Schneier on Security
A blog covering security and security technology.
« Counterfeiting Is not Terrorism |
| Port Defense Against Swimming Terrorists »
May 31, 2007
Tactics, Targets, and Objectives
If you encounter an aggressive lion, stare him down. But not a leopard; avoid his gaze at all costs. In both cases, back away slowly; don't run. If you stumble on a pack of hyenas, run and climb a tree; hyenas can't climb trees. But don't do that if you're being chased by an elephant; he'll just knock the tree down. Stand still until he forgets about you.
I spent the last few days on safari in a South African game park, and this was just some of the security advice we were all given. What's interesting about this advice is how well-defined it is. The defenses might not be terribly effective -- you still might get eaten, gored or trampled -- but they're your best hope. Doing something else isn't advised, because animals do the same things over and over again. These are security countermeasures against specific tactics.
Lions and leopards learn tactics that work for them, and I was taught tactics to defend myself. Humans are intelligent, and that means we are more adaptable than animals. But we're also, generally speaking, lazy and stupid; and, like a lion or hyena, we will repeat tactics that work. Pickpockets use the same tricks over and over again. So do phishers, and school shooters. If improvised explosive devices didn't work often enough, Iraqi insurgents would do something else.
So security against people generally focuses on tactics as well.
A friend of mine recently asked me where she should hide her jewelry in her apartment, so that burglars wouldn't find it. Burglars tend to look in the same places all the time -- dresser tops, night tables, dresser drawers, bathroom counters -- so hiding valuables somewhere else is more likely to be effective, especially against a burglar who is pressed for time. Leave decoy cash and jewelry in an obvious place so a burglar will think he's found your stash and then leave. Again, there's no guarantee of success, but it's your best hope.
The key to these countermeasures is to find the pattern: the common attack tactic that is worth defending against. That takes data. A single instance of an attack that didn't work -- liquid bombs, shoe bombs -- or one instance that did -- 9/11 -- is not a pattern. Implementing defensive tactics against them is the same as my safari guide saying: "We've only ever heard of one tourist encountering a lion. He stared it down and survived. Another tourist tried the same thing with a leopard, and he got eaten. So when you see a lion...." The advice I was given was based on thousands of years of collective wisdom from people encountering African animals again and again.
Compare this with the Transportation Security Administration's approach. With every unique threat, TSA implements a countermeasure with no basis to say that it helps, or that the threat will ever recur.
Furthermore, human attackers can adapt more quickly than lions. A lion won't learn that he should ignore people who stare him down, and eat them anyway. But people will learn. Burglars now know the common "secret" places people hide their valuables -- the toilet, cereal boxes, the refrigerator and freezer, the medicine cabinet, under the bed -- and look there. I told my friend to find a different secret place, and to put decoy valuables in a more obvious place.
This is the arms race of security. Common attack tactics result in common countermeasures. Eventually, those countermeasures will be evaded and new attack tactics developed. These, in turn, require new countermeasures. You can easily see this in the constant arms race that is credit card fraud, ATM fraud or automobile theft.
The result of these tactic-specific security countermeasures is to make the attacker go elsewhere. For the most part, the attacker doesn't particularly care about the target. Lions don't care who or what they eat; to a lion, you're just a conveniently packaged bag of protein. Burglars don't care which house they rob, and terrorists don't care who they kill. If your countermeasure makes the lion attack an impala instead of you, or if your burglar alarm makes the burglar rob the house next door instead of yours, that's a win for you.
Tactics matter less if the attacker is after you personally. If, for example, you have a priceless painting hanging in your living room and the burglar knows it, he's not going to rob the house next door instead -- even if you have a burglar alarm. He's going to figure out how to defeat your system. Or he'll stop you at gunpoint and force you to open the door. Or he'll pose as an air-conditioner repairman. What matters is the target, and a good attacker will consider a variety of tactics to reach his target.
This approach requires a different kind of countermeasure, but it's still well-understood in the security world. For people, it's what alarm companies, insurance companies and bodyguards specialize in. President Bush needs a different level of protection against targeted attacks than Bill Gates does, and I need a different level of protection than either of them. It would be foolish of me to hire bodyguards in case someone was targeting me for robbery or kidnapping. Yes, I would be more secure, but it's not a good security trade-off.
Al-Qaida terrorism is different yet again. The goal is to terrorize. It doesn't care about the target, but it doesn't have any pattern of tactic, either. Given that, the best way to spend our counterterrorism dollar is on intelligence, investigation and emergency response. And to refuse to be terrorized.
These measures are effective because they don't assume any particular tactic, and they don't assume any particular target. We should only apply specific countermeasures when the cost-benefit ratio makes sense (reinforcing airplane cockpit doors) or when a specific tactic is repeatedly observed (lions attacking people who don't stare them down). Otherwise, general countermeasures are far more effective a defense.
This essay originally appeared on Wired.com.
