Schneier on Security
A blog covering security and security technology.
« Printing Police Handcuff Keys |
| Friday Squid Blogging: Embracing Your Inner Squid »
September 18, 2009
Modifying the Color-Coded Threat Alert System
I wrote about the DHS's color-coded threat alert system in 2003, in Beyond Fear:
The color-coded threat alerts issued by the Department of Homeland Security are useless today, but may become useful in the future. The U.S. military has a similar system; DEFCON 1-5 corresponds to the five threat alerts levels: Green, Blue, Yellow, Orange, and Red. The difference is that the DEFCON system is tied to particular procedures; military units have specific actions they need to perform every time the DEFCON level goes up or down. The color-alert system, on the other hand, is not tied to any specific actions. People are left to worry, or are given nonsensical instructions to buy plastic sheeting and duct tape. Even local police departments and government organizations largely have no idea what to do when the threat level changes. The threat levels actually do more harm than good, by needlessly creating fear and confusion (which is an objective of terrorists) and anesthetizing people to future alerts and warnings. If the color-alert system became something better defined, so that people know exactly what caused the levels to change, what the change means, and what actions they need to take in the event of a change, then it could be useful. But even then, the real measure of effectiveness is in the implementation. Terrorist attacks are rare, and if the color-threat level changes willy-nilly with no obvious cause or effect, then people will simply stop paying attention. And the threat levels are publicly known, so any terrorist with a lick of sense will simply wait until the threat level goes down.
Of course, the codes never became useful. There were never any actions associated with them. And we now know that their primary use was political. They were, and remain, a security joke.
This is what I wrote in 2004:
The DHS's threat warnings have been vague, indeterminate, and unspecific. The threat index goes from yellow to orange and back again, although no one is entirely sure what either level means. We've been warned that the terrorists might use helicopters, scuba gear, even cheap prescription drugs from Canada. New York and Washington, D.C., were put on high alert one day, and the next day told that the alert was based on information years old. The careful wording of these alerts allows them not to require any sound, confirmed, accurate intelligence information, while at the same time guaranteeing hysterical media coverage. This headline-grabbing stuff might make for good movie plots, but it doesn't make us safer.
This kind of behavior is all that's needed to generate widespread fear and uncertainty. It keeps the public worried about terrorism, while at the same time reminding them that they're helpless without the government to defend them.
It's one thing to issue a hurricane warning, and advise people to board up their windows and remain in the basement. Hurricanes are short-term events, and it's obvious when the danger is imminent and when it's over. People respond to the warning, and there is a discrete period when their lives are markedly different. They feel there was a usefulness to the higher alert mode, even if nothing came of it.
It's quite another to tell people to remain on alert, but not to alter their plans. According to scientists, California is expecting a huge earthquake sometime in the next 200 years. Even though the magnitude of the disaster will be enormous, people just can't stay alert for 200 years. It goes against human nature. Residents of California have the same level of short-term fear and long-term apathy regarding the threat of earthquakes that the rest of the nation has developed regarding the DHS's terrorist threat alert.
A terrorist alert that instills a vague feeling of dread or panic, without giving people anything to do in response, is ineffective. Even worse, it echoes the very tactics of the terrorists. There are two basic ways to terrorize people. The first is to do something spectacularly horrible, like flying airplanes into skyscrapers and killing thousands of people. The second is to keep people living in fear. Decades ago, that was one of the IRA's major aims. Inadvertently, the DHS is achieving the same thing.
Finally, in 2009, the DHS is considering changes to the system:
A proposal by the Homeland Security Advisory Council, unveiled late Tuesday, recommends removing two of the five colors, with a standard state of affairs being a "guarded" Yellow. The Green "low risk of terrorist attacks" might get removed altogether, meaning stay prepared for your morning subway commute to turn deadly at any moment.
That's right, according to the DHS the problem was too many levels. I hope you all feel safer now.
Here are some more whimsical designs, but I want the whole thing be ditched. And it should be easy to ditch; no one thinks it has any value. Unfortunately, if the Obama Administration can't make this simple change, I don't think they have the political will to make any of the harder changes we need.
Posted on September 18, 2009 at 6:45 AM
• 44 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The company I work for has the current threat level posed at each building entrance. The level has not changed since I started working here and now if it did change I don't think anyone would notice. It has been static for so long it is ignored completely.
