iamnor

InfoSec is from Pluto, NetOps is from Jupiter

As the tenth largest body orbiting our sun, Pluto has in recent years been center stage to heated discussion about what makes a planet.  Living on Pluto as it spins around its eccentric orbit at a chilly 29 AU to a really chilly 49 AU from our Sun would be quite a challenge.  It’s cold and lonely and most people don’t even consider Pluto a planet including the IAU which on August 24th, 2006 relegated Pluto to ‘dwarf planet’ status.  It is surprisingly similar to the life as an InfoSec professional.  They are center stage to heated discussions about the significance, priority and impact of information security on organizations.  Aside from government and financial circles, InfoSec is at best an ugly stepchild and at worst is the bastard child of an adulterous relationship. To the rest of the world, information security is the curse of ‘due diligence and care’ that is resisted, ignored and hated with vim and vigor likened to paying taxes.  In short, information security is the group that tries to make organizations do silly things that cost too much and delay projects for no good reason because “security breaches only happen to the other guy, not us”.

The fifth planet from our Sun, Jupiter, stacks up as the largest body in our solar system at 2 ½ times more massive that all the other planets put together.  Jupiter keeps showing up in the press with missions like Voyager, Cassini and Galileo.   If that was not enough of a spotlight, consider the Shoemaker-Levy 9 Impacts in July of 1994.  Jupiter is big, bright and full of hydrogen.  Everybody knows what Jupiter looks like and we thank Jupiter for its gravitational pull, we all prefer to have things hit Jupiter instead of us.  Network operations, like Jupiter, gets lots of visibility, is generally large in comparison to other operational bodies and is full of an amazingly diverse class of gases.  And we all know to make a bee-line to NetOps when we can’t surf the Internet.

Putting aside the above analogies, there are some fundamental differences between InfoSec and NetOps and over the years I have struggled to understand those differences as a way to improve my interactions with my family on Jupiter.  At its most fundamental level, the difference between “network” people and “security” people is that one is focused on ensuring that packets move and the other isn’t.  I will leave ascribing the correct labels to you, the reader.

This fundamental schism is surprisingly wide and deep.  And, we are talking astronomic units (AU) here, not Grand Canyon distances.  Countless times, I have gone to my brothers and sisters on Jupiter asking for help in reducing the ‘attack surface’ of a problem and time and time again, I have received feedback and lumps.  With each tongue-lashing and stroke I have heard “We don’t have time or resources”.  For a long time, I assumed that part of my family was just lazy.

The Epiphany came to me last week, NetOps is from Jupiter, not my home town over on Pluto.  When I ask network operations to install an ACL or firewall, they resist.  Not out of laziness but as an instinctive response built into the very fabric of each resident of Jupiter.  Asking to block traffic is like asking them to move to Pluto, which is far too small and cold.  When I look at the problem, I see it through the eyes of a happy resident of Pluto where blocking traffic is just a matter of simple changes to router and firewall configurations.  Add in a little audit trail and some monitoring for giggles, and it is a happy place for all.  But when someone from Jupiter looks at preventing packets from reaching their final destination, it is like preventing a packet from reaching it’s pre-ordained and rightful place in the universe and the ramifications will topple everything.  Not to mention making a mess in the holiest of places, the change control archive.

So, consider this, the next time you endeavor to make the journey from Pluto to Jupiter to request a packet filter, start the conversation with “Every packet is sacred”, and bring lots of photos of home to reassure them that Pluto is not all bad, because a network operator who turns up a firewall is actually a Plutonian on vacation in a warmer climate.

iamnor
:Plutonian