Friday, January 13, 2012

On Defending Networks


In the article, he repeats a subtle point that I've heard from him before, "Defend the network". 
This is a critical distinction from "build the network securely".  It shows an understanding that engineering is only a supporting step in defending the network (as I blogged about here).
However he still seems to be concerned with planning the battle.  No war is won by planning a battle.  Wars are won by FIGHTING.
I don't mean to understate the importance of planning.  It can probably never be overstated.  However, if you're already in the battle, fighting back is critical to providing the chance to do that planning.
If a soldier is told to take a hill, he takes it, (I assume, not having ever been in the military).
More so, he is trained to do that.  He is taught to assess the hill, figure out the best defense for the situation, (no matter how good or bad the situation is), and execute it.
The same needs to be applied to our networks. 
If we can secure areas of the world existing in at least 3 domains (land, air, and space) if not four (adding sea), then we should easily be able to train to defend networks existing in a single domain (digital). 
If we can secure a spot of land which has an infinite number of paths in and out, then we should be able to train to defend a network defined digitally.
In fact, the only disadvantage to the digital domain is the speed at which conflict executes within it.
Is the defense harder than it has to be?  Absolutely.  Do we gain by going back and re-engineering the digital terrain to be more defendable?  Yes.
However, the second step is jumping on the network, mapping it out, planning a defense, and executing it (as I talked about here).  The first step is training and equipping people to do so.

(Cross posted at https://www.infosecisland.com/blogview/19348-On-Defending-Networks.html)