News: 2016 Archives

Audio: Reflecting on 2016: The Year in Cybersecurity

  • Radio Boston
  • December 27, 2016

On Tuesday, President-elect Donald Trump named cyber expert Tom Bossert as his homeland security adviser.

Bossert is currently a fellow at the Atlantic Council and was a former national security aide to President George W. Bush.

He says cybersecurity will be one a top priority in his new job.

And if the events of 2016 say anything, Bossert will likely have a lot on his plate.

Read More →

Video: Cybersecurity Expert Bruce Schneier: American Elections Will Be Hacked

  • Democracy Now
  • November 30, 2016

"American Elections Will Be Hacked." That’s the title of a recent article in The New York Times by our next guest, the leading cybersecurity and privacy researcher Bruce Schneier. Schneier warns, "Our newly computerized voting systems are vulnerable to attack by both individual hackers and government-sponsored cyberwarriors. It is only a matter of time before such an attack happens."

Watch the Video on DemocracyNow.org

Read More →

What Bruce Schneier Teaches Us about IoT and Cybersecurity

  • Ben Dickson
  • Tech Talks
  • November 29, 2016

As if I haven't said it a million times, IoT security is critical.

But just when I thought I had it all figured out, somebody comes along and sheds new light on this very important topic in a different way.

At a November 16 hearing held by the Congress Committee on Energy and Commerce in light of the devastating October 21 Dyn DDoS attack, famous cryptologist and computer security expert Bruce Schneier offered a new perspective on IoT security, which makes it easier for everyone to understand the criticality of the issue.

After watching it at least three times, I decided to share the main concepts with the readers of TechTalks.

Read More →

Security Experts Call For Regulation On IoT Cybersecurity

During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.

  • Sara Peters
  • Dark Reading
  • November 17, 2016

Security experts asked lawmakers for more action, today, during a Congressional hearing on IoT security. On their wishlist: consequences to manufacturers for delivering insecure products, a federally funded independent lab for pre-market cybersecurity testing, and an entirely new federal agency devoted to cybersecurity.

The hearing, "Understanding the Role of Connected Devices in Recent Attacks," was held by the US House Committee on Energy and Commerce, with expert witnesses Dale Drew, senior vice president and chief security officer of Level 3 Communications; Dr. Kevin Fu, CEO of Virta Labs and associated professor of electrical engineering and computer science at the University of Michigan; and Bruce Schneier, fellow of the Berkman Klein Center at Harvard University.

"We are in this sorry and deteriorating state because there is almost no cost to a manufacturer for deploying products with poor cybersecurity to consumers," said Dr. Fu. He later added "also there's no benefit if they deploy something with good security."

"The market can't fix this," said Schneier, because "the buyer and seller don't care ...

Read More →

Not a Matter of ‘If’ on IoT Cybersecurity Rules, Experts Say

  • Brendan Bordelon
  • Morning Consult
  • November 16, 2016

Computer security experts on Wednesday pressed for comprehensive federal regulations mandating strong security protocols for the Internet of Things, saying it's not a matter of if but when rules are issued for connected devices.

"The Internet of Things affects the world in a directly physical manner—cars, appliances, thermostat, airplanes," said Bruce Schneier, a computer security expert at Harvard University, during testimony at a hearing held by two House Energy and Commerce subcommittees. "There's real risk to life and property. There's real, catastrophic risks."

With the increasing ubiquity and fundamental vulnerability of IoT technology, Schneier said it's a moot point to argue over whether the federal government will eventually regulate the industry.

Read More →

Audio: Can the American Election Be Hacked?

  • The Economist
  • October 26, 2016

In the second episode of Economist Radio specials running up to the presidential election, security expert Bruce Schneier examines vulnerabilities in electoral voting systems.

Listen to the Audio on Economist.com

Read More →

Hacking: What Journalists Need to Know. A Conversation with Bruce Schneier

  • David Trilling
  • Journalist's Resource
  • October 24, 2016

The hacking of Democratic Party organizations has made internet security germane to the 2016 presidential election campaign. America's intelligence community has accused high-level Russian officials of backing these cyberattacks in an attempt to influence the election result. Such allegations have helped thrust relations between Washington and Moscow to their lowest point in decades.

