WW: Bruce Schneier on why security can't work

Tue Mar 19 00:37:39 UTC 2013

In history, people get taken unawares, by their neighbours.
We don't implement systems to protect against that - no matter how
much betrayal stares us in the face. The price of peace is eternal
diligence and no-one writes that cheque.
>From Troy to Chamberlain - it's not an issue of finding new regimes of trust.
We look to trust whether or not it's warranted. That's a failure point.

Therefore somebody's going to get screwed at some point.
Anything less and we're already dead - only the dead have seen the end
of war ...
The difference here is the battleground and maybe the scale. Otherwise
there's nothing special about information systems.

Some time later the black plague/spanish flu comes along and teaches
us about fragility and brittleness.
I'm a fan of Bruce but looking to trust is not a prophylactic. Yes we
trust ... and scheme about destroying our neighbours or defending
ourselves or whatever.
Engineering against nature/mathematics is a much loftier pursuit.
Turn off the internet tomorrow for a day ... or a week or a year and
carry on. That's the only kind of resilience worth worrying about.
Everything else is a side show.
Crazy talk sure, the internet's JAM - Just Another Machine - but
worrying about bad people as the only stressor is setting the bar
pretty low.
We're much better off asking our hospitals "what will you do when the
network is broken for a year" than asking our network people how
they'll cope with bad guys and bad packets. That's the difference
between a real scenario and a faux pas and there's a big mix of the
two in the linked article ...