News: 2015 Archives
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World: Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama, his administration, and the NSA for their wholesale spying on innocent Americans and violations of myriad laws and the Constitution. Instead, he has written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers.
Internet security expert, privacy advocate, and author Bruce Schneier speaks with the Technoskeptic about the public-private surveillance partnership that monitors everything we do, and what needs to happen in order to restore our privacy.
A major cyberattack next year will target a U.S. election, security expert Bruce Schneier predicts.
The attack won't hit the voting system and may not involve the presidential election, but the temptation for hackers is too great, even in state and local races, said Schneier, a computer security pioneer and longtime commentator.
"There are going to be hacks that affect politics in the United States," Schneier said.
Bruce Schneier was honored as the Business Leader in Cybersecurity by the Boston Global Forum, for dedicating his career to the betterment of technology security and privacy.
Mr. Schneier attended and sent his acceptance speech remotely via online conference.
Data and Goliath
by Bruce Schneier
W. W. Norton & Company
From the moment you wake up, you start generating data. Your phone tracks your movements. Your purchases signal whether you’re sick or pregnant or going on vacation.
Being a CISO is often a tenuous, highly political job—and for security matters, the buck stops with you. In this interview, Bruce Schneier offers strategies for making your mark on your organization.
Bruce Schneier is a man worth listening to. In 1993, just as the Internet was gaining speed, he wrote one of the earliest books on applying cryptography to network communications, and has since become a well-known security specialist and author of about a dozen books on Internet security and related matters. So when someone like Schneier says we're in big trouble and we need to do something fast to keep it from getting worse, we should at least pay attention.
The trouble is mass surveillance.
"Cyber resilience" has emerged as the standard cybersecurity teams are striving for. Resilient Systems CTO and security expert Bruce Schneier explains what's driving cyber resilience, and offers steps and strategies for improving cyberattack preparedness and resilience.
In the wake of the cyberattacks on Sony and Ashley Madison, it's clear that organizational doxing—the act of hacking into a business and releasing private information like executive and employee emails or salary information —is a rising threat for businesses.
Resilient Systems CTO and security expert Bruce Schneier explores the trend and how security teams can prepare for a doxing attack.
Resilient Systems CTO and security expert Bruce Schneier explores how security pros can intelligently leverage automation to empower incident response teams to mitigate cyberattacks faster and more effectively.
For some odd reason, data privacy maven Bruce Schneier is an optimist. It's odd because, according to Schneier, there's practically no such thing as data privacy. Just about everything we do these days is under some form of electronic surveillance, with governments and corporations eager to record and analyze our every action.
But when Schneier holds forth on Friday at Harvard University, as part of the ongoing HUBweek festivities, he'll reassure his listeners that the cause is not lost, that our online privacy will someday be ensured.
If the subject is security, chances are Bruce Schneier has an opinion on it, and that opinion has been published somewhere—on his blog, in the New York Times, on the BBC, in the Guardian, in Wired, in one of his 13 books. You get the point. On security, Schneier is among the most well-known and most prolific authorities in the world. Since coming to prominence in the mid-90s through his writings on cryptography, he has testified on the floor of Congress, served on several government committees, coined the term 'security theater' in the wake of 9/11, and hooked a global following of some quarter-million readers through his website and newsletter alone.
The episode in brief:
- Bruce Schneier talks about privacy and security
- His new book Data and Goliath
- The hidden battles to collect your data and control your world
- The nonsense of data vs. metadata
- Why privacy is not a changeable social norm
- The harm ubiquitous mass surveillance does to our society
Astute regular listeners may have observed that Dr. J is becoming more and more intrigued with the related issues of privacy and security. These apply to online and mobile phone technology. Both are thoroughly involved in communicating with your social networks.
Data and Goliath is a fascinating exploration of this post-Snowden world we live in. It shows how the back-doors that technology companies were forced to implement for the NSA, have actually become weapons for other agencies and hackers to use. We're taken through the murky world of international espionage, and shown how we have all become collateral damage in this digital arms race. Schneier also explains that even when we try to protect ourselves by leaving Facebook or Gmail, the fact that our friends and relatives still use them means we're caught up in this global informational dragnet.
“What we learn again and again is that security is less about what you think of, and more about what you didn’t think of.”
- In Data and Goliath, what are the motives of different goliaths?
- Why is the Ashley Madison case a watershed moment in security?
- Do you still feel we should break up the NSA?
- Will Google and Amazon become military contractors?
- How can we defend ourselves from DOS attacks from refrigerators?
- When we put processors in refrigerators, and cars, and thermostats, are we increasing the attack surface, and our vulnerabilities faster than we are improving our utility?
Um hacker pode invadir uma smarTV, uma geladeira com internet ou outro tipo de produto da chamada "internet das coisas" e, uma vez com acesso, roubar informações de um computador ou de um celular que estiverem conectados à mesma rede. E, por causa da propagação desse tipo de aparelho, nossa segurança digital pode ficar (ainda) mais vulnerável a criminosos.
Essa é a visão de Bruce Schneier, considerado por alguns o maior especialista em segurança na internet no mundo, que vem ao Brasil nesta semana para falar durante um evento de tecnologia, o Mind the Sec.
"Não há um motivo para que uma geladeira conectada não sirva de porta para um outro dispositivo, seja seu celular ou seu computador", disse em entrevista à Folha.
The attack on Sony Pictures over the film The Interview was perpetrated by North Korea, according to security expert Bruce Schneier.
The former chief technology officer of BT Managed Security Solutions, now CTO at Resilient Systems, had expressed scepticism at the time of the attack that the secretive dictatorship had been behind the attack, motivated by the theme of the film: two hapless American agents who were supposed to assassinate the country's leader, Kim Jong-un.
But in a video keynote speech at LinuxCon 2015, Schneier claimed that he had changed his mind. "Many of us, including myself, were skeptical for several months.
Security expert says we're in a cyberwar arms race, and with the Sony attack, North Korea has already taken the first shot at the United States.
