Wednesday, August 11, 2004

Wasting Money On Security

Bruce Schneier is a computer security guru. His book Applied Cryptography is considered the standard reference for encryption and secure protocols. He's followed that up with authoritative books exploring social engineering and other security risks, making him a household name among slashdotters. He was interviewed by Newsweek for his opinions on anti-terror measures in the US. Some choice quotes:

"You can imagine living in a community where the landlord keeps hornets’ nests, and he keeps whacking the nests. And then he keeps telling you, you need to buy protective clothing. He’s right, but I wish he’d stop whacking the nest. In a sense that’s what we are doing. Far better for our security would be to deal with the underlying geopolitical situations that cause the problem. That may be politically untenable, but as a security professional, that is the best way to spend your money."


"I think it’s an enormous waste of money. Politicians tend to prefer security countermeasures that are very visible, to make it look like they’re doing something. So they will tend to pick things that are visible even if they are less effective. Training FBI agents in Arabic is a really good idea, but no one is going to see it. Fingerprinting foreigners at the border is a very visible thing that, even if it is less effective, is going to look like we’re doing something."

No comments: