Bruce Schneier Q&A: The Endless Broadening of Security

For Bruce Schneier, the security discipline still evolves and expands. Now he's the one trying to expand it.

1 2 Page 2
Page 2 of 2

Schneier: There are several reasons for this gap. One is systemic, the bad guys are always going to be at least one step ahead of the good guys—they're more nimble, have less bureaucracy, are quicker to adapt to new technologies, etc.—and in a fast-changing technological world this gap is only going to get worse. The second is tactical; we are focused more on technology than on the broader picture. Security companies sell technological point solutions, so naturally they focus attention on those solutions. News stories are about tactics, which reinforces this view. And we're all enamored with technology; otherwise, we would be doing something else for a living, and we often ignore the forest for whatever neat techie trees we're currently working with.

CSO: You always seem to find inspiration for security wisdom in unusual places. Do you have any for us?

Schneier: I find the most surprising security wisdom in the insect world. It shouldn't come as a surprise. Evolutionarily, they've tried just about everything. Attack-and-defense techniques that worked were repeated, and those that failed weren't. Because evolution tries solutions at random and stops at the first workable solution found, insects tended to arrive at interesting and surprising solutions. It's common to find insect countermeasures that are non-obvious, but nonetheless effective.

CSO: Non-obvious security solutions?

Schneier: By and large, ants differentiate friends from foes by their sense of smell. There are some beetles that have evolved to defeat this security system by sneaking into the ant colony and laying low, playing dead if attacked, until they acquire the scent of their ant neighbors. After that, they're tolerated in the nest by the ants even as they feast on ant larvae.

Another story: Some flowers have long tube-like shapes to prevent bees, which don't pollinate them very effectively, from stealing their nectar. They prefer long-tongued hummingbirds. But some bees have evolved to chew a hole in the side of the flower and get the nectar that way.

But the neatest story I've found is about how lima bean plants defend themselves. When two-spotted spider mites attack them, the plants emit a chemical distress signal. The distress signal helps in three distinct ways. One, it gets other, nearby lima bean plants to start sending out the same distress signal, even if they're not being attacked yet. Two, it repels other two-spotted spider mites. And three, it attracts carnivorous mites to land on the lima bean plants and prey on the herbivorous two-spotted spider mites. Yes, the plants have evolved to call in air strikes against their attackers.

1 2 Page 2
Page 2 of 2
Security Smart: 4 Common Password Myths ... Debunked!