Schneier on Security
A blog covering security and security technology.
« Airport Security Game |
| Reverse-Engineering Exploits from Patches »
April 23, 2008
Software that Assesses Security Risks to Transportation Networks
The TSA wants a tool that will assess risks against transportation networks:
"The tool will assist in prioritization of security measures based on their risk reduction potential," said the statement of work accompanying TSA's formal solicitation, which was posted April 18.
The software tool would help TSA gather and organize information about specific transport modes and assist agency officials to make risk management decisions.
The contract, which will be issued by TSA's office of operational process and technology, envisions a one-year base period plus four one-year options. The chosen vendor will be expected to install the software, troubleshoot any hardware or software problems, consult on building risk assessment modules, attend classified intelligence meetings at TSA headquarters and maintain the software.
I don't think you have to be very good to qualify here. This automated system put Boise, ID, on the top of its list of most vulnerable cities. The bar isn't very high here; I'm just saying.
Posted on April 23, 2008 at 6:16 AM
• 25 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
So basically the TSA wants a software program that will fulfill the role of the TSA, making all the relevant security decisions.
make a list of cites and a list of threats. use a random function
Please be sure to tell the rest of us YOUR great plan for providing nationwide security as well as the matrix you intend to use to allocate money for states and cities.
Because it is easy to criticize than to provide your own counter plan.
You don't have to be any good as a plumber to know when there's water coming through the ceiling. Or when a guy calling himself a plumber and trying to sell you a $100,000 pipe is a con-man.
Not that I'm saying Bruce is no good as a plumber, just that he doesn't need to be in order to comment. He can recognise rubbish when he sees it, regardless of whether he has taken the time to work out exactly which cities are more at risk than Boise.
But if you want to bet money on the next attack on transport occurring in Idaho, then go for it...
Attack Trees are good for this
>tell the rest of us YOUR great plan for
>providing nationwide security
That's pretty much what Bruce does full-time, in writing and lectures. His only problem is he's not saying what the Powers that Be want to hear.
This is part of the same continuum of magical thinking that leads the feds to place so much faith in polygraphing. They want a technologically reassuring black box that relieves them of the onus of actually having to draw up their own analyses and make their own judgment calls.
The more money they spend on the system, the more reassured they will be that it works. I feel quite sure that the answers supplied will not be subjected to any more scientific validation testing than those supplied by polygraph screening --- that is, none to speak of.
The "counter plan", "CAT", would be to have a group of officials with training and experience in collating intelligence and managing security threats, assessing the available information and taking responsibility for the resource allocation decisions that flow from their judgment calls.
This system, on the other hand, is designed precisely with the purpose of preventing any kind of official responsibility or accountability -- any allocations that are made are justified because the high-tech software system says so, and any decisions that turn out to be wrong in retrospect have no human fingerprints on them.
We are too quick to criticize here. First, the Boise evaluation has some merit. The report concluded that Boise was one of the most "vulnerable" cities in the country (i.e. they are poorly prepared to respond to terrorist acts). The report specifically did not address the other risk factors of criticality and threats. Hence, it may be true that Boise is highly vulnerable, but when you factor in criticality and threat, the city's risk level is likely relatively low.
Second, when you look at what the TSA is currently doing in terms of risk assessment methodology, they are not far off the mark in terms of the fundamentals. However, I'm a little skeptical about their high level security strategy, especially "it takes a network to fight a network" (http://www.tsa.gov/approach/systems.shtm)
"First, the Boise evaluation has some merit."
No, it does not. Not for ANY reason.
"The report concluded that Boise was one of the most "vulnerable" cities in the country (i.e. they are poorly prepared to respond to terrorist acts)."
So is Sedalia, Missouri. The problem with being "one of the most 'vulnerable' cities" is that there is practically NO difference between them AND they number in the thousands.
"Second, when you look at what the TSA is currently doing in terms of risk assessment methodology, they are not far off the mark in terms of the fundamentals."
