USENIX LISA: Security Theater Plays a Role - Bruce Schneier's Keynote
The opening keynote Thursday of the USENIX LISA conference in San Diego was by author and security expert Bruce Schneier. In his opinion "perceived security" should be an aspect of all security implementation.
The large conference room was packed at Schneier's presentation, "Reconceptualizing Security." In one of his first slides, he pointed out that security has always been one of the basic human instincts by showing the part of the brain known as the amygdala where the emotion of fear (and its opposite, security) is seated. Schneier joked that "the newer part of the human brain responsible for heuristics is still in beta." He undermined the discrepancy between subjective feelings and provable facts with a few examples. Deviating from his slides and presentation material, he relied mainly on his words and gestures. "Security is at one time feeling and reality," according to his thesis, "You can feel safe without actually being safe, and you can feel unsafe for no apparent reason."
Schneier applied his thesis to a phenomenon he called "security theater." As an example he used the safety screw cap, designed to quell any fear that the content of the bottle might have been tampered with. He could think of at least ten ways that the content could be compromised, mentioning a syringe for one. Nevertheless, tamper-proof bottles provide an objective sense of security, which proved a saving grace for the medication industry after some well known poisoning incidents. Schneier felt that "as technicians, we kid ourselves that the security for which we're responsible is reliabable. That isn't true. We forget that humans play a major role."
Ignoring the emotional part of security is wrong in Schneier's judgment, and he advises technicians to incorporate the "security theater" concept in their work. Responding to a question about statistics, he suggested that they have little effect: "People who know statistics think they work better, but they don't." According to him, security models should adhere closely to reality, while recognizing that reality is mutable. His conclusion: "It's only when the feeling and the reality of security converge that we have real security."
Issue 14: Raspberry Pi Handbook/Special Editions
Tag Cloud
News
-
SCO Rises from the Swamp
Longtime litigator revives an ancient suit against IBM alleging Linux infringes on Unix copyrights.
-
UberStudent Project Releases UberStudent 3.0
Specialty distro keeps the focus on advanced learning.
-
openSUSE Conference Approaches
The openSUSE Conference will be held July 18-22, 2013, at the Olympic Museum in Thessaloniki, Greece.
-
Drupal.org Hacked
Security breached at home sites of the CMS project.
-
Oracle Takes Action on Java Security
Lead Java developer vows policy changes and more attention to fixing problems.
-
Google and NASA Partner in Quantum Computing Project
Vendor D-Wave scores big with a sale to NASA's Quantum Intelligence Lab.
-
Mageia Project Announces Mageia 3 Linux
Many package updates and Steam integration highlight the latest from the Mandriva-based community Linux.
-
FSF Outs the World Wide Web Consortium over DRM Proposal
Richard Stallman calls for the W3C to remain independent of vendor interests.
-
Debian 7.0 Debuts
The new release supports nine architectures, 73 human languages, and zero non-Free components.
-
Alpha Version of Fedora 19 Released
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.