News: 2016 Archives
On Tuesday, President-elect Donald Trump named cyber expert Tom Bossert as his homeland security adviser.
Bossert is currently a fellow at the Atlantic Council and was a former national security aide to President George W. Bush.
He says cybersecurity will be one a top priority in his new job.
And if the events of 2016 say anything, Bossert will likely have a lot on his plate.
Joining the show to remember some of the top cybersecurity issues in the news this year, including the Democratic National Committee Hack, the “Internet Of Things” malware attack and more, is Harvard Berkman fellow and security expert Bruce Schneier…
“American Elections Will Be Hacked.” That’s the title of a recent article in The New York Times by our next guest, the leading cybersecurity and privacy researcher Bruce Schneier. Schneier warns, “Our newly computerized voting systems are vulnerable to attack by both individual hackers and government-sponsored cyberwarriors. It is only a matter of time before such an attack happens.”
As if I haven’t said it a million times, IoT security is critical.
But just when I thought I had it all figured out, somebody comes along and sheds new light on this very important topic in a different way.
At a November 16 hearing held by the Congress Committee on Energy and Commerce in light of the devastating October 21 Dyn DDoS attack, famous cryptologist and computer security expert Bruce Schneier offered a new perspective on IoT security, which makes it easier for everyone to understand the criticality of the issue.
After watching it at least three times, I decided to share the main concepts with the readers of TechTalks. Here are the key takeaways, which I’ve taken the pain to elaborate on…
During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.
Security experts asked lawmakers for more action, today, during a Congressional hearing on IoT security. On their wishlist: consequences to manufacturers for delivering insecure products, a federally funded independent lab for pre-market cybersecurity testing, and an entirely new federal agency devoted to cybersecurity.
The hearing, “Understanding the Role of Connected Devices in Recent Attacks,” was held by the US House Committee on Energy and Commerce, with expert witnesses Dale Drew, senior vice president and chief security officer of Level 3 Communications; Dr. Kevin Fu, CEO of Virta Labs and associated professor of electrical engineering and computer science at the University of Michigan; and Bruce Schneier, fellow of the Berkman Klein Center at Harvard University…
Computer security experts on Wednesday pressed for comprehensive federal regulations mandating strong security protocols for the Internet of Things, saying it’s not a matter of if but when rules are issued for connected devices.
“The Internet of Things affects the world in a directly physical manner—cars, appliances, thermostat, airplanes,” said Bruce Schneier, a computer security expert at Harvard University, during testimony at a hearing held by two House Energy and Commerce subcommittees. “There’s real risk to life and property. There’s real, catastrophic risks.”…
The hacking of Democratic Party organizations has made internet security germane to the 2016 presidential election campaign. America’s intelligence community has accused high-level Russian officials of backing these cyberattacks in an attempt to influence the election result. Such allegations have helped thrust relations between Washington and Moscow to their lowest point in decades.
Meanwhile, the integrity of America’s internet infrastructure was tested on Oct. 21, 2016 with a distributed denial of service (DDoS) attack.
Journalist’s Resource spoke with security expert Bruce Schneier about the attacks and what journalists need to know. The interview, conducted by email while Schneier was traveling, has been edited for length…
Bruce Schneier joined David Pakman to discuss computer security in relation to politics and election mechanics.
One of the most striking paradoxes of our time resides in our smartphones. Our everyday use of these iconic and progressively factotum apparatuses records at various levels every activity we do in space and time, with the unbelievable outcome that, on a mass scale, we’re happy about that and willfully give up our intimate privacy to be allowed to continue using them. It’s nothing new, but we’re still turning our head to what is behind. There are battles going on to conquer the most strategic parts of the big data we produce, in the huge business called “DaaS” (data as a service). Data and Goliath is a book about these battles, written by an acknowledged security expert, who has not given up on opposing the total surveillance paradigm. He thoughtfully couples a lucid analysis deducted from plenty of facts and sources with suggestions. Schneier’s privacy advocacy clarifies the overwhelming confusion in the current post-Snowden revelation period, sorting out the wrong approach to national securities and the inflated scale of control. His passionate approach doesn’t prevent him from imagining alternative scenarios, where new types of business models replace the current privacy in exchange for free services model. On the other side, an important part of the book is dedicated to advice, from breaking up the NSA into more specialized agencies, to teaching users why they need to stop sharing so much personal and intimate details and how. Being encouraged by a major expert in the field is the best argument for privacy one can ask for…
Pour l’écrivain et expert en cybersécurité et en cryptographie Bruce Schneier, « quelqu’un est en train d’apprendre à détruire Internet », comme il le titre dans son dernier article de blog. L’actuel directeur de la technologie de Resilient, une société d’IBM, affirme que des attaques particulières visent des acteurs majeurs du web depuis déjà deux ans.
