The attack on Sony Pictures over the film The Interview was perpetrated by North Korea, according to security expert Bruce Schneier.
The former chief technology officer of BT Managed Security Solutions, now CTO at Resilient Systems, had expressed scepticism at the time of the attack that the secretive dictatorship had been behind the attack, motivated by the theme of the film: two hapless American agents who were supposed to assassinate the country's leader, Kim Jong-un.
But in a video keynote speech at LinuxCon 2015, Schneier claimed that he had changed his mind. "Many of us, including myself, were skeptical for several months.
Security expert says we're in a cyberwar arms race, and with the Sony attack, North Korea has already taken the first shot at the United States.
LinuxCon is about Linux, cloud, and containers, but it's also about security. In the past year, programmers have been reminded that merely being "open-source" doesn't mean that your code is safe. Assuming you're secure is a mistake. Because, as security maven Bruce Schneier explained to the LinuxCon audience via Google Hangouts, we're in a cyber-arms race.
Security guru Bruce Schneier says there's a kind of cold war now being waged in cyberspace, only the trouble is we don't always know who we're waging it against.
Schneier appeared onscreen via Google Hangouts at the LinuxCon/CloudOpen/ContainerCon conference in Seattle on Tuesday to warn attendees that the modern security landscape is becoming increasingly complex and dangerous.
"We know, on the internet today, that attackers have the advantage," Schneier said. "A sufficiently funded, skilled, motivated adversary will get in.
In Data and Goliath, Bruce Schneier, a security technologist and fellow at Harvard Law School, explores what it means to have entered the age of mass surveillance. Our data are collected in the first instance by private corporations, but are increasingly exploited, as Edward Snowden has shown, by government intelligence agencies. The NSA didn't have to build from scratch a vast database on billions of innocent citizens the world over, Schneier explains, because private corporations had already done so. All the NSA needed was access.
"I like to measure the performance of the team," said Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 Black Hat Conference in Las Vegas. "I like to see metrics about people, about process, about technology. There isn't one metric that works since it's such a complicated and moving target... Right now companies have to use the data that they have to figure out if their teams are effective."
Schneier feels that certain metrics, such as blocked attacks, don't really provide a gauge of how secure you are.
Boom Bust correspondent Bianca Facchinei sits down with Bruce Schneier – chief technology officer at Resilient Systems, Inc. and fellow at the Berkman Center for Internet and Society at Harvard Law School – at the Black Hat conference in Las Vegas. Bruce gives us his take on the infamous 2014 Jeep Cherokee hack and tells us how government surveillance impacts social movements.
The American security guru fears that the diffusion of the software could be used by criminal groups
This interview also appeared in Italian.
You wrote in your blog: "I don't think the company is going to survive". However, at least in Italy and in the US Hacking Team has powerful sponsors...Will they survive?
«It remains to be seen. We know from the leaked documents that they have sold their products to the most repressive governments in the world...and overcharged them whenever possible.
Cyberattacks are getting more frequent, sophisticated and successful. Can organizations adapt security choices to cope better?
Nobody would disagree that IT security is necessary.
At minimum, it's needed to satisfy relevant government and industry compliance regulations, along with your insurance company, investors, suppliers, customers and other business partners. At most, it also protects your data and systems from much-dreaded cyberattacks.
Bruce Schneier has been writing about security issues on his blog, his blog, Schneier on Security, since 2004, and in a monthly newsletter since 1998. He writes books, articles, and academic papers. Currently, he is the Chief Technology Officer of Resilient Systems, a fellow at Harvard's Berkman Center, and a board member of Electronic Frontier Foundation.
What do you see as the greatest cyber risks today?
I don't like ranking risks, and I worry that concentrating on the 'greatest' risk obscures all of the other risks. Basically, the big cyber risks are what everyone is talking about.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.