Meanwhile, the integrity of America's internet infrastructure was tested on Oct. 21, 2016 with a distributed denial of service (DDoS) attack.

Read More →

Video: Can You Hack an Election? Can You Stop Terrorism by Spying?

  • David Pakman Show
  • October 15, 2016

Bruce Schneier joined David Pakman to discuss computer security in relation to politics and election mechanics.

Watch the video on YouTube.com

Read More →

Bruce Schneier—Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

  • Aurelio Cianciotta
  • Neural
  • September 21, 2016

One of the most striking paradoxes of our time resides in our smartphones. Our everyday use of these iconic and progressively factotum apparatuses records at various levels every activity we do in space and time, with the unbelievable outcome that, on a mass scale, we're happy about that and willfully give up our intimate privacy to be allowed to continue using them. It's nothing new, but we're still turning our head to what is behind. There are battles going on to conquer the most strategic parts of the big data we produce, in the huge business called "DaaS" (data as a service).

Read More →

« Quelqu’un Apprend à Détruire Internet », Selon Bruce Schneier

  • David
  • SciencePost
  • September 15, 2016

Pour l'écrivain et expert en cybersécurité et en cryptographie Bruce Schneier, « quelqu'un est en train d'apprendre à détruire Internet », comme il le titre dans son dernier article de blog. L'actuel directeur de la technologie de Resilient, une société d'IBM, affirme que des attaques particulières visent des acteurs majeurs du web depuis déjà deux ans.

Bruce Schneier est une sommité en ce qui concerne la sécurité informatique. L'auteur du mythique livre « Applied Cryptograhy » tient depuis 2004 un blog très fréquenté dans lequel, ce mardi 13 septembre, il a publié un article au titre évocateur : « Quelqu'un est en train d'apprendre à détruire Internet » . Comme il l'affirme, depuis un ou deux ans, certaines compagnies majeures du web subissent des attaques particulières, précises et calibrées, dont le but est de tester les défenses et d'évaluer les meilleurs moyens de les faire tomber.

Read More →

Espionage Insiders: Welcome to the Post-Forgetting World

  • Gary Legum
  • Salon
  • September 13, 2016

"I can't think of any other issue that moved people so quickly." By security expert Bruce Schneier's estimation, more than 700 million people worldwide changed their behavior on the Internet as a direct result of what Edward Snowden's NSA leak revealed about government surveillance. Even more amazing: they all did it within one year.

What motivated so many private citizens to take action? "They did that because of secrets.

Read More →

Audio: After The DNC Hack, What's Stopping Russian Hackers From Accessing Voting Machines?

  • Tori Bedford
  • Boston Public Radio
  • August 4, 2016

Just before the start of the Democratic National Convention, top-secret emails from the Democratic National Committee were published on whistleblower website Wikileaks, in a major operation the FBI attributed to Russian hackers.

Some U.S. officials have raised subsequent questions: Were the hackers deliberately attempting to influence the election in favor of Donald Trump? Did Trump have any influence?

Read More →

Ask Me Anything

  • Reddit
  • August 2, 2016

Bruce Schneier did an AMA ("Ask Me Anything") on Reddit. Topics covered included Tor, voting systems, open source hardware, the Solitaire cipher, risk insurance, industrial control systems, and the game Dungeons and Dragons.

Read the Thread on Reddit.com

Read More →

Video: RSA Conference Asia Pacific & Japan 2016 Interview

  • RSA Conference
  • August 1, 2016

Linda Gray, General Manager of the RSA Conference, speaks with Bruce Schneier on the topic of his keynote, "Security in the World-Sized Web," at RSA Conference 2016 Singapore.

Watch the Video on RSAConference.com

Read More →

Schneier: Next President May Face IoT Cyberattack That Causes People to Die

  • Darlene Storm
  • Computerworld
  • July 25, 2016

Some people may think the upcoming US presidential election is a Kobayashi Maru, a lose-lose scenario no matter who wins, but which candidate would best deal with a cyberattack that caused people to die?

In an article about how hacking the Internet of Things will result in real world disasters, security guru Bruce Schneier —who is not known for spreading FUD (fear, uncertainty, doubt) —was not talking about hacks against banks or the smart grid that would cause general chaos; oh no, he was describing hacks against devices connected to the internet which would actually result in people dying.

Writing on Motherboard, Schneier suggested:

The next president will probably be forced to deal with a large-scale internet disaster that kills multiple people.

IoT and cyber-physical systems, according to Schneier, have "given the internet hands and feet: the ability to directly affect the physical world. What used to be attacks against data and information have become attacks against flesh, steel, and concrete."

Indeed, there are plenty of scary possibilities which range from targeting one person to targeting hundreds of people at the same instant; hacking cars while they are driving down the highway; remotely assassinating a person by hacking their medical device, hacking a plane full of passengers, remotely taking control of weapon systems such as Patriot missile batteries, hacking a water treatment plant and tweaking the chemical mix; the nightmare scenario list of hacks that we all hope never happen goes on and on.

Read More →

Audio: Securing the World-Sized Web

Bruce Schneier on How IoT Changes Everything in Security

  • Geetha Nandikotkur
  • InfoRisk Today
  • July 22, 2016

Bruce Schneier, CTO at the security firm Resilient Systems, is busy examining how IoT - the name given to the computerization of everything in our lives - is changing the security world.

From sensors that collect data about our environment to databases in the cloud to analytics that help us make use of data, the Internet of Things is capable of changing our physical world.

"We're building an internet that senses, thinks and acts, but doesn't have a body, and that is the textbook definition of a robot," Schneier says. "What I want to propose is that we're building a world-sized robot, and we don't even realize it.

Read More →

Audio: Adam Ruins Everything: Security and Big Data with Bruce Schneier

  • Adam Ruins Everything
  • July 5, 2016

Adam is joined by Bruce Schneier to talk about current problems facing the TSA, gun control, and how data and security intersect.

One of the topics that resonated deeply with last season's Adam Ruins Everything viewers was Bruce Schneier's take on security and "security theater". So we had to bring Bruce on the podcast. Bruce is a brilliant cryptographer and security expert, who's written countless articles and academic papers and published 13 books, including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.

Read More →

Video: Going Dark or Getting Personal? The Battle Between Data, Privacy & Intrusion

  • The Legal Edition
  • June 25, 2016

Bruce Schneier and attorney David O'Brien discuss the new report issued by the Berkman Center for Internet & Society at Harvard University on the issue of “Going Dark,” and the role of law enforcement and privacy rights under scrutiny, revelations of government spying, and analysis of the Apple iPhone Encryption litigation and its progeny unfolding in the Federal Courts.

Watch the Video on YouTube.com

Read More →

Bruce Schneier at Infosecurity Europe 2016

  • Angus Macrae
  • Tripwire
  • June 20, 2016

This year's Infosecurity Europe conference had so many great places to be and things to do that it was often hard to choose how best to spend one's limited time and harder still for many to identify a single highlight. For myself personally, however, it had to be the opportunity to hear one of my favourite writers for many years speaking on the keynote stage.

Whilst terms like "security guru" or even "thought leader" are often bandied around and diluted to the point of being meaningless, few of us mere security mortals can reasonably dispute the influence, credibility and respect that Bruce Scheiner holds as a writer, technologist, cryptographer and entrepreneur. You know that when he speaks at an event like this, it is not an opportunity you're going to get every day.

Read More →

IoT Security: Lack of Expertise Will Hurt, Says Bruce Schneier

  • Warwick Ashford
  • Computer Weekly
  • June 10, 2016

The lack of relevant technical expertise by governments is going to hurt when it comes to securing the internet of things (IoT), according to security technologist Bruce Schneier.

Governments have a crucial role to play in tackling what he sees as the next big security challenge, he told Infosecurity Europe 2016 in London.

One of the biggest challenges, according to Schneier, is that there is no good regulatory structure for IoT which connects finance, health, energy and transport information.

"We don't know how to do this, so we are going to need government solutions that are holistic that will deal with IoT devices no matter what they are doing," he said.

