Chris Hoover

Mass Consent, Part 2

Blog Post created by Chris Hoover Employee on Sep 10, 2012

My last post was vaguely about collective consciousness. It played off of the phrase “mass consent”, which I took from a William Gibson quote about cyberspace being a “mass consensual hallucination”. Just watching the Internet over the last 15 or years or so, there have been have been points where it is obvious to see it enabling mass consciousness and demonstrating mass consent. It is more obvious when you drill down into subsets or communities …take the IT Security community.

 

Do you remember the era of the firewall in the late 1990s? It was thing you HAD to have! Partly because you really had to have it…but partly because the vendors making firewalls wanted you to believe it was the thing you needed most. This was what we can, in hindsight, call the “Bastion mentality”. I will make my perimeter impenetrable! The firewall admins of the day felt like studs and you can be sure they helped perpetuate the idea. There was also a n-e-r-d factor of “Is your firewall stateful? Is your firewall wire-speed?” When the conversation gets framed like this, people get caught up. “I want stateful!  I want wire-speed!” and in that pursuit, people lose sight and are giving their mass consent to things that are not helpful. They are creating something by giving their attention to it. If the attention keeps flowing to one subject, you can bet the vendors will keep making a product to fit that story. However, while we were all building “impenetrable” perimeter walls, how many people during that timeframe were using PCAnywhere and had modems in their office where they could dial in right past the impenetrable firewall?

 

Do you remember the era of antivirus? It was almost concurrent, slightly after. It was the thing you HAD to do right. The “I love you” virus, sasser, slammer. It was the one thing you really HAD to worry about! You had to be manic about it even!

 

What about the era of the IDS? Don’t we need terabytes of text logs that we will NEVER ever look at?

 

Then the era of the IPS? Weren’t they all so important?!

 

Do you remember when you first saw a SIEM? Wasn’t it the most amazing silver bullet ever made?

 

User training! That’s what we need! Remember the era of the zillion dollar security bootcamp bubble?

 

Encryption! That will solve my problems!

 

Multi-factor authentication! If I can just get that…then I will be secure.

 

Forensics. That’s what I really need….NAC! etc.

 

Well, I am not saying there is anything wrong with any of these technologies. They are of course useful. We learned over time that defense-in-depth means something and we need the full arsenal. Sadly, we have also learned that some of the FISMA efforts we were engaging in were not gaining us much in actual security improvements. We have spent so much time consenting and participating in these tangents, we have lost things along the way, including national secrets, and untold trillions in intellectual properties. We in the IA community feel this. This is part of our collective consciousness, but we are starting to refine our expertise and learn from each other and it is having positive effects on even the federal bureaucracy. We are co-creating more clever automation schemes in open groups like the SCAP community, we are finding better ways to use data feeds and automated scanning. We are caring more about the actual state than the compliance documents. The mass move toward automation and continuous monitoring bodes well. Instead of reacting, we can instead choose our ground. We can give mass consent to proactive strength and vigilance. That is the thought that first excited me about the field of Information Assurance.  It is encouraging to me to sense my community moving toward a purpose. There is a lot we can do individually to move the collective. Be open to new ideas. Find the thought leaders. Join some RSS feeds. There are so many good ones out there. (Here’s one of my favorites: Richard Bejtlich - I’m biased because I’m also former Air Force) Let’s all get on the same page. Learn from your peers instead of being threatened or competitive. Post comments and give feedback. Reach out. What “era” would you say we’re in now? Where do you see our industry in two years? What would you change? Email me: chris.hoover@rsa.com

 

Chris Hoover

Outcomes