Adam is joined by Bruce Schneier to talk about current problems facing the TSA, gun control, and how data and security intersect.
One of the topics that resonated deeply with last season's Adam Ruins Everything viewers was Bruce Schneier's take on security and "security theater". So we had to bring Bruce on the podcast. Bruce is a brilliant cryptographer and security expert, who's written countless articles and academic papers and published 13 books, including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
Bruce Schneier and attorney David O'Brien discuss the new report issued by the Berkman Center for Internet & Society at Harvard University on the issue of “Going Dark,” and the role of law enforcement and privacy rights under scrutiny, revelations of government spying, and analysis of the Apple iPhone Encryption litigation and its progeny unfolding in the Federal Courts.
This year's Infosecurity Europe conference had so many great places to be and things to do that it was often hard to choose how best to spend one's limited time and harder still for many to identify a single highlight. For myself personally, however, it had to be the opportunity to hear one of my favourite writers for many years speaking on the keynote stage.
Whilst terms like "security guru" or even "thought leader" are often bandied around and diluted to the point of being meaningless, few of us mere security mortals can reasonably dispute the influence, credibility and respect that Bruce Scheiner holds as a writer, technologist, cryptographer and entrepreneur. You know that when he speaks at an event like this, it is not an opportunity you're going to get every day.
Governments have a crucial role to play in tackling what he sees as the next big security challenge, he told Infosecurity Europe 2016 in London.
One of the biggest challenges, according to Schneier, is that there is no good regulatory structure for IoT which connects finance, health, energy and transport information.
"We don't know how to do this, so we are going to need government solutions that are holistic that will deal with IoT devices no matter what they are doing," he said.
Systems "too critical to allow programmers to do as they want"
Government regulation of the Internet of Things will become inevitable as connected kit in arenas as varied as healthcare and power distribution becomes more commonplace, according to security guru Bruce Schneier.
"Governments are going to get involved regardless because the risks are too great. When people start dying and property starts getting destroyed, governments are going to have to do something," Schneier said during a keynote speech at the Infosecurity Europe trade show in London.
The choice is between smart (well-informed) or stupid government regulations with the possibility of non-interference getting taken off the table.
"The Internet of Things (IoT) is our next big security challenge and I think it's the way we are going to be colliding with the real world in interesting ways."
Speaking at Infosecurity Europe 2016 Bruce Schneier said that securing the IoT is a lot about what we already know, and some of what we don't know.
"It's one big inter-connected system of systems with threats, attackers, effects; the IoT is everything we've seen now, just turned up to 11 and in a way we can't turn it off."
As the IoT becomes more connected it also becomes more physical, invading our lives on an unprecedented scale with more real-world consequences when a breach occurs, and it's something that we can't afford to fail to secure, Schneier explained.
"I think this is going to hit a tipping point. We're getting into the world of catastrophic risks as our computers become more physical.
Schneier also sees more government meddling in IoT security as ‘inevitable’
Schneier explained how IoT-connected devices such as medical devices, which are almost impossible to keep up to date with the latest security defenses, will go at odds against attackers who are continually improving their attack methods, with "catastrophic" consequences.
"As we move to the Internet of Things, where things are less patchable and less high-end, we're going to have problems," said Schneier, addressing a keynote audience at InfoSec 2016 in London.
"Right now, how you patch your home router is to throw it away and buy a new one.
But government involvement in IoT policies is inevitable, says security expert
Governments lack the expertise to define security policy when it comes to the rapidly growing Internet of Things (IoT), according to Bruce Schneier, security technologist and a member of the Infosecurity Europe Hall of Fame.
Schneier explained that that governments approach topics such as the IoT and cyber security without the technical knowledge to understand the challenges.
"It's surprising how stark the lack of expertise in tech is in these debates," he said at Infosecurity Europe in London.
"Expertise in large correlation data bases, algorithmic decision making, IoT, cloud storage and computing, robotics, autonomous agents; these are all things that the government is going to run headlong into and needs to make decisions about.
The Internet of Things (IoT) is ushering in a new age of hyperconnectivity – and new cyber security challenges.
In this video, Resilient CTO Bruce Schneier explains how the Internet of Things raises the stakes in cyber security, and explores how organizations will need to battle these new challenges.
Security expert Bruce Schneier discusses security from the perspectives of both the National Security Agency and the National Institution of Standards and Technology.
Since the 1930s at Bletchley Park, there has been a continuous arms race to both improve and break cryptography. The files leaked by National Security Agency (NSA) contractor Edward Snowden made it clear that governments regularly gather data on average citizens, which makes us wonder if privacy is even possible. Do our carefully designed cryptographic systems protect our information as we expect them to, or are they just thin veils that can easily be pierced by the government? I posed these questions to leading security expert Bruce Schneier.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.