CYBER WATCHDOGNotions of security too often rely on Ďmagical barriers,í says Bruce Schneier í84, one of the nationís leading experts on cybersecurity.
By Jeffrey Marsh
The insecurity of a technological world confronted with cyberhacking, computer viruses, and the threat of terrorist attack means job security to Bruce Schneier í84.
As cofounder and chief technical officer of Counterpane Internet Security, Schneier is well versed in the flaws that lurk in security systems, and a conversation with him can make even the most technologically savvy feel a little insecure.
"Security is only as good as the weakest link," Schneier says between calls from reporters looking for his opinion on a new government cybersecurity report. (He hasnít yet read the report but still offers up some juicy quotes.) "Iím asked all the time how to make things more secure. ĎShould we do this, or should we do that?í I donít know. It depends."
Despite millions of dollars being spent on high-tech security features to protect everything from computer networks to airports, flaws exist in any system, Schneier says. That challenge is what Schneier, a longtime fan of cryptography and codes, finds so interesting.
A former devotee of applying advanced math to codes and ciphers, Schneier has written several books, including 1995ís Applied Cryptography, that are considered vital to the field. Cryptography, or the use of codes to make messages unreadable to those who lack the key that unlocks the hidden data, has long been centered around the concept that math is a perfect vehicle for encrypting information.
While that appealed to the former Rochester physics major, he has come to realize that even the strongest and most unbreakable codes can be made irrelevant when under the right attack.
"Itís like putting a huge stake in the ground and hoping the enemy runs into it," Schneier says. "It doesnít matter how high or how strong you make it, the enemy will just run around it. A lot of cryptography ignores the fact that the enemy just ignores it."
Thatís why Schneierís company—based in the high-tech epicenter of Silicon Valley, California (although he works from his home in Minneapolis)—takes a more basic approach to offering network security. The equivalent of putting an armed security guard outside a bank vault, Counterpane uses human workers to monitor network traffic and hacking attempts instead of relying solely on fancy code. He says the business is much like a high-tech alarm company, watching for criminals and then shutting down the network or blocking out intruders before they can cause any real damage.
"One thing I always stress to our clients is that technology is not going to save you," Schneier says. "Thereís always some new threat that the people who created that technology did not anticipate."
During positions with the government and Bell Labs early in his career, Schneier continued to hone his interest in codes and cryptography. His books and research, along with his human-focused approach at Counterpane, have established him as an oft-quoted security expert.
For all his focus on the flaws in virtually every security system, Schneier might seem an anxious person. Yet he isnít particularly worried. He says the key is not to focus on the threats.
"Iím not convinced itís all that bad," he says. "Too much of security today as envisioned by our government relies on magical barriers, but those barriers arenít going to work. If you want to be secure, donít think about the barriers. Just live your life."
|©Copyright 1999 2004 University of Rochester|