Bruce Schenier has been called an information security rock star. If that’s the case, then Carry On: Sound Advice from Schneier on Security is his greatest hits collection 2008-2013.
The roughly 175 essays in the book represent a collection of articles Schneier wrote for this Crypto-Gram newsletter, his blog and other blogs, magazines, newspapers and other periodicals.
Some of the articles, such as the 2008 piece Chinese Cyberattacks: Myth of Menace are clearly dated. A number of the other articles are somewhat redundant in that they were written on the same topic for different audiences.
But the vast majority of the essays reveal Schneier’s insight and pragmatic approach, which makes this a most important book to read. You may not agree with Schenier on every point, but every point of his is well researched and defended. Personally, I think his approach to CCTV’s and public cameras as a method for crime reduction needs to be reviewed against current data on the topic.
Many of the essays show his deep frustration with Washington and the politics of security; which has resulted in creating a security theatre dealing with movie-plot threats. Billions of dollars have been spent in this area, with almost nothing to show for it.
Another premise of the book is that most people don’t understand how to deal with risk and end up worrying about things that pose very little risk to them; of which a large number of essays are dedicated to this topic. Schenier notes the fears people have of school shootings, child abduction, mass food poisonings and the like, all of which are extremely rare. They worry about these while being oblivious do automobile deaths, DUI deaths and similar, which pose real and daily risks.
When it comes to post-9/11 security, Schneier feels most of the time, money and effort has gone to waste, protecting against imaginary threats. He notes that two things have made airplane travel safe post 9/11, namely: reinforcing the cockpit door, and convincing passengers that they need to fight back. But having tens of thousands of clueless and incompetent TSA agents seizing water bottles and patting down wheelchair-bound grannies have done absolutely nothing to increase air safety.
The book is both fascinating and frustrating. Fascinating in that the book will open your eyes to how to deal with risk and security, and ultimately how to carry on. But frustrating in that those in Washington who have been trusted to do this, have rarely done it right.
In Carry On: Sound Advice from Schneier on Security, Schneier writes the playbook that Washington should have been following all along.