The Barnes & Noble Review
How do you think about security after 9/11?
You have two options. There’s Chicken Little’s approach. Or Bruce Schneier’s. You can live in fear. Or you can get Schneier’s Beyond Fear.
Schneier’s one of the world’s leading information security experts. He authored the bestsellers Applied Cryptography and Secrets and Lies, and founded Counterpane Internet Security, a leader in enterprise-class managed security. (Maybe you’ve seen him on CNN or read the great Atlantic Monthly profile of him.)
His new book brings the common sense back to security -- and drives away much of the fear. He starts with five questions to ask about any security system, whether it’s designed to protect data, humans, or both. “The questions may seem, at first, to be obvious, even trivial. [But if you]…take them seriously, you will find they will help you determine which kinds of security make sense and which don’t.”
To begin, what are you trying to protect? What’s the job of airport security? To protect one flight, or an airport, or commercial aviation, or the entire transportation system, or the nation as a whole? Each is a different problem, each may have different solutions, and if you try to solve only one of them in isolation, you could make matters worse.
Next, what risks are you trying to protect against? And how well does the security solution mitigate those risks? Often, not nearly as well as advertised.
Assuming the security system works, what other risks does it cause? (How does the number of lives saved by arming pilots compare with the number of people who’ll be killed by pilots reacting to false alarms?)
Finally, what costs and trade-offs does the system impose? Trade-offs are subjective but must be thoroughly considered. (Absolute airline security could be ensured by grounding all aircraft permanently. We won’t do that. Just as we won’t require safety measures that double the price of a car, even though 40,000 Americans die yearly in auto accidents.)
You can’t consider trade-offs without asking: whose? Why are tweezers banned from flights when cigarette lighters aren’t? Says Schneier, it’s attributable to the relative power of the tweezer and tobacco lobbies. (By the way, it’s discomfiting to read that Schneier found all the makings of an incendiary device on sale at Newark, New Jersey airport shops inside the security perimeter.)
Schneier notes that “there hasn’t been a new crime invented in millennia”: Even deliberate biological warfare can be dated to 600 B.C. Motivations and objectives don’t change; only tools, methods, and results do. Technology creates temporary security imbalances, typically favoring the attacker. More powerful systems are inevitably more complex, hence less secure. Attackers are smart enough to attack systems at their weakest links; this can be addressed through defense in depth and compartmentalization. Detection works when prevention fails -- but only if linked to response.
Simple ideas, arguably. But Schneier shows how they can be used to respond to security challenges more intelligently -- and implement solutions that might actually work. This book’s worth your time -- and your congressman’s. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.