EDITED TO ADD (6/14): Learning behavior in tigers.
Posted on May 31, 2007 at 6:11 AM
• 64 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Very interesting article. It reminds me of what a local forest ranger told us to do if we encountered a black bear face to face. He said if the bear charges, you stand your ground. 9 times out of 10 he is just bluffing and will turn away at the last second. First off, I doubt I would have the willpower to do that. Secondly how did he know that? Did they do an experiment with 10 people where 9 people stood their ground successfully and the 10th guy ... well, you know, he's recovering nicely. I get the impression a lot of these tactics are lies and made up facts.
Concerning TSA, it appears that their tatics are not working anyways. Consider the Georgia TB man and the fact he was on the "no-fly" list, but was able to fly anyways.
"To evade the no-fly list, which they assumed only involved jets bound for the United States, the man and wife flew into Canada and drove a car into the U.S. At every check of their passports, he said they feared being caught, but weren't."
Source - http://www.ajc.com/health/content/health/stories/...
I have read numerous artices you have posted on false postives with the TSA "no-fly" list. Now we have a false negative, which most computer security personnel know is much worst.
When I leave town I place many of my valuables in the freezer. It's not to protect them from burglars, but to decrease the risk of damage from a less than catastophic fire. That it might protect me from teenage thieves or less experienced burglars is an added plus.
Perhaps DHS should broaden their horizons and take a similar approach. Instead of the primary goal of checking shoes for explosives, they should check feet for odor, fungus, corns, and fallen arches and provide treatment. They can check shoes for explosives during the exam.
No more cavity searches in the name of national security either. Everyone traveling should be given free dental exams, colonoscopies, and (if appropriate) gynecological exams. Should explosives be found during the exams then that's a plus.
Keep a team of doctors and surgeons by the airport X-Ray machine to watch for signs of cancer. If they spot something dangerous under our clothes in the meantime then good for them.
We, the travelers, get free medical exams and health care as they, the new Department of Health Safety and Homeland Security, protect us.
That also reminds me of another piece of survial advice. You don't have to be faster than the bear (lion, leopard, shark, etc.); you just have to be faster than the guy next to you.
"I get the impression a lot of these tactics are lies and made up facts."
It depends. If they consulted the locals -- native Africans or, in your case, native Americans -- who have lived there for millenia, then the tactics are probably good ones. If they just made it up based on their own observations, your cynicism is probably correct.
"I told my friend to find a different secret place, and to put decoy valuables in a more obvious place."
For the sake of your friend, I hope that the "different secret place" was a safe bolted to the floor.
@ Bruce Schneier
There is a lot of evidence that as the Massi warrior comming of age ritual (where the boy goes out and kills a lion) has made lions in the area extreamly weary of bi-peds wearing red.
This kinda reminds me of an old joke I heard many years ago when I was getting my dive certification.
A non-diver asked a diver why you're always supposed to dive with a buddy. The diver explained it was for safety, to have a support person with you in case something goes wrong. Then he asks the diver why he carries a dive knife. The diver explains it was that, in case of a shark attack, you can slice your buddy's wrist and swim for help.
Not every security precaution is a good one.
the best way to deal with al queda (sp?) is to attack their ideology and them as well... eliminate their recruiting pipeline and eliminate their leadership :)
> A single instance of an attack that didn't work
> [...] or a single instance that did -- 9/11 -- is
> not a pattern. Implementing defensive tactics
> against them is the same as my safari guide
> saying: "We've only ever heard of one tourist
> encountering a lion
How glib. One thing that analysis ignores is the
tremendous cost of even one individual
successful attack of the Al Qaeda wish list
> Al-Qaida terrorism is different yet again.
> The goal is to terrorize. It doesn't care
> about the target, but it doesn't have any
> pattern of tactic, either.
There is not a single tactic, but there are
plenty of patterns. Things that go boom for
And please be more cautious in claiming
to speak for them regarding their goals.
They have spoken many times on the subject,
and mere "terrorizing" was not in the top five.
Three old jokes (for which I appologise),
The Warrior chief is talking to his son one day trying to pass on some worldly wisdom.
"Son if you ever see a lion about to attack you run 50 yards, bend down and pick up a piece of s**t and throw it in the lions eyes"
His son considers this for a moment and looks up and says
"But dad what if there is not any s**t to pick up?"
His dad looks down at him with a fond and peternal smile and says
"Don't worry son there will be oh yes there most definatly will be"...
Two guys are walking through the jungle and a tiger leaps out and starts running towards them. Bob starts to run but Jim just kneals down to tie his boot laces.
Bob turns to look at Jim and says,
"Jim why are you tying your laces? you will never outrun the tiger"
Jim looks up smiles and says
"Bob I don't need to out run the tiger only you"
Two tigers are walking down Oxford Street London looking in the shop windows. One tiger turns to the other and says,
"It sure is quite for a Saturday afternoon"
I have no idea if these are true, but they underscore that you really want to know (a) the whole story, (b) its authenticity and/or the stroy tellers sense of humor.