LinuxCon is about Linux, cloud, and containers, but it's also about security. In the past year, programmers have been reminded that merely being "open-source" doesn't mean that your code is safe. Assuming you're secure is a mistake. Because, as security maven Bruce Schneier explained to the LinuxCon audience via Google Hangouts, we're in a cyber-arms race.
Security guru Bruce Schneier says there's a kind of cold war now being waged in cyberspace, only the trouble is we don't always know who we're waging it against.
Schneier appeared onscreen via Google Hangouts at the LinuxCon/CloudOpen/ContainerCon conference in Seattle on Tuesday to warn attendees that the modern security landscape is becoming increasingly complex and dangerous.
"We know, on the internet today, that attackers have the advantage," Schneier said. "A sufficiently funded, skilled, motivated adversary will get in.
Private Thoughts sat down with Bruce Schneier at the Electronic Frontier Foundation’s 25th anniversary party in July. Schneier is an internationally renowned security technologist and author of 13 books. He discussed the effects of the loss of ephemeral communication and the ease of data collection and storage.
In Data and Goliath, Bruce Schneier, a security technologist and fellow at Harvard Law School, explores what it means to have entered the age of mass surveillance. Our data are collected in the first instance by private corporations, but are increasingly exploited, as Edward Snowden has shown, by government intelligence agencies. The NSA didn't have to build from scratch a vast database on billions of innocent citizens the world over, Schneier explains, because private corporations had already done so. All the NSA needed was access.
"I like to measure the performance of the team," said Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 Black Hat Conference in Las Vegas. "I like to see metrics about people, about process, about technology. There isn't one metric that works since it's such a complicated and moving target... Right now companies have to use the data that they have to figure out if their teams are effective."
Schneier feels that certain metrics, such as blocked attacks, don't really provide a gauge of how secure you are.
Boom Bust correspondent Bianca Facchinei sits down with Bruce Schneier – chief technology officer at Resilient Systems, Inc. and fellow at the Berkman Center for Internet and Society at Harvard Law School – at the Black Hat conference in Las Vegas. Bruce gives us his take on the infamous 2014 Jeep Cherokee hack and tells us how government surveillance impacts social movements.
The American security guru fears that the diffusion of the software could be used by criminal groups
This interview also appeared in Italian.
You wrote in your blog: "I don't think the company is going to survive". However, at least in Italy and in the US Hacking Team has powerful sponsors...Will they survive?
«It remains to be seen. We know from the leaked documents that they have sold their products to the most repressive governments in the world...and overcharged them whenever possible.
Cyberattacks are getting more frequent, sophisticated and successful. Can organizations adapt security choices to cope better?
Nobody would disagree that IT security is necessary.
At minimum, it's needed to satisfy relevant government and industry compliance regulations, along with your insurance company, investors, suppliers, customers and other business partners. At most, it also protects your data and systems from much-dreaded cyberattacks.
The hard part lies in the details.
Bruce Schneier has been writing about security issues on his blog, his blog, Schneier on Security, since 2004, and in a monthly newsletter since 1998. He writes books, articles, and academic papers. Currently, he is the Chief Technology Officer of Resilient Systems, a fellow at Harvard's Berkman Center, and a board member of Electronic Frontier Foundation.
What do you see as the greatest cyber risks today?
I don't like ranking risks, and I worry that concentrating on the 'greatest' risk obscures all of the other risks. Basically, the big cyber risks are what everyone is talking about.
This week, as part of our new 'Infosec Influencer' series, I had the pleasure of sitting down with Bruce Schneier, an internationally renowned security technologist and one of The State of Security's Top Influencers in Security You Should Be Following in 2015. He has written 12 books, including Liars and Outliers: Enabling the Trust Society Needs to Thrive, not to mention published hundreds of articles and essays. His blog has is read by over 250,000 people, and he is regularly quoted by the press. Additionally, he regularly testifies before Congress and is an advisory board member for EFF and EPIC, among other organizations.
iPhone and mobile banking can feel like setting foot in the jungle: You don't know what's in there, but you suspect a lot of it's not good. We hear a lot of terms thrown around when it comes to iPhone banking security: 128 bit encryption, two factor authentication, security dongles—and a lot of scary anecdotes about millions of credit card account numbers being stolen from this or that company. Getting to the bottom of whether iPhone banking is safe can be confusing at best. So is iPhone banking safe?
Corporate and government IT teams have been rushing to prevent the kind of large-scale cyberattack experienced recently by Sony Pictures, Blue Cross, Anthem, Target, Home Depot and the U.S. Department of the Interior, among others. In each of these cases, hackers from locations around the globe were able to gain access to computer networks housing sensitive information, accounts, and personal data, such as the social security and credit card numbers of consumers and employees. The consequences of such security breaches can be devastating.
A highly respected cryptographer and security expert is warning that David Cameron's proposed ban on strong encryption threatens to "destroy the internet."
Last week, the British Prime Minister told Parliament that he wants to "ensure that terrorists do not have a safe space in which to communicate."
Strong encryption refers to the act of scrambling data in such a way that it cannot be understood by anyone without the correct key or password — even law enforcement with a warrant, or the software manufacturer itself. It's used in some of the most popular tech products in the world, including the iPhone, WhatsApp messenger, and Facebook.
But amid heightened terror fears, Cameron says "we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on."
The Prime Minister first indicated that he would try and clamp down on secure communications that could not be decrypted by law enforcement even with a warrant back in January, in the aftermath of the Charlie Hebdo shootings in Paris. His comments sparked an immediate flurry of condemnation from privacy and security activists, but his recent statements show he's not backing down.
Bruce Schneier has been called a "security guru" by the Economist. He has written 13 books and hundreds of articles, and his influential newsletter Crypto-Gram and his blog Schneier on Security have over 250,000 readers. He has testified before the U.S. Congress, is a frequent guest on television and radio, and has served on several U.S.
I'm interested how we choose the books we read. Here is my request to you. Please keep track of, and share with our IHE community, how you select your books.
For one of the recent books that I read I can definitely share my book selection process.
