Apple is famously focused on design and human experience as their top guiding principles. When it comes to security, that focus created a conundrum. Security is all about placing obstacles in the way of attackers, but (despite the claims of security vendors) those same obstacles can get in the way of users, too.
For many years, Apple tended to choose good user experience at the expense of leaving users vulnerable to security risks. That strategy worked for a long time, in part because Apple’s comparatively low market share made its products less attractive targets. But as Apple products began to gain in popularity, many of us in the security business wondered how Apple would adjust its security strategies to its new position in the spotlight.
As it turns out, the company not only handled that change smoothly, it has embraced it. Despite a rocky start, Apple now applies its impressive design sensibilities to security, playing the game its own way and in the process changing our expectations for security and technology.
EDITED TO ADD (7/11): iOS security white paper.
Posted on July 5, 2013 at 1:33 PM •
This is kind of a rambling essay on the need to spend more on infrastructure, but I was struck by this paragraph:
Here’s a news flash: There are some events that no society can afford to be prepared for to the extent that we have come to expect. Some quite natural events — hurricanes, earthquakes, tsunamis, derechos — have such unimaginable power that the destruction they wreak will always take days, or weeks, or months to fix. No society can afford to harden the infrastructure that supports it to make that infrastructure immune to such destructive forces.
Add terrorism to that list and it sounds like something I would say. Sometimes it makes more sense to spend money on mitigation than it does to spend it on prevention.
Posted on August 13, 2012 at 12:41 PM •
At the RSA Conference this year, I noticed a trend of companies that have products and services designed to help victims recover from attacks. Kelly Jackson Higgins noticed the same thing: “Damage Mitigation as the New Defense.”
That new reality, which has been building for several years starting in the military sector, has shifted the focus from trying to stop attackers at the door to instead trying to lessen the impact of an inevitable hack. The aim is to try to detect an attack as early in its life cycle as possible and to quickly put a stop to any damage, such as extricating the attacker from your data server — or merely stopping him from exfiltrating sensitive information.
It’s more about containment now, security experts say. Relying solely on perimeter defenses is now passe — and naively dangerous. “Organizations that are only now coming to the realization that their network perimeters have been compromised are late to the game. Malware ceased being obvious and destructive years ago,” says Dave Piscitello, senior security technologist for ICANN. “The criminal application of collected/exfiltrated data is now such an enormous problem that it’s impossible to avoid.”
Attacks have become more sophisticated, and social engineering is a powerful, nearly sure-thing tool for attackers to schmooze their way into even the most security-conscious companies. “Security traditionally has been a preventative game, trying to prevent things from happening. What’s been going on is people realizing you cannot do 100 percent prevention anymore,” says Chenxi Wang, vice president and principal analyst for security and risk at Forrester Research. “So we figured out what we’re going to do is limit the damage when prevention fails.”
Posted on April 27, 2012 at 6:53 AM •
The National Academies Press has published Crisis Standards of Care: A Systems Framework for Catastrophic Disaster Response.
When a nation or region prepares for public health emergencies such as a pandemic influenza, a large-scale earthquake, or any major disaster scenario in which the health system may be destroyed or stressed to its limits, it is important to describe how standards of care would change due to shortages of critical resources. At the 17th World Congress on Disaster and Emergency Medicine, the IOM Forum on Medical and Public Health Preparedness sponsored a session that focused on the promise of and challenges to integrating crisis standards of care principles into international disaster response plans.
Posted on April 6, 2012 at 11:03 AM •
Last week was the big RSA Conference in San Francisco: something like 20,000 people. From what I saw, these were the major themes on the show floor:
Who else went to RSA? What did you notice?
Posted on March 5, 2012 at 1:30 PM •
Alan T. Murray and Tony H. Grubesic, “Critical Infrastructure Protection: The Vulnerability Conundrum,” Telematics & Informatics, 29 (February 2012): 5665 (full article behind paywall).
Abstract: Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR poses significant threats to the continuity of these systems and can result in property damage, human casualties and significant economic losses. In recent years, efforts to both identify and mitigate systemic vulnerabilities through federal, state, local and private infrastructure protection plans have improved the readiness of the United States for disruptive events and terrorist threats. However, strategies that focus on worst-case vulnerability reduction, while potentially effective, do not necessarily ensure the best allocation of protective resources. This vulnerability conundrum presents a significant challenge to advanced disaster planning efforts. The purpose of this paper is to highlight the conundrum in the context of CIKR.
Posted on January 2, 2012 at 12:33 PM •
The Centers for Disease Control and Prevention weigh in on preparations for the zombie apocalypse.
Posted on May 20, 2011 at 4:00 PM •
This blog post by Richard Clayton is worth reading.
If you have more time, there’s 238-page report and a 31-page executive summary.
Posted on May 11, 2011 at 6:12 AM •
I haven’t written anything about the suicide bombing at Moscow’s Domodedovo Airport because I didn’t think there was anything to say. The bomber was outside the security checkpoint, in the area where family and friends wait for arriving passengers. From a security perspective, the bombing had nothing to do with airport security. He could have just as easily been in a movie theater, stadium, shopping mall, market, or anywhere else lots of people are crowded together with limited exits. The large death and injury toll indicates the bomber chose his location well.
I’ve often written that security measures that are only effective if the implementers guess the plot correctly are largely wastes of money — at best they would have forced this bomber to choose another target — and that our best security investments are intelligence, investigation, and emergency response. This latest terrorist attack underscores that even more. “Critics say” that the TSA couldn’t have detected this sort of attack. Of course; the TSA can’t be everywhere. And that’s precisely the point.
Many reporters asked me about the likely U.S. reaction. I don’t know; it could range from “Moscow is a long way off and that doesn’t concern us” to “Oh my god we’re all going to die!” The worry, of course, is that we will need to “do something,” even though there is no “something” that should be done.
I was interviewed by the Esquire politics blog about this. I’m not terribly happy with the interview; I was rushed and sloppy on the phone.
Posted on January 28, 2011 at 3:15 PM •
This is a bit surreal:
Additional steps are needed to prepare Broadway theaters in New York City for a potential WMD attack or other crisis, a New York state legislature subcommittee said yesterday.
Broadway district personnel did not know “what to do in case of an emergency as well as the unique problems that a theater workplace poses in the event of a fire or evacuation,” according to the report, which drew on interviews with theater employees following the attempted bombing.
“Taking the May 1, 2010, car bomb as an example, theater employees expressed how unprepared they were in dealing with the situation,” the report reads. “They were given misinformation, and they were directed to exit through portals they did not even know existed, indicating their lack of knowledge of the building they work in and exit routes. In the event of another attack, the same issues would arise.”
Posted on January 26, 2011 at 1:42 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.