Technology needs to switch to serve people, and people need to be in charge.
Speaking at IP Expo in London, Co3 Systems CTO and cryptographer Bruce Schneier said that as security remains a combination of detection, protection and response, there is a need for response for detection, that protection is not perfect and we need security today for whole bunch of reasons.
“In the1990s, we said security was not a product but a process, now it is both and with people, process and technology, ratios have changed and people don’t help with security, and we need to remove them as much as possible.”
Schneier praised the introduction of automatic updates to “get people out the loop”, but said that with response you “cannot automate” it and the ratio of people to technology changes, as organisations, environments and regulatory framework are all different, and all matter more than technology.
He said: “Incident respoinse will be different to other parts of IT and less of a Lemon Market, as you have intelligent buyers. The trick is to make things scale and if you cannot remove things from the loop, and instead of technology replacing people, it has to serve people. If you switch, then people are in charge and police, fire and medical all have instances where technology helps people, and the goal is in resilience.
“What we need to do as security people is build, use and make tools to get inside the observe, orient, decide and act(OODA) loop, and in incident response it is failing and we need to do better and we can do better than the attackers, and use tools that aid people.”