This interview originally appeared in French on VICE France.
Today's terrorist attack in the Rhône-Alpes region of France, involving the decapitation of a man, has been met with widespread horror and condemnation. So have those in Tunisia, killing 28, and another in Kuwait killing 25. These horrific events are sure to fuel discussion about how to stop this kind of atrocity happening again.
Following January's Charlie Hebdo attacks in Paris, the French government decided to expedite a new surveillance law.
Imagine this: It's the morning of Election Day, 2020. Americans across the country cast secure, encrypted votes from their smartphones and laptops, electronically choosing their president for the first time in history. Turnout reaches record highs. Live results online show that it's a close race between the two leading candidates.
Schneier, a fellow at Harvard’s Berkman Center for Internet and Society, has written an exceptionally readable yet thoroughly chilling book about the dangers of the ubiquitous mass surveillance we face thanks to modern life. While the author focuses on the United States, the rest of the world is largely capable of nearly the same levels of surveillance thanks to the openness of the Internet and the availability of cell phones. Schneier describes the types of data being collected about us, stemming from our interactions, activities, purchases, and where we go. As he competently explains, this “metadata” provides those collecting it with the entire framework of our existence: who we converse with and the duration of the conversation, the things we read (especially electronically), and what we buy.
With so much going on in the enterprise security space, it can be hard to keep up with the flow of information and to know where to turn for actionable advice. This list of security experts, selected by eSecurityPlanet, is a good place to start.
All are active bloggers and even more active as Twitter users. These thought leaders have a variety of backgrounds, numerous years of experience and unique viewpoints.
The number of cyber attacks happening every year is on the rise. We speak to Bruce Schneier, chief technology officer at the IT company Resilient Systems and a fellow at Harvard's Berkman Center for the Internet and Society, about why it can take months before a company or organisation even realises it is under attack, and why so many are unprepared. Also, Wil van Gemert, deputy director of operations at Europol, tells us what European law enforcers are doing about it. He says it is now possible to buy "malware," or malicious software meaning that anyone can become a cyber criminal.
Bruce Schneier is an internationally renowned security technologist and the author of 13 books—including 'Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World'—as well as hundreds of articles, essays, and academic papers. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Resilient Systems, Inc. You can follow him on Twitter @schneierblog
Christy Quinn: As of Tuesday, President Obama has just signed the USA Freedom Act into law, banning the NSA's bulk collection of telephony metadata. Do you think this marks the acceptance amongst security officials and policymakers in the US that there need to be limits to metadata collection?
Bruce Scheier: It's certainly a watershed moment, because it's the first time the US government has placed limitations on the NSA's metadata collection. The limitations are minimal, and won't have much actual effect on the surveillance of Americans by the NSA.
Schneier: Sony hack "high skill, high focused"
We are in the early years of a cyber war arms race, security guru Bruce Schneier warned delegates at the Infosecurity Europe exhibition on Wednesday.
Schneier, CTO of Resilient Systems, said the much publicised Stuxnet attacks on Iran by the US and Israel in 2010, Iran's attack on Saudi Aramco, China's apparent role in hacking GitHub, and the North Korean assault on Sony Pictures last year are all examples of the phenomenon.
"These nations are building up for cyber war and now we're all in the blast radius," he warned, while speaking in London.
Most of these attacks — including Stuxnet and the assault on GitHub — inflict collateral damage, Schneier told El Reg, adding that cyber attacks are likely to become mainstream aspect of many conflicts.
Countries are not attacking each other but striking at the IT infrastructure of enterprises in rival states, says security pundit Bruce Schneier
Cyber attacks—such as that on Sony Pictures in 2014—suggest the world is in the early stages of a cyber war arms race.
So said Bruce Schneier, chief technology officer of Resilient Systems: "We are in the early years of a cyber war arms race.
"There is a lot of nation state rhetoric, and we are seeing a lot of nation state attacks against non nation states," he told Infosecurity Europe 2015 in London.
Schneier cited North Korea's attack on Sony Pictures, China's attack on Github and Iran's attack on Saudi Aramco as examples.
The "smart bad guys" figure out how to get around TSA, says security technologist and Harvard Law School fellow Bruce Schneier.
Over the past two decades, few voices have shouted louder from the rooftops about global cybersecurity and digital privacy concerns than Bruce Schneier. He's the CTO of Resilient Systems, a board member of the Electronic Frontier Foundation (EFF) and has authored 14 books—his latest, Data and Goliath, was published in March.
As Facebook and Google have infiltrated our every waking moment, Schneier warns that these data giants, if left unchecked, could compromise the very principles of a democratic society. Web companies collect metrics like age, gender and social interests (to serve up better advertisements), while cellular networks track everyone's geolocation with homing devices we call smartphones.
Paul Bernal clicks with a maverick thinker who shows how business and governments are building a global surveillance network and how we can fight back
Investigating surveillance—whether corporate or governmental—can be a demoralising process. Those performing that surveillance, from the US' National Security Agency and the UK's Government Communications Headquarters (GCHQ) to Google and Facebook, are giants so overwhelmingly powerful that it seems too daunting to even contemplate taking them on. Their agendas may be even more terrifying: as Bruce Schneier observes, "The endgame of this isn't pretty: it's a global surveillance network where all countries collude to surveil everyone on the entire planet." What's more, he adds, the governments and the corporations are both in the same game: "It's a powerful feedback loop: the business model supports the government effort, and the government effort justifies the business model."
And yet, as the title of this book suggests, these giants are not invincible. Goliath was brought down to size—and here, Schneier attempts to set out how the new Goliaths might suffer a similar fate.
Dr Chris Brauer from Goldsmiths, University of London, on how big brands want to sell us things via wearable devices. Bruce Schneier, security and privacy expert and author of the book "Data and Goliath", warns of the threat of companies and governments misusing data about us. Emily Bell, from the Tow Centre for Digital Journalism, on Verizon's buyout of AOL, and Facebook's instant articles. And Zoe Kleinman spends a night alone in a house full of robots.
