Digital Insurgency

Information assurance, IT (in)security... whatever you want to call it is rife with warlike references. Here's another one for your lexicon.

Digital insurgency.

Why? Traditional IT (in)security begins with an "us-in-here" vs. "them-out-there" approach to protecting the network (and in a few enlightened organizations, the data). We refer to "defense-in-depth"... bastions... firewalls... etc.

The problem is, we are looking at the problem the wrong way.

The reality is, "they" are already among us. Once you start thinking of the adversary among you and your valuable data, your approach changes (or at least should). Sure, don't take down the walls... but you had better learn to operate in an untrustworthy environment. Remove the false sense of security. Assume the enemy knows your technology, your infrastructure layout, your processes, the skill level of your people... everything (except, hopefully your crypto keys).

Get on with counter-insurgency operations within your network. Listen to Sun Tzu- use spies. Engage in insider monitoring. Watch for anomolous behavior. Block "escape routes." Disrupt communications (outbound filtering). Identify and protect what's really important- your data! Encrypt encrypt encrypt (no it doesn't solve the problem... but it does make it harder for script kiddies to pwn you in ways it REALLY counts). Go on the offensive in surgical, well-informed strikes. Improve your interior communication lines' security. Coordinate with the locals... educate and incentivize the populace to cooperate. Associate with those you would never mention among polite company- your competitors... your service providers. Cooperative defense.

Finally, make lasting changes for the long-term good- FIX THE F-ING PROTOCOLS and fatally flawed architecture that allows this to happen!!!

... you get the idea.

~CPwnk