Years ago in Glacier National Park, I heard that you should act like a predator if you come across a Grizzly by slowly circling the bear. Later I heard that the rangers did this. However, a tiny detail was omitted - Jeeps were involved.
You know the stories of drowning sailors rescued by dolphins. I've heard that there is an equal probability that the dolphin was being playful and the direction was random. What a bummer to be 20 yards from shore and taken for a ride the wrong way. And who whould ever know?
Wonder if the Mythbusters would tackle something that doesn't involve rapid disassembly.
> Given that, the best way to spend our
> counterterrorism dollar is on intelligence,
> investigation and emergency response. And to
> refuse to be terrorized.
In other words, take no preventative steps. That is not a very satisfactory policy, to say the least.
What about reducing the adversary's capacity for launching attacks? Or infiltrating to gain advance information of planned attacks? Or working to eliminate the factors that motivate attackers? Or campaigning for the hearts and minds of people to reduce the adversary's supply of recruits? Or inflicting severe consequences on the attackers as a deterrent? etc.
It is a primary responsibility of governments to protect the people. We can debate which preventative measures are most effective, but some measures must be taken. Great emergency response is not sufficient. Not even close.
Great essay, but I'm not sure if I agree with the assertion that terrorism "does not care about the target". It seems to me that they care about the target very much, they have a goal, which isn't to cause terror somewhere in general, but rather to cause terror somewhere specific. For example, if a terrorist group wants to end the US presence in the middle east, and the US is well defended, they will not attack Canada instead. They are targeted, but it is just that the target is not an individual, but a group.
This is not to say that I don't agree with your conclusion, I do, but rather that I think that it speaks of a different problem. If someone is after a priceless painting on your wall, then you really have two options: security (alarms, guards, etc.) or getting rid of the painting (e.g. - putting it in a museum). The first is dealing with the threat directly, and the second is removing the motivation for the attack. Although it could be argued that the second option is merely a rephrasing of the first (museums have security), that wouldn't quite be true, you would no longer be the target.
For terrorism, we also have two choices (neither of them mutually exclusive). The first is what you have reccommended, and the second is to attempt to figure out the motivations of the attackers and deal with those. The second option reflects the perspective that it is possible to create enemies faster than you can kill them, and, in our current situation, would require a considerable foreign policy shift, which probably won't come about any time soon. The second, however, is good policy no matter the situation, as unless nothing ever goes wrong, the money will not be wasted.
Again, great essay.
"If they consulted the locals -- native Africans or, in your case, native Americans -- who have lived there for millenia, then the tactics are probably good ones."
From the POV of the community, the best defence against being eaten by lions is to make sure to kill any lion that attacks a human (or, to be safe, who threatens one, or spends too much time near where humans are). Sucks for the first guy, but everyone else stays safe. Surely this strategy will massively dominate the effects of what that first guy does in the hope of surviving?
So, while I can believe that the locals have it figured right, I can also believe that they've got it wrong and just not noticed, because the vast majority of lions don't get to spend much time around humans, and hence on close examination decide that they'd best not mess with something they don't recognise.
The lion example might be a case of a good tactic, it might also be a case of bad tactic, analogous to the DHS's claim that since there hasn't been a mainland US attack in over 5 years, their counter-measures must be working. It's *testing whether it works* that makes good policy, not the fact that the tactic has survived for millennia.
By the way, does it make a difference whether you're faced with a lion (who fights to establish dominance) or a lioness (who hunts for food)?
BTW, in case it is not self-evident, intelligence and investigation are purely passive activities. They don't prevent anything. Some action must be taken based on those things in order to prevent an attack. Preventative measures are active measures. Those are the ones that generate the most controversy, but you still have to do them if you are going to prevent anything..
All these jokes...
How do you tell a black bear from a grizzly?
Climb a tree. If it climbs up after you, it's a black bear. If it rips the tree down, it's a grizzly.
And... When you're hiking and come across bear dropping, how do you know what kind of bear is in the area? You can usually see the remains of berries in black bear poop. And grizzly poop? Well, you know those bells that hikers use to keep bears away?
Humans always react instinctively when there uncertainty driven by fear(Like loss of life etc ) .I doubt Bruce that if really lion had attacked , you would have followed your instinct then of following the instructions given to you;)
Refusing to be terrorized is a preventative step. Terrorists attack people for political reasons: if they know that attacks won't change our politics, they won't attack. The IRA didn't stop bombing Britain because they couldn't get bombs into Britain any more, they did it because they discovered that Sinn Fein would have more political impact on Britain if the IRA disarmed than if it didn't. That doesn't apply to al-Qaida: right now, and for the foreseeable future, they have more influence on the US as terrorists then they could expect as politicians.
