Cybersecurity Theater at FOSE

FOSE, the big government IT conference, has a "Cybersecurity Theater" this year. I wonder if they'll check photo IDs.

On a similar note, I am pleased that my term "security theater" has finally hit the mainstream. It's everywhere. My favorite variant is "security theater of the absurd."

And this great cartoon. And two more.

Jon Stewart didn't use the words "security theater," but he was pretty funny on January 4.

Posted on January 8, 2010 at 12:14 PM • 37 Comments

Comments

jgrecoJanuary 8, 2010 12:19 PM

I find the cute little "copy protection" trick that www.cartoonistgroup.com does to be hysterically ironic. :)

Andre LePlumeJanuary 8, 2010 12:30 PM

I find it amusing that Accenture is literally sponsoring security theatre. Awesome.

JohnJanuary 8, 2010 12:43 PM

@jgreco

You mean the rather useless display of another image upon mouse over? The method that can be defeated by 15 seconds of examining the page source? But enough details, if I give any more, I might be in violation of the DMCA....

jgrecoJanuary 8, 2010 12:58 PM

@John

Yeah, it's a great little example of security theater on a comic poking fun of security theater.

I would _love_ to see them try to sue somebody for viewing their website with a webbrowser that didn't support javascript. It'd make for a great example of why the DMCA is dangerous nonsense.

simon s.January 8, 2010 1:07 PM

I'm just sorry that the person who came up with the term "Security Theatre of the Absurd" thinks that the solution is to establish the young Muslim male air-traveler equivalent of the crime of Driving While Black.

Best way of judging any terrorist-profiling scheme: Would it have tagged Tim McVeigh?

Donald SimmonsJanuary 8, 2010 1:15 PM

This week on CBC Radio here in Canada there was a discussion on airport security procedures, and two of the people calling in used the term "security theatre". Can the OED be far behind?

ytJanuary 8, 2010 1:24 PM

It would seem that Accenture changed the name to "Cybersecurity Pavilion Theater" already. I guess they hadn't thought the implications through until now.

++DonJanuary 8, 2010 1:46 PM

I really don't believe that cartoonistgroup.com thinks their little JavaScript trick amounts to anything more than a speed bump designed to remind honest people about copyright.

JJanuary 8, 2010 1:57 PM

You mean they annoy honest people, who have a right to copy for private use, with no effect whatsoever against people who really violate copyright. Sounds perfectly on-topic.

A Nonny BunnyJanuary 8, 2010 2:12 PM

I didn't even notice, that "copyright protection trick" on that cartoon, since I have no-script installed it didn't work. They should have (additionally) used CSS. Not that that helps to stop people from "stealing" the image, but at least I would have noticed they prefer I didn't (even though it would have been completely irrelevant; because a mouse-over event does not equal attempt of copyright infringement).


Another cartoon about airport security:
http://www.applegeeks.com/lite/index.php?...

spaceman spiffJanuary 8, 2010 2:23 PM

Well, if we have to have security theater, Jon Stewart is my go-to guy to be the m.c.

hoorayJanuary 8, 2010 3:19 PM

Jon Stewart is a genius, and should be given more than 20 minutes per night to call out all of the BS going on today.

UncouthJanuary 8, 2010 3:20 PM

@John "The method that can be defeated by 15 seconds of examining the page source? But enough details, if I give any more, I might be in violation of the DMCA...."

Screen shot FTW. Mac OS X: cmd-shift-3. Anti-circumvention provision be damned.

Sorry Bruce. If you get a DMCA take-down notice for this comment, you know where to reach me.

JeremyJanuary 8, 2010 4:37 PM

What's more absurd than the argument of the woman who wrote the "Security Theater of the Absurd" article?

AndréJanuary 8, 2010 5:41 PM

Yeah, I am with Jeremy in this case. Though Ms Wente has a fairly good start, I think she gets a bit strange to the end. I can't see a reason to strip millions of muslims off their human rights because some mislead crazy pseudo-muslims want to do harm to anyone.
We should accept that life is a risky thing without any safety and get on with it.
And as I have said elsewhere already: Please, World, stop pleading for someone to PREVENT crimes! Crimes cannot be prevented. They can be punished - afterwards, not before!

