Bruce Schneier is a recognized specialist in computer security who won many awards and dedicated his activity to the investigation of security systems and design of efficient systems as well as justification of their usage and explanation of the main implications of usage thereof to the common public. One of his works, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, opens new borders in understanding the essence of any security system and the way it works. The fact that the book was published in 2003 also plays its substantial role in forming the theme of the book – the author clearly states that his major intention is to show to people how obsessed by safety and security they are after the 9/11 shock and why they are looking in the wrong direction. The author uses a series of case studies as illustrations to the theoretical foundations he covers in his book as a naturally designed methodology enhancing the reader’s understanding of the main security concepts he operates.
Schneier holds an opinion that people are misled by the overwhelming majority of security systems that exist nowadays and overfill their lives with electronics and machinery they actually do not need. Thus, Schneier’s chief aim of to teach people to identify the real threat, to get defined on what they really want to protect, and to give guidance on how to choose the security system that will truly suit their requirements. The author argues that people choose security systems without even being able to adequately assess their efficiency, thus creating only an illusion of security, which is in fact wrong. The book is well-structured from the point of view of the approach chosen by the author: it has three parts that deepen the reader’s understanding of what security really is, what a genuine security system should be, and into what mental processes the person is engaged when choosing the appropriate security system for his or her needs.
The first part is dedicated to the explanation of security systems from the psychological level of the human conscious. Schneier states that all choices for security systems are trade-offs that people make every day, and explains how these patterns function in the human brain making people choose this or that way of protection. The second part concerns the issues involved in the composition of a security system and gives the reader the look at security from the inside. In this part such essential elements of a security system as the attacker, the defender, authentication, authorization, and identification are introduced: on exploring their interconnections in a security system Schneier shows how successful or unsuccessful a security system may be in different situations. Finally, the third part is dedicated to more empirical issues such as advice on the construction of a more or less efficient security system and demystification of security, on the whole, to allow the reader to take a more reasonable and objective view on the subject. All these parts will be discussed in detail further in the present paper.
Part I is titled “Sensible Security”, and the title speaks for itself. The author understands how much panic and hysteria the 9/11 tragedy brought to the USA and the whole world and assumes that the main dramatic consequence of the drama was the loss of faith in security worldwide. People started to think that in case such a horrible crime could have been committed in the USA, the country with the best intelligence, security systems, and law enforcement authorities, nobody in the world is safe since then. However, Schneier offers to take a detached view of the situation with the purpose of discovering the main elements that enabled terrorists to break all security laws and succeed in their operation. This view would result in finding the drawbacks of the US security system that allowed such a situation to occur.
In the process of 9/11, analysis Schneier comes to a set of conclusions: that the terrorist attack was amazing in many senses, including the efficiency of the operation (a small group of terrorists was organized and disciplined so well that no intelligence found their plan out until it was put into action), the audacity of their conception (conducting the act of terror in the USA terrorists managed to shake the whole world’s considerations of safety and security), the technological simplicity (hijacking is not at all new, and the events would remain regular terrorist acts if they did not entail so many drastic consequences) as well as a revolution in the perception of hijacking and terrorism on the whole (Schneier, 2003). Schneier as a specialist in security admires the way Al Qaeda attackers managed to organize the attack that had not been awaited by anybody:
“The 9/11 terrorist operation was small, efficient, relatively low-tech, very strictly disciplined, highly compartmentalized, and extremely innovative. Did we stand the chance?” (Schneier, 2003, p. 3).
The US society got the entire deprivation of privacy as a result of these attacks – in the panic pursuit of safety citizens were ready to let their houses entire, their telephone talks recorded and their ID cards constantly checked. The author states that these extreme measures were absolutely unnecessary and all individuals, in order to get the real security and not the imagined one, should understand the key notions connected with it. He surprisingly admits that there is hardly any person who knows what he or she aims to secure when installing a security system, which is the main reason for future failures of systems to provide protection. For this reason, he outlines the main characteristics of a security system characterizing it as “preventing adverse consequences from the intentional and unwarranted actions of others” (Schneier, 2003, p. 11).
