Me? Not Much, Just Hanging. Waiting For The Next Big Breach

By Jamison Utter

The modern cyber blogger is a sort of ambulance chaser, waiting for the next big breach or hack. Bloggers are all about reporting what evil deed just happened, very much like newscasters reporting on a plane crash. When was the last time you read a major ‘security blog’ that gave you information about how to stop an attack or a new way of thinking about security that might stop a breach before it occurs? When has a blog provided you with information that helped change how you thought about cyber warfare?

The norm is always about ‘that major retail breach’ or that ‘healthcare breach’ with little ‘deep critical analysis’ of what went wrong and how it could be prevented in the future.

Why don’t these smart guys and gals that contribute to these site actually help people solve real problems; changing the game and really stopping – or at least thwarting cyber crime – before it happens... where is the cyber version of The Minority Report?

How about helping computer professionals (and regular people) change their thinking process to better handle the world as it is today, or even better, as it will be?  Why is William Gibson better at predicting the future of cyber war than your average ‘expert’? Have you ever asked the bloggers if they can hack? If so, where did they learn to hack? Or how they learned to hack?

But I digress.

The modern blogger has you playing a zero-sum game and this is making you, the security professional, operate as a sort of cyber cop. No offense to our law enforcement professionals, but it’s not the model we need if we are going to properly defend our intellectual property. Why, you ask? Cops are crucial for our society, without cops we would have bedlam!

For cops – or in our case, post-breach security analysts – all work is done on the premises where the perpetrator has:

  • been caught (or detected)
  • has done something detectable
  • left evidence which has been recorded

It’s the fact that others will (or might) do things just like this again in the future which allows (forces) us to establish laws.

Let's look at this like a legal system: say I break into your computer using an exploit in Wi-Fi, so we make laws that say ‘don’t break in with Wi-Fi’. How did this make you safer? How did it stop the exploit or fix the inherent flaws in Wi-Fi? It didn’t, and it's why “cops” don’t really stop crime, they clean up after it.

As cyber security professionals, we need to shift out of ‘cop –mode’ thinking; meaning, we need to:

  • stop enforcing laws; mostly on law abiding citizens, our users
  • stop investigating crimes; a.k.a. post breach log analysis and ‘what-the-heck-happened’ analyst work
  • move to predictive, proactive, productive security work

So stop being a cop and I won’t be a blogger.

About Jamison Utter

Jamison's personal interests push an understanding of the human side of technology and how it effects our lives, our future, and our minds.

More About Jamison