And then I still have a question left: how come people recently tend to have connections to al quaida? To a net of (no one knows how many) terror-cells known for not having too many connections inbetween them if any at all? May that link be "made by media"? (say: uhm, we have a strange guy here, we may call him a terrorrist or at least suppose a connection to al quaida, just in case?)

AntonJanuary 8, 2010 5:58 PM

Anyone remember the days when we used to be able to smoke cigarettes on planes?

mooJanuary 8, 2010 6:33 PM

@Andre:

Some crimes can in fact, be prevented. We have people who do this already: investigators, intelligence agencies and law enforcement.

I think Bruce would agree, that the best ways to fight terrorism are (1) refuse to be terrorized, and (2) invest more heavily in investigation and good ole' fashioned police work, to try and catch terrorists (who are basically just criminals who claim a political motivation) before they can carry out their terrorist acts (which, regardless of how vile, are really just criminal acts and should be investigated, prosecuted and--most importantly--treated in the court of public opinion, as such).

SeanJanuary 8, 2010 10:56 PM

@John

And we've gone meta with security theater on that one. I have this little button on my status bar, no java script, right click and view image. Don't even have to view source. Disabled in less than 5 seconds.

And that underscores the topic on hand...

Quote from Security Theater of the Absurd, "Ours must be the first society in history that has tried to stop the killers by imposing collective punishment on ourselves."

DavidJanuary 9, 2010 8:35 AM

The mechanisms of security theater that are being built keep reminding me of Harlan Ellison's story "Repent..." The entire structure is built with more and more rigid requirements, less adaptability, and presented to the public as a zero-tolerance, "no other way to do it right" requirement.

Because of this, if anything unforeseen happens, then the entire system is forced to react. A report is out that police have arrested a 28-year old Chinese PhD student for the situation at the Newark airport. The charge? Trespassing, which carries a $500 fine. Committing a misdemeanor (even without malice) brought a major transportation hub to a screeching halt for hours.

(I would bet that the student has a 50/50 chance of being deported as punishment...and a 100% chance of being threatened with it).


Which is why is reminds me of "Repent...": The security protocols around airports are created with no adaptability, and both authorities and the public have bought into that view. Yet a small action caused as much chaos as a deliberate malicious act...much like in Ellison's story.

bacJanuary 9, 2010 1:36 PM

If the tax payers must be the ones defending the airlines, then may be the tax payers should get the government to pay for self-defense classes.

Would a terrorist like being on a plane with 100 or so brown belts?

NobodyJanuary 9, 2010 2:56 PM

Except the (Candian) Globe and Mail's solution is to target and only search muslims. Apart from the problem of how you scan for muslims (not everybody brown is muslim) the biggest terrorist attack in Canada was by Sikhs.

In Vancouver almost all of the airport security officers are also Sikh - would it make sense for them to search only Sikhs on the basis that all Canadian terrorists are Sikh?

Or would it make more sense to only employ Muslim security officers in Canada since you can assume they aren't secret Sikh sympathizers?

VatosJanuary 9, 2010 10:26 PM

Have you considered doing annual awards to highlight the politicians who
say reasonable things about security? You use a lot of stick but maybe
there is a role for some carrot too. Just a thought

ColoZJanuary 9, 2010 11:15 PM

Last week, after leaving the TSA zone at Denver International Airport, I overheard a tattooed 25-year-old explaining to his girlfriend that "the stuff they do here is called security theater."

This, and Joe Sharkey's NYT column a few days ago to the effect that people are not taking this latest round of insanity as well as they did the previous few, give me hope that people are starting to act like grown-ups when it comes to airline threats.

cowJanuary 10, 2010 7:33 AM

The security theater of the absurd still makes a common mistake. That we should focus on male Muslims. If we take a slice through history, it becomes apparent that this would not be particularly effective. Hell all they need to do is have a few "non Muslim" recruits that a stupid enough to take one for the team.

