I’ve been making my way through Bruce Schneier’s Crypto-Gram newsletter archives, and I came across this excellent summary of how to think about security. He breaks security down into five simple questions that should be asked of a proposed security solution, some obvious, some not so much. In the post 9/11 era, we’re being presented with all sorts of security solutions, and so Shneier’s system can be quite useful in evaluating proposed security systems.
This five-step process works for any security measure, past, present, or future:
1) What problem does it solve?
2) How well does it solve the problem?
3) What new problems does it add?
4) What are the economic and social costs?
5) Given the above, is it worth the costs?
What this process basically does is force you to judge the tradeoffs of a security system. All to often, we either assume a proposed solution doesn’t create problems of its own, or assume that because a proposed solution isn’t a perfect solution, it’s useless. Security is a tradeoff. It doesn’t matter if a proposed security system makes us safe. What matters is that a system is worth the tradeoffs (or price, if you prefer). For instance, in order to make your computer invulnerable to external attacks from the internet, all you need to do is disconnect it from the internet. However, that means you can no longer access the internet! That is the price you pay for a perfectly secure solution to internet attacks. And it doesn’t protect against attacks from those who have physical access to your computer. Also, you presumably want to use the internet, seeing as though you had a connection you wanted to protect. The old saying still holds: A perfectly secure system is a perfectly useless system.
In the post 9/11 world we’re constantly being bombarded by new security measures, but at the same time, we’re being told that a solution which is not perfect is worthless. It’s rare that a new security measure will provide a clear benefit without causing any problems. It’s all about tradeoffs…
I had intended to apply Schneier’s system to a contemporary security “solution,” but I can’t seem to think of anything at the moment. Perhaps more later. In the mean time, check out Schneier’s recent review of “I am Not a Terrorist” Cards in which he tears apart a proposed security system which sounds interesting on the surface, but makes little sense when you take a closer look (which Scheier does mercilessly).