Intelligence-gathering and investigation are preventative steps. If you know where the major terrorist organisers are, and who they hang out with, and you tap their phones, then you'll have a good idea what they're planning and where they're planning it.
Stopping anyone by the name of "Muhammed Hussain" from boarding a plane, or anyone at all from taking bottles of water onto a plane, is not a preventative step. It's a waste of money, because the overwhelming majority of bottles of water and people called Muhammed Hussein have nothing to do with any kind of terrorism, and the overwhelming majority of terrorism has nothing to do with anyone called Muhammed Hussein or any bottles of water.
The difference is that banning bottles of water *looks* like doing something, because it affects everyone very visibly, and it appears connected to a specific threat. Intelligence-gathering doesn't *look* like doing anything, because it's done in secret.
"Something must be done, this is something, therefore this must be done" is no kind of logical argument, although it's often the best you'll get out of the government.
"It is a primary responsibility of governments to protect the people."
But it's *the* primary responsibility of government to obey the people. This is why, when governments abolish constitutional protections in the name of safety, the result is usually pretty bad, and distinctly unsafe.
I suppose I should add, in case it isn't self-evident, that once you've done the intelligence, and learned who is planning what and where, the consequent preventative step is to arrest them for breaking the law, try them before a jury, and imprison them.
I don't think anybody is claiming that this step should not be taken, just that it isn't the step which our governments (mine being British, that of most readers here being American) have really committed to.
"Refusing to be terrorized" is a convenient phrase but what does it mean, in terms of policy? In a large country with hundreds of millions of citizens, terrorist attacks will produce a reaction. There is nothing that government policy can do to prevent that.
Intelligence gathering and investigation are purely passive. They prevent nothing, unless an active preventative step is taken based on the information. It is those active preventative steps that generate all the controversy.
Bruce's article advocates nothing but gathering information and emergency response. Those are worthless by themselves in preventing attacks.
I'm all for a healthy debate of what preventative measures we should take. But this article does not propose *any* real preventative measures.
From the article, you quote
>Given that, the best way to spend our counterterrorism dollar is on intelligence, investigation and emergency response. And to refuse to be terrorized.
>We should only apply specific countermeasures when the cost-benefit ratio makes sense (reinforcing airplane cockpit doors) or when a specific tactic is repeatedly observed (lions attacking people who don't stare them down).
...from which I infer you're missing the point. The framework being pushed here is the cost-benefit view. What you characterise as not taking any preventative steps is really refusing to get trapped in a losing game in which attackers with the initiative get to dream up and try new tactics, while you spend huge effort and resources defending against all the tactics they've already used, or talked about, even only once.
You (should) do the simple, essential, cheap things that bar the door to easy attacks (cockpit door reinforcement is not a big investment), but choose to marshal your remaining security investment in aeras with greater payoff -- investigations, intelligence, etc. That's a game we can at least potentially win.
Of course, DHS doesn't even do the simple things -- port security, chemical plants, etc. But their agenda doesn't appear to include actual security.
How is a dead lion going to tell the other lions to watch out for bipeds wearing red?
...And the view that investigations and intelligence do nothing to prevent attacks is demonstrably wrong. The British round-up of the group experimenting with liquid explosives last year is an example --- they had those guys under a microscope for over a year -- every time one of them farted, the police got an H2S reading.
One might wish that the FBI was still in the business of carefully building criminal cases like that, instead of busting loose-talking idiots after a few days work, and calling a press conference to celebrate. But we don't do that anymore.
You're assuming the lion always loses.
I don't believe Bruce was suggesting *only* passive measures as he talks of counter measures.
- Intelligence and investigation may be passive, but they let you make specific decisions. They require that you make an active informed decision and take some course of action. There's an old principle about testing for a condition. If your reaction to all of the results is the same, the test is pointless.
- I'm not sure that "refusing to be terrorized" is just a convenient phrase. To me it seems a call to people to THINK about their choices. It's about not running around like scared mice at the drop of a hat or turn of a phrase. Yes, be more cautious and careful. That makes us more vigilant (provided we're thinking). Being scared just makes us pathetic.
- "We should only apply specific countermeasures when the cost-benefit ratio makes sense" ("repeatedly observed" tactics affects the cost so it's just the other side of the same coin). I think it should be obvious that if I have specific information on a threat, a preemptive blow or defense falls under "the cost-benefit ratio makes sense".
I include a lot more than $ in the "costs" above.
Valid point. On the other hand, how is a *live* lion going to tell other lions about bipeds dressed in red, I wonder.
Neal: I hope that you never have a temporary power cut while you're away, or you may find your valuables encased in ice!
(though this would also ensure they were not stolen - having to steal a solid block of ice frozen into the bottom of a freezer).
Also, weirdly, thieves have been known to steal chickens etc. from freezers. Weird, but theft is just like shopping from their PoV...
