On Defending Networks

Friday, January 13, 2012

Gabriel Bassett

C70bb5cfd0305c9d18312d92f820c321

I just read Military Networks ‘Not Defensible,’ Says General Who Defends Them at Wired. 

In the article, he repeats a subtle point that I've heard from him before, "Defend the network". 

This is a critical distinction from "build the network securely".  It shows an understanding that engineering is only a supporting step in defending the network (as I blogged about here).

However he still seems to be concerned with planning the battle.  No war is won by planning a battle.  Wars are won by FIGHTING.

I don't mean to understate the importance of planning.  It can probably never be overstated.  However, if you're already in the battle, fighting back is critical to providing the chance to do that planning.

If a soldier is told to take a hill, he takes it, (I assume, not having ever been in the military).

More so, he is trained to do that.  He is taught to assess the hill, figure out the best defense for the situation, (no matter how good or bad the situation is), and execute it.

The same needs to be applied to our networks. 

If we can secure areas of the world existing in at least 3 domains (land, air, and space) if not four (adding sea), then we should easily be able to train to defend networks existing in a single domain (digital). 

If we can secure a spot of land which has an infinite number of paths in and out, then we should be able to train to defend a network defined digitally.

In fact, the only disadvantage to the digital domain is the speed at which conflict executes within it.

Is the defense harder than it has to be?  Absolutely.  Do we gain by going back and re-engineering the digital terrain to be more defendable?  Yes.

However, the second step is jumping on the network, mapping it out, planning a defense, and executing it (as I talked about here).  The first step is training and equipping people to do so.

Possibly Related Articles:
8180
Network Access Control
Information Security
Security Strategies Defense Military Network Security Information Security Infosec Network Mapping Gabriel Bassett
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.