Home Guru Bruce Schneier: “It is not prevention or detection, it is response”

Bruce Schneier: “It is not prevention or detection, it is response”

Bruce Schneier, Co3 Systems

As well as being a renowned cryptographer, influential security expert and outspoken conference favourite, Bruce Schneier has had his share of coverage in recent months as the Prism story unfolded. He chose to leave his position as BT’s security futurologist at the end of last month and has now turned his hand to incident response.

 

Schneier recently left BT, who acquired his company Counterpane in 2006, to join Co3 Systems as chief technology officer this month. I began by asking him what attracted him to a relatively unknown company.

 

He said that working for a start up is fun and something that he wanted to do, as incident response is a space that needs work. “If you go back to the definition of security being protection, detection and response, this feels like the last area that needs work, and the idea of incident response coordination and working on a response is really important and something that isn’t there,” he said.

 

I asked what he meant by this not being done yet. He said that there is a huge market for response and, while a lot of response services have emerged, there are not a lot of response products and that is what Co3 offers. “That has become important now, and two things are driving it: firstly attacks have got more sophisticated. We are seeing more targeted attacks and you need a sophisticated response; secondly the regulatory environment in the United States is much more complicated and dangerous, so there are a lot of laws you have to follow or else you risk being fined, or face lawsuits and you need to demonstrate in court that you do things properly,” he said.

 

“So those two together shows that you cannot do ad hoc response anymore, and the problem with emergency response is that you do it in a panic. It is easy to respond in the moment and anything that will automate things, and anything that will make the coordination more effective, is really valuable.”

 

I asked Schneier if this area is effectively a final frontier for the industry, who need to learn more about incident response? He said that, rather than being that extreme, as an industry we need to be more sophisticated as this is nothing new. “There will be a time when your response will say “call in someone else”, but your thermometer doesn’t replace the doctor, you know to call the doctor,” he said.

 

“I think we started seeing this at conferences three or four years ago where we went from being told ‘buy my thing and you’ll be safe’ to ‘you’re going to get hacked and you have a problem’, and I thought that was very refreshing as for too long tried to throw imperfect solutions at this. So the fact that we are striving to say things like ‘yes we know this is imperfect’ is a good sign.”

 

Looking back at the RSA attack from 2010, Schneier said that was a big deal and called the response “terrible” as the coordination to such a big attack “was all pretty much ad hoc”, but with a coordinated response you would know what to do, what to say and how to fix it.

 

Talking specifically about Co3 Systems, Schneier said that it offers a way to coordinate a response. “It is not prevention or detection, it is response, and it doesn’t make attacks less likely to happen, it makes it less bad when they do, and that could be not getting smacked with a class action lawsuit,” he said.

 

I concluded by asking if he felt that companies needed to be prepared in the face of a potential attack. He said he did because of sophisticated attacks and legal trends. “For those two reasons, it becomes important to do something like this and there are different reasons for different sized companies, so those two things make it very useful and I am surprised by how much demand there is.”

 

Bruce Schneier, chief technology officer of Co3 Systems, was talking to Dan Raywood

Recent

Password guessing malware blamed for nude celeb photo leak

Malware which uses brute force tactics to try and gain access to user accounts has been blamed for the leaking of nude celebrity photos.   According to The Next Web, intimate photos of actresses and singers were posted on the forum 4chan. Later, it reported that a piece of code was posted to code development (…read more)

September 1, 2014

Europol, NCA, FBI EU countries team up to battle botnets

The Europol European Cybercrime Centre (EC3), National Crime Agency and FBI have combined forces to launch the Joint Cybercrime Action Taskforce (J-CAT).   Coordinating and strengthening international investigations against cyber threats, the J-CAT will be led by Andy Archibald, deputy director of the National Cyber Crime Unit from the NCA, and will comprise a team (…read more)

September 1, 2014

UK civilians and military personnel learn to defend at cyber training camp

The Cyber Security Challenge UK’s new cyber security bootcamp, held at the Defence Academy in Shrivenham, is being delivered by a number of the UK’s most prestigious cyber defence companies including PWC, GCHQ and the National Crime Agency, to help attendees gain foundation skills and confidence to take their first steps into the cyber security profession. Today’s assessment, devised by cyber security operatives from GCHQ, will see candidates take on (…read more)

August 29, 2014