Schneier on Security

Feudalism is an apt model for security today. We pledge our allegiance to service providers, and expect them to provide us with security in return. Too often, this security is completely opaque, with results all over the map. Navigating this new world of feudal security is going to be the major challenge for CISOs in the current decade. This talk examines both the challenges and the solutions.

Listen to the Audio on RSAConference.com

Human societies run on trust. Every day, we all trust millions of people, organizations, and systems—and we do it so easily that we barely notice. But in any system of trust, there is an alternative, parasitic, strategy that involves abusing that trust. Ensuring defectors don’t destroy the very cooperative systems they’re abusing is an age-old problem. So society has developed a variety of pressures to induce cooperation: moral systems, reputational systems, institutional systems, and security systems. Understanding how these different societal pressures work—and fail—is essential to understanding the problems we face in today’s increasingly technological and interconnected world…

Bruce Schneier gave a keynote address at the Computers, Freedom, and Privacy Conference.

Listen to the Audio

Mr. Schneier examined the future of cyber war and cyber security.  He explored the current debate on the threat of cyber war, questioning whether or not the threat had been over-stated, positing that it had. He then explored the range of attacks that have taken place, including the Latvian DOS attack in 2007 and the Stuxnet worm, which was designed to attack an industry control system.

The address concluded with an exploration of the future of international treaties on cyber war, suggesting possible treaties might focus on the appropriateness of attacking civilian targets, the issue of trojan attacks and other topics…

Listen to the Audio on BlackHat.com

Bruce Schneier spoke at the Weisman Art Museum, in connection with the Paul Shambroom exhibition “Picturing Power.”

Listen to the Audio

Security is both a feeling and a reality.  You can feel secure without actually being secure, and you can be secure even though you don’t feel secure.  In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important.  It explains why we have so much security theater that doesn’t work, and why so many smart security solutions go unimplemented.  Several different fields—behavioral economics, the psychology of decision making, evolutionary biology—shed light on how we perceive security, risk, and cost.  Learn how perception of risk matters and, perhaps more importantly, learn how to design security systems that will actually get used…