Infosec 2015: Schneier warns we're in “cyber arms race”

Security expert says we are all in “blast radius”

Bruce Schneier warned the IT industry that it would be in the "blast radius" of an oncoming cyber war.

In a packed keynote speech at the Infosec show in London, Schneier - a well-known security expert who is currently chief technology officer of Resilient Systems - told delegates that "we are in the early years of a cyber war arms race".

He added that nations are "building up" for this and we are "now all in the blast radius".

He took the opportunity in his speech to look back on the Sony hack last December. While the fallout from the hack and subsequent damaging leaks from it was reported in the media, Schneier said that despite a lot of evidence pointing toward North Korea being the culprit, many people were not prepared to believe the US government over its claims that the hermit nation was behind the attacks.

"The US saying we know it's North Korea, trust us' doesn't cut it anymore," he said. Schneier said that secret evidence that spy agencies weren't prepared divulge to the general public was in part responsible for people's disbelief that North Korea was connected to the attacks. He said that the US gathered information on the attack as it was spying on South Korea, who in turn was spying on North Korea.

"The US government took three weeks to announce North Korea had attacked Sony," he said. "Three weeks is not going to cut it, and providing evidence is really tricky, especially in a world where secret evidence is more and more prevalent."

Unknown attackers

Another reason for the lack of belief was that in cyberspace it's difficult to know just who is carrying out the attacks.

"You can be attacked and not be really sure that it is a nation state or just a couple of guys in a basement," he said, adding that "when you see weapons in a real world attack, you know who it is, but this is not the case in the cyber world".

And when your adversary is unknown, who do you call for help? If it was a nation state, the military would be called in to defend against this type of attack, but if it was an attack from a small group of unaffiliated people, the police would be called in, Schneier said. 

In this case, as you don't know just who is attacking you, only you can defend yourself, he told delegates.

He warned that we "will see increased incidences of nations attacking, not just other nations, but other industries as well."

Schneier said that critical infrastructure organisations could be knocked out by a serious attack. "There are some real serious market failures which will require government intervention to work at all," Schneier warned. 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

NSA issues guidance on encrypted DNS usage
Domain Name System (DNS)

NSA issues guidance on encrypted DNS usage

15 Jan 2021
How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Pentagon pauses $2 billion cyber security project
Policy & legislation

Pentagon pauses $2 billion cyber security project

14 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
BT faces £600m class-action lawsuit for 'overcharging'
Policy & legislation

BT faces £600m class-action lawsuit for 'overcharging'

18 Jan 2021