New America's Peter Singer and Passcode's Sara Sorcher chat with Bruce Schneier, prolific author and chief technology officer at Resilient Systems, about the challenges of publicly blaming countries for cyberattacks—and whose job it should be to defend private companies against sophisticated nation-state attacks. They also hear from Nate Fick, the CEO of Endgame, a venture-backed security intelligence software company, about how he's leveraging cybersecurity solutions once produced just for the government into the private sector.
Wired's Kim Zetter, author of Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, joins the panel discussion to talk about how the cyber operation on Iran's nuclear facilities launched a new era of warfare; the vulnerability of US critical infrastructure to Stuxnet-like weapons; and the gender diversity issues bedeviling the cybersecurity industry.
This book has been difficult to review. It has proved tricky not because I didn't enjoy the book or because it was boring or badly written, but because it was so pertinent. Every time I went to write about it, a news story would emerge referencing the subject and I would find that my opinions of the news were influenced by the book and my opinions of the book were influenced by the news. This is an important topic and everyone should make up their own minds based on a decent knowledge and understanding of the issues.
Privacy is becoming an antiquated concept. In “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World” (ISBN: 9780393244816), security expert Bruce Schneier leads you through a labyrinth of surveillance that should scare the hell out of you.
Welcome to the NSA! We want to thank you for helping us with our collection of data about your work and personal habits. By using the computer, phone, public transportation, private vehicle, credit cards, library, banking systems, online shopping, or retail shopping, you are contributing to our data files.
Cris Sheridan welcomes Bruce Schneier, Chief Technology Officer at Resilient Systems and author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. Bruce writes "we are living in the golden age of surveillance" where almost everything we do is now being tracked and used without our knowledge. Bruce speaks with Cris about how much data we produce, the way corporations are using it, the problems associated with ubiquitous surveillance, and why this is a defining issue of our time.
Episode 65 would be ugly if it weren't so much fun. Our guest is Bruce Schneier, cryptographer, computer science and privacy guru, and author of the best-selling Data and Goliath—a book I annotated every few pages of with the words, "Bruce, you can't possibly really believe this." And that's pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether "mass surveillance" has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily—and with civility.
DATA AND GOLIATH. By Bruce Schneier. Norton. 365 pages. $27.95.
Think of some of the ways the Enlightenment helped advance the human individual. The ability to shape your identity. The ability to own and control your stuff. Economic autonomy.
Cryptologist Bruce Schneier tells RSA conference that focus should be on dealing with fallout of cyberattacks
Last year's massive cyberattack on Sony—presumed to have been a nation state attack orchestrated by North Korea—presents many of the most pressing issues of catastrophic risk, says well known cryptologist and author Bruce Schneier, chief security officer at security company Resilient. In a talk at the RSA security conference in San Francisco, Schneier considered the timeline of the attack, and the response to it. During the event, hackers penetrated Sony's network, stole data, and then embarrassed the company by slowly releasing private emails from executives, salary details, copies of unreleased films, and other sensitive information. The hack, which occurred over several weeks in November and December 2014, is believed to have been done in response to the studio's release of the Seth Rogen comedy The Interview, with a plot that revolves around a plan to assassinate North Korean leader Kim Jong-un.
Cybersecurity is becoming increasingly challenging as identifying attackers by their weaponry is difficult to their invisible nature wherein attacks can be launched by a group of hacktivist or sponsored by a nation, according to an expert.
Bruce Schneier, a leading voice on cybersecurity, said a majority of organisations and individuals use the same run-of-the-mill 'warlike weaponry' at a time when the attackers are largely unknown, cybercrime is becoming more difficult to combat.
While the IT security industry knows how to deal with high volume, low-focus attacks, security professionals must be resilient and ensure better management of incident responses in order for organisations to thrive even in the face of a cyberattack, he said.
During his keynote presentation at the third Gulf Information Security Expo and Conference (Gisec) held in Dubai recently, Schneier explained that organisations must create crisis management strategies that would allow them to respond quickly and effectively, while those responsible for the attacks are still being identified.
Insights from Security Leader at GISEC Event in Dubai
In developing markets such as Asia and the Middle East, how can security practitioners best prepare themselves to tackle the rapidly-changing threat landscape? Resilience is the key, says security leader Bruce Schneier.
The way to think about security is a combination of protection, detection and response, says Schneier, a fellow at the Berkman Center for Internet and Society at the Harvard Law School, USA. While there is a lot of prevention and detection technology, response is the missing piece, he says.
"Last year was being called the 'year of the breach,'" said Bruce Schneier, CTO of Resilient Systems, formerly Co3 Systems. "Now, you and I know every year [has] been the year of the breach. But last year there were a bunch of really high-profile breaches where the companies involved did a terrible job of responding, that they were actually in chaos and it looked that way."
In this interview, recorded at the 2015 RSA Conference, SearchSecurity editorial director Robert Richardson sat down with Schneier to discuss Resilient Systems' contribution to improving enterprise incident response management in the coming year.
I finally got around to finishing Bruce Schneier's latest bestseller: Data and Goliath. I've read a few of Bruce's books over the years (and own most of the rest, waiting patiently to be read). I've watched Bruce on many TV news segments, lectures, interviews, and web videos. I follow his blog and Twitter posts.
"As a business or as an individual you have to make a choice. Should I do this thing—whatever it is—on my computer and on my network or on a cloud computer on a cloud network," asked Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 RSA Conference in San Francisco.
Whatever you choose, you're going to be making a trade-off. Schneier recommends you first look at who your adversaries are.
Catastrophic issues in security can occur, but there are ways to recover.
Speaking at RSA Conference in San Francisco, Bruce Schneier, CTO of Resilient Systems, highlighted the Sony Pictures attack as being an interesting case as it brings catastrophic risk uses to the fore, and not catastrophic as in a life ending sense, but in company terms.
He highlighted seven ways in which a catastrophic incident could be dealt with. Firstly he recommended keeping it internal to "incapsulate the catastrophic risk", secondly consider that attackers on two axes of skills and focus and with someone who is low skilled but has a high focus would use a basic APT, but in the case of Sony this was low skills and low targets.
