Sunday, January 02, 2005

Beyond FearMongering

Bruce Schneier regrets making the following statement to an AP journalist (Harry Weber), while discussing a series of minor computer problems affecting airline systems.
"If this kind of thing could happen by accident, what would happen if the bad guys did this on purpose?"
Bruce now regards this as just the sort of fear-mongering that he objects to when others do it. When talking to the journalist, he apparently wanted to motivate the airlines to work harder to prevent computer problems in the future. In such a context, it is surely right to inform airline executives of a possible additional risk, and perhaps Bruce wasn't then thinking about the effect on the general public. But in other contexts, Bruce is the first to advocate public disclosure of any vulnerability.

POSIWID thinkers, forensic scientists and readers of murder mysteries are always suspicious of accidents, and suspect foul play on the slightest provocation. Security consultants such as Bruce are always aware that even small vulnerabilities can be exploited and amplified by intelligent attackers. Users of computers can easily imagine the potential disaster from computer failure - whether induced by clever hackers or incompetent programmers or both. Makers of disaster movies looking for the next big script - please contact me.

No comments: