Latest Essays

Page 2

Illuminating SolarStorm: Implications for National Strategy and Policy

  • Aspen Institute
  • March 4, 2021

This essay appeared as part of a round table on how to respond to the SolarWinds attack.

This operation was a tremendous intelligence success for the Russian government, and recovering from it is going to be much harder than people think. It might not even be possible. It requires much more than simply patching the Sunburst vulnerability. It means burning the infected networks to the ground and rebuilding them from scratch, just as you might reinstall your computer’s operating system after a bad virus. But even that won’t be enough.

The Russians were slow and deliberate, using the backdoor in the SolarWinds update to obtain initial footholds in only a few of the 18,000 vulnerable networks, and then working over months to establish persistence by creating alternative means of access that would survive discovery of the initial vulnerability…

Why Was SolarWinds So Vulnerable to a Hack?

It’s the economy, stupid.

  • The New York Times
  • February 23, 2021

Ukrainian translation

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including U.S. government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

It was a huge attack, with major implications for U.S. national security. The Senate Intelligence Committee is scheduled to …

The Government Will Guard Biden’s Peloton from Hackers. What About the Rest of Us?

The Security Threat to Worry About Is the One Facing the Public, Not the President

  • Bruce Schneier
  • The Washington Post
  • February 2, 2021

President Biden wants his Peloton in the White House. For those who have missed the hype, it’s an Internet-connected stationary bicycle. It has a screen, a camera and a microphone. You can take live classes online, work out with your friends or join the exercise social network. And all of that is a security risk, especially if you are the president of the United States.

Any computer brings with it the risk of hacking. This is true of our computers and phones, and it’s also true about all of the Internet-of-Things devices that are increasingly part of our lives. These large and small appliances, cars, medical devices, toys and—yes—exercise machines are all computers at their core, and they’re all just as vulnerable. Presidents face special risks when it comes to the IoT, but Biden has the National Security Agency to help him handle them…

The Solarwinds Hack Is Stunning. Here’s What Should Be Done

  • Bruce Schneier
  • CNN
  • January 5, 2021

The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses—primarily through a malicious update of the SolarWinds network management software—may have slipped under most people’s radar during the holiday season, but its implications are stunning.

According to a Washington Post report, this is a massive intelligence coup by Russia’s Foreign Intelligence Service (SVR). And a massive security failure on the part of the United States is also to blame. Our insecure internet infrastructure has become a critical national security risk—one that we need to take seriously and spend money to reduce…

The US Has Suffered a Massive Cyberbreach. It’s Hard to Overstate How Bad It Is

This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols

  • Bruce Schneier
  • The Guardian
  • December 24, 2020

Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but that’s wrong on two accounts. It wasn’t a cyber-attack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.

Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk—and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack…

The Peril of Persuasion in the Big Tech Age

Persuasion is essential to society and democracy, but we need new rules governing how companies can harness it.

  • Bruce Schneier and Alicia Wanless
  • Foreign Policy
  • December 11, 2020

Ukrainian translation

Persuasion is as old as our species. Both democracy and the market economy depend on it. Politicians persuade citizens to vote for them, or to support different policy positions. Businesses persuade consumers to buy their products or services. We all persuade our friends to accept our choice of restaurant, movie, and so on. It’s essential to society; we couldn’t get large groups of people to work together without it. But as with many things, technology is fundamentally changing the nature of persuasion. And society needs to adapt its rules of persuasion or suffer the consequences…

What Makes Trump’s Subversion Efforts So Alarming? His Collaborators

The president has been trying to dismantle our shared beliefs about democracy. And now, his fellow Republicans are helping him.

  • Henry J. Farrell and Bruce Schneier
  • New York Times
  • November 23, 2020

Last Thursday, Rudy Giuliani, a Trump campaign lawyer, alleged a widespread voting conspiracy involving Venezuela, Cuba and China. Another lawyer, Sidney Powell, argued that Mr. Trump won in a landslide, the entire election in swing states should be overturned and the legislatures should make sure that the electors are selected for the president.

The Republican National Committee swung in to support her false claim that Mr. Trump won in a landslide, while Michigan election officials have tried to stop the certification of the vote.

It is wildly unlikely that their efforts can block Joe Biden from becoming president. But they may still do lasting damage to American democracy for a shocking reason: The moves have come from trusted insiders…

The Unrelenting Horizonlessness of the Covid World

  • Nick Couldry and Bruce Schneier
  • CNN
  • September 25, 2020

Ukrainian translation

Six months into the pandemic with no end in sight, many of us have been feeling a sense of unease that goes beyond anxiety or distress. It’s a nameless feeling that somehow makes it hard to go on with even the nice things we regularly do.

What’s blocking our everyday routines is not the anxiety of lockdown adjustments, or the worries about ourselves and our loved ones—real though those worries are. It isn’t even the sense that, if we’re really honest with ourselves, much of what we do is pretty self-indulgent when held up against the urgency of a global pandemic…

Hacking the Tax Code

  • Bruce Schneier
  • IEEE Security & Privacy
  • September/October 2020

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, rulings from the tax authorities, judicial decisions, and legal opinions.

Like computer code, the tax code has bugs. They might be mistakes in how the tax laws were written. They might be mistakes in how the tax code is interpreted, oversights in how parts of the law were conceived, or unintended omissions of some sort or another. They might arise from the exponentially huge number of ways different parts of the tax code interact…

The Twitter Hacks Have to Stop

  • Bruce Schneier
  • The Atlantic
  • July 18, 2020

Czech translation
Spanish translation

Twitter was hacked this week. Not a few people’s Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter’s system administrators. Those are the people trusted to ensure that Twitter functions smoothly.

The hacker used that access to send tweets from a variety of popular and trusted accounts, including those of Joe Biden, Bill Gates, and Elon Musk, as part of a mundane scam—stealing bitcoin—but it’s easy to envision more nefarious scenarios. Imagine a government using this sort of attack against another government, coordinating a series of fake tweets from hundreds of politicians and other public figures the day before a major election, to affect the outcome. Or to escalate an …

Sidebar photo of Bruce Schneier by Joe MacInnis.