widespread security bugs such as Heartbleed and more recently DROWN demonstrate that it’s by no means a silver bullet for securing software.

Software, including device firmware, is exceedingly complex, complex software has bugs, bugs create security holes. The good guys have to find and patch every hole, the bad guys only have to find and exploit one – they have the upper hand and will always be a step ahead.

The conclusion? Hope for the best, but expect the worst. In the decade of incident response, your network will be compromised – whether by hackers, worms or infrastructure faults and failure. When the clock starts ticking, seconds may mean thousands or hundreds of thousands of dollars in damage, stolen property and lost revenues.

How will you respond?