After spending a lot of time thinking about the massive breach of Sony, security luminary Bruce Schneier came to a scary – but not really surprising – conclusion.
"The lesson is that we are all vulnerable. North Korea could have done it to anyone," said Scheier during a packed session at the RSA conference in San Francisco.
While the IT security industry knows how to deal with high volume, low-focus attacks, Schneier said, security professionals have trouble handling highly skilled and focused attackers, commonly referred to as advanced persistent threats (APTs).
Computer security expert Bruce Schneier says there's a big difference between feeling secure and actually being secure. He explains why we worry about unlikely dangers while ignoring more probable risks.
GUY RAZ, HOST:
It's the TED Radio Hour from NPR. I'm Guy Raz. And on the show today, we're exploring ideas about Maslow's hierarchy of human needs, and ranked at number two, security - the second step on the pyramid.
Who are you, and what do you do?
Just how much of your life is being watched and tracked? Who has access to all this information and what are they doing with it?
Bruce Schneier, fellow at Harvard Law School, author of Data and Goliath, points out the danger is not only from corporations and governments, but also cybercriminals, when these institutions lose your details.
Security expert Bruce Schneier has looked at and written about difficulties the Internet of Things presents - such as the fact that the "things" are by and large insecure and enable unwanted surveillance—and concludes that it's a problem that's going to get worse before it gets better.
After a recent briefing with him at Resilient Systems headquarters in Cambridge, Mass., where he is CTO, he answered a few questions about the IoT and what corporate security executives ought to be doing about it right now. Here's a transcript of the exchange.
What should enterprises worry about when it comes to the Internet of things?
Erin Ade sits down with Bruce Schneier – security expert, author, and fellow at the Berkman Center for Internet and Society at Harvard Law School. Bruce tells us that a cloud service is safer than running your own data center when you are entrusting your data to a provider who understands security better than you do. And for most people this is definitely the case. Bruce also talks to Erin about state actors weakening security standards and about the security of various open source encryption options.
The Internet birthed unprecedented freedom of communication, interconnecting individuals from every corner of the globe and every walk of life. This free flow of information has the potential to establish a world of truly free and equal citizens, yet many politicians want to turn this technology inside out and use the Internet as a universal surveillance mechanism. This path would roll back centuries of civil rights and revive feudalism on a global scale. Sadly, this rush to oppression isn't restricted to some backwater dictator massaging his own ego.
Bruce Schneier is a world-renowned cryptographer, computer security and privacy specialist, and author of numerous books on security. So when he speaks, TechMan tends to listen.
In his latest book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,” his point is well worth taking note of: Surveillance and data collections are a trade-off between individual value and group value. You give Google personal information in return for free search, free email, free maps and all the other free things Google provides.
"Over the past twenty years," complained Newsweek, the United States has become "one of the snoopiest and most data-conscious nations in the history of the world." Part of the problem is that "the average American trails data behind him like spoor through the length of his life." Another part of the problem is that the government and private firms "have been chasing down, storing, and putting to use every scrap of information they can find." These "vast reservoirs of personal information" are "poured into huge computers" and "swapped with mountains of other data from other sources" with "miraculous speed and capacity." As a result of these forces, "Americans have begun to surrender both the sense and the reality of their own right to privacy—and their reaction to their loss has been slow and piecemeal."
The Newsweek article—published in 1970, and entitled The Assault on Privacy—nicely captures the thesis of Bruce Schneier's new book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. That doesn't mean that Schneier's book isn't valuable—it is. It just means that there is something to be learned about Schneier's argument from the fact that it was made 45 years ago. (Disclosure: I gave Schneier comments on a draft of his book and he and I are teaching a class together on Internet power and governance.)
Data and Goliath is an informed, well-written, accessible, and opinionated critique of "ubiquitous mass surveillance" by governments and corporations—how it happens, its costs, and what to do about it.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.