Can you lift a corner of the veil about your presentation at the symposium?

I will look at the economics of security, and then at the psychology, in an attempt to explain why it's so hard to sell security products and services. Then I will look backwards at how the security industry developed, what the current trends are in IT -- cloud computing -- and what that means the the security industry in the future.

Why should people come to the symposium and see your presentation? What will I learn?

You will learn to think differently about computer security.

This year's theme is: Initiating change. Why do you think change is needed in cyber security? And do you see recent changes that have had a positive effect on cyber security?

It doesn't matter whether or not change is needed in cyber security. Security is reactive; it is forced to change as technology changes. As long as there is change in the IT world -- and there always will be -- security needs to change as well.

Is there something you would never want to change?

That my audience can affect? No.

Ask the Xpert

In addition to his plenary presentation, Bruce Schneier will participate in an ‘Ask the Epxert’ session on Tuesday from 13:30 to 14:15. Grab this chance to get personal with one of the leading thinkers in information security of the last decades. If you plan to attend the Ask the Expert session, please prepare your questions in advance, so that we can make full use of the available time.

20 minutes before the session, Bruce Schneier will be signing his books, so bring your copy along!

Can you lift a corner of the veil about your presentation at the symposium?

The presentation will revolve around the tension between two principles. On the one hand, an open and free internet is an important cornerstone of our information society. On the other hand, effective cyber security revolves partly around the control of information on the internet. In the presentation, attempts are made to resolve this conflict.

Why should people come to the symposium and see your presentation? What will I learn?

The presentation will provide a fresh perspective: it will discuss not how cyber security can be made more effective, but how digital civil liberties can be protected while doing so.

This year's theme is: Initiating change. Why do you think change is needed in cyber security? And do you see recent changes that have had a positive effect on cyber security?

Perhaps a change of focus: as cyber security will become more effective, security experts must simultaneously investigate how individual freedom can be preserved in a digital age.

Is there something you would never want to change?

I would never want to lose the freedoms we enjoyed in the analog world, as our world gradually is becoming more digital.

Can you lift a corner of the veil about your presentation at the symposium?

My message is simple: we need to start over. Patching buggy software just results in larger mess, and some software needs to be thrown out an redesigned. But they way that I deliver my messages is always fun, because I tie in other industries, other ways of thinking, and at the end of the talk, attendees always have new things to talk about, to think about, and to do.

Why should people come to the symposium and see your presentation? What will I learn?

You'll learn to look at things a different way; to see that the problems we face are those faced by all industries; and that brave people can solve those problems. But you'll also learn that waiting for the next patch is not the way to solve anyone's problems.

This year's theme is: Initiating change. Why do you think change is needed in cyber security? And do you see recent changes that have had a positive effect on cyber security?

My whole talk is about the need for change, and the need to drop our entrenched ideas and in some cases, start over from scratch. We're losing battles for computer security - without change, we'll lose the war. It won't be easy, but it is necessary. But open source has gone a large way towards helping expose vulnerabilities, and encourage fixes.

Is there something you would never want to change?

Although some "advances" in technology are gratuitous and frivolous, I never want people to keep thinking, designing, advancing, and challenging technology!

Can you lift a corner of the veil about your presentation at the symposium?

It will be about the gory details of Banks versus Trojans: we'll be touring the battlegrounds, counting casualties, and predicting who will win..

Why should people come to the symposium and see your presentation? What will they learn?

People will learn the latest developments in how Trojans attack a modern internet banking system, and how banks fight back.

This year's theme is: Initiating change. Why do you think change is needed in cyber security? And do you see recent changes that have had a positive effect on cyber security?

We need a change in perspective. Security is about people, not technology. In recent years, more people are beginning to understand that, but acting upon that understanding remains difficult.

Is there something you would never want to change?

The GOVCERT.NL conference!

Can you lift a corner of the veil about your presentation at the symposium?

Ever wonder why the typical grocery store stocks 36 different varieties of spaghetti sauce or over 40 varieties of mustard? It is because of horizontal segmentation; a concept that revolutionized the food industry in the 1980s and could possibly revolutionize cybersecurity, if we applied it. Perhaps the food industry might possibly teach us something about protecting ourselves on the Internet: that there is no perfect security; only perfect securities.

Why should people come to the symposium and see your presentation? What will I learn?

This talk is about spaghetti sauce and how it can potentially give us a more effective approach to compliance and cybersecurity. Seeing this presentation will help you become more effective by changing your viewpoint.

This year's theme is: Initiating change. Why do you think change is needed in cyber security? And do you see recent changes that have had a positive effect on cyber security?

Our current approach to cybersecurity is failing and must change. Cybersecurity’s failure is due, in large part, to a mistaken etiology; of identifying, and treating, the wrong problems. History is full of mistaken etiologies that hinder humanity’s progress, and it is a shame we are repeating the same mistakes in cyberspace when it is entirely avoidable. Hackers, uneducated users, or lax network owners are not the primary cause of disorder on the Internet; it is the systems in which they operate. These systems have chronic and pervasive vulnerabilities and are known to be amongst the most defective products in the global market. Pervasive vulnerabilities make it nearly impossible to reasonably secure computer systems against malicious activities. Worse, new vulnerabilities are introduced regularly with little reduction in the flow. This is hardly an equation for success.

To date, cybersecurity practitioners, and the governments they advise, remain enamored with security products, user awareness training, and information sharing. But if these solutions were truly effective, they would have delivered on their promise long ago. The failure of these solutions is not due to insufficient scale, efficiency, attention, or funding, but for failing to deal with the origins of disorder in cyberspace. The etiology of cybersecurity needs to change. Sadly, it does not appear this change will happen any time soon. Cybersecurity is at an inflection point, either prepared to deal directly with key causes, or become akin to giant pharmaceutical companies – offering solutions that no doubt provide important treatments, but remarkably few cures.

Is there something you would never want to change?

The ability to learn from our mistakes.