Read More →

Government Regulation Will Clip Coders' Wings, Says Bruce Schneier

Systems "too critical to allow programmers to do as they want"

  • John Leyden
  • The Register
  • June 10, 2016

Government regulation of the Internet of Things will become inevitable as connected kit in arenas as varied as healthcare and power distribution becomes more commonplace, according to security guru Bruce Schneier.

"Governments are going to get involved regardless because the risks are too great. When people start dying and property starts getting destroyed, governments are going to have to do something," Schneier said during a keynote speech at the Infosecurity Europe trade show in London.

The choice is between smart (well-informed) or stupid government regulations with the possibility of non-interference getting taken off the table.

Read More →

#Infosec16: Securing the IoT is the Next Big Challenge, Says Bruce Schneier

  • Michael Hill
  • Infosecurity
  • June 9, 2016

"The Internet of Things (IoT) is our next big security challenge and I think it's the way we are going to be colliding with the real world in interesting ways."

Speaking at Infosecurity Europe 2016 Bruce Schneier said that securing the IoT is a lot about what we already know, and some of what we don't know.

"It's one big inter-connected system of systems with threats, attackers, effects; the IoT is everything we've seen now, just turned up to 11 and in a way we can't turn it off."

As the IoT becomes more connected it also becomes more physical, invading our lives on an unprecedented scale with more real-world consequences when a breach occurs, and it's something that we can't afford to fail to secure, Schneier explained.

"I think this is going to hit a tipping point. We're getting into the world of catastrophic risks as our computers become more physical.

Read More →

InfoSec 2016: Two Worlds Are Colliding, and I Don’t Have the Answer, Says Bruce Schneier

Schneier also sees more government meddling in IoT security as ‘inevitable’

  • Ben Sullivan
  • TechWeek Europe
  • June 9, 2016

Two drastically different paradigms are colliding together when it comes to the Internet of Things, and it doesn't bode well for our security, claims security specialist Bruce Schneier.

Schneier explained how IoT-connected devices such as medical devices, which are almost impossible to keep up to date with the latest security defenses, will go at odds against attackers who are continually improving their attack methods, with "catastrophic" consequences.

"As we move to the Internet of Things, where things are less patchable and less high-end, we're going to have problems," said Schneier, addressing a keynote audience at InfoSec 2016 in London.

Problem

"Right now, how you patch your home router is to throw it away and buy a new one.

Read More →

Bruce Schneier: Governments Have a 'Stark' Lack of Expertise in IoT Security

But government involvement in IoT policies is inevitable, says security expert

  • Roland Moore-Colyer
  • V3
  • June 9, 2016

Governments lack the expertise to define security policy when it comes to the rapidly growing Internet of Things (IoT), according to Bruce Schneier, security technologist and a member of the Infosecurity Europe Hall of Fame.

Schneier explained that that governments approach topics such as the IoT and cyber security without the technical knowledge to understand the challenges.

"It's surprising how stark the lack of expertise in tech is in these debates," he said at Infosecurity Europe in London.

"Expertise in large correlation data bases, algorithmic decision making, IoT, cloud storage and computing, robotics, autonomous agents; these are all things that the government is going to run headlong into and needs to make decisions about.

Read More →

Video: Internet of Things Security: Ask Bruce, Episode Nine

  • ResilienTV
  • May 9, 2016

The Internet of Things (IoT) is ushering in a new age of hyperconnectivity – and new cyber security challenges.

In this video, Resilient CTO Bruce Schneier explains how the Internet of Things raises the stakes in cyber security, and explores how organizations will need to battle these new challenges.

Watch the Video on ResilientSystems.com

Read More →

Video: Bruce Schneier: Building Cryptographic Systems

Security expert Bruce Schneier discusses security from the perspectives of both the National Security Agency and the National Institution of Standards and Technology.

  • Charles Severance
  • Computer
  • April 2016

Since the 1930s at Bletchley Park, there has been a continuous arms race to both improve and break cryptography. The files leaked by National Security Agency (NSA) contractor Edward Snowden made it clear that governments regularly gather data on average citizens, which makes us wonder if privacy is even possible. Do our carefully designed cryptographic systems protect our information as we expect them to, or are they just thin veils that can easily be pierced by the government? I posed these questions to leading security expert Bruce Schneier.