SeanJanuary 10, 2010 10:08 PM

And then we have another term we can use, "Velvet Rope Security". As is demonstrated by Jon Stewart, we need to drive the silliness out with sharp wit and withering humor.

Clive RobinsonJanuary 11, 2010 6:09 AM

@ ColoZ,

'Last week, after leaving the TSA zone at Denver International Airport, I overheard a tattooed 25-year-old explaining to his girlfriend that "the stuff they do here is called security theater."'

Agh the "light gleams through yonder curtain" 8)

Ask yourself a question "how do you rid your land of Vampires", and other similar parasites such as the TSA (Throat Sucking Agency) and it's legions of cohorts?

Traditionaly for Vampires you need such things as mirrors, garlic etc then put a stake through the heart and chop off the head of the senior Vampire.

So lets do a comparison between "blood suckers", that is the Traditional Vampire and the modern day Throat Sucking Agency (TSA). With an occasional reality check against other recognised evils from modern times.

Oh we also need to note where we are ;)

Step 1, [Done] "Identify the evil",

Traditionaly Vampires have no reflection and are are afraid of the light, and also have real personal hygiene isues and roost with their own kind in caves of the dead (crypts) where the living do not tarry.

Likewise for the "Throat Sucking Agency" the first sign is a Brown Uniform, the second is are you in their usual roost if so and you see a Brown Uniform it's TSA (or an Unfortunate Parcel Shuffler UPS person).

Coincidently ever since the 1930's "Brown Shirts" have had such a bad name (and rightfully so as they where the decadent opening to worse evils that went on to plague the Earth for many years and arguably still do)...

Step 2, [Done] "Identify the real nature of the beast"

Traditionaly Vampires have hidden their true nature behind effected Social Graces and faux titles, which whilst it fools the unwary travaler does not long go unnoticed by the locals who pay the price of having such parasites roosting in their land.

Likewise the Throat Sucking Agents effect a socialy responsable position by pretending to protect unwary travalers and those whose land they roost in, whilst actually sucking the very life blood of such people. Whilst also practicing various forms of "self gratification" that offend the public sensibilities.

In modern times we call such organised crime behaviour a "Protection Racket" and because it's such a danger we have laws against it. Likewise to stop such abuse starting in legitimate protection authorities there are usually clear open rules and oversight by which they are governed and by which redress is possible. Secret rules and little no or hidden oversight and no real right of redress is a sure sign that it's a Racketering Agency.

Step 3 [Done], "Name the Beast by what they are",

Traditionaly those that suck the very life blood out of a body have been called quite rightly by their victims "Blood Suckers", "Leaches", "Parasites" etc. However their more slimy human brethrin get offended by being classed with the beasts and thus prefer more distinctive names such as "Vampir", and they give themselves "faux Authority" by effecting titles such as "Count" or the hounoriffic "von".

Likewise the Throat Sucking Agents do not like their victims calling them "Blood Suckers", "Leaches", "Parrasites" etc, and get realy upset when you compare them by their very actions to the equivalent beasts. Thus they effect "faux authority" and give themselves titles such as "Agent" that they think will give them an air of legitamacy.

However there is one thing they hate more than being compared to beasts. That is of being compared to "fools", "jesters" and mear "bit part actors" which "Security Thearter" implies they are. There is no dignity or purpose thus authority when you are held up publicaly to be a "fool" and people laugh at you.

In times past petty criminals (petty conmen etc) when their faux titles and names where seen through where often stripped "Tarred-n-feathered" and paraded around town to be laughed at and humilliated for their failed efforts, before being forcfully ejected.

I'm sure there are many people who are already forming a line to do the same to many of the Throat Sucking Agents.

Step 4 [Done], "Find the Silver Bullet",

Traditionaly Vampires like all mythical undead creatures have a weakness against which their formidable attributes are powerless to protect thus they have no defence when the weakness is exploited.

