Bruce Schneier Q&A: The Endless Broadening of Security

For Bruce Schneier, the security discipline still evolves and expands. Now he's the one trying to expand it.

CSO: Let's talk about some of what's happened in the security world over the past five years. The Department of Homeland Security recently celebrated its fifth anniversary. Most people associate DHS with orange alerts, airport security lines, and Hurricane Katrina. How would you evaluate DHS over its first five years? Is DHS important to the future? Should it exist?

Schneier: The DHS was formed by throwing together a bunch of different organizations under new management, and it has spent most of its effort trying to coordinate all these organizations. Herding cats is easy compared to what the DHS is trying to do; you can tell by the very public failures we all talk about. I always thought creating a large new bureaucracy wasn't the way to help. And, unfortunately, the politicization of the DHS over the past five years has contributed to the problem. The DHS in its current form should be disbanded.

Two security truisms are relevant here. One, security decisions need to be made as close to the problem as possible both in terms of time and space. There is a lot of room for abuse, so oversight is vital, but it's also more flexible and adaptive. And two, security analysis needs to happen as far away from the sources as possible. The whole picture is larger than any single agency, and each one only has access to a small slice of it. What this means is that we would do better as a nation if our counterterrorism response were coordinated centrally but implemented in a distributed fashion. Back in 2002, I wrote that "The new Department of Homeland Security needs to coordinate but not subsume." I still agree with that.

CSO: This is an elegant model for security: Act locally; think globally. It's what FEMA was celebrated for before it became part of DHS. It's so simple. Why don't we do this more?

Schneier: The U.S. Marine Corps, actually, have a doctrine that decisions are made close to the action, by people on the ground who know the situation best.

Two things prevent people from taking this approach: control and fear. Governments like control, and are predisposed to solutions that involve more centralized control. And people dislike fear. When people are scared, they'll do anything to make that feeling go away. Combine a government that wants control with people who will do whatever the government says they should, and you have the current situation.