You can't defend. You can't prevent. The only thing you can do is detect and respond.
Interpretation
The quote emphasizes the importance of detection and response over prevention in security.
Bruce Schneier's quote highlights the reality that in the realm of security, it is often impossible to completely prevent all threats. Instead, organizations and individuals must focus on being able to detect potential threats quickly and respond effectively to mitigate any damage, emphasizing a proactive stance in security management rather than a purely defensive one.
In practice
During a cybersecurity seminar, one might say, 'As Bruce Schneier noted, you can't defend; you need to focus on detection and response.'
History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.
The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember.
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community.
It is poor civic hygiene to install technologies that could someday facilitate a police state.
Digital files cannot be made uncopyable, any more than water can be made not wet.
I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'.
If there's any object in human experience that's a precedent for what a computer should be like, it's a musical instrument: a device where you can explore a huge range of possibilities through an interface that connects your mind and your body, allowing you to be emotionally authentic and expressive.
I think that technology is always invented for historical reasons, to solve a historical problem. But they very soon reveal themselves to be capable of doing things that aren't historical that nobody had ever thought of doing before.
The future is already upon us, it is just unevenly distributed.
Given that my title at Google is Chief Internet Evangelist, I feel like there is this great challenge before me because we have three billion users, and there are seven billion people in the world.
As a writer of fiction who deals with technology, I necessarily deal with the history of technology and the history of technologically induced social change. I roam up and down it in a kind of special way because I roam down it into history, which is invariably itself a speculative affair.
[People] somehow assume that the Internet is going to be the catalyst of change that will push young people into the streets, while in fact it may actually be the new opium for the masses which will keep the same people in their rooms downloading pornography.
Subscribe for the occasional hand-picked quote. No noise.