News: 2010 Archives
Security expert Bruce Schneier has called for governments to establish 'hotlines' between their cyber commands, much like the those between nuclear commands, to help them battle against cyber attacks.
Cyber security is high on the national agenda, and is regarded as a top threat to the UK's security. It is also top a concern for other nations around the world. Last month, the EU announced plans to cybercrime centre by 2013, and it agreed with the US to set up a working group on cybersecurity.
Since 9/11, cryptology expert and security consultant Bruce Schneier has been one of the most pointed critics of the government's anti-terrorism security programs. In his 2003 book "Beyond Fear," he coined the phrase "security theater" to refer to measures which are undertaken not because they will be effective at thwarting attacks, but because the agencies carrying them out need to appear to be doing something useful. We spoke to Schneier about the recent controversy involving the Transport Security Agency's use of invasive scanners and full-body pat-downs.
Q: What is really being seen by these machines?
A security guru has debunked cyber war and cyber terrorism myths.
The threats of cyber war and cyber terrorism have been grossly exaggerated and are hindering a real understanding of risks on the internet, one of the world's leading information security experts has said. Bruce Schneier, the author and security technologist who is also chief security technology officer with BT, was speaking in Dublin yesterday at an event held by the Irish Institute for European Affairs (IIEA).
Schneier referred to the denial of service attack in Latvia in 2007, which brought down several government services for a time, and said it was most likely the first such cyber war attack against a state.
His talk on security was not, what you might imagine, about HTTPS and secure sockets, but rather a much more philosophical talk on the psychology of security. The point Mr. Schneier was making was that there is a difference between actually being secure, and the feeling of secure.
You can be secure when you don't feel as if you are.
Two RSA Conference Europe 2010 Keynote speakers discuss Bruce Schneier's session on Security, Privacy and the Generation Gap.
Bruce Schneier discusses Joe Lieberman's proposal for an internet "kill switch," why shutting down the internet during a crisis would cause more harm than good, and how controversial websites like WikiLeaks use data redundancy spread out in different countries to prevent being shut down.
As an author of books on security, the influential Crypto-Gram newsletter and the blog Schneier on Security (www.schneier.com), as well as a frequent guest on TV and radio, Bruce Schneier has become something of a celebrity in the world of security: He may be the only CSO whose likeness is used to sell T-shirts. Still, the most rewarding aspect of his career, as he conveyed in this interview conducted by e-mail, is that he believes he is having an impact on people's thinking about security.
CSO: What are three fail-proof principles of security leadership?
Bruce Schneier: One, tell the truth as you see it. Two, don't be afraid to change your mind.
During a panel discussion at the recent Worldwide Cybersecurity Summit in Dallas that otherwise was as dry as a highway in the Sahara, security guru Bruce Schneier made a provocative argument.
He contended that just as pollution was the unfortunate byproduct of the Industrial Revolution, data is the waste product of the digital revolution.
And just like pollution, all the data we generate during our lives never degrades.
He noted that almost every transaction and interaction now generates data.
In the wake of Shahzad's arrest, the dangers of disposable phones are likely to be scrutinized once again -- and there are sure to be renewed calls for their closer regulation. We called Bruce Schneier, security technologist, chief security technology officer at British Telecom, and author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," to find out how dangerous they really are.
How dangerous are these disposable cellphones from a national security perspective?
I think it's a trivial danger. There are a lot of people who will say these anonymous cellphones are bad, that we're all going to die.
6. Bruce Schneier
Shaun Nichols: While he's not so known in the larger industry, Bruce Schneier is one of the most respected and revered people in the computer security business. At conferences such as RSA he always seems to be booked for the main stage and we always try to book a few minutes for an interview.
This is because Schneier is not only a respected authority on the antivirus, network security and encryption fields, but he also has a knack for breaking things down in common language.
In part one of this interview with Bruce Schneier, he discusses the impending shift in how security will be delivered. Schneier expects security to be embedded in Web-based services and sold directly to service providers, rather than to enterprises and end users. This is a radical transformation for the security industry that security professionals must prepare for. Schneier also discusses consumerization and how traditional security technologies and services must adjust as more untrusted devices connect to trusted networks.
Author and leading security expert Bruce Schneier digs into the topics of the current state of cryptography and whether or not companies should care about the U.S. government's release of portions of the CNCI.
1. Summary of the review
Bruce Schneier's Beyond Fear is a book about security in general. In contrast to many other books, Schneier explains how security works in the most general case, starting from protecting your diary of your sister to protecting the nation from global terrorism. Schneier's book does not focus on cryptography or network security, instead it uses examples of systems everyone is expected to be familiar with.
Schneier on security, SSL and squid
V3.co.uk managed to get five minutes with security legend Bruce Schneier at RSA 2010 in San Francisco to get his views on the current threat landscape.
Yesterday we saw a presentation saying that anti-virus systems are failing 10-30 per cent of the time. What's your take on that?
I don't believe that, otherwise I'd be infected with lots of malware. If it is, I'm not paying attention.
"Security affects every aspect of people's lives," says world renowed security expert and critic Bruce Schneier, CAS/MS '88. "It helps people make better personal, corporate, and national decisions."
A regular columnist for the Wall Street Journal and the Guardian newspaper in the UK, Schneier calls himself "an explainer." Through his best-selling books, Applied Cryptography, Secrets and Lies, and Beyond Fear, and countless mainstream and security media articles and speaking engagements, he explains difficult topic matter to regular folks. His reputation as a leading cryptographer even got him mentioned in Dan Brown's mega-bestseller, The DaVinci Code.
Schneier's 2008 book, Schneier on Security, offers insight into everything from the shortfalls of airport security and the dangers of identity theft to the long-term security threat of unlimited presidential power and the amazingly easy way to tamper-proof elections.
Schneier is the official rock star of the security industry with deep knowledge of crytopgraphy and privacy. He is the author of Applied Cryptography; Beyond Fear: Thinking Sensibly About Security in an Uncertain World; and Secrets and Lies: Digital Security in a Networked World. Schneier is also a frequent speaker at security events as well as the author of the BlowFish and TwoFish algorithms.
If one were to close one's eyes and imagine a BT Executive, one would never conjure up Bruce Schneier. He is one of the greatest experts in cryptography, and a well-known mathematician. He even got a brief mention in the book The Da Vinci Code. He also remains an outspoken and articulate critic of the way that security is actually implemented in applications, as Richard Morris found out when we dispatched him to interview him.
Once a sleepy IT backwater, Identity Management has been thrust into the spotlight over the past few years.
Der Experte für IT-Sicherheit über Lauschangriffe ohne Nutzwert, notwendiges Vertrauen und Daten als Umweltverschmutzung des Informationszeitalters
Lufthansa Exclusive: Mr. Schneier, Sie sind Spezialist für IT-Sicherheit und Kryptografie. Trotzdem als Erstes eine Frage, die eher ins Fach Psychologie fällt. Ich versende manche E-Mails verschlüsselt, das eingebaute Mikrofon meines Computers ist im Normalfall deaktiviert, auf meiner Festplatte befindet sich eine verschlüsselte Partition. Und wenn ich ein wirklich vertrauliches Gespräch unter vier Augen führen wollte, würde ich den Akku aus meinem Smartphone entfernen.
Could you please tell us how you got involved in security?
Cryptography has always been a hobby of mine. My first job after college was with the Department of Defense. Years later, I was laid off from AT&T Bell Labs; I started writing about cryptography for computer magazines, and then my first book: Applied Cryptography. I also started doing cryptography consulting, forming a company Counterpane.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.