After spending a lot of time thinking about the massive breach of Sony, security luminary Bruce Schneier came to a scary – but not really surprising – conclusion.
"The lesson is that we are all vulnerable. North Korea could have done it to anyone," said Scheier during a packed session at the RSA conference in San Francisco.
While the IT security industry knows how to deal with high volume, low-focus attacks, Schneier said, security professionals have trouble handling highly skilled and focused attackers, commonly referred to as advanced persistent threats (APTs).
Computer security expert Bruce Schneier says there's a big difference between feeling secure and actually being secure. He explains why we worry about unlikely dangers while ignoring more probable risks.
GUY RAZ, HOST:
It's the TED Radio Hour from NPR. I'm Guy Raz. And on the show today, we're exploring ideas about Maslow's hierarchy of human needs, and ranked at number two, security - the second step on the pyramid.
Who are you, and what do you do?
Just how much of your life is being watched and tracked? Who has access to all this information and what are they doing with it?
Bruce Schneier, fellow at Harvard Law School, author of Data and Goliath, points out the danger is not only from corporations and governments, but also cybercriminals, when these institutions lose your details.
Security expert Bruce Schneier has looked at and written about difficulties the Internet of Things presents - such as the fact that the "things" are by and large insecure and enable unwanted surveillance—and concludes that it's a problem that's going to get worse before it gets better.
After a recent briefing with him at Resilient Systems headquarters in Cambridge, Mass., where he is CTO, he answered a few questions about the IoT and what corporate security executives ought to be doing about it right now. Here's a transcript of the exchange.
What should enterprises worry about when it comes to the Internet of things?
Erin Ade sits down with Bruce Schneier – security expert, author, and fellow at the Berkman Center for Internet and Society at Harvard Law School. Bruce tells us that a cloud service is safer than running your own data center when you are entrusting your data to a provider who understands security better than you do. And for most people this is definitely the case. Bruce also talks to Erin about state actors weakening security standards and about the security of various open source encryption options.
The Internet birthed unprecedented freedom of communication, interconnecting individuals from every corner of the globe and every walk of life. This free flow of information has the potential to establish a world of truly free and equal citizens, yet many politicians want to turn this technology inside out and use the Internet as a universal surveillance mechanism. This path would roll back centuries of civil rights and revive feudalism on a global scale. Sadly, this rush to oppression isn't restricted to some backwater dictator massaging his own ego.
Bruce Schneier is a world-renowned cryptographer, computer security and privacy specialist, and author of numerous books on security. So when he speaks, TechMan tends to listen.
In his latest book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,” his point is well worth taking note of: Surveillance and data collections are a trade-off between individual value and group value. You give Google personal information in return for free search, free email, free maps and all the other free things Google provides.
"Over the past twenty years," complained Newsweek, the United States has become "one of the snoopiest and most data-conscious nations in the history of the world." Part of the problem is that "the average American trails data behind him like spoor through the length of his life." Another part of the problem is that the government and private firms "have been chasing down, storing, and putting to use every scrap of information they can find." These "vast reservoirs of personal information" are "poured into huge computers" and "swapped with mountains of other data from other sources" with "miraculous speed and capacity." As a result of these forces, "Americans have begun to surrender both the sense and the reality of their own right to privacy—and their reaction to their loss has been slow and piecemeal."
The Newsweek article—published in 1970, and entitled The Assault on Privacy—nicely captures the thesis of Bruce Schneier's new book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. That doesn't mean that Schneier's book isn't valuable—it is. It just means that there is something to be learned about Schneier's argument from the fact that it was made 45 years ago. (Disclosure: I gave Schneier comments on a draft of his book and he and I are teaching a class together on Internet power and governance.)
Data and Goliath is an informed, well-written, accessible, and opinionated critique of "ubiquitous mass surveillance" by governments and corporations—how it happens, its costs, and what to do about it.
A computer-security expert weighs up the costs and benefits of collecting masses of personal data
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. By Bruce Schneier.W.W. Norton; 383 pages; $27.95 and £17.99.
SOCIETY has more digital information than ever and can do new things with it. Google can identify flu outbreaks using search queries; America's National Security Agency (NSA) aspires to do the same to find terrorists.
Mass surveillance by governments and corporations is comparable to child labor or environmental pollution. That is the largely persuasive claim of security expert Bruce Schneier in his new book "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World." Resistance is not futile, Schneier thinks, although it will be tricky to fight overreaching securocrats and snooping online advertisers without giving up at least some of the genuine advantages of Big Data.
Much of the problem lies in excessive expectations about what mass surveillance can achieve, writes Schneier, who is chief technology officer at security firm Resilient Systems and a fellow at Harvard Law School's Berkman Center for Internet and Society. It might seem that the combination of huge amounts of collected data and sophisticated data-mining could have prevented the 9/11 attacks or the Boston Marathon bombing.
A couple of weeks ago, I mentioned that I was reading Bruce Schneier's new book, Data and Goliath, just published by Norton. The subtitle (which, as is the custom these days, is more or less an elevator pitch for the book) provides a hint of what's inside: The Hidden Battles to Collect Your Data and Control Your World. What's missing from this descriptive subtitle is the best part: And Here's How We Can Fix It. Because unlike a lot of books that focus on big scary issues, this one has lots of concrete recommendations and encouragement to think that we can actually make change happen.
This is, above all, a refreshingly rational book. The subject matter is frightening, but Schneier doesn't use our anxiety to dramatize the importance of his subject or to threaten us with doom if we fail to take his advice.
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World By Bruce Schneier Norton 384 pages ISBN 978-0-393-24481-6 $27.95
We did not exactly know the trade-offs we would be making in 2015 when we first began using email or got our first mobile phones. If anyone had asked 15 years ago whether we wanted a device that enabled governments and corporations to monitor our whereabouts and access the details of our personal, business, and social lives at all times, it's pretty clear that almost everyone would have said 'no'.
