News: 2009 Archives
Bruce Schneier on TSA Absurdity and the Need for Resilience
Bruce Schneier, my security guru, thinks that the President should confront the American people with the hard truth: Onerous new security regimes in our civilian aviation system won’t protect us. What will protect us is our own resilience. I had an e-mail exchange with Bruce yesterday, and here is an edited transcript:
Jeffrey Goldberg: Do you think that we are moving toward the Israelification of American airport security?
Bruce Schneier: I don’t think it’s possible. The Israelis rely on a system of individual attention—interviews, background checks, and so on—that simply can’t be replicated on the scale required for America. If anything, we’re moving in the opposite direction: layers of annoying, time consuming, ineffectual, static—but automatic and scalable—security systems. Although it seems that we’re finally hitting the limit as to what the American business travel will put up with, and no security measure will survive wholesale rejection by the airlines’ most profitable customers…
Skipping to the Head of the Security Line
BT Group PLC Chief Security Technology Officer Bruce Schneier logs long hours trudging through airports to attend conferences and speaking engagements on a wide range of security issues. By his own count, he will take 170 flights this year.
Mr. Schneier relishes pointing out flaws in institutions’ security plans—sometimes testing the boundaries himself—and has been a critic of post-9/11 security measures like those at airports. He recently spoke to The Wall Street Journal about “airport-land” rules, skipping to the head of the security line and getting your sandwich taken by the U.S. Transport Security Administration…
Schneier: Steps to Combat File-Sharing Are Misguided
Leading security expert Bruce Schneier was in London this week on a whirlwind lecture tour. ZDNet UK caught up with the ex-NSA man, who is now BT’s chief security technology officer, at lectures in parliament and at University College London.
Schneier talked to ZDNet UK about his views on behavioural advertising, the efforts of various governments to tackle unlawful file-sharing, cyber-warfare and vendor lock-in.
Q: The UK government is currently trying to pass the Digital Economy Bill, which includes provisions to penalise unlawful file-sharing. Is this technically feasible?…
Cybercrime Is Crime with Different Tactics—Interview with Bruce Schneier
Cybercrime is just like any other type of crime only with different tactics, Bruce Schneier tells Infosecurity.
“In information security there are very real threats, and the main threat is crime,” Schneier said, although he also pointed out that many information security threats are due to ‘accidents’ rather than malice.
Another trend going forward, is the interaction between IT and physical systems such as ID cards, ATM machines, Oyester cards, etc. “When the physical hits the IT world. I think the security there is a really big deal,” Schneier predicted…
Cloud Computing is Here to Stay
Managing security effectively is critical when sharing data over the internet
Dubai: Online security, server crashes, disaster recovery, data theft, cyber crime… these are just some of the challenges faced by businesses worldwide.
How does one handle them? The solution lies with the information technology departments and their heads—usually chief technology officers. Bruce Schneier is one such person.
Schneier was in Dubai for the recent World Economic Forum summit, where he participated in discussions on the future of the internet.
Quite unlike some of his peers, Schneier is refreshingly candid, forthright and humorous when discussing cyber security…
Audio: RB2: Q&A with Bruce Schneier
In this podcast you’ll hear a Q&A with Bruce Schneier of BT Counterpane, as moderated by Risky Business host Patrick Gray at the recent GovCERT Symposium in Rotterdam, Netherlands.
Topics covered include cloud computing, privacy, software manufacturer liability for defects, two factor authentication and more!
Video: Bruce Schneier on Outsourcing and Awareness Training
At 2009’s Information Security Decisions conference, security expert Bruce Schneier sat down to answer some of readers’ security questions, which range from the trustworthiness of outsourced security services to the usefulness of awareness training in securing new technologies.
Q&A: Schneier Warns of Marketers and Dancing Pigs
In a security industry full of FUD and hype, cryptographer and consultant Bruce Schneier offers a no-nonsense reality check verging on social commentary.
He has worked on numerous ciphers, hash functions, and other cryptographic algorithms that are arcane to the average computer user but which have been instrumental in protecting the privacy of data. But his influence extends beyond the world of encryption.
