More Detection + Response, Less Prevention

A friend sent me this Reuter’s article recently about the NSA’s new operating assumption to treat production systems as though they may be compromised.  From the article:

"There's no such thing as 'secure' any more," Debora Plunkett of the
National Security Agency said on Thursday amid U.S. anger and  embarrassment
 over disclosure of sensitive diplomatic cables by the web  site WikiLeaks.
"The most sophisticated adversaries are going to go unnoticed on our
networks," she said.Plunkett heads the NSA's Information Assurance
Directorate, which is  responsible for protecting national security
information and networks  from the foxhole to the White House."We have to
build our systems on the assumption that adversaries will  get in," she
told a cyber security forum sponsored by the Atlantic and  Government
Executive media organizations.

This is why organizations need to spend more resources on DETECTION and RESPONSE and less on PREVENTION.    A domestic terror attack is not preventable — we just need to be ready!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s