Cops and Bloggers
The modern cyber blogger is a sort of ambulance chaser, waiting for the next big breach or hack. Bloggers are all about reporting what evil deed that has happened like newscasters reporting a plane crash. When was the last time you read a major ‘security blog’ that gave you information about how to stop something or a new way of thinking about security that might stop a breach before it occurs has a blog provided you with information that helped change how you thought about cyber warfare?
It is always about ‘that major retail breach’ or that ‘healthcare breach’. So much deep critical analysis of what went wrong and how it could be prevented in the future, as if an attacker uses the same method every time. Why not help people solve real problems, like changing the game and really stopping or at least thwarting cyber crime before it happens (where is the cyber version of The Minority Report?) How about helping computer professionals (and regular people) change their thinking process to better handle the world as it is today (or better yet as it will be). Why is William Gibson better at predicting the future of cyber war than your average ‘expert’? (Have you ever ask the bloggers if they can hack? Or where did they learn? Or how they learned). I digress.
The modern blogger has you playing a Zero-Sum game and this is making you (the security professional into a sort of cyber cop). It's not the model we need to defend our intellectual property. Why you ask? Cops are crucial for our society, without cops we would have bedlam!
Cops (or in our case, post-breach security analysts) all work on the premise that the perpetrator has been caught (or detected), has done something detectible and the evidence has been recorded, and that others will do things just like this. Its how we get laws in the first place, after the fact.
Let's look at this like a legal system, I break into your computer using an exploit in Wi-Fi, so we make laws that say ‘don’t break in with Wi-Fi’. How did this make you safer? How did it stop the exploit or fix the inherent flaws in Wi-Fi? It didn’t, and its why “cyber-cops” don’t really stop crime, they clean up after it.
As Cyber-Security professionals we need to shift out of ‘Cop –mode’ thinking, that is, stop enforcing laws (mostly on law abiding citizens, our users), stop investigating crimes (post breach log analysis, and what-the-heck-happened analyst work) and move to predictive, proactive, productive security work.
So stop being a cop and I won’t be a blogger