Bruce Schneier: More on the Broad View of Security
Schneier on how other fields can contribute to solving security puzzles. (Part of the What Happens Next security predictions series.)
By Derek Slater
January 05, 2009 — CSO —
Bruce Schneier's evolution of interests is well documented, moving from encryption to broader and broader perspectives on security. (Hence his recent appearance on 60 Minutes, commenting on TSA's airport screening procedures.) To bring wider perspectives to bear on security issues, Schneier (Chief Security Technology Officer at BT) held in 2008 the first Workshop in Security and Human Behavior, with participants from a broad swath of disciplines including economics, psychology and more.Schneier spoke with CSOonline about his multidisciplinary view of the field and plans for 2009.
CSO: What was the biggest surprise or most enlightening development at the Workshop in Security and Human Behavior?
The most interesting aspect of the workshop was how different the ways in which people were thinking about the same sorts of issues. Security is fundamental to many different disciplines, sometimes more explicitly than others, and different researchers have been working on the same sorts of problems, within their own discipline, for years. It was fascinating getting everyone in the same room and talking to each other.
For example, a lot of the seemingly irrational security trade-offs that the behavioral economists have documented can be explained by the evolutionary psychologists. And the effectiveness of social engineering with regards to computer attacks can, in part, be explained by those working in deception detection.
Gary Steele, the CEO of Proofpoint, mentioned recently that they have hired a bunch of people with backgrounds in gene sequencing, because it's all about pattern matching and thus directly applicable to problems like large-scale spam detection. What other fields are already contributing directly to security in surprising ways?
Lots of disciplines contribute to security in surprising ways all the time. Security is an application as well as a discipline, so developments in many areas affect security. Think about the invention of the radio, which completely changed the world of policing. Or computing technology. Or automobile technology, used by both police and bank robbers. Or number theory, which was completely academic until Diffie and Hellman invented public key cryptography. Or, well, everything else.
Are you planning another workshop for 09, and how might it differ from the first?
We are. Originally we thought that we should focus the workshop more, on a specific problem, but then we decided to do it the same way as the first: to have 50 or so people come together and talk about the particular aspect of security and human behavior that they're working on. What's most valuable about the workshop is the interactions between disciplines, and we want to encourage that as much as possible.