Completely useless and meaningless.
From what I've heard (but not confirmed) is that some gov't agencies do have specific roles and duties when the terror color changes. Because certain military and police agencies are required to do certain things, it costs money to change the threat alert. So, on top of a relatively apathetic response to the terror rainbow, it also costs a lot of money.
That alone would cause me to dispose of the entire system.
I always liked Dave Barry's take on Security Color Levels, here:
The Department of Homeland Insecurity responds by placing the nation on a Code Fuchsia Security Status ("Relatively High").
The Department of Homeland Insecurity places the nation on a Code Magenta Security Status ("A Tad Higher Than Relatively High, but Not Totally High.")
This decisive action enables the Department of Homeland Insecurity to ratchet the nation's Color Code Security Status all the way down to Mauve ("Calm, but Tense").
The Department of Homeland Insecurity decides to ratchet the nation's Color Code Security Status up a notch to Key Lime ("Partly Cloudy").
The nation's Color Code Security Status is quickly raised to Maroon ("Dark Brownish Red").
The nation's Color Code Security Status is raised to Peach ("Viewer Discretion Advised").
The nation's Color Code Security Status is ratcheted up to its third-highest level, Burnt Umber ("Medium Rare").
Reacting quickly, the Department of Homeland Insecurity produces, in mere hours, a new national Color Code Security Status: Tangerine ("Uh-Oh").
The national Color Code Security Status is quickly bumped up to Jalapeno ("Everyone Down!").
In response, the national Color Code Security Status is ratcheted up to its highest level, Traffic Cone Orange ("Yipes!").
Change can happen but it's like the dead parrot sketch...
"If you ever want anything done in this country you have to talk yourself blue in the face!"
France has a similar dumb system, vigipirate, but it's much older. According to wikipedia it has been created 30 years ago.
It has been activated ('in some alert mode') since 11/9 and is in red mode since 7/7/2005. Unless I'm wrong somewhere, we have been under the highest warning mode for mode than 4 years in a row.
However the results are immediate:
- more identity checks: more illegal immigrants caught and returned to their country
- military personnel with loaded weapons in the street or public places (train stations etc...): helps to cultivate the 'police state' feeling ...
The nice thing is that there is no public law available, all is under state secret. So we don't even know our rights...
I think Bob Blakley nailed this one in his 'Blakley's law' post:
"Every public alert system's status indicator rises until it reaches its disaster imminent setting and remains at that setting until it is retired from service."
I've got to say I'm sick of hearing "in these times of heightened security blah, blah, blah". You can't have a time of heightened security for 8 years. I recall from my days in the military that it was possible to sustain a heightened security posture for a few weeks, and top readiness for a matter of days. Everything else needs to be folded back into business as usual (if it's needed at all). The announcements need to change "we will blow up your unattended luggage. this is normal. get over it and don't be forgetful".
Remember the Spaceballs movie?
Caldwell "Purple alert! Purple alert!"
Marks "What's a purple alert?"
Caldwell "Well, it's like not as bad as a red alert, but a bit worse than a blue alert -- sort of a mauve alert"
I liked Ron White's plan. There are two levels: "Buy a helmet" and "Put on the helmet". Simple, and has actionable measures for people to take built right into the names of the levels.
"The company I work for has the current threat level posed at each building entrance."
I personally started thinking of these as a twisted form of public art. Every nation state has produced artifacts that future generations have been able to study, critique, and place in historic context; we aren't any different.
It is a little sad, but entirely predictable that the U.S. would produce such a completely esthetically uninteresting one that ends up so iconic. A sort of Rothko piece with all humanity stripped out and replaced by a meaningless anxiety thermometer.
Whenever I'm at O'Hare airport, I experience a cringing moment approxiamtely every ten minutes, when the recorded voice of some Chicago Alderman's idiot brother comes on the PA system AGAIN, to helpfully remind us that "The Department of Homeland Security has raised the Threat Alert Level to ***ORANGE***!!! Heightened security measures..." (blah, blah, shut up, SHUT UP!).
I can't imagine how people who work at the airport can handle this continual psychic abuse during the course of an entire work day without cracking and going postal (which, while tragic, would be darkly and comically ironic).
