Schneier on Security
A blog covering security and security technology.
« A U.S. National Firewall |
| Cold War CIA Tradecraft »
September 8, 2005
Wired.com just published an essay by me: "Terrorists Don't Do Movie Plots."
Sometimes it seems like the people in charge of homeland security spend too much time watching action movies. They defend against specific movie plots instead of against the broad threats of terrorism.
We all do it. Our imaginations run wild with detailed and specific threats. We imagine anthrax spread from crop dusters. Or a contaminated milk supply. Or terrorist scuba divers armed with almanacs. Before long, we're envisioning an entire movie plot, without Bruce Willis saving the day. And we're scared.
Psychologically, this all makes sense. Humans have good imaginations. Box cutters and shoe bombs conjure vivid mental images. "We must protect the Super Bowl" packs more emotional punch than the vague "we should defend ourselves against terrorism."
The 9/11 terrorists used small pointy things to take over airplanes, so we ban small pointy things from airplanes. Richard Reid tried to hide a bomb in his shoes, so now we all have to take off our shoes. Recently, the Department of Homeland Security said that it might relax airplane security rules. It's not that there's a lessened risk of shoes, or that small pointy things are suddenly less dangerous. It's that those movie plots no longer capture the imagination like they did in the months after 9/11, and everyone is beginning to see how silly (or pointless) they always were.
I'm now doing a bi-weekly column for them. I will post a link to the essays when they appear on the Wired.com site, and will reprint them in the next Crypto-Gram.
Posted on September 8, 2005 at 6:57 AM
• 21 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Being overprotected by our governments is probably the worst fate of all. It takes longer for some to be exposed than others, but ultimately they all seem to act with logic that betrays their ignorance.
I agree with your overall point, but I think that your paragraph on Katrina may be taken in the wrong way by those who aren't familiar with your writing. As long as New Orleans is in its present location, and dosen't have protection for category 4+ hurricanes, it will eventually be hit by one, and receive the sort of devistation that is there now. Given enough time, one can virtually guarantee that a category 4+ hurricane will hit New Orleans.
This is not true of a terrorist movie plot; one cannot guarantee that, say, an airplane highjacking will ever occur again. A terrorist can switch their resources over to another form of attack; the weather will not.
While I agree in general with the points you make, I think there is a valid reason for searching commuters in the Tube or checking the shoes of all airline passengers after Richard Reid: copycats. Certainly, I wouldn't want to keep those intrusive measures permanently and it's true that governments do seem to fixate on movie-plot threats, but there is a history of copycats immediately after a high-profile attack or murder.
Copycats are a real issue. But you do have to worry about the security squads getting too focused on the last method used. Tunnel vision is a bad thing in security.
As generals have been said to plan to fight the last war, so the defenders against terrorism always seem to be planning to repel the last attack. Unfortunately, the variety of possible original forms of attack is boundless.
The only effective terror defenses are pre-emption and deterrence -- find and neutralize the bad guys before they strike, and discourage the suicidals by publicizing that their bodily remains will be fed to hogs.
Israel used to deter terrorism rather effectively with a policy that any attack would bring swift and severe punishment -- if not to the perpretrators, then to their friends and allies.
"I agree with your overall point, but I think that your paragraph on Katrina may be taken in the wrong way by those who aren't familiar with your writing."
Agree 100%. It's a bad paragraph, done at the last second in an effort to make the piece more current.
I've already asked them to delete it from the essay.
I'm working on another piece on Katrina, an op ed for a newspaper. It'll be published Sunday or Monday.
i thought we didnt do the "punishing the innocent" thing in the US.
so it's effective. does that make it the right thing to do? personally, i'll take a 9/11 every 5-10 years over Orwellian Nightmare/Misdirected Vengeance. in a heartbeat.
"Israel used to deter terrorism rather effectively with a policy that any attack would bring swift and severe punishment -- if not to the perpretrators, then to their friends and allies."
Could you define "effectively" a little better? It seems to me that Isreal, despite that policy, has suffered a few terrorist attacks over the years, and it makes your assertion a bit hard to understand. Are the deterred attacks theoretical, that is, attacks that would have otherwise happened were that pilicy not in place? The problem with saying ANY strategy is effective against attacks is how the results are measured. Every morning since September 12th, I have clapped my hands together 3 times, and so far, nobody else has flown a highjacked plane into a skyscraper. Is this effective?
It's all handwaving. There is no hope of protecting against even 10% of the possible ways a terrorist group could get the attention they're looking for.
It's money we spend so that Americans will feel better and not roll up into little balls. It's wasted. They think we're scaredycats and we prove it by living in fear of the most remote of dangers...becase we're allowed to.
The only possibly-effective (but still disturbing) things we've been able to do are: watch the border traffic more carefully, hunt for witches at home, and most importantly start a bonfire on the other side of the world to draw all of the moths.
The good news is that most terrorists turn out to be zealots who fly blindly into the most visible conflagration. This is a war of attrition -- our hope is that we can deplete those stocks more quickly than they can be replenished. We'll see.
The bad news is that their leaders are smarter and will retrench. We will find out how successful our home witch hunts have been (probably not very), and react to our mistakes quickly and visibly.
In the end, we'll "win", but we will have lost a lot for that victory, and in the meantime we'll waste a lot of time and money to coddle the national psyche instead of telling it to grow up and act like an adult.
So I say let them spend the money wherever they want -- it serves an imaginary but not-up-for-discussion purpose -- as long as emergency responders are also funded to clean up the messes that will occur regardless of the movieplot protection. It could be a modern TVA, with Halliburton representing the peoples' interests.
"I'm now doing a bi-weekly column for them"
You got me excited, I thought "them" was the government :/
effective-things-we-could-do-department: well, we *could* stop interfering with peoples' lives in forceful and unsavory ways around the world. the hatred and retribution would take a while to fall off, but it would dissipate eventually if we started acting righteously. i know it'd make things tougher here with regard to energy economics, but it's the moral thing to do. ha!
Just one nit. I thought the phrase from your December 15, 2002 cryptogram "security will work better if it is centrally coordinated but implemented in a distributed manner" was far more clear than this essay's second point that "many security decisions are made at too low a level".
The latter statement might unintentionally obscure the fine point that information correlation has to happen at the highest practical levels, while implementation (including decisions) needs to be close to the ground.
"We didn't know ..." *is* being offered as an excuse by the government, only it's phrased as, "If we had known the terrorists would use airplanes as weapons, we would have done everything in our power to stop them."
And now, among the first words out of FEMA Director Michael Brown's mouth, out of President Bush's mouth:
WE DIDN'T KNOW.
We didn't know Katrina would be so devastating. We didn't know the levees would fail.
Yet another reason to keep Wired's RSS feed handy.
I look forward to reading your columns.
The reason "we didn't know" is a valid explanation to them is that their security systems depend on knowing. I want them to build security that works even if they didn't know.
Because they won't.
Even with Katrina, by the time they knew -- a few days before -- it was too late to make any changes. All they could do is implement what they had as effectively as possible (which I wish they did).
Few months ago I travelled across the Atlantic Ocean. I convinced my wife to take out all pointy things from her beauty-case.
After few days in the hotel, I noticed that my daughter was using a long pair of metal scissors, to cut papers. She was able to take them in her hand luggage, without any problem.
The problem is not the security measure, but the security holes.
You qoute the FEMA boss and GWB with,
"We didn't know Katrina would be so devastating. We didn't know the levees would fail"
I am as surprised as you are, I would have thought that the levees where "safety critical systems".
When I was involved with the design of SCSs we had to assume that everything would fail in some way, and further to ensure that if the design did fail it would have a predictable and safe mode of failier.
There where two reasons for this, the first was the obvious "Fail safe" the second was "Failiure continuity" in that subsiquent systems would have a known starting point for picking up when the first system failed.
Now call me what you like I assume that, levees / dykes / berms are all fairly well known engineering constructions, they are afterall used for keeping out sea water in a large number of places in the world. Therefore I would assume that their failier modes are kind of well documented. Also due to the nature of weather in say the Indian Ocean, North Sea, Gulf of Mexico etc over the past hundred years or so the variability and nature of this type of bad weather is also known / predictable (10 / 100 / 1000 year storms).
In Europe we have been questioning the sense of building property in flood plains, and low lying areas for some time (in the UK and Holland since Jan 1953 for instance). Even more so people have been questioning the sense in destroying natural flood defenses marshes / swamps / fens etc. In the US for instance your building/zoning codes take into account the effects of Earth Quakes and buildings have to comply
Now I know we have experiance in the Indian subcontinent of what happens in tropical bad weather, the US even has emergancy teams trained for exactly such eventualities.