So, how do people choose the ways to secure themselves in their daily lives? Schneier introduces a concept of a trade-off as a regular operation that every person makes when refusing some benefits (convenience, time, money, etc.) for the sake of security. He proves this opinion on a set of examples, one of which is the following – on the example of an individual’s agreement to stand the inconvenience of carrying keys as compared to the risk of being burgled the author shows what people are ready to sacrifice to obtain something instead, i.e. security.
Nonetheless, one will hardly argue the statement that security is the guiding principle of all people’s modern life and the reason for all actions, choices, and decisions that occur on a regular basis in any society:
“Security is a factor when we decide where to invest our money and which school to send our children to…When we choose a neighborhood to live in, a place to vacation, and where we park when we do shopping, one of our considerations is security” (Schneier, 2003, p. 8).
Security, in the opinion of Schneier, is both a feeling and a reality, which is surely reasonable. People may feel protected due to the governmental effort and their own purchases of innovative security software, but in fact they may turn out not secured at all. To avoid such discrepancies of feelings and reality, Schneier offers his unique five-step process that should be used to identify the kind of a security system an individual needs for usage. It involves answering questions on the following issues:
- The individual has to clearly understand what assets he or she wants to protect. No matter how strange it may sound, very few people have a distinct answer to this question. For this reason, the identification of the subject for protection will ease the choice of the system substantially.
- It is necessary to understand the risks to these assets which an individual predicts and against which he or she seeks protection. Only under these conditions, it will be possible to choose the system that corresponds to the protective measures wanted.
- The individual has to clearly realize how the security solution mitigates the identified risks. The solution has to be in a reasonable balance with the risks not to cause additional inconvenience for the future owner of the security system.
- Identification of other risks that the system is likely to involve is also essential. It is impossible to consider all opportunities and threats, and sometimes security in one field will cause inconvenience and threat in another one. So, one has to understand which one is more acceptable personally for him or her.
- One has to consider all costs and trade-offs that the system imposes. Any system is not ideal and will not include protection from all risks – according to the concept of trade-offs there will always be something that we agree to stand for the sake of security.
Continuing to speculate on the topic of security choices as trade-offs Schneier assumes that they are always subjective and situational (Schneier, 2003). Some people are obsessed with the security of their homes while owners of cinemas may save money on guards at the expense of several unauthorized intrusions of viewers without tickets. Schneier also emphasizes the main mistake of people thinking about security systems – they cannot eliminate the treat completely but only reduce it to manageable levels. If one imagined that the threat of hijacking could be reduced to zero, it would mean that no planed would fly in the sky, or if the person was guaranteed absolute security from incidents, he or she would have to stay at home and never leave it (and even this would not guarantee 100% security to him or her since it is highly possible to get some household injuries while performing trivial chores).
However, Schneier speaks about the problem of security-related choices in one more aspect – the relations of power and agenda of such institutions as the government or powerful companies who impose their security regulations due to the forces they have at disposal. In these aspects, the meaning of subjectivity is shifted from the individual level to the influence from the outside (Schneier, 2003).
The last element Schneier wants the reader to pay attention to in the first part of the book is the concept of risks. According to his opinion, they can be perceived and actual, which happens because of the growing influence on the mind of every individual by advertisementst, movies, and other fiction stories. Some risks of global scale are totally unacceptable and they cannot be balanced (e.g. the nuclear threat or death of one’s children), this is why no security system can be created to balance the risks and outcomes and satisfy the necessity of the owner to manage them.
The second part of the book, “How Security Works” Schneier voices several opinions on the inner rules governing the creation and the operation of a security system. Here he poses the notions of an attacker and a defender as the key players in the process of protecting security. He marks that the development of technology impacts the balance between equipment of both, but thinks that defenders find themselves in inferiority regarding technology. This opinion is justified by the fact that one attacker can commit different kinds of attacks and one kind of attack can be arranged by a set of attackers (Schneier, 2003). Besides, it is common knowledge that innovation causes effort only for the first attacker, and others use only software to repeat the attack (Schneier, 2003). The defender, in contrast to the attacker, should be always alert and ready for the attack, while the attacker knows for sure when and what he or she has to do. Such an unequal position lets Schneier think about the possible advantage attackers have against defenders in any security conflict situation.
