Posted by: David Schneier
Here’s a mindbender for you: Not only have all of the security products that we’ve installed on our desktops and servers not made those machines secure, they have, in fact, made them less secure. Dan Geer, the dean of the security deep-thinkers’ set, said in his keynote speech this morning at Source Boston that if you believe, as he does, that complexity is the enemy of security, you can come to no other conclusion about the state of computer security at the moment.
“We’ve put so many products into these systems, that the complexity of the sum of the parts is part of the problem itself,” he said.
Geer, who was trained as a biostatistician before getting into the security game, also said that security practitioners should look to the natural world for examples of how to deal with complexity and the evolution of threats and countermeasures. But he also warned that the day is rapidly approaching when our machines will be the ones controlling us.
“We must learn from nature precisely because nature is the most complex system we’ve ever seen,” he said. “Within the career lifetime of everyone in this room, computers will be smarter than us.”
Geer is widely known for the depth and breadth of his knowledge, not just on security and statistics, but on a wide range of topics. But he’s also known for his facility with words, peppering his talks with memorable phrases and anecdotes. He didn’t disappoint today. Here are a few of his stray thoughts from today’s speech:
- “If you are losing a game you can’t afford to lose, change the rules.”
- “A backdoor unused is like a biological niche unused. Nature abhors a vacuum.”
- “Desktop systems need to die and be reborn often.”
- “Security is perhaps the most intelligent pursuit on the planet.”
So the next time your CEO wonders aloud about the value of security, just tell him what Dan Geer said.