Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/5/2014
01:31 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Bruce Schneier Departs BT For Startup Co3 Systems

Schneier says new gig at incident response management vendor a natural progression for him

Famed security expert Bruce Schneier has left BT and is now CTO of incident response (IR) management startup Co3 Systems.

Schneier, who previously had served on Co3 Systems' advisory board and has helped shape the look and feel of the software-as-a-service firm's architecture, says the time had come for him to make a change and leave BT. He had been the security futurologist for BT since it purchased his network monitoring services firm Counterpane Internet Security in October 2006.

Word that Schneier was leaving BT leaked publicly last month, and speculation arose that it had to do with his outspoken criticism of surveillance by the NSA and Britain's GCHQ.

But Schneier says BT never tried to censor his high-profile analysis of the Snowden leaks. "BT never tried to force me to toe the party line. And while my opinions on the NSA might not have been the same as their opinions, they never once stopped me from saying or publishing something," Schneier told Dark Reading in an interview. "Independent thinking was one of the things BT valued of me."

He says the timing was right for him to try something new, and Cambridge, Mass.-based Co3 was "the cool 'something new' that I found." His new role is mainly as "an external-facing evangelist," he says.

The Guardian in August reported that BT was a major partner with the GCHQ in its surveillance programs, as were Vodafone and Verizon Business, providing the spy agency with passing information on their customers' phone calls, emails, and Facebook posts, according to documents leaked by former NSA contractor Edward Snowden. Schneier, who worked with former Guardian writer Glenn Greenwald to analyze the Snowden documents, concluded that the NSA in its controversial surveillance operations was breaking most encryption on the Internet, and that it was time for the Internet to retool its security architecture with "open protocols, open implementations, open systems -- these will be harder for the NSA to subvert," he wrote.

[Renowned security icon Bruce Schneier shares food for thought on security, fine dining, and disclosing and eating bugs. See Schneier On Schneier.]

Schneier says he was eager to return to the startup scene. "Being in a startup is fun. It's really fun in ways that being with a big company is not," Schneier says. "Being in a big company has advantages ... I was just about ready to swap back" to the startup model, he says.

Co3 offers a software-as-a-service platform for automating IR that assigns tasks, logs, tracks, and monitors elements of responding to an attack, including regulatory requirements. The platform replaces manual tracking via spreadsheets or other less coordinated, error-prone manual approaches today.

Schneier has close ties with John Bruce, Co3's CEO: The two worked together at Counterpane 15 years ago when Bruce was CMO and executive vice president of marketing there. Bruce said he is pleased that Schneier is joining Co3. "I've known Bruce for quite a while," he says. "What we represent is what he's been professing for the longest time ... you're going to get attacked at some point, so what do you do when you become subject to that?"

Bruce says Schneier's joining the firm is a validation of the company's SaaS offering. "What we're doing is equipping people with the tool to execute processes to efficiently grapple with [attacks]," he says. The platform provides a "playbook" for what to do when a breach occurs, according to Cambridge, Mass.-based Co3.

Schneier says Co3 was the next logical step from Counterpane. "After detection comes response," he says. He describes Co3's platform as a social networking tool for IR. Co3's system assigns tasks and coordinates any regulatory requirements for disclosure, for example. It can be linked to threat intelligence feeds and to IR services a firm would employ in the event of a breach. "You get on, put your people on it, what their jobs are," for example, he says. "It's taking manual incident response and automating and documenting it.

"We don't change how incident response happens; we make sure it happens according to the way it's supposed to," he says. And it's an external site, so IR isn't performed on your network, which is a risky approach, he says.

Schneier says the security industry has invested a lot of money in prevention and detection of breaches. "There are response [providers] ... you can call in Mandiant, and they can parachute people in and make it better," for example, he says. But there's a lack of IR product investment in the industry today, he says.

"Everyone agrees in this post-breach society that you're breached, whether you know it or not," says Ted Julian, chief marketing officer at Co3 Systems. "So [incident] response is more important than ever."

Schneier is also a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, and an Advisory Board Member of the Electronic Privacy Information Center. He has authored 12 books, including "Applied Cryptography" and "Liars and Outliers," and his Schneier on Security blog is well-known in the industry.

Bruce Schneier

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.