Schneier speaks his mind


Over the past several weeks ComputerWorld Canada senior writer Chris Conrath had a series of conversations with Bruce Schneier, designer of the popular Blowfish encryption algorithm, CTO of Counterpane Internet Security Inc. and renowned security expert, during his recent visit to Toronto. What follows are some excerpts from those discussions.

CWC: Do companies care more about computer security since 9/11?

We have not learned from the attacks, but do not be too surprised. It is true for all of society. Why should IT be different? Companies should not care any more now than they did before. They should have cared before and they should care now. But are they caring enough? No, of course not.

CWC: Other experts I have spoken to disagree completely, saying they have seen a dramatic change in attitude.

Those who say there has been big change, look at their agenda. That is my only advice. In this industry there is a lot of impetus to pretend that there is a security watershed and everybody is doing something. If you are not doing something, then you are left out. I think we are seeing a lot of that in the industry. We see a steady increase of people caring and a huge spike in interest after 9/11, but I didn’t see as much of a spike of people buying. Security was the flavour of the moment for a few months, but not any more.

CWC: Why is it so hard to get companies to change their security mentality?

One of the problems is that there is no list a company can give a client and say “do these seven things and you will be safe.” Regardless, we are putting too much faith in technology. The problems are not technology, the problems are people. We love the idea that technology will save us, but the fact is that it almost never does.

CWC: A recent FBI report warned of an increased risk in cyber-terrorism. What is your read on this?