"Unfortunately, if the Obama Administration can't make this simple change, I don't think they have the political will to make any of the harder changes we need."
Don't know about this but it's already announced that it won't take on the harder issue, the Patriot Act.
FTW: "a meaningless anxiety thermometer"
Any system that gave more specific information would reveal too much about what the government security apparatus knows and thus would aid the terrorists.
Dshield has a good system -- the internet is always a dangerous place and gets more dangerous every day, but they stay at "green" unless there is something going on. Sometimes they go to yellow for 24hrs to make sure everyone gets the memo, then they go back to green.
It takes political will to undo things, and very few politicians are the statesmen that it requires to do so.
Remember, we now have pretty solid evidence that the 2004 episodes of changing the terrorist alert levels were apparently driven by base political motives, not security threats. The fact that jerking with the alert levels would lead to a "crying wolf" scenario seems to have never crossed the minds of those who managed the system.
Well, it was obvious the moment the color levels were unveiled that green and blue were never going to be used anyway. I'm actually in favor of removing them, for the public debate it might provoke.
One more thought about these "threat levels". They are discriminatory to color-blind people. I'm color blind and I fell oppressed because my government has a system as import as this "threat level warning system" but it ignores people like me. What, does the government think that color blindness is a weakness? Are they trying to get the color blind to be the fodder that stands in the way of an attack?
I used to work for a public utility that actually implemented greater security controls when the level went to orange - things like keeping vehicles further away from the buildings, more security guard patrols, etc. I don't know how much cost this added, but I'm sure it was measurable.
That's one problem with the generic color codes... there's no point thinking about automotive safety zones if the target is, say, seaports. Also, while we were in the business of selling a highly flammable substance, surely even the terrorists are smart enough to figure out that we don't keep stockpiles of the stuff in the corporate cubicle-maze headquarters.
Why don't we just replace the whole retarded system with a bunch of "Keep Calm and Carry On" posters. I mean that way the terrorists actually LOSE!
Dshield's is sensible; by definition, it should spend most of the time at NORMAL. Most of the time is normal, after all, and if it turns out the risk of terrorist attack is unusually high most of the time, well, that's what's normal.
I like NORMAL/STAND BY/ALERT; Normal means "behave as normal, in a way suited to normal conditions" - note it doesn't promise that there will be *no* risk, and it does imply that you should have precautions in place appropriate to whatever is the normal level of risk in your part of the world.
Stand by; i.e. there is either evidence of an unusually high risk, or else circumstances that are conducive to it. If you're responsible for security, you should have a plan to hunker down temporarily, and this is the time to put it in effect. This should be a time-limited state.
Alert: something's happening or has just happened, emergency measures go into effect. This is evidently restricted to the emergency itself.
Quite a lot of emergency alert systems use something like that ladder.
"Why don't we just replace the whole retarded system with a bunch of "Keep Calm and Carry On" posters. I mean that way the terrorists actually LOSE!"
The obvious cynicism indicates that fear and panic may mean the terrorists win, but fear and panic also means that gov't wins. If people are able to actually live without fear, gov't loses (money to build are their fun, whiz-bang defense projects, political clout and seats, etc).
I was thinking we need color codes for the threats to our civil liberties and dear old constitution/rule of law at home. Maybe just the old Star Trek red alert with the flashing light and siren sound? "Patriot Act at starboard captain...no fly list is firing on us...she's breaking up on us captain..."
Software development has the same problem, when certain bug priorities entail consequences within the organization.. one company I worked at had a policy in place that any priority 1 bug filed immediately caused messages to go to the VP and higher level executives of certain departments. As a result, priority 1 became quite literally off-limits due to the sh*tstorm it caused. So priority 2 was 'the new priority 1'!. And priority 5, since it was the lowest level, was frowned upon as it meant the bug would never get serviced, since there were always higher-priority bugs laying around...
I am not making this up, see here:
"While DHS and FBI have no information regarding the timing, location or target of any planned attack, we believe it is prudent to remind transit authorities to remain vigilant," the Department of Homeland Security said Friday in a written statement."
Truth--stranger than fiction.
There is no practical possibility of a national threat. Nothing survivable could simultaneously damage all fifty states of the union.
