[LACNIC/Seguridad] (fwd) B. Schneier: "Our Security Models Will Never Work — No Matter What We Do"

Fernando Gont fgont en si6networks.com
Mar Mar 19 01:37:31 BRT 2013



---- cut here ----
Our Security Models Will Never Work — No Matter What We Do
 By Bruce Schneier (03.14.13, 6:30 AM)

A core, not side, effect of technology is its ability to magnify power
and multiply force — for both attackers and defenders. One side creates
ceramic handguns, laser-guided missiles, and new-identity theft
techniques, while the other side creates anti-missile defense systems,
fingerprint databases, and automatic facial recognition systems.

The problem is that it’s not balanced: Attackers generally benefit from
new security technologies before defenders do. They have a first-mover
advantage. They’re more nimble and adaptable than defensive institutions
like police forces. They’re not limited by bureaucracy, laws, or ethics.
They can evolve faster. And entropy is on their side — it’s easier to
destroy something than it is to prevent, defend against, or recover from
that destruction.

For the most part, though, society still wins. The bad guys simply can’t
do enough damage to destroy the underlying social system. The question
for us is: can society still maintain security as technology becomes
more advanced?

I don’t think it can.

Because the damage attackers can cause becomes greater as technology
becomes more powerful. Guns become more harmful, explosions become
bigger, malware becomes more pernicious … and so on. A single attacker,
or small group of attackers, can cause more destruction than ever before.

This is exactly why the whole post-9/11 weapons-of-mass-destruction
debate was so overwrought: Terrorists are scary, terrorists flying
airplanes into buildings are even scarier, and the thought of a
terrorist with a nuclear bomb is absolutely terrifying.

As the destructive power of individual actors and fringe groups
increases, so do the calls for — and society’s acceptance of — increased
Rethinking Security

Traditional security largely works “after the fact”. We tend not to ban
or restrict the objects that can do harm; instead, we punish the people
who do harm with objects. There are exceptions, of course, but they’re
exactly that: exceptions. This system works as long as society can
tolerate the destructive effects of those objects (for example, allowing
people to own baseball bats and arresting them after they use them in a
riot is only viable if society can tolerate the potential for riots).

When that isn’t enough, we resort to “before-the-fact” security
measures. These come in two basic varieties: general surveillance of
people in an effort to stop them before they do damage, and specific
interdictions in an effort to stop people from using those technologies
to do damage.

But these measures work better at keeping dangerous technologies out of
the hands of amateurs than at keeping them out of the hands of

And in the global interconnected world we live in, they’re not anywhere
close to foolproof. Still, a climate of fear causes governments to try.
Lots of technologies are already restricted: entire classes of drugs,
entire classes of munitions, explosive materials, biological agents.
There are age restrictions on vehicles and training restrictions on
complex systems like aircraft. We’re already almost entirely living in a
surveillance state, though we don’t realize it or won’t admit it to
ourselves. This will only get worse as technology advances … today’s
Ph.D. theses are tomorrow’s high-school science-fair projects.

Increasingly, broad prohibitions on technologies, constant ubiquitous
surveillance, and Minority Report-like preemptive security will become
the norm. We can debate the effectiveness of various security measures
in different circumstances. But the problem isn’t that these security
measures won’t work — even as they shred our freedoms and liberties —
it’s that no security is perfect.

Because sooner or later, the technology will exist for a hobbyist to
explode a nuclear weapon, print a lethal virus from a bio-printer, or
turn our electronic infrastructure into a vehicle for large-scale
murder. We’ll have the technology eventually to annihilate ourselves in
great numbers, and sometime after, that technology will become cheap
enough to be easy.

As it gets easier for one member of a group to destroy the entire group,
and the group size gets larger, the odds of someone in the group doing
it approaches certainty. Our global interconnectedness means that our
group size encompasses everyone on the planet, and since government
hasn’t kept up, we have to worry about the weakest-controlled member of
the weakest-controlled country. Is this a fundamental limitation of
technological advancement, one that could end civilization? First our
fears grip us so strongly that, thinking about the short term, we
willingly embrace a police state in a desperate attempt to keep us safe;
then, someone goes off and destroys us anyway?

If security won’t work in the end, what is the solution?

Resilience — building systems able to survive unexpected and devastating
attacks — is the best answer we have right now. We need to recognize
that large-scale attacks will happen, that society can survive more than
we give it credit for, and that we can design systems to survive these
sorts of attacks. Calling terrorism an existential threat is ridiculous
in a country where more people die each month in car crashes than died
in the 9/11 terrorist attacks.

If the U.S. can survive the destruction of an entire city — witness New
Orleans after Hurricane Katrina — we need to start acting like it, and
planning for it. Still, it’s hard to see how resilience buys us anything
but additional time. Technology will continue to advance, and right now
we don’t know how to adapt any defenses — including resilience — fast

We need a more flexible and rationally reactive approach to these
problems and new regimes of trust for our information-interconnected
world. We’re going to have to figure this out if we want to survive, and
I’m not sure how many decades we have left.
---- cut here ----

Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Más información sobre la lista de distribución Seguridad