Schneier describes good security as a combination of 'protection, detection, and response,' but believes that the last element is poorly served by the security industry. "While there are many companies that offer services to aid in incident response – mitigation, forensics, recovery, compliance – there are no comprehensive products in this area," he announced yesterday. "Well, almost none. Co3 Systems provides a coordination system for incident response..."
Incident response is of growing importance on both sides of the Atlantic. It is founded on two currently increasing premises: firstly that there is an inevitability about security incidents; and secondly that regulatory and legislative requirements on incident handling are becoming both more intrusive and more punitive. One aspect of the EU's planned General Data Protection Regulation (GDPR), for example, is a 24-hour breach notification regime (already required for communications providers) backed up by sanctions based on worldwide turnover for breaches of the regulation.
The result of poorly handled incident response is consequently a combination of lost brand reputation, high clean-up costs, and regulatory fines. "The problem with any emergency response plan is that you only need it in an emergency," says Schneier. "Emergencies are both complicated and stressful, and it's easy for things to fall through the cracks. It's critical to have something – a system, a checklist, even a person – that tracks everything and makes sure that everything that has to get done is." So he sees incident response as something like an insurance policy – something you need but hope you don't; but could prove the difference between coping and disaster.
Although both Schneier and BT claimed that his recent criticism of NSA surveillance programs had nothing to do with them parting company, it could not have been an easy relationship for either. In August the Guardian reported, "Some of the world's leading telecoms firms, including BT and Vodafone, are secretly collaborating with Britain's spy agency GCHQ, and are passing on details of their customers' phone calls, email messages and Facebook entries, documents leaked by the whistleblower Edward Snowden show."
So far Schneier has avoided any direct criticism of either GCHQ or BT, telling Infosecurity that he tried to avoid politics outside of the US. Whether he will now feel more able to do so remains to be seen. One thing, however, remains clear: he will not stop criticizing the NSA. Threat Post reports on an email conversation, "The work that he has done on the Snowden documents will continue, Schneier said, because he views it as more important than any given job. He will be working on the documents with Glenn Greenwald at his new media venture.
“None of that stops. That’s a rule with any company. Given the choice, the job loses,” he said. “I mean, what’s more important?”