"The future of Internet security is not very good," Schneier said. "New methods are being invented, new tricks, and every year it gets worse. We are not breaking even. We are losing the battle."
The reason not to panic, Schneier says, is that we have to accept the poor state of security and work to mitigate the risk of attacks rather than try to prevent attacks altogether--an impossible task.
Schneier, and his firm Counterpane Internet Security, have come a long way since Schneier authored "Applied Cryptography" and created the Blowfish algorithm. Only a few years ago, crypto was the number one defense against hackers or other unwanted visitors; but as the Internet has grown, cryptography has proven to be of little use against break-ins or other forms of attacks such as denial of service.
And, Schneier said, things are not getting easier to defend.
What can be done
"Break-ins aren't even news anymore," Schneier said. "Now it's business as usual. Most break-ins don't make the press, and most companies don't know they have been attacked."
Technology, Schneier said, is not the enemy of security. It's only a tool, one that hasn't been used very well--or at all--and that can only serve as a preventative measure.
The answer, according to Schneier, is to combine frontline firewalls, intrusion detection systems--as well as cryptography and public-key infrastructure where necessary--with the watchful eye of a 24x7 monitoring team equipped to respond to the latest attacks. Static technology is too easy an obstacle for skilled hackers to overcome.
"You have human beings attacking you," he said. "You need human beings providing the security."
