RSA 2012: Schneier Reveals Three Biggest Information Security Risks in 2012
In his session at the RSA Conference in San Francisco, February 28th 2012, Bruce Schneier listed what he perceives to be the three biggest risks to information security right now: The rise of big data; ill-conceived law enforcement regulations; and the cyberwar arms race.
The rise of big data
The rise of big data, Schneier declared, is inevitable due to the cost of saving data being so cheap. "It's easy and cheaper to search than sort," he said. "The collection of data is being aggravated – mainly so the companies doing it can make more money… Companies like Apple, Amazon and Google are all competing to be the company that monetises your data."
Schneier spoke of the lack of control that users have over their smartphones and portable devices. "I can't do things as a security professional on my iPhone. Apple doesn't give me the same access control that I have on my personal computer," he said.
Ill-conceived regulations from law enforcement
Schneier named 'Ill-conceived regulations from law enforcement' the second biggest risk. "Mostly, what they propose is dumb," he declared. "There is an honest desire to make the internet safer," but the tactics used in this quest "use fear to pass legislations." Schneier also denounced companies that use manipulation to encourage a law which serves their business model.
His advice to protect your privacy online included using skype and securing data by deleting it.
"I worry that we'll be forced to design an internet kill-switch – I imagine it as a big red switch on Obama's desk. The problem is, I don't trust it would be possible to make this only available to the President."
Schneier also declared the concept of 'no anonymity' a more expensive, and less secure, proposal. "You can't eliminate anonymity," he stressed.
Cyberwar arms race
Schneier's third and final security threat was what he terms 'cyberwar arms race', which he insisted is now in the early stages. "There's a lot of hype about cyberwar. It's talked about, worried about, and nations are preparing for it with both defensive and attack technologies."
"The US is stock piling cyber weapons," he declared, using HBGary as an example. "We are in the early years of a cyberarms race and it's very destabilising. There is a lot of money in cyberarms at the moment and the results will be instability, more government control, more money poured into standards and less security for us all," he said.
Schneier expressed concern that decisions regarding cyberarms are made at a lower-level, "when they should be the decision of Obama."
Schneier confessed his early reluctance to buy-in to the concept of APT attacks, but admits, "I've come around to APT, and I now think it captures something really important. If they're good, they never fail."
Schneier concluded with his information security predictions for the near future:
- The fundamental problem of security won't go away
- Less information security products sold to consumers and more sold to companies like Facebook
- More government work
- Increased secrecy
Schneier concluded his session with a plea to the audience: "We all need to get involved." Oh, and a plug of his new book.