Book Review: Beyond Fear
Modernizing Authentication — What It Takes to Transform Secure Access
Beyond Fear: Thinking Sensibly About Security in an Uncertain World
By Bruce Schneier
Copernicus Books, September 2003
295 pages, $25
The most appealing part of Bruce Schneier's thorough, well-reasoned approach to security strategiespersonal, corporate and computeris what he does not do. He does not propose concrete solutions ("We need more police. We need national ID cards. You need to build better firewalls"). Instead, he lays out the issues, debates the pros and cons, and leaves it to the reader to pick a solution.
What makes the discussion worthwhile is that Schneier, founder of consulting firm Counterpane Internet Security Inc. and publisher of the security newsletter Crypto-Gram, takes great pains to identify the key issues and examine some proposed solutions, pointing out the costs involved and the likelihood of success. For example, he believes that the idea of using biometric scannersprogrammed to search out known criminals and terrorists based on their physical characteristicsprobably won't work because false positives will overwhelm the system.
Schneier starts with the common-sense position that all security involves trade-offs "in terms of money, convenience, comfort and freedom." We make trade-offs all the time, from choosing whether or not to lock the front door to determining how much to spend on national defense.
Regardless of what kind of security you're talking about, one question pops up every single time: How much are you are willing to pay? To help you decide, Schneier provides a checklist:
Step 1: What assets are you trying to protect? "This question might seem basic, but a surprising number of people never ask it. The question involves understanding the scope of the problem." Securing a single airplane is different from securing commercial aviation.
Step 2: What are the risks to those assets? Who wants to attack it, how might they attack it, and why? What are the consequences if the attack is successful?
Step 3: How well does the security solution mitigate those risks? Another point that seems obvious, but if you've been stuck in an endless line at an airport security checkpoint while guards wave metal-detecting wands over three-year-olds, you realize it is not being asked.
Step 4: What new risks does the security solution cause? "Security solutions have ripple effects, and most cause new security problems." Most security systems, for example, depend on people, and people can be stupid, inattentive or bought off.
Step 5: What costs and trade-offs will be imposed by the security solution? Security usually requires money (for people and devices) and time. Does what you get in return justify the cost?
Schneier is terrific at outlining just how difficult it is to answer all these questions. "The problem with securing assets and their functionality is that by definition you don't want to protect them from everyone. It makes no sense to protect assets from their owner or other authorized individuals (including the trusted personnel who maintain the security system). In effect, all security systems need to allow people in, even as they keep people out."
The conclusion is clear: There is no single standard of security. The level of security you'll have will depend on what you are willing to give up in order to get it. By nature, the whole question is subjective. Schneier has done an excellent job of framing the argument.