Bear attacks, no-win situations and cybersecurity

I spend a good amount of time hiking in Shenandoah National Park and surrounding areas. I’ve seen quite a few #bears and I’ve followed one down the trail. I’ve been growled at by a mother bear when I unknowingly came between her and her cubs. This is going somewhere related to #cybersecurity. I promise.

You can’t outrun a bear. Climbing a tree won’t help. If a bear actually decides to attack you, the odds are not in your favor, but fortunately they almost never attack. The old joke goes “I don’t have to outrun the bear, I just have to outrun you” because, presumably the bear will catch your slower partner, stop, and not bother you when you both decide to run for it in violation of bear encounter best practices.

This hints at any number of cybersecurity principals:

There’s a lesson here:

Don’t feed the bears
They become habituated to humans, loose their inhibition, become a nuisance and sometimes have to be relocated or killed. Nobody wins.

OK, not that lesson. Lessons like:

Follow best practices
Following best practices CAN help avoid problems. Not following best practices WILL invite problems.
Have an incident response plan
If you see a bad thing happening, if it is coming straight for you, what do you do?
Line up the right resources
Do you know how to triage wounds? Do you have a cell phone? Are you in range of cell towers? If not, do you have a SPOT to call for help? Where is the nearest hospital? Are you prepared to shelter in place if need be?
It’s not just you
Feeding the bears or failing to store food properly might result in perfectly good backcountry shelters being torn down. And here we are, 20 or so years after it became clear that that allowing spoofed packets out of your network enables #DDoS #attacks and we still do not have widespread adoption of reverse path forwarding checks. Please stop spoofed packets at your border !

So it maybe true that few people win in the face of an actual attack, but, it turns out, there are still good reasons to play the game.

For Further Reading

Numbers of bear attacks
In North America, only 2-5 people are killed annually by bears: https://www.thealaskalife.com/outdoors/bear-attacks-statistic/ vs (Worldwide) 10 killed by sharks, 50,000 by snakes and 725,000 by mosquitos. https://www.statista.com/chart/2203/the-worlds-deadliest-animals/
U.S. Forrest Service
“Be bear aware” https://www.fs.usda.gov/visit/know-before-you-go/bears
Internet safety 101
“Internet safety 101: 15 tips to keep your kids and family safe online” https://us.norton.com/internetsecurity-kids-safety-stop-stressing-10-internet-safety-rules-to-help-keep-your-family-safe-online.html. Sure they want to sell you antivirus software, but this is generally good advice.
Ultimate Guide to Cybersecurity
“Your Ultimate Guide to Cybersecurity: At Home, at Work, and on the Go.” https://www.ibtimes.com/your-ultimate-guide-cybersecurity-home-work-go-2818655. A little more in depth.
CIS Critical Controls
“The Center for Internet Security (CIS) Critical Security Controls” - https://www.cisecurity.org/controls/cis-controls-implementation-groups/ More in depth. For enterprises.