Read More →

Video: Bruce Schneier on the FBI/Apple Outcome

  • TWiT Netcast Network
  • April 5, 2016

Steve Gibson and Leo Laporte talk about Bruce Schneier's take on the FBI vs. Apple legal battle and what it means when the FBI does not disclose the method used to break into an iPhone.

Watch the Video on YouTube.com

Read More →

Video: Bruce Schneier on the Integration of Privacy and Security

  • Chris Brook
  • Threatpost
  • March 23, 2016

Threatpost Editor in Chief Mike Mimoso talks to crypto pioneer and security expert Bruce Schneier of Resilient Systems about the early days of the RSA Conference, the integration of privacy and security, and the current FBI-Apple debate over encryption and surveillance.

Watch the Video on Threatpost.com

Read More →

Rise of the Machines: The Threat Posed by Growing Connectivity

An IT security expert has some dire warnings about our brave new world

  • Karlin Lillington
  • Irish Times
  • March 17, 2016

Either we start to disconnect our increasingly networked world or we risk daunting social, safety, security and privacy consequences, a leading computer security expert and author has warned.

In an expansive talk directly challenging widely held assumptions about the benefits of computing, networks and the internet, Bruce Schneier told a large audience at this year's RSA Security Conference in San Francisco that we were moving towards a networked world so complex that we would be unable to safely manage it or adequately grapple with inevitable disasters.

Schneier, who is always one of the most popular speakers at the event, which drew nearly 40,000 people this year, pinpoints what he calls vast "socio-technical systems" as the critical issue. He describes these as complex, interconnected social and technical systems.

Read More →

Video: Reacting Fast is Not Enough (RSA 2016)

  • David Spark
  • CloudPassage
  • March 17, 2016

"Companies go to the cloud not because the security person tells them to. They go to the cloud because the business person tells them to. Because the economics of doing it is so compelling and the security person has to manage," said Bruce Schneier (@schneierblog), CTO, Resilient Systems, in our conversation at the RSA 2016 Conference in San Francisco.

Computing is embedded in everything we do, such as cars and planes, said Schneier.

Read More →

Video: RSA 2016 Interview with Bruce Schneier

  • ITProTV
  • March 15, 2016

At RSA 2016, ITProTV asked Bruce Schneier about his views on the security risks of the Internet of Things.

Watch the Video on Youtube.com

Read More →

Video: Overcoming the Cyber Security Skills Gap: Ask Bruce, Episode Eight

  • ResilienTV
  • March 11, 2016

A shortage of skilled cyber security employees is one of the most significant challenges organizations face today.

In this video, Resilient CTO Bruce Schneier explains the cyber security skills gap, and outlines steps to help organizations overcome it.

Watch the Video on ResilientSystems.com

Read More →

Q&A: Bruce Schneier on Joining IBM, IoT Woes, and Apple v. the FBI

It's going to get worse before it gets better

  • Iain Thomson
  • The Register
  • March 4, 2016

Security guru Bruce Schneier is a regular at shows like RSA and his talks are usually standing-room-only affairs.

Schneier has written some of the definitive texts for modern cryptography teaching and his current book, Data and Goliath, examines the perils and solutions to government and corporate surveillance of internet users. The Register sat down with him to talk over the news of the day, and to get an idea of where the security industry is going.

Q: First things first—you're the CTO of Resilient Systems, which IBM is in the process of buying.

Read More →

Bruce Schneier: We're Sleepwalking towards Digital Disaster and Are Too Dumb to Stop

Coders and tech bros playing chance with the future

  • Iain Thomson
  • The Register
  • March 2, 2016

Security guru Bruce Schneier has issued a stark warning to the RSA 2016 conference—get smart or face a whole world of trouble.

The level of interconnectedness of the world's technology is increasing daily, he said, and is becoming a world-sized web—which he acknowledged was a horrible term—made up of sensors, distributed computers, cloud systems, mobile, and autonomous data processing units. And no one is quite sure where it is all heading.