A sufficiently large hydrogen bomb could destroy all of Rhode Island, but the other states are too large to be a statewide target. Most counties are too large to threatened by a single hydrogen bomb.
A citywide alert could be sensible, but a statewide alert is absurd. A national alert is beyond absurd.
"Nothing survivable could simultaneously damage all fifty states of the union."
Except maybe a financial crisis. Hypothetically speaking, of course.
@Mat: "The obvious cynicism indicates that fear and panic may mean the terrorists win, but fear and panic also means that gov't wins."
You act like the groups are different. But the color-coded system is precisely what makes the government into terrorists.
Terrorism is using violence or the threat thereof to coerce a society for political or ideological reasons. The paint sample sheet of doom that DHS uses comes with no recommendations of what to do or even what the levels mean. Therefore, it serves as nothing but a PANIC! PANIC MORE! PANIC LESS! indicator. It uses the threat of violence (in the form of some nebulous group of terrorists) to make Americans as a whole feel fear. If a politician directly or indirectly promises to make that indicator move down (or even jump around less), then he is using it to coerce the populace into a political choice they might not otherwise make. Therefore, the threat alert system is an instrument of terror, and its users are terrorists.
Like many things this sort of self promoted (Gov Issue) idiocy is suceptable to ridicule...
How about a ditty/poem/etc competition along the lines of,
Roses are Red Violets are Blue
Whatever the colour
The DHS are out to scare you!
(My original version had to be censored ;)
"Nothing survivable could simultaneously damage all fifty states of the union."
Depends on what you mean by survivable and damage...
There are a whole load of natural disasters that will take out "Western civilisation" technology with little or no effect on bio-organisums. One such is freezing rain, another is certain solar activities. Also ask an engineer about a 1000year storm...
Then there are other things such as locust that would certainly decimate the US harvest should they get going on US soil (which they could do). Termites likwise can do immense infrestructure damage.
Then what about "killer bees" and the "Malaria mosqueto", although they do directly effect humans. The secondary effects to limit their activities have very significant economic and social impact.
Then of course their are the bio things we generaly cannot see, molds, fungi, bacteria, virus etc.
One thing becoming clear about H1N1 is that although in 80-90% of the population it is mild 10% are criticaly ill, and they tend to come disproportianatly from the "economicaly productive".
The North hemisphear has not yet had it's "winter flu" season, and unlike the Southern hemisphear we have a much higher population density thus potentialy aiding transmission.
However by comparison the works of man just cannot compeate with nature.
So yes if you limit to what technology can do then you are correct...
For any fan of Dead Ringers on BBC Radio 4, two words will be ringing around your head at the moment: Magurndy Alert.
@national threat: A sufficiently large hydrogen bomb will destroy nontrivial parts of the electric grid. It's not nearly as resilient as you seem to believe.
I'm reminded of FPCON (http://en.wikipedia.org/wiki/Force_Protection_Condition), which is the civilian security equivilent to the military's DEFCON. One of the things that intrigued me most was that each threat level had a duration as well. FPCON Alpha, for example, must be maintainable indefinitely with minimal burden, while FPCON delta, at the far end of the spectrum, is designed to only last a few days (and would be a terrible burden if it went on any longer).
To be in threat level Orange as long as we had would be the FPCON equivalent of running a marathon at sprint speeds, for several days in a row.
Did you notice that the folks at DHS managed to screw up sequence of rainbow colors in their alert chart? Yep, I'm feeling safer when my security is provided by elementary school dropouts.
Giving up on Green is giving up on Peace.
Your understanding of the use of the threat level does not address airports. Specifically, the airport security plan has additional security measures that have to be implemented at different threat levels. For example, if the threat level ever returned to green, then people without tickets or boarding passes would be allowed past the security check point. When the level goes to red, then additional measures come into play as detailed in each airport's security plan.
While the threat level may be meaningless to the average citizen's daily life, it does affect airports.
it is clear that Obama loves the system for the fear that it inspires in the populace, urging them to listen ever more closely to the government. the changes will undoubtedly be just to freshen things up so people will start paying attention again. then additional changes will be made at a pace to keep their attention. read Orwell; Obama is using it as a playbook. everything he does is intended to create the utter dependence on government that Big Brother was.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.