Beyond Fear

From Cybersecurity Wiki
Jump to navigation Jump to search

Full Title of Reference

Beyond Fear: Thinking Sensibly about Security in an Uncertain World

Full Citation

Bruce Schneier, Beyond Fear: Thinking Sensibly About Security in an Uncertain World (2003). Web

BibTeX Google Books World Cat Amazon


Key Words

Antivirus, Blacklist, Computer Network Attack, Credit Card Fraud, Cyber Crime, Cyber Terrorism, Hacker, Honeypot, Identity Fraud/Theft, Intelligence Infrastructure/Information Infrastructure, Interdependencies, Malware, National Security, Risk Modeling, Security as an Externality, Security as a Public Good, Security Tradeoffs, Sponsored Attacks, Transparency, Trojan, Worm


This book explains how we all can think sensibly about security. In today's uncertain world, security is too important to be left to others. Drawing from his experience advising world business and political leaders, Schneier demonstrates the practical -- and surprisingly simple -- steps we can all take to address the real threats faced by our families, our communities, and our nation. While primarily addressing physical security, Schneier's approach is applicable to cybersecurity as well since his emphasis is on providing a mechanism to make intelligent trade-offs between cost, freedom and security.

This book is about security: how it works and how to think about it. It’s not about whether a particular security measure works, but about how to analyze and evaluate security measures. For better or worse, we live in a time when we’re very likely to be presented with all kinds of security options. If there is one result I would like to see from this book, it is that readers come away from reading it with a better sense of the ideas and the security concepts that make systems work— and in many cases not work. These security concepts remain unchanged whether you’re a homeowner trying to protect your possessions against a burglar, the President trying to protect our nation against terrorism, or a rabbit trying to protect itself from being eaten. The attackers, defenders, strategies, and tactics are different from one security situation to another, but the fundamental principles and practices— as well as the basic and all-important ways to think about security— are identical from one security system to another.

Security is not mysterious, Bruce Schneier tells us, and contrary to popular belief, it is not hard. What is hard is separating the hype from what really matters. You already make security choices every day of your life, from what side of the street you walk on to whether you park your car under a streetlight. You do it naturally. This book guides you, step by step, through the process of making all your security choices just as natural.

Schneier invites us all to move beyond fear and to start thinking sensibly about security. He tells us why security is much more than cameras, guards, and photo IDs, and why expensive gadgets and technological cure-alls often obscure the real security issues. Using anecdotes from history, science, sports, movies, and the evening news, Beyond Fear explains basic rules of thought and action that anyone can understand and, most important of all, anyone can use.

Schneier analyzes a security scenario using a five step process to determine if a particular solution is effective and worth its cost. He uses this analysis to separate effective security measures from "security theater," measures which give the illusion of providing increased security without actually reducing risk:

Security is complex, but complex things can be broken down into smaller and simpler steps. Throughout this book, I use a five-step process to analyze and evaluate security systems, technologies, and practices. Each of these five steps contains a question that is intended to help you focus on a particular security system or security countermeasure. The questions may seem, at first, to be obvious, even trivial. But if you bear with me, and take them seriously, you will find they will help you determine which kinds of security make sense and which don’t.

  • Step 1: What assets are you trying to protect? This question might seem basic, but a surprising number of people never ask it. The question involves understanding the scope of the problem. For example, securing an airplane, an airport, commercial aviation, the transportation system, and a nation against terrorism are all different security problems, and require different solutions.
  • Step 2: What are the risks to these assets? Here we consider the need for security. Answering it involves understanding what is being defended, what the consequences are if it is successfully attacked, who wants to attack it, how they might attack it, and why.
  • Step 3: How well does the security solution mitigate those risks? Another seemingly obvious question, but one that is frequently ignored. If the security solution doesn’t solve the problem, it’s no good. This is not as simple as looking at the security solution and seeing how well it works. It involves looking at how the security solution interacts with everything around it, evaluating both its operation and its failures.
  • Step 4: What other risks does the security solution cause? This question addresses what might be called the problem of unintended consequences. Security solutions have ripple effects, and most cause new security problems. The trick is to understand the new problems and make sure they are smaller than the old ones.
  • Step 5: What costs and trade-offs does the security solution impose? Every security system has costs and requires trade-offs. Most security costs money, sometimes substantial amounts; but other trade-offs may be more important, ranging from matters of convenience and comfort to issues involving basic freedoms like privacy. Understanding these trade-offs is essential.

These five steps don’t lead to an answer, but rather provide the mechanism to evaluate a proposed answer. They lead to another question: Is the security solution worth it? In other words, is the benefit of mitigating the risks (Step 3) worth the additional risks (Step 4) plus the other trade-offs (Step 5)? It is not enough for a security measure to be effective.We don’t have limitless resources or infinite patience. As individuals and a society, we need to do the things that make the most sense, that are the most effective use of our security dollar. But, as you’ll see later in this book, subjective (and sometimes arbitrary) economic incentives make an enormous difference as to which security solutions are cost-effective and which ones aren’t.

Security is more than important; it's an essential and inevitable part of who we are. Because it can never be absolute and static end rigid, it's helpful to think of security as a game--but one that never ends, and one with the most serious consequences. We have to be resourceful, agile, alert pleyers, We have to think imaginatively about our opponents. And we have to move beyond fear and realize that we live in a world in which risk is inherent and failures are inevitable. Thinking sensibly about security requires that we develop a rational sense of the numbers underlying risks, a healthy skepticism about expertise and secrecy, and a realization that a good deal of security is peddled and imposed and embraced for non-security reasons:

  • Schneier Risk Demystification: Numbers matter, and they're not even that difficult to understand. Make sure you understand the threats. Make sure you understand the risks. Make sure you understand the effectiveness of a security countermeasure and all of the trade-offs. Try to think of unintended consequences. Don't accept anyone saying something like: "It would be terrible if this sort of attack ever happens; we need to do everything in our power to prevent it." That's patent nonsense, and what someone living in fear says; you need to move beyond fear and start thinking about sensible trade-offs.
  • Schneier Secrecy Demystification: Secrecy is anathema to security for three reasons: It's brittle, it causes additional security problems because it conceals abuse, and it prevents you from having the information you need to make sensible security trade-offs. Don't accept anyone telling you that security requires keeping details of a security system secret. I've evaluated hundreds of security systems in my career, and I've learned that if someone doesn't want to disclose the details of a security system, it's usually because he's embarrassed to do so. Secrecy contributes to the "trust us and we'll make the trade-offs for you" mentality that ensures sloppy security systems. Openness demystifies; secrecy obscures.
  • Schneier Agenda Demystification: People often make security tradeoffs for non-security reasons. Therefore, it is critical to understand the agenda of players involved in a security negotiation. Don’t blindly accept that “It’s for security purposes” when someone tries to justify a questionable countermeasure; far too often players attempt to disguise their actions as security-related. Understand how emotions lead people to make seemingly irrational security trade-offs. Agendas are natural, and they’re pervasive—be aware of them.

Additional Notes and Highlights

Expertise Required: None

Bruce Schneier's blog covering security and security technology.