Bruce Schneier est une sommité en ce qui concerne la sécurité informatique. L’auteur du mythique livre « Applied Cryptograhy » tient depuis 2004 un blog très fréquenté dans lequel, ce mardi 13 septembre, il a publié …
"I can’t think of any other issue that moved people so quickly." By security expert Bruce Schneier’s estimation, more than 700 million people worldwide changed their behavior on the Internet as a direct result of what Edward Snowden’s NSA leak revealed about government surveillance. Even more amazing: they all did it within one year.
What motivated so many private citizens to take action? "They did that because of secrets. The biggest enemy to society, the thing that is most corrosive, is secrecy," says Schneier. "Edward Snowden started the dialogue."…
This is one of Bruce Schneier’s latest books, but my first read from him. The title caught my attention, and I’m glad it did.
Just before the start of the Democratic National Convention, top-secret emails from the Democratic National Committee were published on whistleblower website Wikileaks, in a major operation the FBI attributed to Russian hackers.
Some U.S. officials have raised subsequent questions: Were the hackers deliberately attempting to influence the election in favor of Donald Trump? Did Trump have any influence? And most importantly—if Russian hackers can breach the DNC internal network, what’s to stop them from hacking voting machines?
In a recent Washington Post …
Linda Gray, General Manager of the RSA Conference, speaks with Bruce Schneier on the topic of his keynote, “Security in the World-Sized Web,” at RSA Conference 2016 Singapore.
Some people may think the upcoming US presidential election is a Kobayashi Maru, a lose-lose scenario no matter who wins, but which candidate would best deal with a cyberattack that caused people to die?
In an article about how hacking the Internet of Things will result in real world disasters, security guru Bruce Schneier—who is not known for spreading FUD (fear, uncertainty, doubt)—was not talking about hacks against banks or the smart grid that would cause general chaos; oh no, he was describing hacks against devices connected to the internet which would actually result in people dying…
Bruce Schneier on How IoT Changes Everything in Security
Bruce Schneier, CTO at the security firm Resilient Systems, is busy examining how IoT – the name given to the computerization of everything in our lives – is changing the security world.
From sensors that collect data about our environment to databases in the cloud to analytics that help us make use of data, the Internet of Things is capable of changing our physical world.
“We’re building an internet that senses, thinks and acts, but doesn’t have a body, and that is the textbook definition of a robot,” Schneier says. “What I want to propose is that we’re building a world-sized robot, and we don’t even realize it. While this change has its merits in bringing about enormous changes in social, economic and political environments, this is only going to increase security vulnerabilities,” he says…
Adam is joined by Bruce Schneier to talk about current problems facing the TSA, gun control, and how data and security intersect.
One of the topics that resonated deeply with last season’s Adam Ruins Everything viewers was Bruce Schneier’s take on security and “security theater”. So we had to bring Bruce on the podcast. Bruce is a brilliant cryptographer and security expert, who’s written countless articles and academic papers and published 13 books, including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. …
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World is Bruce Schneier’s manifesto on what should be done about the amount, and controls around data being collected on us. If, like me, you have been focused on Information Security this book is a great exposure to the privacy issues our profession is facing. The book is more focused on policy than practical application, but worth the read for the background and ideas presented.
Data and Goliath is a call to action around two topics: first, the cultural acceptance of not owning our personal data or understanding how it is being used; and second, the difference between nation-state espionage and mass surveillance. Trying to reduce the themes of the book to just a couple of points is a gross oversimplification. This book belongs in the Canon due to the foundational and timeless issues it addresses for our industry. Finally, don’t let the 400-page length intimidate you, as the text of the book is only 238 pages with the rest being reference notes…
Bruce Schneier and attorney David O’Brien discuss the new report issued by the Berkman Center for Internet & Society at Harvard University on the issue of “Going Dark,” and the role of law enforcement and privacy rights under scrutiny, revelations of government spying, and analysis of the Apple iPhone Encryption litigation and its progeny unfolding in the Federal Courts.
This year’s Infosecurity Europe conference had so many great places to be and things to do that it was often hard to choose how best to spend one’s limited time and harder still for many to identify a single highlight. For myself personally, however, it had to be the opportunity to hear one of my favourite writers for many years speaking on the keynote stage.
