Computer and Internet security guru Bruce Schneier proclaimed that “the Internet is too complex to secure,”during a speech on the last day of the Black Hat Briefings security conference held in Las Vegas in July.
“Often when I tell people that, they get very disturbed,” he said. “We’re losing ground every year,” because every new product is less secure, every new level of complexity or integration makes a product less secure, Schneier added.
Events seem to bear out his conclusions: despite there being more computer security companies and software than at any other time, viruses, worms, Web page defacements and other security incidents are seemingly happening more often than ever before.This is because security is approached with the wrong attitude, he said.
Rather than focusing energies and budgets on prevention, computer security efforts ought to be spread across prevention, detection and response, he said. Though prevention is important, it is not foolproof, he said. Having the other two features will help manage and mitigate risks, he said. “Detection, response – if it works well enough – makes up for shoddy prevention,” said Schneier, whose company, Counterpane, sells a security monitoring service.