Bruce Almighty: Schneier preaches security to Linux faithful

Schneier is one of three keynote speakers at Linux.conf.au 2008 and speaks with Dahna McConnachie about his presentation, books and thoughts.

You have said that we have not yet seen true cyber war, but that it is not a myth. Does this mean that real cyber war is inevitable?

War is inevitable; we as a species don't know how to resolve large nation-state conflict without it. And any war encompasses all theatres: land, sea, air, and now cyberspace. Any future war will include a cyber component, so by that reasoning cyber war is inevitable. But don't think of it as a separate thing. Cyber war is part of war, and not a substitute for or a precursor to war.

Have most countries developed cyber-war tactics?

Of course not. There are 245 countries on the planet, and most of them aren't doing anything with respect to cyber-war. The large countries with large military budgets are. All of them. They'd be foolish not to.

Where do you think the tension between government's increased desire for information (in the form of data mining and surveillance for example) and public freedom and privacy will lead?

Martin Luther King Jr once said that the arc of history is long, but it bends towards justice. There will always be a tension between a government's desire to control its population and the peoples' desire for liberty. And while governments are winning today, mostly because of the scary bugaboo of terrorism, there's no reason to believe that this will continue. It may take a generation, but the balance will shift and liberty will again be important.

What are some examples of where too much trust has been placed in security products?

We trusted airport security before 9/11, with disastrous results. We trust firewalls, IDSs, encryption, and almost every computer security product, and are continually surprised when they're broken. No security system is perfect; defense in depth is the only reasonable strategy.

What are some of the most significant ways that Linux, open source software, and the free and open software philosophy have contributed to the security landscape?

The most important thing Linux has done to improve security is to be competition for Windows. Monopolies are complacent, and by being an alternative, Linux forces Microsoft to improve its own operating system.

What will be the biggest security issues in the future?

Crime. Crime, crime, crime. Everything else pales in comparison.

What will be the largest cyber-threats to freedom and privacy in the future?

Government. And criminals. Both are large threats, in different ways. The latter is more tactical; the former is more serious and more long term.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ARCBT AustralasiaCounterpaneGood TechnologyHewlett-Packard AustraliaHISHPLinuxMacsMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dahna McConnachie

Latest Videos

More videos

Blog Posts