Bruce Schneier: There Are Three Big Threats to Cybersecurity—and One Defense

BetaBoston partnered with Silicon Valley Bank, Hack/Reduce, and Terrible Labs on Thursday to host the Cyber Security Symposium. Security experts from Credit Suisse, Threat Stack, Bit9 and others convened for a day-long event, the second niche-focused conference put together by SVB, Atlas Venture's Cort Johnson and Terrible Labs' Smith Anderson after the Quantified Self Conference in March.

The event was capped off with a talk by security expert Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard, and the chief technology officer at Co3 Systems.

Schneier noted three trends he's currently tracking. First, he said, we are losing control of our IT infrastructure. Second, cyber attacks are becoming more sophisticated. And third, he found that the increasing involvement of governments in cyberspace is blurring the lines between public and private data.

"It used to be that our data was on our computers, under our control," Schneier said. "But that is no longer true; our data is now on networks being run by Apple, Google, Amazon, Facebook, etc." Schneier said this lack of control, which also extends to our devices, has great security implications.

The growing level of sophistication of cyber attacks—by nation states, hackers, and criminals—makes regular people particularly vulnerable.

"We never actually know who is targeting who," he said. "If we went outside and saw a tank, we would know that the military would be involved, because only the military could afford tanks," he said.

However, "that shorthand doesn't work on the Internet," he added. "As technology broadly spreads capabilities, the same attack tools that are used by hackers and criminals are used by the NSA and the Chinese and Iranian governments." This level of sophistication makes it quite challenging to figure out how to respond.

Lastly, Schneier put a spotlight on the increasing involvement of governments in cyberspace, which are not just targeting one another but corporate entities as well. At this point, he said, attack is much easier than defence.

So what's to be done? The big task ahead for cybersecurity experts building defence systems, Schneier said, is improving our ability to instantly respond to attacks.

"This is the decade where instant response becomes a serious product services category in IT. This is the way to counter the threats."

Categories: Articles, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.