Home & Office

Internet will never be secure, says Schneier

Speaking at ISSE 2001, the security expert dismissed any attempts to resolve the problem of Internet security
Written by Wendy McAuliffe, Contributor

The complexity of the Internet is increasing more rapidly than our ability to secure it, according to Internet security expert Bruce Schneier.

At the opening of the annual Information Security Solutions Europe (ISSE) conference in London on Wednesday, Schneier, who is chief technology officer of Counterpane Internet Security, claimed that the problem of Internet security will never be resolved.

"Traditionally, Internet security has been thought of as a technology issue, based on the notion that you can build products to plug the holes," said Schneier. "But we are losing the battle with computer security, as we are building new products, but every year gets actively worse."

Software is getting increasingly complex, creating myriad vulnerabilities for virus writers to exploit. This was demonstrated with the recent outbreak of two major computer viruses -- Code Red and its hybrid version Nimda -- which attacked the same buffer-overflow vulnerability in Microsoft's IIS software. But as David Perry, security expert at Trend Micro, highlights, IIS is "a flash in the pan", and will soon be supplanted by a more popular application for hackers to target.

"The Internet is the most complex machine that man has ever built, so there will be accidents," said Schneier. "We are one big network, and things that affect one affect many."

The terrorist attacks on New York and Washington earlier this month rewrote the history books on information security. The atrocities have been branded as the world's biggest ever intelligence failure, raising a huge question mark over the future of security in cyberspace. Knee-jerk reactions by federal agencies in the US have called for an increase in electronic surveillance, but according to Schneier, the solution doesn't lie in stepping up technological intervention.

"We've spent a lot of time over-investing in data collection and electronic surveillance, but there is not enough human intelligence and interpretation," said Schneier. "Looking at how quickly the FBI pieced together the last month of the terrorists' lives, they have enough data, but they didn't know how to use it."

According to Schneier, human intervention is critical in the fight against Internet security breaches. "Hackers collaborate, but at the moment defenders are isolating themselves," he said. This is made worse by the current stigma attached to cyberattacks -- companies are still reluctant to report hacker attacks owing to the damage this could have upon their brands. But, he said, this will change: "As society becomes more lawful, people will be more willing to go public on cyberattacks," said Schneier.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards