How Changing Technology Affects Security

Bruce Schneier on how changing technology affects security:

Changes in security systems can be slow. Society has to implement any new security technology as a group, which implies agreement and coordination and — in some instances — a lengthy bureaucratic procurement process. Meanwhile, an attacker can just use the new technology. For example, at the end of the horse-and-buggy era, it was easier for a bank robber to use his new motorcar as a getaway vehicle than it was for a town’s police department to decide it needed a police car, get the budget to buy one, choose which one to buy, buy it, and then develop training and policies for it. And if only one police department did this, the bank robber could just move to another town. Defectors are more agile and adaptable, making them much better at being early adopters of new technology.

The attackers are always one step ahead of the defenders. It is the nature of how security works.

It is almost as if security is a game we are destined to lose. This should make you wonder why we expend such a large amount of money on something so fragile and frail. Maybe, just maybe, the whole security thing is merely a charade.

Security theater is security reality.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.