Why System Security Still Matters
Simple insights from two security legends
As I move further into the world of engineering systems, it’s becoming easier to take a higher level view of things. While it’s easier to see the forest for what it is, one thing that stands out is just how tangled and confusing it all is. Far from the perfectly engineered marvels that we sometimes think they are, the systems that control our lives are, in reality, still full of just as much uncertainty as when they were first invented. That’s not to say they haven’t come a long way, but the more I learn about these kinds of systems, the more I’m made brutally aware of how vulnerable they really are.
That’s not a new or particularly original sentiment.
The experts have known this since day one. In class this week, we read a conversation between Bruce Schneier and Marcus Ranum recorded in a 2009 edition of Information Security magazine. In their conversation together, these two legendary security experts take very different positions on the question of whether or not a perfect access control system is really possible.
In Schneier’s eyes, a perfect access control system isn’t possible. There are too many grey areas, too many ways in which and opportunities for an organization to give away too much access to the wrong people at the wrong time…