The lions would have heard about the guys in red from the Al Jazeera channel.
Why would the black-hats share intel or attack effectiveness any less than the white-hats?
""Refusing to be terrorized" is a convenient phrase but what does it mean, in terms of policy?"
I can give examples of what policies it rules out. It means not advising the populace to buy duct tape and plastic sheeting. It means not reporting in December 2006, as John Reid did, that the a terrorist attack over the Christmas period is "highly likely". It means not prioritising in the public mind the threat of terrorism over other, more harmful threats (like organised crime, or breaches of health and safety legislation in work places). It means not defining (as has happened in the UK) a Muslim planning a bomb as a terrorist, and a white fascist planning a bomb as a regular criminal. It means the police not shooting mis-identified innocent people just because they're on public transport.
The government should be treating terrorism as a primarily criminal problem, not a military one. It should be using existing laws and processes, not seeking new ones or taking extrajudicial action. It should be making clear that the terrorist threat is containable and manageable using proven approaches, not that it's "unlike anything we've ever seen before". It should state that it does not threaten our way of life, even though it poses a threat to life, not that the threat of terrorism necessitates drastic changes to our laws and our behaviour.
It's true that the populace will react to terrorism. It's also true that the government has a choice whether to encourage particular types of reaction, through its statements, advice, and actions. Since terrorist attacks will almost certainly not become common in the US or UK, both governments can win votes from those they encourage to be terrified, with very little chance of major failure. Of course that might not have occurred to either of them - I wouldn't want to wrongly accuse them of rabble-rousing.
"It is those active preventative steps that generate all the controversy."
Not when they're based on solid evidence, acquired through intelligence sources or otherwise, which can be presented in court.
It is totally uncontroversial to arrest a criminal, try him, and sentence him for life for planning an explosion (actually, the last such trial in the UK has been a bit controversial, but only because it took over a year in court).
It is highly controversial to generally discriminate against Muslims (or the Irish) and those protesting against the government, in the hope that this will inconvenience terrorists sufficiently to prevent attacks (in the language of the British government, at least, this is called "creating a hostile environment for terror").
It is highly controversial to arrest thousands of people using counter-terrorist powers, detain them for extended periods or indefinitely, and for the majority bring either no charges, or nothing more serious than immigration offences or other petty crimes.
It is highly controversial to employ torture.
These measures aren't controversial because they're "active", they're controversial because they're unjust and inhumane, they're dishonest on the part of the government, and most importantly, they don't work very well.
I think "refusing to be terrorized" is very important. Terrorists want us to change. Being terrorized leads to making poor decisions such as giving up significant freedoms for marginal gains in actual security. I believe that in response to terrorism we have implemented a forign policy which is not in our best interest and has bolstered terrorists.
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." attributed to Ben Franklin.
The problem with the cost-benefit approach is that the benefit is impossible to quantify. Has an attack been prevented? Several? Or none? How can you prove that you have prevented even one attack?
Even if you know you have prevented an attack, how do you determine the value of preventing the attack? Supposing 9/11 could have been prevented, what would have been the value of that? Values could be assigned to the airplanes and buildings, the cleanup and response. But how do you assign a value to the lives lost? Do you include the costs of the resulting wars, and the lives lost there? If we cannot even establish the value of preventing an attack that actually occurred, how could you possibly place a value on preventing an attack that did not occur?
The costs of the countermeasures are easy to see. They are tangible, and have palpable impact. We experience those costs. But the costs on the other side of the ledger are imaginary. They are dismissed as "movie plot" scenarios precisely because they did not happen. This calculus always returns an answer that the countermeasures cost too much, because the avoided costs are not given legitimacy.
I'm still waiting for a discussion of active countermeasures to prevent terrorist attacks. I asked the same question in the discussion of Bruce's previous article, and I ask it again. What would you do to prevent another 9/11-scale attack?
> How is a dead lion going to tell the other lions to watch out for bipeds wearing red?
writing in Lionear B
They only killed male liones who most usually are close to a pride (they don't kill them any longer as the lions are worth a lot more alive for tourist dollars).
The pride learns, in the same way as the wild European wolf has learned not to howl (it gets you a lump of lead between the ears)
Anyway if you visit Massi areas the one thing that you fairly quickly notice is that they realy do not care and will quite happily walk past a pride of lions...
>Implementing defensive tactics against [unique attacks] is the same as my safari guide saying: "We've only ever heard of one tourist encountering a lion. He stared it down and survived. Another tourist tried the same thing with a leopard, and he got eaten. So when you see a lion...."
If only one person has met a lion and lived to tell of it (while hundreds have disappeared), then I'd very much like to know what that one did/said/wore, so that I can emulate it as much as possible if I meet a lion.
But if it is Received Wisdom that one should stare down lions, and there's still been only one survivor (and hundreds of missing), then maybe it isn't working very well. Folk wisdom isn't always sound.
But these tactics work (if they do) because we have culture and lions basically don't. We can invent (or stumble upon) good tactics and teach them to each other, while lions must rely on instinct and natural ability -- impressive ability and beatifully honed instinct, but still not as adaptive as our intelligence and language.
If terrorists were like lions, we'd be catching dozens of them every day when they tried to board planes with their pockets full of box knives.
If lions were like terrorists they'd be exchanging email bulletins: "As of 31-5-7, if something tall and strange stares you down, it's probably slow and helpless. Please report any experience with this type of prey."
"Refusing to be terrorized is a convenient phrase but what does it mean, in terms of policy? In a large country with hundreds of millions of citizens, terrorist attacks will produce a reaction. There is nothing that government policy can do to prevent that."
WHat a defeatist load of bunk... lots of countries with large populations, and in particular greater population densities, have been subject to terrorism for a lot longer than the US and haven;t resorted to the FUD and terrorizing of their own citizens the way the US has. The US government keeps its citizens in a state of fear to help rationalize its unpopular domestic and forigem agendas denser occutpation in even
> What a defeatist load of bunk...
What a reasoned argument.
The best that government policy can hope to do is to have an incremental effect on the reaction of the population. BTW there is far less that government can do about this in a country with a free press. Contrary points of view will be expressed.
I notice that most of the objections being raised here are specifically taking issue with US and British policy response to terrorism. My comments are more generic in nature. I want to find out what this community thinks would be appropriate and sufficient steps to prevent major terrorist strikes against this country.
BTW, if the computers archiving the comments in this thread survive the next major terrorist attack, it will provide an interesting review.
"Why are you putting on running shoes? You can't outrun that bear!"
"Son, I don't have to outrun the bear. I just have to outrun you."
The TSA's "tactics", if you can call them that, don't defend against even the perceived threat. Making my shoes go through the X-Ray machine isn't going to identify the chemical nature of my shoe strings. The minimum wager running the X-Ray machine can't tell if my shoe laces are string, leather, or plastic explosives. It's a hollow attempt by the TSA to pretend they're doing "something" to prevent another shoe bombing style attack, but it wouldn't stop the actual attempt if someone tried it.
> I want to find out what this community thinks would be appropriate and sufficient steps to >prevent major terrorist strikes against this country.
Nice try, but I don't think Bruce or anyone else here is going to play the game of claiming that any set of steps is 'sufficient' to prevent terrorist attacks. The whole point of the 'movie plot' contest was to show how many different ways attacks could happen (and that left out the simplest ones, such as the Beltway snipers), and how attempting to stop every possible angle of attack is futile, and a huge waste of resources.
Which is not saying there aren't appropriate steps, which involve both active efforts to thwart known terrorists (targeted intelligence gathering and police work), cost-effective efforts to reduce some vulnerabilities (for instance reinforcing cockpit doors, searching cars entering Bagdhad's Green Zone, etc), and efforts to reduce the damage done by an attack (improving emergency response). But there's nothing, no matter how expensive, that guarantees no attacks.
By the way, there is a real difference in how one should defend against grizzly bear attacks (usually cover up, be no threat) and black bear attacks (always fight back with all means available).
The fact that benefits are hard to quantify does not change the fact that one inevitably performs a cost-benefit analysis in deciding how to allocate security resources. It is better to perform such an analysis with realistic costs and benefits than otherwise, but one cannot avoid having to perform it at all.
I would say that an example of a very poor cost function is implicit in your requirement that all attacks, or even all major attacks, should be prevented. That essentially puts the cost of an attack at infinity, an mandates that we do everything and anything to stop terrorists. This kind of logic is essentially the reason why many fundamental rights and liberties are under systematic assault in and by the U.S. at the moment -- from mass eavesdropping to open-ended detentions without trials or rights, to torture, all of which are justified on the basis that catching even one terrorist plot is worth any cost.
In fact, there are worse things than occasionally losing a couple of buildings full of people, as terrible as that is. Losing our democratic liberties is worse. Defending the country by undermining the principles that make it worth defending in the first place, that's a bad tradeoff driven by a poor choice of cost function.
I realize that this discussion is more about DHS stupidity than rights, and I'm not attributing to you any of the views on detention, torture, etc. that I deplore here. But I do think it worth recognizing that at some point it is better to accept some rate of failure, because beyond that point the alternatives are worse.
I agree that we do perform a seat-of-the-pants cost benefit analysis in these matters. My point is that in doing an after-the-fact analysis (ie, did we really need to spend all that money we spent?) we will almost always fail to perceive the full avoided costs of events that did not happen. Our hindsight is not 20/20. Perhaps it is also true that in estimating for the future we might overestimate the cost due to the anticipated attack.
I am not in any way suggesting that we must be 100% effective in preventing all attacks. I do think we need to be pretty close to that for the most disastrous ones (think nuclear explosion in a major city). If we fail at preventing that, who would argue that we did enough?
We have never had complete civil liberty. Paying taxes infringes on my complete liberty. Obeying traffic laws infringes... etc. Everything government does infringes on someone's liberty in some way. I have some libertarian leanings but sometimes one must trade off one thing for another. The optimal tradeoffs are matters of opinion. It is not surprising that people disagree about the best approach.
Some parts of this subject can be discussed objectively. (Some measures are just silly. Some are counterproductive. Sometimes one approach is more efficient than another. etc)
Other aspects are subjective. For example, perhaps in some scenarios privacy can be traded off against security. Some people value the privacy more, and others value the security more. The balance has to be worked out in the political process.
I can't agree that we must be 100% certain of preventing the worse attacks, even nuclear ones. It's simply not possible to reach that level of certainty, and trying to get there will certainly result in a monstrous warping of our society.
It is saner to attempt to quantify this kind of risk the way climate modelers and disaster planners do for large storms --- build levees to contain the one-in-a-century storm, but not to contain any conceivable storm.
Similarly we should ask, "What would it cost to reduce the risk of a nuclear explosion in a U.S. city to once a century? How about one every two centuries?" etc. Then we might be able to perform a sensible analysis -- particularly since, as far as I can tell, the difficulties for a non-state actor of procuring, assembling, and delivering a weapon are such that we may be at that risk level now. But we'd still be talking about a holocaust per century or so, not a holocaust never.
Incidentally, I would point out that we did in fact just lose a major U.S. city last year. It was a hurricane what done it, not a terrorist group, which I assume is why most Americans don't seem to be as exercised about it as they do about getting nuked. Apparently we rate natural risk less emotionally than hostile intent risk, even though Katrina did much more damage than any plausible terrorist nuke could...
Natural selection. Those that have some gene that causes them to be slightly more scared of people in red have much higher chance of surviving. Thus after several generations, most living lions are scared of people in red.
Frank Ch. Eigler said:
"And please be more cautious in claiming
to speak for them regarding their goals.
They have spoken many times on the subject,
and mere "terrorizing" was not in the top five."
Frank: this is evidence of nothing. Do you think that if your goal was to terrorize people, you'd spread the word that your primary goal was just to scare people? Wouldn't that make them less scared and completely defeat your goal?
I don't propose that I've proven that terror is their #1 goal. You just need to be careful about believing what people (especially Al-Qaeda sorts) say.
"Apparently we rate natural risk less emotionally than hostile intent risk"
Absolutely we do, if we're not careful to avoid doing so.
I think the single most positive step we can take in dealing with terrorism is to consider it fairly along with other threats, rather than giving it a category of its own created through fear.
To me, it seems a nonsense that the next terrorist attack, according to some, must be prevented at any cost, whereas New Orleans' levees were judged not worth maintaining against the risk of catastrophic flood. It then seems murderous insanity that the US army could invade Iraq to "liberate them from dictatorship", but FEMA couldn't (or anyway didn't) evacuate or even assist a mid-sized city of its own people.
Even if the first duty of government is to protect its citizens, then any government fails which determines that it will defend against one threat at any cost, and therefore diverts resources which would better protect those same citizens if used to defend against another, greater threat.
@Alan: in answer to your question about specific measures, I'm not going to pretend I'm capable of developing a detailed counter-terrorism strategy. That's what all the folks at the FBI/police/MI5, NSA/GCHQ, CIA/MI6, should be doing, under the direction of the policy-makers. I don't know whether anyone is actually planning to blow up a sporting event, because the CIA won't tell me, so there's no point me trying to plan out the optimal Super Bowl security or whatever.
What I will say, is that all the measures approved for use against criminals are appropriate for use against terrorism. All the measures approved for use in gathering information on both criminals and enemy powers are appropriate, in corresponding situations at home and abroad respectively, for gathering information on terrorists.
There are limited cases where special cases might be needed to deal with terrorists having the weapons of a military force, but no legitimate identity as a military force: so I think it's OK to send army special forces into an al-Qaida training camp, or perhaps to bomb it, even though only police SWAT would be allowable when dealing with a school shooting or murderous criminal gang.
There's some scope here for reasonable disagreement as to where the lines should be drawn, but I think it area of doubt should be quite narrow, as laid out in constitutional and international law. They must respect fundamental rights, such as no search without due cause, no detention without charge, access to legal representation, fair trial without delay, and no punishment without conviction. Those who argue that the loss of such rights is acceptable in return for security should, quite frankly, put their money where their mouth is: spend a few years in a cage in Guantanamo and see if they still think that's a fair price to pay for what's left of their "freedom".
Those are the active, preventative tools I advocate: powers of surveillance where warranted, powers of arrest and trial, judicial determination of punishment. They worked in Britain against the IRA (albeit internment was also used, which I felt was unnecessary then and is still unnecessary now). The tactics should then be up to the experts.
"I'm still waiting for a discussion of active countermeasures to prevent terrorist attacks. I asked the same question in the discussion of Bruce's previous article, and I ask it again. What would you do to prevent another 9/11-scale attack?"
Intelligence, investigation, and emergency response.
"How glib. One thing that analysis ignores is the tremendous cost of even one individual successful attack of the Al Qaeda wish list scale."
I don't think my analysis ignores that. I think my analysis points to the best to prevent another successful attack.
"In other words, take no preventative steps. That is not a very satisfactory policy, to say the least."
Sorry. I'm not out to give you a satisfactory policy. I'm more interested in the best defense for the money.
You can post a guard at door 3 on Thursday night, but if you've picked the wrong door or the wrong time, you've wasted your money. That's the problem with all those "preventative steps"; you don't know what particular attack you have to prevent until it's too late.
I get that this isn't the best answer politically, but it is the best security answer.
Two men meet in the desert.
One is carrying an old-fashioned telephone box, the other one an ambos.
2: "Why do you carry that telephone box?"
1: "Because of the lions. If a lion appears, I put it down, go in, and close the door.
And why do you carry that ambos?"
2: "Because of the lions. If a lion appears, I put it down, and can run faster."
The DHS approach would be:
Carry an aircraft with you.
If a lion appears: Put it down, climb in, and put the lion on the no-fly list.
Well all know the reason TSA implements counter measures for each newly observed threat (e.g. liquids) is because of "cover your ass" behavior, not cost benefit analysis.
I think CYA gone rampant also explains the crazy Boston reactions (Jan 31, never forget!).
There is some sort of implicit assumption in many articles that Bruce and others write that the TSA and DHS and other are working in a misguided way to improve the security of the US population (and, in the UK where I live, the similar is true for our authorities). Now, I don't think I am a conspiracy nut and I have always believed in the old adage "don't attribute to malice what you can explain through sheer stupidity" but something is always nagging at me from the back of my mind.
What if the whole movie-plot security-theatre thing were knowingly used by the authorities ? Wouldn't that more clearly explain their actions ? Funnelling huge amounts of money through fake front operations is known as money laundering in other circumstances. Isn't this much the same thing ?
Using well understood methods to actually protect populations from disasters, attacks and other unforseen circumstances would seem sensible, but there appears to be very little actual evidence for it happening outside of the old "traditional" emergency services like fire and ambulance responses as a tactic. The security services are very probably working behind the scenes and succeeding as often as not, but all the publicity seems to focus on ridiculous and very high cost countermeasures that have no hope at all of delivering any increase in public security.
I feel lost...
@Peter: I don't think there's any doubt that a certain amount of security money is "pork", which I suppose does bear an abstract relation to money-laundering, in the sense that it's a somewhat dodgy way of getting money from one place to another.
I don't think that means there's a conspiracy, though. Politicians are well-trained to spot opportunities to make capital for themselves. So the Home Office wants new powers, and MPs want the public to see action being taken, and also want contracts for businesses in their constituencies. It doesn't mean that the Home Office has actually conspired with MPs to concoct a fraud, just that their less honourable motivations are in alignment.
> If your countermeasure makes
> the lion attack an impala instead
> of you, or if your burglar alarm makes
> the burglar rob the house next door
> instead of yours, that's a win for you.
When reading that passage, I expected the following:
If your countermeasure makes
the lion attack an impala instead
of you, or if your car protection
system makes the burglar steal
the neighbour's Impala instead
of your car, that's a win for you.
More useful security advice when visiting South Africa would be how to avoid:
- Armed robbers
- Carjackers, etc.
So it seems then that the European countries that say are not supporting the war on terrorism but are making it easy for the US to do things to get deeper into it are following the better have the burglar steal the neighbor then.
I'm not Bruce. Bruce, you should defend against this attack---I suggest by automatically rejecting posts with your name. Well, unless they're from you. :-) For added safety, reject any Soundex matches as well.
i didn't read all the comments. But yours was good.
"A friend of mine recently asked me where she should hide her jewelry in her apartment ...
...Leave decoy cash and jewelry ... there's no guarantee of success, but it's your best hope."
I don't mean to sound like a wiseass, but isn't this a movie-plot threat by Schneier's own criteria? Investing in a solution to prevent a specific threat, which in this case is a burglar who comes in, looks for a stash, picks up the first found and then leaves nicely?
How about investing to sturdier locks + doors and a home security system + service? Wouldn't those give you protection from all sorts of burglars, including those who are there to empty your entire house or those who don't mind shooting anyone who might be at home?
"Leave decoy cash and jewelry " does not prevent you from also "investing to sturdier locks + doors ...", and it's fairly cheap to do.
Cheap, effective (though obviously not 100%), does not create additional risk or interact badly with other measures: sounds like a good strategy.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.