Similarly, few of us would have argued for developing technology to give governments the ability to spy on all aspects of the lives of billions of people. That we have arrived here is a matter of billions of individual choices, made one by one in the interests of convenience and functionality.
From spyware designed to catch students misbehaving to police tracking rioters by phone, we are spied on as never before, reveals a book by Bruce Schneier
"DEAR subscriber, you have been registered as a participant in a mass disturbance." This text was sent by the Ukrainian government last year to everyone with a cellphone known to have been near a protest in the capital, Kiev.
Just what you'd expect from an ex-Soviet country? Not so fast. In the US and Europe, police are also seeking information on phones linked to specific places and times—and always without a warrant.
As author of a dozen books plus hundreds of shorter works on security and privacy, security technologist Bruce Schneier, Chief Technology Officer of Resilient Systems, is one of the better known—and frequently quoted—experts in these areas. His "Schneier on Security" blog and Crypto-Gram monthly newsletter are read by an estimated quarter-million people. You can follow him on Twitter @schneierblog.
Schneier's most recent book—a New York Times bestseller—is "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World", which, Schneier said in his blog, "is a book about surveillance, both government and corporate.
If you'd asked me a year ago, 'do you worry about government surveillance?', I would have said no. But today, my answer would be an empathic YES.
The scary part is that, like most Canadians, I hadn't worried about that kind of surveillance until the current debate around C-51. (If you don't know what that is, check it out here.) This terrifying bill would, among many other things, make it illegal to talk positively of terrorism on the internet.
Bruce Schneier spoke with Paul Harris about his new book, Data and Goliath. Topics include:
- Are we giving up too much information voluntarily in exchange for free services?
- What are data brokers gathering about us, who are they selling it to?
- Are private companies doing enough to shield our data from government?
- How companies and law enforcement can use your cell phone to know where you’ll be tomorrow.
- Whether the NSA can process the huge amounts of surveillance info it is gathering on all of us.
- The war on terror as an excuse to get into anyone’s computer, and its chilling effect on free speech and thought.
Bruce Schneier has built a career explaining the principles of security in plain English, helping the uninitiated to think clearly and critically about managing risk, and exposing the nonsense peddled by government spokesmen and high-tech hucksters. He is at once a great popularizer and a great debunker.
Schneier's new book, Data and Goliath, examines the prevalence, mechanisms, uses, and dangers of mass surveillance.
This book scared the hell out of me.
"The surveillance society snuck up on us," says Bruce Schneier in Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World. It's a thought-provoking, absorbing, and comprehensive guide to our new big data world. Most important, it's a call for a serious discussion and urgent action to stop the harms caused by the mass collection and mining of data by governments and corporations. To paraphrase Schneier's position on anonymity—we either need to develop more robust techniques for preserving our freedom, or give up on the idea entirely.
During the Cold War, communist East Germany was perhaps the most spied-upon nation on earth, with one secret police informant for every 66 citizens.
Those were the good old days. In 21st-century America, we've got more informants than citizens, all of them digital. Our phones and computers incessantly rat us out, broadcasting our interests, friendships, and locations to governments and corporations alike, according to renowned cryptographer and Internet privacy advocate Bruce Schneier in his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World."
Nobody planned it this way; hyper-surveillance just happened.
Your cellphone emits a signal that tags your location every minute of every day. Your Google search log records your private anxieties and interests. Your text messages and social media accounts capture every detail of your social life. Your store purchases produce records of your spending habits.
Last week the proposed data retention bill passed through the House of Representatives, and is expected to pass through the Senate soon. These laws are set to allow warrantless access to phone calls, sms, social media and internet usage, in the name of tightening our national security.
Disputes and amendments to the bill have focused on confidentiality threats for journalists and whistleblowers, but what effect will data retention have on the average person?
Our host Sam Baran spoke to Bruce Schneier, who is a fellow at Harvard University's Berkman Center for Internet and Society and author of the book Data and Goliath about the ways governments and corporations are storing and using data.
The more things change the more they stay the same, goes an old saying. That certainly seems to be true in IT security.
Despite decades of experience almost every day there's another story about a data breach, software vulnerability or new malware discovered.
So perhaps it's no surprise that the 15th anniversary edition of veteran security expert Bruce Schneier's book Secrets and Lies: Digital Security in a Networked World begins with a foreword that admits how little things have changed since the book first came out in 2000.
Cybersecurity guru Bruce Schneier to reveal lessons learned from the Sony hack scandal at the Gulf Information Security Expo and Conference (GISEC)
Cybercriminal attacks around the world will continue to rise as long as personal data provides the ability to commit fraud, and intellectual property is worth stealing, leaving both individuals and organisations vulnerable to harmful computer and network intrusions.
According to cybersecurity guru Bruce Schneier, one of the keynote speakers at Gulf Information Security Expo and Conference (GISEC), a cyberattack is much easier to implement than it is to install impenetrable cyberdefences.
The 3rd edition of GISEC, the region's leading I.T. security platform, will take place from 26-28 April 2015 at Dubai World Trade Centre.
"Even the East Germans couldn't follow everybody all the time," Bruce Schneier writes. "Now it's easy."
This may sound hyperbolic, but Schneier's lucid and compelling Data and Goliath is free of the hysteria that often accompanies discussions about surveillance. Yes, our current location, purchases, reading history, driving speed and Internet use are being tracked and recorded. But Schneier's book, which focuses mainly on the United States, is not a rant against the usual bad guys such as the U.S.
Sind Privatsphäre und Sicherheit wirklich ein Gegensatz? Bruce Schneier ist einer der bekanntesten Experten für Verschlüsselung. Er fordert, der Geheimdienst NSA solle zerschlagen werden.
Damit Bruce Schneier für einen kurzen Augenblick seine ruhige Art vergisst, reicht es aus, wie der Chef der zum Inlandsgeheimdienst gewandelten US-Bundespolizei FBI zu argumentieren. Etwa so: Haben Strafverfolgungsbehörden recht, wenn sie davor warnen, bald im Dunkeln zu tappen, weil sich Verbrecher immer stärker in den digitalen Raum verziehen?