Whilst terms like “security guru” or even “thought leader” are often bandied around and diluted to the point of being meaningless, few of us mere security mortals can reasonably dispute the influence, credibility and respect that Bruce Scheiner holds as a writer, technologist, cryptographer and entrepreneur. You know that when he speaks at an event like this, it is not an opportunity you’re going to get every day…
Governments have a crucial role to play in tackling what he sees as the next big security challenge, he told Infosecurity Europe 2016 in London.
One of the biggest challenges, according to Schneier, is that there is no good regulatory structure for IoT which connects finance, health, energy and transport information.
“We don’t know how to do this, so we are going to need government solutions that are holistic that will deal with IoT devices no matter what they are doing,” he said…
Systems "too critical to allow programmers to do as they want"
Government regulation of the Internet of Things will become inevitable as connected kit in arenas as varied as healthcare and power distribution becomes more commonplace, according to security guru Bruce Schneier.
“Governments are going to get involved regardless because the risks are too great. When people start dying and property starts getting destroyed, governments are going to have to do something,” Schneier said during a keynote speech at the Infosecurity Europe trade show in London.
The choice is between smart (well-informed) or stupid government regulations with the possibility of non-interference getting taken off the table…
“The Internet of Things (IoT) is our next big security challenge and I think it’s the way we are going to be colliding with the real world in interesting ways.”
Speaking at Infosecurity Europe 2016 Bruce Schneier said that securing the IoT is a lot about what we already know, and some of what we don’t know.
“It’s one big inter-connected system of systems with threats, attackers, effects; the IoT is everything we’ve seen now, just turned up to 11 and in a way we can’t turn it off.”
As the IoT becomes more connected it also becomes more physical, invading our lives on an unprecedented scale with more real-world consequences when a breach occurs, and it’s something that we can’t afford to fail to secure, Schneier explained…
Schneier also sees more government meddling in IoT security as ‘inevitable’
Schneier explained how IoT-connected devices such as medical devices, which are almost impossible to keep up to date with the latest security defenses, will go at odds against attackers who are continually improving their attack methods, with “catastrophic” consequences.
“As we move to the Internet of Things, where things are less patchable and less high-end, we’re going to have problems,” said Schneier, addressing a keynote audience at …
But government involvement in IoT policies is inevitable, says security expert
Governments lack the expertise to define security policy when it comes to the rapidly growing Internet of Things (IoT), according to Bruce Schneier, security technologist and a member of the Infosecurity Europe Hall of Fame.
Schneier explained that that governments approach topics such as the IoT and cyber security without the technical knowledge to understand the challenges.
“It’s surprising how stark the lack of expertise in tech is in these debates,” he said at Infosecurity Europe in London.
“Expertise in large correlation data bases, algorithmic decision making, IoT, cloud storage and computing, robotics, autonomous agents; these are all things that the government is going to run headlong into and needs to make decisions about…
The Internet of Things (IoT) is ushering in a new age of hyperconnectivity – and new cyber security challenges.
In this video, Resilient CTO Bruce Schneier explains how the Internet of Things raises the stakes in cyber security, and explores how organizations will need to battle these new challenges.
Security expert Bruce Schneier discusses security from the perspectives of both the National Security Agency and the National Institution of Standards and Technology.
Since the 1930s at Bletchley Park, there has been a continuous arms race to both improve and break cryptography. The files leaked by National Security Agency (NSA) contractor Edward Snowden made it clear that governments regularly gather data on average citizens, which makes us wonder if privacy is even possible. Do our carefully designed cryptographic systems protect our information as we expect them to, or are they just thin veils that can easily be pierced by the government? I posed these questions to leading security expert Bruce Schneier…
Threatpost Editor in Chief Mike Mimoso talks to crypto pioneer and security expert Bruce Schneier of Resilient Systems about the early days of the RSA Conference, the integration of privacy and security, and the current FBI-Apple debate over encryption and surveillance.
An IT security expert has some dire warnings about our brave new world
Either we start to disconnect our increasingly networked world or we risk daunting social, safety, security and privacy consequences, a leading computer security expert and author has warned.
In an expansive talk directly challenging widely held assumptions about the benefits of computing, networks and the internet, Bruce Schneier told a large audience at this year’s RSA Security Conference in San Francisco that we were moving towards a networked world so complex that we would be unable to safely manage it or adequately grapple with inevitable disasters…
“Companies go to the cloud not because the security person tells them to. They go to the cloud because the business person tells them to. Because the economics of doing it is so compelling and the security person has to manage,” said Bruce Schneier (@schneierblog), CTO, Resilient Systems, in our conversation at the RSA 2016 Conference in San Francisco.
