News: 2003 Archives
Think sensibly, and act with confidence
Security expert Bruce Schneier takes a much-ado-about-nothing view of terrorist fears. The odds of such an attack are close to zero, so better to worry about things that have at least some likelihood of occurring, he maintains.
"We as a society always fear the rare and spectacular more than the pedestrian," says the cyber-security whiz and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, $25).
Though not geared specifically to travelers, his new book espouses the notion that security measures involve trade-offs — both monetary and personal.
Q: Will computers be more or less secure in 2028 than they are today?
A: Computers will be just as insecure, but computing will be more secure. Right now our major problem is that computer security is brittle; when it breaks, it breaks completely. As computing becomes embedded and invisible, it will become more resilient. Different systems will work in tandem, providing defense in depth.
Först skrev han "Applied Cryptography" som snabbt blev standardverket om kryptering. Sedan började han tvivla på att kryptering var nyckeln till datasäkerhet.
Datasäkerhet, säger Bruce Schneier, står och faller med mänskligt omdöme. I stället för att jaga efter nya krypteringsmetoder bör vi komma ihåg gamla sanningar som att ingen kedja är starkare än sin svagaste länk.
Like or loathe him, you've got to admit that cryptographer Bruce Schneier knows how to capture media attention. From titillating talks to shamelessly promote his books (including the best-selling Secret & Lies and the recently released Beyond Fear), to outrageous remarks on the speaker circuit, Schneier frequently grabs the spotlight with outspoken opinion and candor.
For example: "Most advisories trade on fear. Most newspaper and magazine articles trade on fear," Schneier said in a recent Information Security interview.
In his recently released book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, 2003), security guru Bruce Schneier argues for a more common-sense and less technology-centric approach to both IT security and physical security. In this interview with Computerworld, Schneier shares his views on IT security.
You recently co-wrote the report "CyberInsecurity: The Cost of Monopoly. How the Dominance of Microsoft's Products Poses a Risk to Security." Would you have written it if the world had been standardized around another operating system?
It's a gutsy way to start a book on security. In "Beyond Fear," published this month by Copernicus Books, Bruce Schneier asks us to set aside our revulsion and horror to grasp what the 9-11 terrorists accomplished. What they did, he says, was efficient, audacious, well-planned, simple and, from their view, successful. This understanding is key to moving beyond fear and improving security, says Schneier, who created some well-known encryption algorithms—formulas used to scramble and unscramble computer data.
For a while, it seemed as if Bruce Schneier himself was encrypted. No one could decipher his whereabouts for an interview with CSO. This was unusual because Schneier, founder and CTO of Counterpane Internet Security, is usually aggressively available to the press. Plus, he has a new book to promote—Beyond Fear: Thinking Sensibly About Security in an Uncertain World—a decidedly iconoclastic and non-IT view of security.
Bruce Schneier is a rare creature in the computer-security world. Although he made his name as an alpha geek in cryptography and later, as chief technology officer of Net-security outfit Counterpane, Schneier can also speak to laypeople about the general security matters that increasingly touch all of our lives.
In the post September 11 era, he has emerged as one of the more cogent and quotable thinkers on the topic. In particular, he has asked hard questions about the effectiveness of some of the security measures passed after the terrorists' massacre.
Bruce Schneier contends that the strongest security systems benefit from redundancy and variety. And as the Homeland Security Department consolidates a number of different agencies, Schneier warns that entrusting a centralized authority with securing the nation may make the country less, rather than more, secure.
Few in the field of information technology security have more expertise and industry respect than Schneier. Not only is he the author of "Applied Cryptography," one of the seminal textbooks on encryption, but his Two fish encryption algorithm was a finalist far the National Institute of Standards and Technology's new Federal Advanced Encryption Standard.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.