Sam Varghese
Wednesday, 30 January 2008 06:06
Opinion and Analysis
Page 1 of 4
Security is essentially a tradeoff and the main question about it is not whether we are safe or not but whether it is worth it. Simple and to the point. That's the way Bruce Schneier, probably the world's foremost security expert, puts it.
And that is the reason why Schneier enjoys the reputatio he does - because like the few true intellectuals around, he is a fount of wisdom, not just knowledge.
Schneier gave the keynote address on the opening day of the main part of Australia's national Linux conference today; his topic was "Reconceptualising Security", something on which he is eminently qualified to speak.
As usual, he came to the point: "Security is both a feeling and a reality. You can feel secure without actually being secure and you can be secure even though you don't feel secure."
And how does one bridge the gap between people both knowing they are secure and feeling the same way? Once again, it's very basic: information is the only way.
With this as the central tenet of his talk, Schneier set out to illustrate it and did so with simple examples.
He said that within the industry people tended to discount the feeling in favour of the reality but the difference between the two was important. It explained why there was much of what he called "security theatre" that did not work and why so many smart solutions were never implemented.
By security theatre he said he meant the various "snake oil" solutions that addressed feelings and were no good in reality.
Citing the example of the attacks on the World Trade Centre in September 2001, Schneier said that shortly after the incident he had been asked by a journalist how the US could ensure that such an event never recurred.
He said his answer was very short: "Take all the planes out of the sky."
