Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including “the old magic bullet,” the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses are there The reality is that just like in physical warfare, the defenses will take some time to develop and articulate.
One very promising line of thinking is that of active defense. While the concept is often attributed to some recent action, active defense has been one form of warfare for many centuries; there are instances of what might be called active defense outlined in the Bible and in Greek histories. But it is only recently, in light of the many wars around Israel, that defense in depth has taken on its modern shape in active defense. What about active defense is so interesting from a network security perspective? It is primarily this: in active defense, the defender seeks to tire an attacker out by remaining mobile, misdirecting the attacker, and using every opportunity to learn about the attacker’s techniques, aims, and resources to reflect Continue reading
That was the question Bruce Schneier and I were asked by Craig Spietzle of the Online Trust Alliance (OTA) during a panel he moderated recently at the RSA conference.
My answer to that question was “an unequivocal yes!” Below is the longer answer. The key lies in accountability.