Schneier wrote several bestselling books—including “Secrets and Lies: Digital Security in a Networked World,” “Beyond Fear: Thinking Sensibly about Security in an Uncertain World,” and his latest, “Schneier on Security”—that provide perspective on risks and threats in everything from e-mail to airport security. And his …
Present State of Security
World-renowned IT security expert Bruce Schneier gave a talk on the future of the industry, which remains quite new.
As well as being Chief Security Technology Officer at BT, Bruce Schneier is also the author of several books on the topics of security and cryptography with a particular, if not exclusive, focus on the IT industry, which has led The Economist to describe him as a “security guru”. And when discussing security he is refreshingly candid and forthright, not dissimilar in tone to Freakonomics author Steven Levitt, while sharing with Levitt the ability to view his chosen field from an angle less ordinary.
“Security is hard to sell for two reasons, economic and psychological,” he says. The industry is not necessarily logical: it is by nature complex, and as a consequence easy to get wrong. The average buyer doesn’t necessarily understand the products on offer, while the industry player often cannot explain them adequately, meaning that “new companies with good ideas often end up floundering because they cannot communicate those ideas.” Psychologically, security is also complicated: Schneier points out the difference between “greed sales” and “fear sales”, where the former is a simple question of wanting something, while the latter is being afraid of the consequences of not having that thing…
Video: Q & A with Bruce Schneier
Bruce Schneier answered audience questions at the DEFCON hacking conference.
Audio: Cryptography, Security Theater, and the Psychology of Fear
Dennis Fisher talks with security expert Bruce Schneier about the usefulness of cryptography, the psychology of security and fear and the war on the unexpected after 9/11.
Book of the Month: Schneier on Security
Rating: 10/10
This has to be one of the most interesting, absorbing books I have read in a long time. Bruce Schneier, undoubtedly the world’s leading expert on the subject, presents this remarkable collection of essays on computer security. The book divides the collection of essays into 12 chapters on topics ranging from national security policy and privacy to economics and psychology.
It is refreshing to see a commonsense perspective on technological and security matters. Schneier sets the scene right from the start in an introduction to say all security involves trade-offs’. The theme cuts across the various domains covered by the essays in the entire book and in fact presents a very practical guiding principle for security researchers and practitioners…
Guru, Not Rock Star
I have a confession to make. Bruce is one of my heroes, so perhaps I shouldn’t be writing this review. Now it’s public knowledge—I am openly biased. However, it is a double-edged sword. Whilst I am the first to refer in glowing terms to Bruce’s writings on virtually every occasion that I’ve given my own presentations around the globe, I have to admit that hearing him in the flesh is just not the same experience.
I must hasten to note that this is an unfortunate phenomenon applicable to many in our select profession. Very few are able to hold an audience and simultaneously convey enough gravitas. Well, there goes any chance of Bruce ever talking to me again, let alone signing his book for my collection…
The Cloud Is Hype, the Conversation the Same, Transparency Is Key
Security guru Bruce Schneier says that whatever cloud computing is, the security issues and conversations around it are nothing new. The key, he says, always comes down to trust and transparency.
Cloud computing is all the buzz. Amidst all the noise, a lot of the discussion has been about what cloud computing actually is. Some say it is anything you consume outside the firewall. Other definitions are that it is an updated version of utility computing: that the cloud is comprised of virtual servers made available over the internet. Sun Microsystems’ Asia Pacific Chief Technologist and Principal Engineer …
Audio: Insider Threats
The government spends billions to prevent criminals worldwide from breaking into its computer systems, but what about the inside threat – the danger from people you trust?
"We Focus on Defending Against Tactics Rather than Threat"
Security guru Bruce Schneier is best known as the developer of the Blowfish and Twofish encryption algorithms and author of books that examine security and society. He is the chief security technology officer of BT Group and a founder and the chief technical officer of BT Counterpane. Described by The Economist as a “security guru,” Bruce has authored a series of books on security and related technologies. His first bestseller, Applied Cryptography explained how the arcane science of secret codes works, and was described by Wired as “the book the National Security Agency wanted never to be published.” His latest book, Beyond Fear, tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security. Bruce shares his views on security issues and threats right from IT security, internet security to physical security in a free-wheeling conversation with Pragati Verma. Excerpts:…
"Schneier on Security;" A Judge’s Son Builds a Reputation of Cryptic Fame
BROOKLYN—Americans living in the age of ultra-security have been subjected to a massive number of small accommodations in the name of the “War on Terror.”
