A friend sent me this Reuter’s article recently about the NSA’s new operating assumption to treat production systems as though they may be compromised. From the article:
"There's no such thing as 'secure' any more," Debora Plunkett of the National Security Agency said on Thursday amid U.S. anger and embarrassment
over disclosure of sensitive diplomatic cables by the web site WikiLeaks. "The most sophisticated adversaries are going to go unnoticed on our networks," she said.Plunkett heads the NSA's Information Assurance Directorate, which is responsible for protecting national security
information and networks from the foxhole to the White House."We have to build our systems on the assumption that adversaries will get in," she told a cyber security forum sponsored by the Atlantic and Government Executive media organizations.
This is why organizations need to spend more resources on DETECTION and RESPONSE and less on PREVENTION. A domestic terror attack is not preventable — we just need to be ready!