MARK COLVIN: The ALP has agreed to support an amended version of the Government's bill to force Internet Service Providers to keep their customers' data for two years.
It'll let government agencies see what we've all been doing on the phone or online.
Bipartisan support means the bill is likely to pass.
The bodies expected to get access range from various police and customs agencies to the Competition watchdog, the ACCC.
In Data and Goliath, one of the world's foremost security experts piles on the evidence that privacy is dead -- and proposes a detailed plan to restore it
You can't help but get a little depressed as you read Bruce Schneier's latest book, "Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World." It confirms over and over how all our supposed guaranteed personal privacy, digital or otherwise, is nothing but a façade. Here are some examples from the book:
- It doesn't take much metadata to specifically identify and track anyone.
- "We kill people based on metadata."—General Michael Hayden, former director of the NSA and the CIA
- The U.S. Post Office photographs (and keeps) the exterior back and front of every piece of mail sent in the United States, and this data is available to other agencies.
- "... man who complained to a Target store that had sent baby-related coupons to his teenage daughter, only to find out later that Target was correct."
- In 2011, a man forced Facebook to turn over all data it had on him.
A mature democracy needs to carefully balance individual privacy, national security and business efficiency.
New technologies are always a mixed blessing, their potential for good carrying with it the risk of evil. The deep challenge for a democracy is to develop legal rules, social practices and institutional arrangements that, at some reasonable cost, separate good from bad behavior. The exponential improvement in computation and communication technologies over the past few decades has posed this challenge in an acute form. Both large bureaucracies and determined individuals can now collect and organize huge amounts of information—and all of it,, in one sense or another, is about all of us.
How much do you know about what others might know about you, from your use of technology? How do you minimise your online footprint on things you'd rather keep private?
Bruce Schneier is a US technology and security expert, whose latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, talks to Kathryn Ryan about how much information is being gathered by governments and corporations through our use of phones and computers.
Book Review of Data and Goliath by Bruce Schneier
There is a certain predictability to media and technology finance. Any company looking for money is inevitably characterized as similar to whatever has recently garnered the highest valuations.
For instance, when all of the software as a service (referred to in tech jargon as SaaS) companies traded in the public markets at 10 times revenue, other businesses looked desperately for something in their operations that could be tied, however tenuously, to SaaS.
The trouble with this approach is that bubbles tend to burst, as the SaaS one did last year.
Part 2 of our discussion with Bruce Schneier about about the golden age of surveillance and his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World."
AMY GOODMAN: This is Democracy Now!, democracynow.org, The War and Peace Report. I'm Amy Goodman, with Juan González. Our guest is Bruce Schneier. He is a leading security technologist.
Video: Data and Goliath: Bruce Schneier on the Hidden Battles to Collect Your Data and Control Your World
Leading security and privacy researcher Bruce Schneier talks about about the golden age of surveillance and his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World." The book chronicles how governments and corporation have built an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency's surveillance practices, less attention has been paid to other forms of everyday surveillance—license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining.
JUAN GONZÁLEZ: We turn now to look at what our next guest calls the "golden age of surveillance." The leading security and privacy researcher Bruce Schneier is out with a new book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. The book chronicles how governments and corporations have build an unprecedented surveillance state.
Bruce Schneier did a one-hour open question and answer session on Gizmodo.
Within a remarkably short period of time—less than two decades—all of us have become immersed in a sea of electronic data collection. Our purchases, communications, Internet searches, and even our movements all generate collectible traces that can be recorded, packaged, and sold or exploited.
Before we have had a chance to collectively think about what this phenomenal growth in data production and collection means, and to decide what to do about it, it threatens to become an irreversible feature of our lives.
In his new book Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World (Norton, 2015), author and security technologist Bruce Schneier aims to forestall that outcome, and to help recover the possibility of personal privacy before it is lost or forgotten.
EMMA ALBERICI, PRESENTER: One of the world's leading experts in online security is Bruce Schneier. He's a fellow at Harvard University's Berkman Center for Internet and Society. His latest book, 'Data and Goliath', is about how governments and corporations are using and controlling our data.
I spoke to Bruce Schneier from Minneapolis.
In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, author Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama, his administration, and the NSA for their wholesale spying on innocent Americans and violations of myriad laws and the Constitution. Instead, he has written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers facing everyone.
A comment like what's the big deal? often indicates a naiveté about a serious significant underlying issue. The idea that if you have nothing to hide you have nothing to fear is a dangerously narrow concept on the value of privacy.
A Way Forward: Bruce Schneier’s Data and Goliath Explains Where Our Privacy is Now, and How We Fix It
EFF is honored to have renowned security technologist Bruce Schneier as a member of our board and a collaborator for nearly 20 years. But even if we'd never met him, we'd still be incredibly excited about the release of his new book, Data and Goliath.
Schneier has been providing detailed analyses of cryptography, big data, NSA leaks, security flaws, and more for decades (when he's not terrifying NSA Director Mike Rogers with deceptively simple questions about security). What's exceptional about his writing and his is that he manages to be well-researched, in-depth, and accurate while remaining accessible to non-technical readers.
The NSA, Facebook, and Google are constantly mining our personal information for surveillance and advertising purposes, among other goals. Is it possible to keep our data secure in the digital age? Bruce Schneier, a cybersecurity expert and author of Data and Goliath, says, “We need to examine our own fears and decide how much of our privacy we are really willing to sacrifice for convenience.” Read an excerpt from his book here.
Bruce Schneier's 'Data and Goliath' a lucid overview of how corporate and governmental surveillance works
On a recent trip overseas, I brushed up against these overlapping systems of control. In the international airport in Ho Chi Minh City, Vietnam, I saw devices set up that automatically took temperature readings of arriving passengers (the Ebola scare was ongoing). When I returned from my trip and entered customs at John F. Kennedy International Airport, security officers divided us into lines based on national background. I swiped my passport at a kiosk, received some sort of receipt, and was made to wait again.
