+++
title = "Bear attacks, no-win situations and cybersecurity"
author = ["George Jones"]
publishDate = 2020-03-19T00:00:00-04:00
lastmod = 2022-02-26T08:44:34-05:00
tags = ["cybersecurity", "secuity", "privacy", "perspective", "bears"]
categories = ["blog"]
draft = false
+++
I spend a good amount of time hiking in Shenandoah National Park and
surrounding areas. I've seen quite a few #bears and I've followed one
down the trail. I've been growled at by a mother bear when I
unknowingly came between her and her cubs. This is going somewhere
related to #cybersecurity. I promise.
You can't outrun a bear. Climbing a tree won't help. If a bear
actually decides to attack you, the odds are not in your favor, but
fortunately they almost never attack. The old joke goes "I don't have
to outrun the bear, I just have to outrun you" because, presumably the
bear will catch your slower partner, stop, and not bother you when you
both decide to run for it in violation of bear encounter best
practices.
This hints at any number of cybersecurity principals:
- Know your threat model.
- Know and follow best practices.
- Don't let fear (or adrenaline) dictate your response.
- Know and practice situationally appropriate responses (Grizzlies:
if attacked play dead. Black Bear: if attacked fight for your
life)
- Be prepared (bear spray, first aid kit)
- Practice deterrence (make noise, travel in groups)
- Prevention costs less than recovery. By far.
- And, of course, make sure the other guy is an easier target. Run faster if you run. Apply patches, have good backups (Hello, ransomware !), have layers of defense, decoys, monitoring, DLP, practice threat hunting, etc.
For a decade or so, I've been reflecting on the fact that
defensive cybersecurity is a loosing igame. The red team
(attackers) always win. I don't like no-win situations.
There's a lesson here:
Don't feed the bears
: They become habituated to humans, loose
their inhibition, become a nuisance and sometimes have to be
relocated or killed. Nobody wins.
OK, not that lesson. Lessons like:
Follow best practices
: Following best practices CAN help avoid
problems. Not following best practices WILL invite problems.
Have an incident response plan
: If you see a bad thing
happening, if it is coming straight for you, what do you do?
Line up the right resources
: Do you know how to triage
wounds? Do you have a cell phone? Are you in range of cell
towers? If not, do you have a SPOT to call for help? Where is
the nearest hospital? Are you prepared to shelter in place if
need be?
It's not just you
: Feeding the bears or failing to store food
properly might result in perfectly good backcountry shelters
being torn down. And here we are, 20 or so years after it
became clear that that allowing spoofed packets out of your
network enables #DDoS #attacks and we **still** do not have
widespread adoption of reverse path forwarding
checks. **Please** stop spoofed packets at your border !
So it maybe true that few people win in the face of an actual attack,
but, it turns out, there are still good reasons to play the game.
## 1 For Further Reading {#for-further-reading}
Numbers of bear attacks
: In North America, only 2-5 people are killed annually by bears: vs (Worldwide) 10 killed by sharks, 50,000 by snakes and 725,000 by mosquitos.
U.S. Forrest Service
: "Be bear aware"
Internet safety 101
: "Internet safety 101: 15 tips to keep your kids and family safe online" . Sure they want to sell you antivirus software, but this is generally good advice.
Ultimate Guide to Cybersecurity
: "Your Ultimate Guide to Cybersecurity: At Home, at Work, and on the Go." . A little more in depth.
CIS Critical Controls
: "The Center for Internet Security (CIS) Critical Security Controls" - More in depth. For enterprises.