Schneier on Security

Speaking in the opening keynote of the virtual (ISC)² Security Congress, renowned security technologist and best-selling author Bruce Schneier discussed the public-interest aspects of technology.

In particular, he explored the ethics of data privacy and security, whilst also outlining how today’s cybersecurity professionals are more than technologists; the work they do affects society as a whole.

“In cybersecurity, government access to encrypted communications has been the subject of a 25-year long debate. On the one side, there are police claiming they are going dark and need access to encrypted data in order to solve crimes. On the other side, security experts say it is impossible to provide that access without making systems insecure.”…

The method, procedures, and practices used by cybersecurity professionals have relevance beyond just the technology sphere; they can also be used to hack society.

That’s the view espoused by Bruce Schneier, security technologist, researcher, and lecturer at the Harvard Kennedy School, during a keynote session at the RSA Conference in San Francisco.

“This is the big idea: we here in our community have developed some very effective techniques to deal with code and technology,” Schneier said. “Can our expertise in IT security transfer to broader social systems like the tax code, or the systems we use to choose our elected officials or the market economy?”…

“The Internet of Things (IoT) is our next big security challenge and I think it’s the way we are going to be colliding with the real world in interesting ways.”

Speaking at Infosecurity Europe 2016 Bruce Schneier said that securing the IoT is a lot about what we already know, and some of what we don’t know.

“It’s one big inter-connected system of systems with threats, attackers, effects; the IoT is everything we’ve seen now, just turned up to 11 and in a way we can’t turn it off.”

As the IoT becomes more connected it also becomes more physical, invading our lives on an unprecedented scale with more real-world consequences when a breach occurs, and it’s something that we can’t afford to fail to secure, Schneier explained…

Network breaches are inevitable. It’s what happens next that really matters, said renowned cryptographic expert Bruce Schneier during the Black Hat security conference.

If there is something the organization has the attacker wants, the attacker will figure out a way to get in. Regardless of how much the organization invests in its defenses, attackers need to find that one weak spot to succeed. This is why incident response—being able to detect an incident had occurred, and then being able to respond effectively to remediate the incident—is so critical…

Bruce Schneier has been a vocal critic of the mass surveillance being conducted by the NSA and GCHQ. The security expert recently left his post at BT and joined the board of digital rights firm Electronic Frontier Foundation (EFF), one of TrustyCon’s organizers. Although several of TrustyCon’s speakers were part of the group who withdrew from their speaking commitments at last week’s RSA Conference, Schneier was featured on the agenda at both events.

Schneier said that the NSA’s surveillance capabilities are far and away the most advanced in the world, but not necessarily the most skilled. What the Snowden documents have provided are a window into what’s going on at the NSA, he added, “but they are the same sorts of things that any well-funded government is doing – Israel, China, France, and anyone with a budget. It just so happens that the US has the largest budget.”…

Software liability laws are needed to hold software companies accountable for making faulty products, argued Bruce Schneier, chief technology security officer with BT during a pro-con debate held Wednesday at the RSA Conference.

Schneier said that liability laws would transfer the economic cost for faulty software from the user to the developer and provide an incentive for the developer to fix the problem.

He compared the situation of the software market to the early days of the automobile industry when Congress passed laws that held auto manufacturers responsible for faulty vehicles that caused accidents. This prompted the auto industry to begin fixing the problems, such as stop using wooden wheels that would fall apart at high speeds…

In his session at the RSA Conference in San Francisco, February 28th 2012, Bruce Schneier listed what he perceives to be the three biggest risks to information security right now: The rise of big data; ill-conceived law enforcement regulations; and the cyberwar arms race.

The rise of big data

The rise of big data, Schneier declared, is inevitable due to the cost of saving data being so cheap. “It’s easy and cheaper to search than sort,” he said. “The collection of data is being aggravated – mainly so the companies doing it can make more money… Companies like Apple, Amazon and Google are all competing to be the company that monetises your data.”…

At the RSA Conference 2012 in San Francisco, February 29, Bruce Schneier and Davi Ottenheimer discuss Schneier’s latest book and how to enable the trust that society needs to thrive.

Following on from Schneier’s talk yesterday on the three biggest risks to information security in 2012, this discussion focussed purely on the topic of Schneier’s latest book, Liars and Outliers.

Here are some of the session highlights:

• Security depends on people. “I started in cryptography because I didn’t like people. I wanted to study numbers. Anyone in security needs to understand that people act in unpredictable ways.”…