Bruce has just published Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, a book that will interest many Lawfare readers. Data and Goliath is deeply informed and accessibly written analysis of mass surveillance by firms and the government. Part One is a terrific tutorial on big data and data mining, in the public and private sectors (and the two sectors in conjunction). Part Two explains the many reasons Bruce thinks we should worry about big data and data mining.
Stop feeling guilty about skimming the Terms of Service. Get mad instead.
Reading this right now?
Congratulations. You're winning.
Yes, all of the usual corporate and government entities know you're here.
Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Book Review)
No one explains security, privacy, crypto and safety better than Bruce Schneier, and while he's been talking about this subject for decades, it's never been more relevant, as his new guide to the post-Snowden world Data and Goliath demonstrates.
It's been nearly two years since the Snowden revelations, and we're nowhere near figuring out what to make of his revelations, but now there's a book that collects all the most significant facts, implications and insights from the debates and packages them in a way that is accessible, smart, and important.
Since the first Snowden leaks, we've been buffeted by new revelations that made it hard -- even impossible -- to understand exactly what kind of spying was taking place, under whose oversight, and what effect it was having. Schneier starts with the nature of data and surveillance in the Internet age, the way that data use and abuse can empower us or harm us (both individually or as a society), patiently steps through a condensed (but still representative) account of the leaks, and then combines all this in a powerful argument that out-of-control, unaccountable, mass-scale surveillance has harmed us, and presents an existential threat to a good, safe and just society.
The world is not becoming less computerized, after all.
A new book by security expert Bruce Schneier is raising serious questions about the state of privacy in the big data age, and whether giving corporations and government access to the most intimate details of our lives in exchange for convenience and security is a tradeoff we should be making.
Since 9/11, Schneier has been an outspoken critic of the government's sometimes ham-handed approach to security. Take the airport security checkpoints, for example. Is the economic loss from asking everybody to wait in line and take off their belts and shoes (more than $10 billion per year in 2004 dollars) or the added deaths from people deciding to drive instead of fly (500 per year) worth the marginal increase in security we get from the checkpoints?
In my Open Forum article, “Privacy and Social Media,” February 2015, I mentioned Bruce Schneier's new book, Data and Goliath (W.W.Norton & Company). For those concerned with the arrival of the surveillance state, this is a must-read book, and one of the best assessments of our current state of affairs. Schneier delves into all of the areas that I find most disconcerting, including our general loss of privacy and anonymity and the omnipresence of corporate and government Big Brother in nearly all facets of our lives. Are we really surprised that most social media, online search engines, and other corporations are selling our data, while others are aggregating that data (think big data and analytics), disabling our ability to remain anonymous?
Security technologist, commentator, and popular author Schneier was one of the first to analyze the documentation of NSA surveillance practices leaked by Edward Snowden. What he discovered fueled his mission to zap our complacency regarding “ubiquitous mass surveillance.” In this mind-blowing exposé, backed by 130 pages of revelatory notes, Schneier reveals exactly how all the information generated by our smartphones and computers regarding our exact location, communications, financial and medical transactions, everything we read in digital form, and every Google search is captured, stored, and traded. He elucidates the difference between data and metadata (an email’s content is data; all records pertaining to the sender, recipient, and routing are metadata), and explains how metadata is used to track our activities, interests, and concerns. With meticulously researched details and high-velocity prose, he outs the federal government’s intrusive “data mining,” the immensely profitable big-data industry, and the hidden collusion between them.
In the field of cryptography, a secretly planted "backdoor" that allows eavesdropping on communications is usually a subject of paranoia and dread. But that doesn't mean cryptographers don't appreciate the art of skilled cyphersabotage. Now one group of crypto experts has published an appraisal of different methods of weakening crypto systems, and the lesson is that some backdoors are clearly better than others—in stealth, deniability, and even in protecting the victims' privacy from spies other than the backdoor's creator.
In a paper titled "Surreptitiously Weakening Cryptographic Systems," well-known cryptographer and author Bruce Schneier and researchers from the Universities of Wisconsin and Washington take the spy's view to the problem of crypto design: What kind of built-in backdoor surveillance works best?
Neither Borgman nor Lohr truly grapples with the immensity of the big-data story. At its core, big data is not primarily a business or research revolution, but a social one. In the past decade, we have allowed machines to act as intermediaries in almost every aspect of our existence. When we communicate with friends, entertain ourselves, drive, exercise, go to the doctor, read a book—a computer transmitting data is there.
A jeremiad suggesting our addiction to data may have made privacy obsolete.
Prolific technological writer Schneier (Fellow/Berkman Center for Internet and Society, Harvard Law School; Carry On: Sound Advice from Schneier on Security, 2013, etc.) clearly examines how technology has transformed every interaction, noting how our intimate communications are now "saved in ways we have no control over." He suggests that most Americans remain unconcerned about the relationship between data and surveillance, due to the attraction of "free" products like Gmail. He focuses on the social costs of surveillance, which "puts us at risk of abuses by those in power—exacerbated by the fact that we are generating so much data and storing it indefinitely." He also argues that this "pervasive mass surveillance" will inevitably chill progressive movements—e.g., gay rights and cannabis decriminalization. The problem is more sprawling than most realize: Edward Snowden's revelations clarified "how much the NSA relies on US corporations to eavesdrop on the Internet," and corporations are using such technologies for their own ends.
In December of 2011, Tripwire published a list of security's top 25 influencers. More than three years later, we are pleased to announce a new list for 2015—The Infosec Avengers!
For each influencer whom we have selected, we include their Twitter handle, blog URL and reasoning for selecting them. We also include their answer for what infosec-related superpower they would choose to have.
After the online breach of JPMorgan Chase, cybersecurity awareness is growing in the financial world. But what exactly is cybersecurity (and cybervulnerability)? What can or cannot be done to make sensitive information more secure?
A leading computer security and privacy expert, Bruce Schneier is one of the world's most recognizable voices on cybersecurity, author of the popular security blog Schneier on Security, board member of the Electronic Frontier Foundation, and CTO of Co3 Systems.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.