Rooted Your {0x2E} Com

In the course of presenting any form of analysis or research, the details of how you come to your conclusions must be indisputable. The scrutiny faced by your peers should be enough to validate your claims as being reasonable before presenting them in any forum.

But this is not always the case in the lives of professionals, as notoriety can blind the path of virtue. How many of us would trade an honest position, to present an idea that is based on falsehoods, or is an evasion of the truth, to make more money, or gain the spotlight?

Here enters, global warming.

Yes, the planet is changing, but is it really getting warmer? Didn't we just get out of an ice age 25,000 years ago? I know humans have a problem with time-lines, but the Earth could care less about the past 100 years. 2009 was one of the coldest years in the past 100, so we can't call it global warming. Ah, lets call it climate change. But what is the overall problem? We can't control the climate of the entire planet, so what should we do? Send missiles at the Sun? Or maybe we should rob all of the plant and marine life of their necessary carbon dioxide? Yes, interesting as it may sound, plants and marine life actually GROW with more carbon dioxide, and what do plants do when they take in carbon dioxide? THEY MAKE MORE OXYGEN.

So what can we sensibly do? We can monitor the situation, watch the weather patterns, and prepare for the worst. The only thing that we as humans can do to deal with the weather is LEARN TO ADAPT. We can not predict tornadoes touching down, or even give a heads up when an earthquake hits, as that could save lives. How in the hell could we possibly think we have any real impact on the Earth?

Here enters, network security

I was hung up on an example of how you will never be able to truly understand all of the threat sources and their likelihood of exploiting vulnerabilities. Then the debate and marketing started to wrap around the idea of APT, or Advanced Persistent Threats. Really this was just glorifying the weakness in the overall security postures of organizations. Just because you do not see an alert, does not mean that you are 100% safe. Everyone looks for that one widget that solves ALL of their security problems, but this is not possible, only a well defined security program can ever have a chance for success.

Before organizations understood how their IDS worked, and how to use them effectively, they were told it was dead, and they needed an IPS. Now as organizations almost understand how their IPS works, and how to use them effectively, they are told, they need more tools. There is no one solution, only one plan that will work. And this plan must include a very important task, to ADAPT to the situation. Incident Response plans, remediation procedures, and customer escalations are a necessary part of any security plan.

But lets look at information assurance as an analogy to climate change:

- Both are basically uncontrollable in the sense that a threat source could appear at any time, with little or no notice. Years of avoiding carbon products is not going to stop the planet from killing you, just like having a block rule for the entire IP range in China is not going to stop someone from attacking you.

- Proponents of either only speak from one side, never listening to the possibly sensible rebuttals put forth. If it is a security vendor, or a scientist, you are not allowed to jump off the bandwagon, you have to ride it until the end. Even if revealing truthful information might damage your career, it is still the right thing to do (which is kinda analogies

- Nothing in life is perfect, therefore, there is no ONE solution for anything.

Climate Change, and Information Assurance, two interesting ideas that setup a premise to EPIC FAILURE. Keep paying for your carbon credits, or enjoying your empty IPS logs, everything will be fine.

References:
A Critique of Climate Change Science and Policy - Willie Soon
http://www.aynrand.org/site/DocServer/LS093_slides.pdf?docID=2241

General logic statements from the comedy of George Carlin
http://www.georgecarlin.com