Security: Whom Does One Trust?

September 19, 2017

I read “The Market Can’t – and Won’t – Deal with IT Security, It Must Be Regulated, Argues Bruce Schneier.” The write up is about online, which is of interest to me. I found the summary of the remarks of Bruce Schneier, a security expert, interesting.

The main point is that government must regulate security. I highlighted this passage:v”The market can’t fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn’t notice, you’re not Equifax’s customer. You’re its product.

Several questions occurred to me:

  1. Which government? Maybe the United Nations?
  2. What’s the enforcement mechanism? Is after-the-fact “punishment” feasible?
  3. What’s the end point of security regulation?

Here in rural Kentucky security boils down to keeping an eye on the two brothers who live in a broken down trailer next to the crazy people who have a collection of wild animals. The wild animals are less threatening than these fine examples of Appalachian oak.

In the larger world which includes a number of nation states which are difficult to influence, how are the regulations to be enforced. What if one of these frisky nation states is behind the headline making security breaches?

Answers to this question are likely to be cause for discussion. Talk is easy. Remediation may be a bit more difficult. Perhaps the barn has burned and the horses already converted to glue and dog food?

Fixes are hard. Talk, well, just talk.

Stephen E Arnold, September 19, 2017


Comments are closed.

  • Archives

  • Recent Posts

  • Meta