Interview

Great blunders in IT history

Bill Brenner
You've warned against technological overconfidence. You gave some examples in your [Converge05] speech.
One example was Enigma, the coding system the Germans used in WW II. It was inconceivable to them that the allies could break their codes. When things started to go badly, when all their U-Boats were being sunk, they wanted to know why. They dismissed the possibility that Enigma was being cracked because in their minds, there was no way mathematically that it could be broken. They were locked in a mathematical mindset and not a human mindset. Of course, they were using the same repetitive system to start every message. So the cryptographers on the other side already had part of the message because it was always the same.

In the 1960s a critical safeguard for the U.S. nuclear arsenal, the permissive action links [the cryptographic combination lock on nuclear weapons], were disabled because some generals decided this system would slow down any retaliation against the Soviets. The president and the secretary of defense had no idea. It was a very dangerous security failure. What's the lesson for today's information security professionals?
It goes to show that you can put in a high-tech system and throw in restrictions and someone will find a way to break it. Work in the predictable and rigid and it will fail. It also shows that it's critical to focus on people over technology. Systems don't solve problems. People do. It shows that you have to always

    Requires Free Membership to View

assume your defenses can be broken. You've said the younger generation's security ideas aren't taken seriously enough…
Business leaders have to do a better job at learning from the younger generation. Look at Napster: Napster was a brilliant piece of innovation and the entertainment industry destroyed it. The industry's reaction to it shows they missed the point about how people want to get their music. It showed the resistance out there to listen to young people. The iPod wasn't all about Apple and their innovative thinking. It was a reaction to what the community has been saying it wants. And you see similar innovation getting stifled on the security front?
It concerns me. How do you get business leaders to change their thinking?
The kind of pressure that changes the way business is conducted always comes from the outside. I do think business people are under increased pressure to make security part of the business. But they still have work to do. What's the lesson if you're the young person developing the new security technology?
You have to help people see you as a business enabler. You have to make them see that you have something that will help their business grow.
Related news items

Read Part 1 of Colin Crook's interview on how to survive a data breach

Live each day like you're going to be hacked

Former NSA director Kenneth Minihan told people [at the Converge05 conference] that they need to think of themselves as defenders of homeland security; that they're in a better position than the government to provide that security. Do you agree?
His basic premise is very critical -- there are no longer hard boundaries with technology. There needs to be a lot more breakthrough thinking. The kind of thinking that led to Napster?
Exactly.

This article was originally published on SearchSecurity.com.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: