Don't Look a Leopard in the Eye, and Other Security Advice
By Bruce Schneier
If you encounter an aggressive lion, stare him down. But not a leopard; avoid his gaze at all costs. In both cases, back away slowly; don't run. If you stumble on a pack of hyenas, run and climb a tree; hyenas can't climb trees. But don't do that if you're being chased by an elephant; he'll just knock the tree down. Stand still until he forgets about you.
I spent the last few days on safari in a South African game park, and this was just some of the security advice we were all given. What's interesting about this advice is how well-defined it is. The defenses might not be terribly effective -- you still might get eaten, gored or trampled -- but they're your best hope. Doing something else isn't advised, because animals do the same things over and over again. These are security countermeasures against specific tactics.
Lions and leopards learn tactics that work for them, and I was taught tactics to defend myself. Humans are intelligent, and that means we are more adaptable than animals. But we're also, generally speaking, lazy and stupid; and, like a lion or hyena, we will repeat tactics that work. Pickpockets use the same tricks over and over again. So do phishers, and school shooters (.pdf). If improvised explosive devices didn't work often enough, Iraqi insurgents would do something else.
So security against people generally focuses on tactics as well.
A friend of mine recently asked me where she should hide her jewelry in her apartment, so that burglars wouldn't find it. Burglars tend to look in the same places all the time -- dresser tops, night tables, dresser drawers, bathroom counters -- so hiding valuables somewhere else is more likely to be effective, especially against a burglar who is pressed for time. Leave decoy cash and jewelry in an obvious place so a burglar will think he's found your stash and then leave. Again, there's no guarantee of success, but it's your best hope.
The key to these countermeasures is to find the pattern: the common attack tactic that is worth defending against. That takes data. A single instance of an attack that didn't work -- liquid bombs, shoe bombs -- or one instance that did -- 9/11 -- is not a pattern. Implementing defensive tactics against them is the same as my safari guide saying: "We've only ever heard of one tourist encountering a lion. He stared it down and survived. Another tourist tried the same thing with a leopard, and he got eaten. So when you see a lion...." The advice I was given was based on thousands of years of collective wisdom from people encountering African animals again and again.
Compare this with the Transportation Security Administration's approach. With every unique threat, TSA implements a countermeasure with no basis to say that it helps, or that the threat will ever recur.
Furthermore, human attackers can adapt more quickly than lions. A lion won't learn that he should ignore people who stare him down, and eat them anyway. But people will learn. Burglars now know the common "secret" places people hide their valuables -- the toilet, cereal boxes, the refrigerator and freezer, the medicine cabinet, under the bed -- and look there. I told my friend to find a different secret place, and to put decoy valuables in a more obvious place.
This is the arms race of security. Common attack tactics result in common countermeasures. Eventually, those countermeasures will be evaded and new attack tactics developed. These, in turn, require new countermeasures. You can easily see this in the constant arms race that is credit card fraud, ATM fraud or automobile theft.
The result of these tactic-specific security countermeasures is to make the attacker go elsewhere. For the most part, the attacker doesn't particularly care about the target. Lions don't care who or what they eat; to a lion, you're just a conveniently packaged bag of protein. Burglars don't care which house they rob, and terrorists don't care who they kill. If your countermeasure makes the lion attack an impala instead of you, or if your burglar alarm makes the burglar rob the house next door instead of yours, that's a win for you.
Tactics matter less if the attacker is after you personally. If, for example, you have a priceless painting hanging in your living room and the burglar knows it, he's not going to rob the house next door instead -- even if you have a burglar alarm. He's going to figure out how to defeat your system. Or he'll stop you at gunpoint and force you to open the door. Or he'll pose as an air-conditioner repairman. What matters is the target, and a good attacker will consider a variety of tactics to reach his target.
This approach requires a different kind of countermeasure, but it's still well-understood in the security world. For people, it's what alarm companies, insurance companies and bodyguards specialize in. President Bush needs a different level of protection against targeted attacks than Bill Gates does, and I need a different level of protection than either of them. It would be foolish of me to hire bodyguards in case someone was targeting me for robbery or kidnapping. Yes, I would be more secure, but it's not a good security trade-off.
Al-Qaida terrorism is different yet again. The goal is to terrorize. It doesn't care about the target, but it doesn't have any pattern of tactic, either. Given that, the best way to spend our counterterrorism dollar is on intelligence, investigation and emergency response. And to refuse to be terrorized.
These measures are effective because they don't assume any particular tactic, and they don't assume any particular target. We should only apply specific countermeasures when the cost-benefit ratio makes sense (reinforcing airplane cockpit doors) or when a specific tactic is repeatedly observed (lions attacking people who don't stare them down). Otherwise, general countermeasures are far more effective a defense.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.