Foreword to 2015 15^th Anniversary Edition

Rereading a book that I finished fifteen years ago—in 2000—perhaps the most surprising thing is how little things have changed. Of course, there have been many changes in security over that time: advances in attack tools, advances in defensive tools, new cryptographic algorithms and attacks, new technological systems with their own security challenges, and different mainstream security systems based on changing costs of technologies. But the underlying principles remain unchanged. My chapters on cryptography and its limits, on authentication and authorization, and on threats, attacks, and adversaries could largely have been written yesterday. (Go read my section in Chapter 4 on “national intelligence organizations” as an adversary, and think about it in terms of what we know today about the NSA.)

To me, the most important part of Secrets & Lies is in Chapter 24, where I talk about security as a combination of protection, detection, and response. This might seem like a trivial observation, and even back then it was obvious if you looked around at security in the real world, but back in 2000 it was a bigger deal. We were still very much in the mindset of security equals protection. The goal was to prevent attacks: through cryptography, access control, firewalls, antivirus, and all sorts of other technologies. The idea that you had to detect attacks was still in its infancy. Intrusion Detection Systems (IDS) were just starting to become popular. ...