They are WAY off the "mark".
They are 100% focused on "Movie Plot" threats.
"Attack Trees are good for this"
I knew those trees were up to no good, time to break out the chainsaw.
I say we make some software that labels everything with one of five colors to show the risk that it's under. Then we make new york the second highest color and everything else right in the middle.
Google news today reports that a $20 million dollar section of the great wall at Tucson AZ has been scrapped because it just dosen't work. I hope Obama scraps the whole weirdly named "homeland blah blah" and goes back to what we had before except with a shakeup to get rid of the deadwood.
Remember, If the feebs were not institutionally constipated, they would have questioned Moussaui and put a stop to the whole 911 thing, but they have thier bureaucratic games to play and At that time, the deserted in chief didn't want to hear about terrorism, some tried to tell him, but he was playing president and couldn't be bothered
After the end of the error on 20 february we will be allowed to fly with nail clippers again.
Cat the sycophant can go to his masters and get his treat now.
@Bruce, crane, and Brandioch:
The assessment inappropriately mixes up two different factors. One is how likely is an attack on a city. The other is how well prepared is it to respond. Brandioch is saying that Boise is low on the first assessment, crane is saying Boise low on the second.
Informed Comment, www.juancole.com reports today that another of the israeli spys connected to the same handler as jonathan pollard was finally picked up in new jersey yesterday. Of course, they are the most active and largest contingent of spys already deep inside our government and at the top positions in the pentagon, where there are secrets on policy and technology to steal. They also sell this information to the russians, whom they also spy on massively. the whole flap about the treatment of khodorkovsky in the US press a few years ago, all that "their mistreating a robber baron multibillionaire who stole and evaded taxes" thing can only be explained by the suggestion that it was an industrial espionage effort from the israelis, in an industry where there are few policy or technology secrets but the thing to steal is the oil itself, which was done by khodorkovsky and a cohort of other israelis,(they mostly have escaped to israel now) acting as the hidden hand of the mossad right wing groups.
If you read Victor Ostrouskys books "By way of deception", or the sequel "Beyond deception', You will find the first mentions of the plan for the US to invade Iraq. This was before 1990, before desert storm, and it was an israeli plot to draw the US into war with Iraq.
Wolfowitz and Perle, and the rest all have jobs at JINSA or AIPAC whenever the republicans are out of power.
I say we take our cues from Miniland USA. This is the area at the center of Legoland California which models whole sections of US cities in LEGO. When it opened in 1999, three of the five cities represented were New York, DC, and New Orleans. Coincidence... or briliant prediction???
The other two cities were Los Angeles and San Francisco, and they've just added Las Vegas. Look out!
Any "tool" that doesn't recommend scrapping the TSA and moving the budget to local emergency services isn't worth anything.
As for airport security, make the airlines and airports pay for it. Also make them liable for any terrorists that use them.
I wonder how many commentors actually took the time to read (or even skim) the actual paper.
As is usual in journalism with anything involving science, the WaPo takes the conclusions almost entirely out of context.
In fact, it may make sense for a terrorist to target Boise or some other relatively out of the way place. An attack on the American "heartland" could be just as devastating as on a major city.
After all, how many reading this would have considered the Alfred P. Murrah Federal Building in Oklahoma City a likely terrorist target prior to April 19, 1995?
>So basically the TSA wants a software program that will fulfill the role of the TSA, making all the relevant security decisions.
This saying comes to mind:
"Go away or I will replace you with a very small shell script"
That said, perhpas whatever system they come up with will give them different answers than what they are expecting, and the program will thus be heavily modified to provide output supporting their suppositions.
I'm just waiting for Rudy Guiliani (http://www.city-journal.org/2008/18_1_homeland_security.html ) or his friends to submit "Transportation-Terror-Stat" that correctly identifies areas of threat that map to areas where their interests can be funded by the TSA / DHS.
> how many reading this would have
> considered the Alfred P. Murrah
> Federal Building in Oklahoma City
> a likely terrorist target
And that is exactly the point, Steve. The software they're requesting wouldn't have given the authorities actionable information to stop McVeigh.
Anybody could go and decide to blow up anything. A computer program can't accurately predict what al Qaeda's going to do next, much less what every Random Ex-Gi Nutjob is going to try.
"The more money they spend on the system, the more reassured they will be that it works."
"This system, on the other hand, is designed precisely with the purpose of preventing any kind of official responsibility or accountability"
So they're spending money that isn't theirs and covering their behinds. Why would you expect anything different from a government bureaucrat?
The Boise thing is about damageability only. Even the study designers state that they are not looking at attack probabilities; the question they are asking is basically "Given that an attack has occurred, how much damage could it do?"
From that perspective, Boise actually is extremely vulnerable given the constraints of the study. There are some fundamental misunderstandings within the study methodology regarding what attacks would plausibly be used and why, however, but that's not the same as slamming them for picking Boise given that they aren't worrying about probability.
I blame this primarily on the media; anyone who reads the actual study can see they are specifically not addressing probability of attack.
"In fact, it may make sense for a terrorist to target Boise or some other relatively out of the way place. An attack on the American "heartland" could be just as devastating as on a major city.
After all, how many reading this would have considered the Alfred P. Murrah Federal Building in Oklahoma City a likely terrorist target prior to April 19, 1995?"
That depends - are you asking me if I thought it would be a likely terrorist target for domestic extremist groups with grudges against the government, or if I thought islamic fundamentalist terrorists external to the country would target it?
The answer changes dramatically depending on the group. Domestic terrorists are very likely to hit targets for which they have a specific agenda - state, local, or federal government buildings, corporations where they once worked, law firms, schools, and the like (witness Oklahoma city or the recent destruction of luxury homes in the Seattle area) - while foreign terrorists are much more likely to strike at targets with very high "name value".
There is a reason the Pentagon and the WTC were picked in 9/11. They were symbols of America. In the same vein, blowing up Boise would be likely to generate primarily confusion among the constituents of terrorist groups in the greater middle east area; nobody in Pakistan cares about Boise. New York, San Francisco, Washington DC, etc - all are known. Taking down a big, flashy target within one of those cities provides the maximum value in terms of PR, recruiting, cash flow, and political pressure for the least effort.
One has to consider the goals of a specific group and the situation on the ground for them before understanding their target selection; blowing up the Alfred P. Murrah Federal Building makes no sense at all for Al Qaeda, but then again, Tim McVeigh didn't take a shot at the WTC...
comparing the murrah building with 911, proves that if its far from the broadcast centers of the news media, its just a story, The country did not take the OKC attack in the same way they did the 911. It wasnt until they started paying millions of dollars to the newyorkers that any compensation was considered for the survivors of the OKC attack. OKC is like some foreign tragedy, except that the inteviewers could use the only language that they can speak. what scared the deserter in chief enough that he flew all the way to nebraska to find clean underwear was that someone had hit the pentagon. the deserter is clearly a coward, however the reason he deserted was the drug test that had suddenly become part of the flight physical.
Yes sometimes incidents happen at strange places. Mentioning Boise, ID and the Alfred P. Murrah Federal Building reminded me of the attempted thief of Lincoln's body in July, 1876 by Kinealy and his counterfeiting ring. There are tons of little buildings that might have something historical; How do you predict what museum might get hit? There are simply too many potential and actual targets.
Even if a terror group decided to attack a small city such as Boise, it's a relatively safe place to be, simply because there are a lot more "Boises" than terror groups. I live in one and am not worried.
More to the point, even in just the peak year 2001, the danger to Americans from terrorism pales alongside the danger from garden variety criminals, let alone from non-malicious causes such as car wrecks. Anyone who feels there is a "terrorism crisis" or ever was should step back and get some perspective.
We have nothing to fear but fear itself (and the police state that will arise from that fear, if we're stupid enough to let it).
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.