Computing is embedded in everything we do, such as cars and planes, said Schneier. It’s not just business operations. It’s affecting the real world.
“Reacting fast is not enough. The real world is getting it right the first time,” warned Schneier. “I’m not sure how we’re going to do it because on the one hand there are going to be all these requirements by the physical world on the other hand there’s going to be our IT way’ of doing things.”…
A shortage of skilled cyber security employees is one of the most significant challenges organizations face today.
In this video, Resilient CTO Bruce Schneier explains the cyber security skills gap, and outlines steps to help organizations overcome it.
It's going to get worse before it gets better
Security guru Bruce Schneier is a regular at shows like RSA and his talks are usually standing-room-only affairs.
Schneier has written some of the definitive texts for modern cryptography teaching and his current book, Data and Goliath, examines the perils and solutions to government and corporate surveillance of internet users. The Register sat down with him to talk over the news of the day, and to get an idea of where the security industry is going.
Q: First things first—you’re the CTO of Resilient Systems, which IBM is in the process of buying…
Coders and tech bros playing chance with the future
Security guru Bruce Schneier has issued a stark warning to the RSA 2016 conference—get smart or face a whole world of trouble.
The level of interconnectedness of the world’s technology is increasing daily, he said, and is becoming a world-sized web—which he acknowledged was a horrible term—made up of sensors, distributed computers, cloud systems, mobile, and autonomous data processing units. And no one is quite sure where it is all heading.
“The world-sized web will change everything,” he said. “It will cause more real-world consequences, has fewer off switches, and gives more power to the powerful. It’s less being designed than created and it’s coming with no forethought or planning. And most people are unaware that it’s coming.”…
Bruce Schneier chats with SearchSecurity during lunch at RSAC about IBM's plans to acquire Resilient Systems to complete their security offering.
RSA Conference is a place to meet and greet anyone involved in security these days, proved by a chance encounter with Bruce Schneier during lunch on Tuesday in the press room. And few individuals had news as big as Schneier, with the announcement yesterday that IBM would acquire Resilient Systems, the company where he serves as CTO.
“For the company, it’s fantastic; they have this whole big security strategy and you can see a big hole where we belong, and they see that,” Schneier told SearchSecurity while we waited for lunch to be rolled out…
Business leaders and IT security professionals don’t always see eye to eye—and that creates risk.
In this video, Resilient Systems CTO Bruce Schneier outlines ways for business and security leaders to build trust and create a security-focused organizational culture.
Without proper controls, minor—yet insecure—behaviors can become accepted habits at organizations. And that can lead to major security risks.
In this video, Resilient CTO Bruce Schneier explains how security leaders can spot insecure practices, and stop them from taking hold at their organization.
A new report shows that anti-crypto laws wouldn't change a thing, as criminals would simply look globally
In response to attempts to put restrictions on encryption technology, a new report surveys 546 encryption products in 54 countries outside the United States, out of 865 hardware and software products total.
The report demonstrates that encryption technology is very international in nature and that it is impossible for local regulations to have any effect on it, said Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard University,
“The cat is out of the bag,” he said. “It is an international world. All the research is international and has been for decades. All the conferences are international and have been for decades.”…
Political views aside, it is important to be aware of the fact that what we post online has a footprint. This is something I always tell my daughters and the younger generations. After reading “Data and Goliath” by Bruce Schneier, it is clear why corporate and government surveillance is on the rise—but more importantly the book is a good resource for learning how to protect your privacy online, if you so choose.
One story that this book reminded me of is from a few years back. The premise of the story being that targeted advertising from this teen girl’s online behavior figured out that she was pregnant before her dad did. Here’s an excerpt of the New York Times article:…
Anyone seeking to keep their data hidden could use hundreds of encryption services offered by companies outside the US if Washington compels tech companies to decrypt communications.
If Washington forces American tech companies to give law enforcement access to encrypted communication, it might not provide the advantage investigators want when tracking terrorists or criminals.
