Q&A: Security expert says cyberterrorism is exaggerated

By Chris Conrath, ComputerWorld Canada

October 2, 2002 12:00 PM ET

Recommended

(5)

Digg

Twitter

Share/Email

Computerworld - Bruce Schneier, designer of the popular Blowfish encryption algorithm, CTO of Counterpane Internet Security Inc. and renowned security expert, spoke with Computerworld Canada during his recent visit to Toronto.
What follows are some excerpts from those discussions:

Q: Do companies care more about computer security since 9/11?
A: We have not learned from the attacks, but do not be too surprised. It is true for all of society. Why should IT be different? Companies should not care any more now than they did before. They should have cared before and they should care now. But are they caring enough? No, of course not.

Q: Other experts I have spoken to disagree completely, saying they have seen a dramatic change in attitude.
A:Those who say there has been big change, look at their agenda. That is my only advice. In this industry there is a lot of impetus to pretend that there is a security watershed and everybody is doing something. If you are not doing something, then you are left out. I think we are seeing a lot of that in the industry. We see a steady increase of people caring and a huge spike in interest after 9/11, but I didn't see as much of a spike of people buying. Security was the flavor of the moment for a few months, but not any more.

Q: Why is it so hard to get companies to change their security mentality?
A:One of the problems is that there is no list a company can give a client and say "do these seven things and you will be safe." Regardless, we are putting too much faith in technology. The problems are not technology, the problems are people. We love the idea that technology will save us, but the fact is that it almost never does.

Q: A recent FBI report warned of an increased risk in cyberterrorism. What is your read on this?
A: I don't think we have seen cyberterrorism and I don't think we are going to see it for a couple of decades. It is still more complicated to use technology for (terrorist gain). The closest thing that we have had is in Australia where someone hacked into a system and dumped sewage out into a bay. If you look at what he did, it took him dozens of attempts, he barely made it work, and it didn't do that much damage. That is not terrorism.

Q: You have said that what we are seeing is not true cyberterrorism but rather cyberhooliganism. Care to elaborate?
A:

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Defense/Aerospace

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.