Share

Related Links

Top 5 Stories

News

Bruce Schneier Joins Co3 Start-up Firm

07 January 2014

When Bruce Schneier suddenly left BT in December, he hinted that he would explain his future plans in the new year. On what was for most people the first working day of 2014 he did just that – Schneier is the new CTO of start-up firm Co3. He has reunited with John Bruce, formerly CMO at Counterpane (the company Schneier sold to BT) and now CEO at Co3.

Schneier describes good security as a combination of 'protection, detection, and response,' but believes that the last element is poorly served by the security industry.  "While there are many companies that offer services to aid in incident response – mitigation, forensics, recovery, compliance – there are no comprehensive products in this area," he announced yesterday. "Well, almost none. Co3 Systems provides a coordination system for incident response..."

Incident response is of growing importance on both sides of the Atlantic. It is founded on two currently increasing premises: firstly that there is an inevitability about security incidents; and secondly that regulatory and legislative requirements on incident handling are becoming both more intrusive and more punitive. One aspect of the EU's planned General Data Protection Regulation (GDPR), for example, is a 24-hour breach notification regime (already required for communications providers) backed up by sanctions based on worldwide turnover for breaches of the regulation. 

The result of poorly handled incident response is consequently a combination of lost brand reputation, high clean-up costs, and regulatory fines. "The problem with any emergency response plan is that you only need it in an emergency," says Schneier. "Emergencies are both complicated and stressful, and it's easy for things to fall through the cracks. It's critical to have something – a system, a checklist, even a person – that tracks everything and makes sure that everything that has to get done is." So he sees incident response as something like an insurance policy – something you need but hope you don't; but could prove the difference between coping and disaster.

Although both Schneier and BT claimed that his recent criticism of NSA surveillance programs had nothing to do with them parting company, it could not have been an easy relationship for either. In August the Guardian reported, "Some of the world's leading telecoms firms, including BT and Vodafone, are secretly collaborating with Britain's spy agency GCHQ, and are passing on details of their customers' phone calls, email messages and Facebook entries, documents leaked by the whistleblower Edward Snowden show."

So far Schneier has avoided any direct criticism of either GCHQ or BT, telling Infosecurity that he tried to avoid politics outside of the US. Whether he will now feel more able to do so remains to be seen. One thing, however, remains clear: he will not stop criticizing the NSA. Threat Post reports on an email conversation, "The work that he has done on the Snowden documents will continue, Schneier said, because he views it as more important than any given job. He will be working on the documents with Glenn Greenwald at his new media venture.

“None of that stops. That’s a rule with any company. Given the choice, the job loses,” he said. “I mean, what’s more important?”

This article is featured in:
Industry News  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×