So two questions (1) why where floods / storms etc not taken into account when the building / zoning codes drawn up for that part of the US ?
(2) given the level of expertiese in this sort of disaster recovery that the US has demonstrated in other parts of the world, why did it not automaticaly come into effect in these areas?
I think finding the answer to these questions might be the most unpalatable part of the clear up for the majority of Americans.
I can't remember the exact quote of Euripides' but it's usually quoted as "Those whom God wishes to destroy, he first makes mad".
However Francis Ford Coppola's paraphrasing of it migh be more appropriate in the modern age: 'Whom God wishes to destroy, he first makes successful in show business'.
somebody once passed comment on hubris with something along the lines of "The Gods first raise up those they wish to destroy".
Exactly. It's appropriate for emergency services on a day-to-day basis to operate 'once they know' - that is, paramedics respond once they are informed of an emergency.
What happened with Katrina is that the focus was on post-incident response, rather than pre-incident preparation/action.
I don't mind someone saying, 'I don't know' when they're asked a question, but the implication is that they'll find out in a timely fashion, or refer me to the person/resource that can answer my question.
I believe that local authorities and the Army Corps of Engineers were well aware of the levee's vulnerabilities. For whatever reason, when it came down to budgeting for it, it was pushed aside in favor of other projects and priorities.
It still doesn't answer why, especially four years after 9/11, this country isn't ready to roll when it has sufficient advance knowledge of the likely impact of a natural event.
The fail-safe point seems to be that deployment of resources requires a request from state/local authorities before FEMA can mobilize. It would seem to me that the far more prudent and effective method would be to proceed to mobilization automatically, and possibly even deploy under certain circumstances. The pivot should be on-site authorities saying 'stand down' instead of 'come on in'.
Now, I'm sure an automatic deployment system could be gamed or socially engineered by a terrorist, but if it means we respond more effectively to natural disasters (which happen all the time), we still come out ahead.
"I believe that local authorities and the Army Corps of Engineers were well aware of the levee's vulnerabilities. For whatever reason, when it came down to budgeting for it, it was pushed aside in favor of other projects and priorities."
This is discussed quite a bit on another log entry:
But there's an even more fascinating element of this topic here I was just reading about:
"Lt. Gen. Carl Strock, chief of engineers for the Corps, dismissed suggestions that recent federal funding decreases or delayed contracts had any impact on levee performance in the face of Katrina's overwhelming force.
Instead he pointed to a danger that many public officials had warned about for years: The system was never designed to withstand a storm of Katrina's strength.
'It was fully recognized by officials that we had Category Three [hurricane] level of protection,' Strock said. 'As projections of Category Four and Five were made, [officials] began plans to evacuate the city.
'We were just caught by a storm whose intensity exceeded the protection that we had in place.'"
They go on to discuss that a feasibility study of enhanced hurricane safety was already underway, yet upgrading was considered unlikely to finish any sooner than 20 years from now (based on estimates probably only using current levee technology).
Terrorists don't do movie plots only because _Debt of Honour_ didn't get made into a movie (yet...).
Since we can't effectively defend against all terrorist vectors, does it really matter which very small subset of possible attacks the Generals are worrying about?
Maybe if the went even more extreme more people would realize it's a waste of resources.
I have a comment for those who keep repeating security "needs" and "should-be's".... would all this security be truly neccessary if there were less reasons continually happening which perpetuate the need for further and ever-increasing security measures? Don't get me wrong ... I do not agree with or condone the taking of innocent lives... or any life for that matter. I fully agree the incidents surrounding the 9/11 attacks were heinous and un-forgiveable. What I would like to ask is why were they perpetrated in the first place? It's easy to call these people terrorists.. zealots... lunatics... or any other of a thousand more colorful names... but shouldn't someone eventually ask the question.. what made them do what they did? WHY did they feel there was no other recourse? I know people may think I am sympathetic to extremists or terrorists... but I can assure you I am not. I served for years in the military and watched many... of what I and others would call... atrocities commited in the name of a "national best interest". I knew then it would only be a matter of time before those suffering those atrocities reached a point where they would no longer sit down and do nothing. My only fear... is that they are not yet ready to sit down again... as the atrocities have yet ceased to continue.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.