Although most people have become accustomed to not bringing bottles of water on airplanes, there exists some cynicism about the effectiveness of our new security measures and how they relate to our day-to-day lives.
However, it takes an experienced security analyst like Brooklyn’s Bruce Schneier to understand the connections between the face of national security that we all can see, and the facts and technology behind it…
Audio: Schneier on Security
Bruce Schneier joined Paul Harris to talk about whether we are in fact safer with current airport procedures than those before 9/11 and whether government and private industry are doing enough to harden security at possible terrorist targets like nuclear and chemical plants. They also talked about technology’s role in global security (e.g. whether Google Earth deserved the criticism after investigators found that the terrorists who shot up Mumbai in November had used the imaging information to plan their attack), and about the restrictions on taking liquids onto commercial flights—the 3.5-ounce rule—and whether there is any proof that a terrorist could construct a bomb from two liquids they mixed in an airplane lavatory…
Q&A With Bruce Schneier
Expert says security benefits must be weighed against tradeoffs
The IAPP is pleased that security guru, chief technologist and author Bruce Schneier will present a keynote address at the Privacy Summit, March 11-13 in Washington, DC. Here’s a preview of what you’ll hear when Schneier takes the stage.
IAPP: You have a cult-like following youon Facebook. One group is called Bruce Schneier for president (31 members); another calls itself Bruce Schneier is my hero (200 members). What is the most heroic thing you’ve ever done?
Schneier: I’ve never considered myself particularly heroic. What I think people are responding to is my ability to think clearly about, and explain, security systems – and to speak the truth as I see it, regardless of who it might piss off. Valuable, yes; but not heroism…
Safe, But Also Sorry
Security expert Bruce Schneier talks about privacy and property in the information state
As Washington, D.C., gears up for the inauguration, there’s one thing that you’re not seeing around town. Shoe-checking stations. While one attempted shoe bombing was enough to make all of us wander unshod through the airports of this great nation for years—there will be security check points all over Capitol Hill—shoe checking will not be part of the action.
Why? It’s not that the chance of a shoe bombing has somehow been definitively eliminated. It’s because the costs (frostbitten toes and long delays) have been weighed against the (low) possible risk of Richard Reid II. We probably should have reached the same conclusion about airports long ago. But this particular brand of cost-benefit analysis often eludes security officials, especially in the public sector…
Security Expert Bruce Schneier: Budget Should be Priority for National CTO
Bruce Schneier, a security commentator and author who The Register calls, “The closest the security industry has to a rock star,” took time to correspond via e-mail with Government Technology about the latest security threats to public-sector IT.
He publishes a popular blog and newsletter on Schneier.com. His most recent book, Schneier on Security, is a collection of previously published essays on security-related topics, such as identification cards, cyber-crime, election security and the psychology of security.
A few CIOs in government are touting “user-generated government”—i.e., mash-up applications and open source built by citizens. Though this appears to be an economical move, do you think turning to everyday citizens like this opens government to security threats?…
That Tiresome Warning About Inappropriate Jokes
Excerpt
Over the years, Mr. Schneier has been a tough critic of the security agency, though he credits Mr. Hawley for “doing the best job he could with the bad hand he was dealt.” By that, he says he means that the agency operates under mandates from Congress and elsewhere that resulted in a vast, expensive bureaucracy.
The agency, he argues, is required to spend less effort than it should on sophisticated intelligence-gathering and more than it should on deeply flawed procedures, like depending on travel documents that can be easily counterfeited, or fishing in passengers’ bags for contraband screwdrivers and prohibited items like jars of spaghetti sauce that exceed three ounces…
Bruce Schneier: More on the Broad View of Security
Bruce Schneier’s evolution of interests is well documented, moving from encryption to broader and broader perspectives on security. (Hence his recent appearance on 60 Minutes, commenting on TSA’s airport screening procedures.) To bring wider perspectives to bear on security issues, Schneier (Chief Security Technology Officer at BT) held in 2008 the first Workshop in Security and Human Behavior, with participants from a broad swath of disciplines including economics, psychology and more. Schneier spoke with CSOonline about his multidisciplinary view of the field and plans for 2009…
Sidebar photo of Bruce Schneier by Joe MacInnis.