Attackers generally benefit from new security technologies before defenders do … They have a first-mover advantage. They’re more nimble and adaptable than defensive institutions … They can evolve faster. And entropy is on their side — it’s easier to destroy something than it is to prevent, defend against, or recover from that destruction. For the most part, though, society still wins. The bad guys simply can’t do enough damage to destroy the underlying social system. The question for us is: can society still maintain security as technology becomes more advanced?
I don’t think it can.
Bruce Schneier writing at Wired: “Our Security Models Will Never Work — No Matter What We Do” on (i) the virtual certainty over time of successful large scale/mass casualty terrorist attacks due to weapons of mass destruction becoming cheaper and easier to produce, and (ii) creating resilient systems as an alternative to perpetually ratcheting up government surveillance and security. Read the whole thing.
Security expert (and self-described curmudgeon) Schneier’s monthly Crypto-Gram email newsletter is a great monthly read and personal favorite.