Other concepts that appear essential for Schneier in a security system operation are the ones of authentication, authorization and identification. The author shows on a number of examples that identification concerns finding out the personality of an individual, identity and all relevant personal information, depending on the situation (answering the question “Who are you?”); authentication is the ability to prove the identity by means of legal documents; and authorization is verifying the right of the person to conduct certain actions or to be in certain places etc. Schneier insists that all three elements are critical in any security system, but it will be successful only if the identification process comes first (Schneier, 2003).
Proceeding to other elements of the security system’s functioning, Schneier turns to the weakest-link problem. One weak element can break the strongest chain, so detecting it and providing increased security measures sometimes acquire first-rate importance. This question is interwoven with issues of brittleness and resilience in Schneier’s account. He finds some hardest materials brittle because of striking vulnerability in a single place (e.g. a diamond), while other systems are more flexible, interlocked and interlinked that they will endure any attacks. The investigation of factors making a security system brittle or resilient occupies the author and constitutes the major theme of his study.
Detection, prevention and response are the key actions Schneier considers appropriate in the security conflict. When the potential attack is realized or already conducted, the defenders’ responses differ in a situational way to fit the strategy chosen by the attacker. These three countermeasures are best applied together – sometimes detection and prevention may be combined being made visible to serve as a barrier for attackers. There are different variations of these countermeasures that may be applied in a situational way to ensure achievement of the stipulated goals. There are cases when prevention systems fail and response is not applied, but in case they do work, the following kinds of response are possible: reaction, mitigation, recovery, forensics and counterattack (Schneier, 2003, p. 168).
The author turns to the five-step model in the third part of his book, “The Game of Security”, and shows how efficient those steps are when the choice of countermeasures is a necessity on which much depends. The main inference the writer tries to make is that the five-step process described is deeply individual for a set of reason: the inability to assess risks due to the unsustainable data, cost of the trade-off being too high or individual preferences that shape the decision. On the example of a homeowner willing to get the door lock as a countermeasure against burglars Schneier shows how many accompanying circumstances can arise in the process of the trade-off and influence the decision in either of the sides (Schneier, 2003).
At the same time, Schneier points out the complexity of making a joint decision in security-related questions when the outcome depends on a large number of people:
“Every player involved in a security decision has his own agenda…All players try to make the results of the security decision conform as closely to their ideal as possible…In these situations, you might need to improve your security, or you might be a hapless bystander…In short, you’re going to have to negotiate” (Schneier, 2003, p. 262).
Analyzing the outcome of negotiations, Schneier reasonably admits that it depends on the power and authority of participants. However, he considers an example when all power boundaries are erased: e.g.an airline president is traveling by air using his planes; there he has no authority but only represents a passenger, an asset that is protected by the plane security system from attackers. As a result, one can realize that his individual security depends not only on him personally, but on the environment as well. There are some ways to change the environment that include: law, market forces, technology, and societal norms (Schneier, 2003).
Schneier assesses security as a never-ending game without any rules, with changing strategies and creativity of both defenders and attackers involved in sustaining the balance of powers. There are no winners or losers – only the cost of efficiency or inefficiency of the system that at times may be very high. However, the author demystifies security by analyzing the way security systems worked before 9/11 and what was wrong with their ability to predict and prevent the catastrophe. The explanation is evident for the author – security is never stable and ultimate; there are always changes and innovations achieved by both parties of the game. If the unexpected and absolutely new strategy is applied, there is no way to predict it because there is no protection against it (Schneier, 2003).
Nobody ever thought of the events of 9/11 as a possibility – the situation can be equaled to the insurance in case of alien invasion. However, 9/11 proved that the incredible is credible, thus leaving a huge space for imagination and creativity of security providers to think of all possible threats that used to be considered more than impossible and to design efficient prevention systems against them.