I used to think that Bruce Schneier was out of touch with industry CISOs, but now I think that they are out of touch with him. He’s come on tremendously in recent years. I saw him present to the United Nations last year and he was awesome, reflecting a lot of research and deep thinking about important issues such as trust, risk, surveillance and cyber warfare.
I shall be ordering a copy of his new book “Liars and Outliers“. It’s about trust, a subject I find both relevant and fascinating. Trust is a phenomenon that few security researchers seem to understand. The problem is that it’s a means to an end, and makes little sense when studied in isolation from its purpose.
The nature of trust is also changing as we move from an industrial-age dominated business landscape to the information age. I find this paradigm shift is neatly captured by two Russian proverbs. The first, ascribed to both Stalin and Lenin, is “Trust is good, control is better”, which encapsulates industrial-age thinking for vertically integrated enterprises and societies. The second, made famous by Ronald Reagan, is “Trust, but verify”, which reflects our best endeavours for managing situations in a modern, diverse supply chain that is increasingly beyond our direct control.