Bruce Schneier on Incident Response and His Next Book
Few figures in the IT security landscape command the respect and admiration of so many people as does Bruce Schneier. The well-regarded expert recently changed jobs, moving from BT to become the CTO of Co3 Systems in January of this year.
In a video interview with eSecurity Planet, Schneier explains why the incident response technology that Co3 Systems builds is an important part of the modern IT security lifecycle. A key part of what Co3 does is to automate the details of incident response, he said.
“When you’re under attack, the last thing you want to do is worry about all the details,” he said. “You want someone to do that for you; otherwise you’ll forget something.”
In Schneier’s view, the recent breach of U.S. retailer Target is a great example of incident response gone wrong. In the Target breach a lot of different things simply fell through the cracks, he noted. Having software in place that follows up on the required components of incident response is incredibly valuable in Schneier’s view.
Incident response technology is by its nature a reactive technology because it comes into play after a breach has occurred. Yet it is still a proactive approach for enterprises to take, according to Schneier, and one that is necessary as data breaches will almost inevitably occur.
“Of course if you get a good reactive mechanism in place, that in a sense is proactive but it’s only proactive in that you’re getting better at being reactive,” Schneier said.
Schneier Between the Covers
Schneier is well known in the security community for his books. In 2012, he published Liars and Outliers: Enabling the Trust that Society Need to Thrive. In 2013, Schneier published Carry On: Sound Advice from Schneier on Security.
He is currently working on a book about Internet and power that will examine “how the Internet affects power and how power affects the Internet,” Schneier said.
“How the play between corporate power, government power and distributed power progresses in the future is not at all obvious,” he said. “So it’s about the NSA, it’s about Google, it’s about Anonymous and all these groups using the Internet for power and how that works.”