USENIX LISA: Security Theater Plays a Role - Bruce Schneier's Keynote
The opening keynote Thursday of the USENIX LISA conference in San Diego was by author and security expert Bruce Schneier. In his opinion "perceived security" should be an aspect of all security implementation.
The large conference room was packed at Schneier's presentation, "Reconceptualizing Security." In one of his first slides, he pointed out that security has always been one of the basic human instincts by showing the part of the brain known as the amygdala where the emotion of fear (and its opposite, security) is seated. Schneier joked that "the newer part of the human brain responsible for heuristics is still in beta." He undermined the discrepancy between subjective feelings and provable facts with a few examples. Deviating from his slides and presentation material, he relied mainly on his words and gestures. "Security is at one time feeling and reality," according to his thesis, "You can feel safe without actually being safe, and you can feel unsafe for no apparent reason."
Schneier applied his thesis to a phenomenon he called "security theater." As an example he used the safety screw cap, designed to quell any fear that the content of the bottle might have been tampered with. He could think of at least ten ways that the content could be compromised, mentioning a syringe for one. Nevertheless, tamper-proof bottles provide an objective sense of security, which proved a saving grace for the medication industry after some well known poisoning incidents. Schneier felt that "as technicians, we kid ourselves that the security for which we're responsible is reliabable. That isn't true. We forget that humans play a major role."
Ignoring the emotional part of security is wrong in Schneier's judgment, and he advises technicians to incorporate the "security theater" concept in their work. Responding to a question about statistics, he suggested that they have little effect: "People who know statistics think they work better, but they don't." According to him, security models should adhere closely to reality, while recognizing that reality is mutable. His conclusion: "It's only when the feeling and the reality of security converge that we have real security."
Issue 252/2021
Buy this issue as a PDF
News
-
GNOME 41 Has Arrived
The latest version of the GNOME desktop environment has been released with new functionality and plenty of improvements.
-
System76 Updates the 15" Pangolin with Ryzen
System76 announced they’re updating the Ryzen-powered Pangolin laptop to meet today’s need for more power.
-
KDE Plasma 5.23 Promises Plenty of Subtle Improvements
The next release of the KDE Plasma desktop includes new features, numerous improvements, and plenty of bug fixes.
-
GNOME 41 Beta is Now Available
The most popular open-source desktop environment is on the cusp of yet another new release, but don’t expect the massive changes found in the previous iteration.
-
Debian 11 “Bullseye” Now Available
The developers of Debian have released the latest version of the operating system so many distributions depend on.
-
Elementary OS 6 Odin Now Available
The developers of elementary OS have released their latest iteration which is all-in on Flatpaks and all about the user experience.
-
Kubuntu Focus Team Announces High-Performance Focus XE
The team behind the KDE-powered Linux laptops is now offering an ultra-portable laptop that doesn't skimp on performance.
-
Solus 4.3 Available for Download and Installation
The latest iteration from the Solus developers is out with kernel 5.13 and plenty of new features, bug fixes, and new hardware support.
-
Steam Deck Linux-Powered Gaming System Set to Take Over the Handheld World
A Linux and KDE-powered portable gaming platform is set to be released by Valve.
-
Linux Mint 20.2 Available and Better Than Ever
The developers of Linux Mint have gone a long way to perfecting the desktop experience.