"The world-sized web will change everything," he said.

Read More →

Bruce Schneier on IBM Grabbing Him Up with Resilient Systems

Bruce Schneier chats with SearchSecurity during lunch at RSAC about IBM's plans to acquire Resilient Systems to complete their security offering.

  • Peter Loshin
  • SearchSecurity
  • March 2, 2016

RSA Conference is a place to meet and greet anyone involved in security these days, proved by a chance encounter with Bruce Schneier during lunch on Tuesday in the press room. And few individuals had news as big as Schneier, with the announcement yesterday that IBM would acquire Resilient Systems, the company where he serves as CTO.

"For the company, it's fantastic; they have this whole big security strategy and you can see a big hole where we belong, and they see that," Schneier told SearchSecurity while we waited for lunch to be rolled out.

"Last year, Resilient [Systems] integrated with IBM's SIEM—that's security event and incident management—system, QRadar," Schneier wrote in his blog this week.

Read More →

Video: Building a Security Culture: Ask Bruce, Episode Seven

  • ResilienTV
  • February 25, 2016

Business leaders and IT security professionals don't always see eye to eye—and that creates risk.

In this video, Resilient Systems CTO Bruce Schneier outlines ways for business and security leaders to build trust and create a security-focused organizational culture.

Watch the Video on ResilientSystems.com

Read More →

Video: How to Prevent the Normalization of Deviance: Ask Bruce, Episode Six

  • ResilienTV
  • February 18, 2016

Without proper controls, minor—yet insecure—behaviors can become accepted habits at organizations. And that can lead to major security risks.

In this video, Resilient CTO Bruce Schneier explains how security leaders can spot insecure practices, and stop them from taking hold at their organization.

Watch the Video on ResilientSystems.com

Read More →

Study Finds That Anti-Crypto Laws Won't Work on an International Stage

A new report shows that anti-crypto laws wouldn't change a thing, as criminals would simply look globally

  • Maria Korolov
  • CSO
  • February 12, 2016

In response to attempts to put restrictions on encryption technology, a new report surveys 546 encryption products in 54 countries outside the United States, out of 865 hardware and software products total.

The report demonstrates that encryption technology is very international in nature and that it is impossible for local regulations to have any effect on it, said Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard University,

"The cat is out of the bag," he said. "It is an international world. All the research is international and has been for decades.

Read More →

Most Encryption Products Far beyond Reach of US Law Enforcement

Anyone seeking to keep their data hidden could use hundreds of encryption services offered by companies outside the US if Washington compels tech companies to decrypt communications.

  • Malena Carollo
  • Christian Science Monitor
  • February 11, 2016

If Washington forces American tech companies to give law enforcement access to encrypted communication, it might not provide the advantage investigators want when tracking terrorists or criminals.

Companies outside the US are responsible for nearly two-thirds of tech products that offer some form of encryption, according to a study released Thursday from renowned cryptographer Bruce Schneier. Because those firms are beyond the reach of US laws, he said, anyone who wants to avoid American intelligence agencies or police eavesdropping could simply switch to another secure platform.

"There's this weird belief that if the US law makes a change, that it affects things," said Schneier, chief technology officer of the security firm Resilient Systems and a fellow at Harvard University's Berkman Center for Internet and Society.

Read More →

Backdoor Laws Can't Contain Global Encryption, Says New Report

  • Russell Brandom
  • The Verge
  • February 11, 2016

In recent months, the FBI has been pushing for stronger US restrictions on encryption — but a new report from Harvard's Berkman Center suggests such laws reach only a small portion of the relevant products. Taking a census of 865 different encryption products from around the world, the report finds that roughly two-thirds are produced and distributed overseas, outside the jurisdiction of US law. Germany was the biggest source of non-US crypto, with 112 separate products either for sale or available free. Just over a third of the foreign products make their code available as open source.

Read More →

Strong Crypto Is Widely Available Outside The US, So Restrictions Are Unlikely To Thwart Terrorism

  • Yael Grauer
  • Forbes
  • February 11, 2016

Just today, security technologist and author Bruce Schneier, along with Kathleen Seidel and Saranya Vijayakumar, unveiled a new international survey of encryption products compiled as part of his fellowship at the Berkman Center for Internet and Society at Harvard University. The survey found a total of 865 hardware or software products incorporating encryption from 55 different countries, 546 (around two-thirds) of which were from outside the US. The products included voice encryption, file encryption, email encryption, and text message encryption products, as well was 61 VPNs.

The worldwide survey shows that encryption products are widely available internationally, indicating that any US restrictions on unbreakable crypto are far less likely to thwart terrorists and criminals (who can switch to more secure foreign alternatives) as much as they will negatively impact US companies' bottom line and the safety and security of everyday internet users who typically don't spend a lot of time worrying about encryption.

Read More →

Global Crypto Survey Proves Govt Backdoors Completely Pointless

Like playing a frustrating game of whack-a-mole

  • Iain Thomson
  • Iain Thomson
  • February 11, 2016

In 1999, when a fierce crypto war was raging between governments and developers, researchers undertook a global survey of available encryption products.

Now security guru Bruce Schneier and other experts have repeated the exercise, and it spells bad news for those demanding backdoors in today's cryptography.

The latest study analyzed 865 hardware and software products incorporating encryption from 55 countries, with a third of them coming from the US. That's up from 805 in 35 countries in 1999.

Read More →

New Survey Suggests US Encryption Ban Would Just Send Market Overseas

  • Jenna McLaughlin
  • The Intercept
  • February 11, 2016

If the US government tries to strong-arm American companies into ending the sale of products or applications with unbreakable encryption, the technology won't disappear, a group of researchers conclude in a new report. It would still be widely available elsewhere.

Some US law enforcement officials argue that unbreakable encryption is interfering with legal surveillance of suspected criminals and terrorists. And some members of Congress are pushing for a nationwide requirement that encryption allow for law-enforcement access.

Read More →

New Report Contends Mandatory Crypto Backdoors Would Be Futile

  • Dan Goodin
  • Ars Technica
  • February 11, 2016

An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.

The report, prepared by researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors advocated by FBI Director James Comey and other US officials.

Read More →

Press Release: International Encryption Product Survey Finds 546 Non-US Products from 54 Countries

Findings point to negative impact on US Companies and Internet users

  • Press Release
  • February 11, 2016

A newly completed international survey of encryption products found 546 different products from 54 different countries outside the US. This survey was headed by Bruce Schneier, as part of his Fellowship at the Berkman Center for Internet and Society at Harvard University.

The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access.

Read More →

Video: Incident Response Orchestration: Ask Bruce, Episode Five

  • ResilienTV
  • February 3, 2016

Organizations are overwhelmed with security alerts—far more than they can reasonably manage. Incident response orchestration and automation can go a long way in helping teams resolve security events faster and more effectively.

Watch the Video on ResilientSystems.com

Read More →

Bruce Schneier: The Security Mindset

  • Charles Severance
  • Computer
  • February 2016

Networked technology increasingly touches all aspects of our lives. When essential systems are connected to a networked environment, it becomes important to make sure that they're protected from attack. We continue improving the mathematics and algorithms used to secure these systems, but attackers tend to exploit weaknesses in how the math-ematics and technologies are used.

As effective security becomes more vital, many computer science students are becoming interested in making security part of their education.

Read More →

Video: The Security Mindset

  • Computer
  • February 3, 2016

Security guru Bruce Schneier talks with Charles Severance about what it takes to think like a security expert.

Watch the Video on YouTube.com

Read More →

Audio: On the Wire Podcast: Bruce Schneier

  • Dennis Fisher
  • On the Wire
  • February 1, 2016

Bruce Schneier, the well-known cryptographer, author, and security expert, is today's guest on the On the Wire podcast. Dennis Fisher talks with Schneier about the pervasiveness of commercial and government surveillance and tracking, the emerging problem of IoT security, and what can be done to address the technical and policy issues all of this entails. They also discuss the ideas in Schneier's latest book, Data and Goliath, and what might be the theme for Schneier's next one.

Listen to the Audio on OnTheWire.io

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.