Latest Essays

Why Was SolarWinds So Vulnerable to a Hack?

It’s the economy, stupid.

  • The New York Times
  • February 23, 2021

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including U.S. government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

It was a huge attack, with major implications for U.S. national security. The Senate Intelligence Committee is scheduled to …

The Government Will Guard Biden’s Peloton from Hackers. What About the Rest of Us?

The Security Threat to Worry About Is the One Facing the Public, Not the President

  • The Washington Post
  • February 2, 2021

President Biden wants his Peloton in the White House. For those who have missed the hype, it’s an Internet-connected stationary bicycle. It has a screen, a camera and a microphone. You can take live classes online, work out with your friends or join the exercise social network. And all of that is a security risk, especially if you are the president of the United States.

Any computer brings with it the risk of hacking. This is true of our computers and phones, and it’s also true about all of the Internet-of-Things devices that are increasingly part of our lives. These large and small appliances, cars, medical devices, toys and — yes — exercise machines are all computers at their core, and they’re all just as vulnerable. Presidents face special risks when it comes to the IoT, but Biden has the National Security Agency to help him handle them…

The Solarwinds Hack Is Stunning. Here’s What Should Be Done

  • CNN
  • January 5, 2021

The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses—primarily through a malicious update of the SolarWinds network management software—may have slipped under most people’s radar during the holiday season, but its implications are stunning.

According to a Washington Post report, this is a massive intelligence coup by Russia’s Foreign Intelligence Service (SVR). And a massive security failure on the part of the United States is also to blame. Our insecure internet infrastructure has become a critical national security risk—one that we need to take seriously and spend money to reduce…

The US Has Suffered a Massive Cyberbreach. It’s Hard to Overstate How Bad It Is

This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols

  • The Guardian
  • December 24, 2020

Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but that’s wrong on two accounts. It wasn’t a cyber-attack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.

Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk—and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack…

The Peril of Persuasion in the Big Tech Age

Persuasion is essential to society and democracy, but we need new rules governing how companies can harness it.

  • Bruce Schneier and Alicia Wanless
  • Foreign Policy
  • December 11, 2020

Persuasion is as old as our species. Both democracy and the market economy depend on it. Politicians persuade citizens to vote for them, or to support different policy positions. Businesses persuade consumers to buy their products or services. We all persuade our friends to accept our choice of restaurant, movie, and so on. It’s essential to society; we couldn’t get large groups of people to work together without it. But as with many things, technology is fundamentally changing the nature of persuasion. And society needs to adapt its rules of persuasion or suffer the consequences…

What Makes Trump’s Subversion Efforts So Alarming? His Collaborators

The president has been trying to dismantle our shared beliefs about democracy. And now, his fellow Republicans are helping him.

  • Henry J. Farrell and Bruce Schneier
  • New York Times
  • November 23, 2020

Last Thursday, Rudy Giuliani, a Trump campaign lawyer, alleged a widespread voting conspiracy involving Venezuela, Cuba and China. Another lawyer, Sidney Powell, argued that Mr. Trump won in a landslide, the entire election in swing states should be overturned and the legislatures should make sure that the electors are selected for the president.

The Republican National Committee swung in to support her false claim that Mr. Trump won in a landslide, while Michigan election officials have tried to stop the certification of the vote.

It is wildly unlikely that their efforts can block Joe Biden from becoming president. But they may still do lasting damage to American democracy for a shocking reason: The moves have come from trusted insiders…

The Unrelenting Horizonlessness of the Covid World

  • Nick Couldry and Bruce Schneier
  • CNN
  • September 25, 2020

Six months into the pandemic with no end in sight, many of us have been feeling a sense of unease that goes beyond anxiety or distress. It’s a nameless feeling that somehow makes it hard to go on with even the nice things we regularly do.

What’s blocking our everyday routines is not the anxiety of lockdown adjustments, or the worries about ourselves and our loved ones — real though those worries are. It isn’t even the sense that, if we’re really honest with ourselves, much of what we do is pretty self-indulgent when held up against the urgency of a global pandemic…

The Twitter Hacks Have to Stop

  • Bruce Schneier
  • The Atlantic
  • July 18, 2020

Czech translation

Twitter was hacked this week. Not a few people’s Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter’s system administrators. Those are the people trusted to ensure that Twitter functions smoothly.

The hacker used that access to send tweets from a variety of popular and trusted accounts, including those of Joe Biden, Bill Gates, and Elon Musk, as part of a mundane scam—stealing bitcoin—but it’s easy to envision more nefarious scenarios. Imagine a government using this sort of attack against another government, coordinating a series of fake tweets from hundreds of politicians and other public figures the day before a major election, to affect the outcome. Or to escalate an …

Bruce Schneier says we need to embrace inefficiency to save our economy

  • Bruce Schneier
  • Quartz
  • June 30, 2020

It took a global pandemic and stay-at-home orders for 1.5 billion people worldwide, but something is finally occurring to us: The future we thought we expected may not be the one we get.

We know that things will change; how they’ll change is a mystery. To envision a future altered by coronavirus, Quartz asked dozens of experts for their best predictions on how the world will be different in five years.

Below is an answer from Bruce Schneier, a security expert focused on technology. He is a fellow at the Berkman Klein Center for Internet & Society at Harvard University and a lecturer in public policy at the Harvard Kennedy School. He is also the author of more than a dozen books—his latest, …

The Public Good Requires Private Data

  • Bruce Schneier
  • Foreign Policy
  • May 16, 2020

This essay appeared as part of a round table on “How the Coronavirus Pandemic Will Permanently Expand Government Powers.”

There’s been a fundamental battle in Western societies about the use of personal data, one that pits the individual’s right to privacy against the value of that data to all of us collectively. Until now, most of that discussion has focused on surveillance capitalism. For example, Google Maps shows us real-time traffic, but it does so by collecting location data from everyone using the service.

COVID-19 adds a new urgency to the debate and brings in new actors such as public health authorities and the medical sector. It’s not just about smartphone apps tracing contacts with infected people that are currently being rolled out by corporations and governments around the world. The medical community will seize the pandemic to boost its case for accessing detailed health data to perform all sorts of research studies. Public health authorities will push for more surveillance in order to get early warning of future pandemics. It’s the same trade-off. Individually, the data is very intimate. But collectively, it has enormous value to us all…

Sidebar photo of Bruce Schneier by Joe MacInnis.