Companies outside the US are responsible for nearly two-thirds of tech products that offer some form of encryption, according to a study released Thursday from renowned cryptographer Bruce Schneier. Because those firms are beyond the reach of US laws, he said, anyone who wants to avoid American intelligence agencies or police eavesdropping could simply switch to another secure platform…
In recent months, the FBI has been pushing for stronger US restrictions on encryption—but a new report from Harvard’s Berkman Center suggests such laws reach only a small portion of the relevant products. Taking a census of 865 different encryption products from around the world, the report finds that roughly two-thirds are produced and distributed overseas, outside the jurisdiction of US law. Germany was the biggest source of non-US crypto, with 112 separate products either for sale or available free. Just over a third of the foreign products make their code available as open source…
Just today, security technologist and author Bruce Schneier, along with Kathleen Seidel and Saranya Vijayakumar, unveiled a new international survey of encryption products compiled as part of his fellowship at the Berkman Center for Internet and Society at Harvard University. The survey found a total of 865 hardware or software products incorporating encryption from 55 different countries, 546 (around two-thirds) of which were from outside the US. The products included voice encryption, file encryption, email encryption, and text message encryption products, as well was 61 VPNs…
Like playing a frustrating game of whack-a-mole
In 1999, when a fierce crypto war was raging between governments and developers, researchers undertook a global survey of available encryption products.
Now security guru Bruce Schneier and other experts have repeated the exercise, and it spells bad news for those demanding backdoors in today’s cryptography.
The latest study analyzed 865 hardware and software products incorporating encryption from 55 countries, with a third of them coming from the US. That’s up from 805 in 35 countries in 1999.
The goal of the survey is to catalogue available products and applications, rather than score or rate them. The team did not have the time to evaluate each system in depth. One thing the list does demonstrate, though, is the wide availability of software with builtin encryption, distributed from all corners of the globe…
If the US government tries to strong-arm American companies into ending the sale of products or applications with unbreakable encryption, the technology won’t disappear, a group of researchers conclude in a new report. It would still be widely available elsewhere.
Some US law enforcement officials argue that unbreakable encryption is interfering with legal surveillance of suspected criminals and terrorists. And some members of Congress are pushing for a nationwide requirement that encryption allow for law-enforcement access.
But the three researchers—Bruce Schneier, a cryptologist and fellow at the Berkman Center for Internet & Society, Kathleen Seidel, an independent researcher, and Saranya Vijayakumar of Harvard—compiled a list of at least 865 hardware and software encryption products available in 55 different countries. More than 500 of them come from outside of the United States…
An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.
The report, prepared by researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors …
Findings point to negative impact on US Companies and Internet users
A newly completed international survey of encryption products found 546 different products from 54 different countries outside the US. This survey was headed by Bruce Schneier, as part of his Fellowship at the Berkman Center for Internet and Society at Harvard University.
The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to choose from. These foreign products offer a wide variety of secure applications—voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency—providing the same levels of security as US products do today…
Organizations are overwhelmed with security alerts—far more than they can reasonably manage. Incident response orchestration and automation can go a long way in helping teams resolve security events faster and more effectively.
Networked technology increasingly touches all aspects of our lives. When essential systems are connected to a networked environment, it becomes important to make sure that they’re protected from attack. We continue improving the mathematics and algorithms used to secure these systems, but attackers tend to exploit weaknesses in how the math-ematics and technologies are used.
As effective security becomes more vital, many computer science students are becoming interested in making security part of their education. I talked to Bruce Schneier, a leading cybersecurity thinker, and asked him how students might prepare themselves for a career in this field. See the entire interview at …
Bruce Schneier, the well-known cryptographer, author, and security expert, is today’s guest on the On the Wire podcast. Dennis Fisher talks with Schneier about the pervasiveness of commercial and government surveillance and tracking, the emerging problem of IoT security, and what can be done to address the technical and policy issues all of this entails. They also discuss the ideas in Schneier’s latest book, Data and Goliath, and what might be the theme for Schneier’s next one.
Data and Goliath—the very title invites you to read and have fun. But make no mistake—this is not a whimsical book. Rather,
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier, is sobering and frightening. When Schneier, whom Wired magazine called “one of the world’s foremost security experts,” writes, “[w]e are living in the golden age of surveillance,” he does not mean it approvingly.
Schneier points out that this golden age of surveillance did not happen by accident. Indeed, we Americans have chosen convenience and safety over privacy. For the convenience of cell phones, the Internet, the Cloud, and other technologies, we have given corporations the right to know virtually everything about us at every moment of every day. And, for safety from all things dangerous, such as child abductors, drug dealers, and certainly terrorists, we have relinquished our privacy, along with our civil liberties…
Sidebar photo of Bruce Schneier by Joe MacInnis.