Infosec 2015: Schneier warns we're in “cyber arms race”
Security expert says we are all in “blast radius”
Bruce Schneier warned the IT industry that it would be in the "blast radius" of an oncoming cyber war.
In a packed keynote speech at the Infosec show in London, Schneier - a well-known security expert who is currently chief technology officer of Resilient Systems - told delegates that "we are in the early years of a cyber war arms race".
He added that nations are "building up" for this and we are "now all in the blast radius".
He took the opportunity in his speech to look back on the Sony hack last December. While the fallout from the hack and subsequent damaging leaks from it was reported in the media, Schneier said that despite a lot of evidence pointing toward North Korea being the culprit, many people were not prepared to believe the US government over its claims that the hermit nation was behind the attacks.
"The US saying we know it's North Korea, trust us' doesn't cut it anymore," he said. Schneier said that secret evidence that spy agencies weren't prepared divulge to the general public was in part responsible for people's disbelief that North Korea was connected to the attacks. He said that the US gathered information on the attack as it was spying on South Korea, who in turn was spying on North Korea.
"The US government took three weeks to announce North Korea had attacked Sony," he said. "Three weeks is not going to cut it, and providing evidence is really tricky, especially in a world where secret evidence is more and more prevalent."
Another reason for the lack of belief was that in cyberspace it's difficult to know just who is carrying out the attacks.
"You can be attacked and not be really sure that it is a nation state or just a couple of guys in a basement," he said, adding that "when you see weapons in a real world attack, you know who it is, but this is not the case in the cyber world".
And when your adversary is unknown, who do you call for help? If it was a nation state, the military would be called in to defend against this type of attack, but if it was an attack from a small group of unaffiliated people, the police would be called in, Schneier said.
In this case, as you don't know just who is attacking you, only you can defend yourself, he told delegates.
He warned that we "will see increased incidences of nations attacking, not just other nations, but other industries as well."
Schneier said that critical infrastructure organisations could be knocked out by a serious attack. "There are some real serious market failures which will require government intervention to work at all," Schneier warned.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now