The usual name for such a weakness is an "Achelies Heal" which comes from acient Greek Mythology. However the name traditionaly given to the weapon which exploits such a weakness is "silver bullet" and comes from the myths and legeands of warewolves. Vampires have a number of weaknessess one of which was being exposed to the "light of day" however it did not entirely kill them just rendered them to impotent dried husk or dust that if not scattered to the four winds would wait for some later resurection by more "life blood".

The Throat Sucking Agency has many weaknessess but at the end of the day their faux legitamacy is held in place by an apparently unrestrained and secretive brut authority titled to them by "those above" (Politicos) to use on the "traveling masses" (and occasional voters).

In actuality the TSA is sustained on a self generated myth of competence designed mainly as smoke and mirrors to gull "those above" that hold the strings to the tax purse that holds the TSAs very life blood (your money). Unfortunatly their "secretative" behaviour is reminicant of the old "gull the polititions" ruse of "if you knew what I know" which is usually a "compleat load..." but the Politicos accept nearly every time (for one reason or another).

Thus as with Vampires exposure to "the light of day" or in the TSA case "the truth about their activities" might render them impotent and dried up husks of their former selves, not totaly dead, but virtually lifeless (but probably more effective ;)

However the truth only matters if "those above" take it on board. As long as they can say "But you don't know what we know" then like the Wizzard in the land of Oz the myth holds.

The simplest way to make them "take it on board" is by attacking the myth of competance in a way that can not be stopped. No politician will want to be seen as sponsoring an expensive joke, and the fastest way to make the TSA a joke is to openly laugh at them.

That is their self inflated myth like a ballon pops when you give it the needle. And as many know authority is only held by respect or fear and is lost entirely when the supposed holder of that authority is seen as a laughing stock.

The one thing conmen and the majority of naredowells fear most is that they are not taken seriously as controling other people belife is their stock in trade. They know that against laughter at their efforts they cannot win, the best they can hope for is to claw up a draw and escape retribution because their marks are to busy laughing at them. So all they can do is laugh with you and hope you continue to see the funny side whilst they escape.

Step 5 [~], "A champion has to step forward",

Traditionaly Vampires got away with their behaviour simply because ordinary individuals alone could not stand up against them, and if they tried where subject to the worst of tourtures and then death. This is because as individuals they lacked the strength, skill and unity of purpose. Thus a "champion had to come forward" to teach the skill, and unite the people and thus have the strength to rid the land of the parasites. That is a "van Helsing" who takes the fight to the heart of the parrasite nest and slays the leader.

Currently some brave souls have taken on the Throat Sucking Agency but lacking the skills many have been brow beaten and humiliated privately and publicaly by them. Even some of the strong have gone to their graves without managing to right the wrong done to them.

When it comes to fighting criminals and naerdowells there are many many occasions when an unlikley champion has come forward and rid their land of the parasites or provided the unity of purpose to others to carry forward the battle.

Step 6 [in progress], "Build an opposition",

Traditionaly Vampires and other such mythological undeads have sucummbed to "the mob" carrying pitchforks and flaming tourches.

Unfortunatly when the Vampires had built a cohort of support it neededs more than just a mob of unskilled pitch fork wavers to clear them out, otherwise like a plague of locust they will keep coming back.

That is you need an organisation to "exorcise the undead from the land". Such exorcising is usually a right reserved by the "moral keepers" of the land, however as the old joke has it "Where's a Priest when you need one?"

Unfortunatly these days the "moral keepers" of society are not that effective and thus, the lunatics have taken over the asylum (as normal ;) ...

People joke about "You don't have to be mad to work here but it helps", with Politics though it appears you have to be "mad or bad or both these days 8(

As a politician in a representational democracy, supposadly the most important task you have is to "represent the will of the people"...

Hmm these days it looks more like "represent your self and the lobyists" comes first and foremost. With either bribe or keep them in fear for the "rif-raf voters". This is so as a politician you get to keep your cushy political job deciding how to spend other peoples money to your best advantage...

Thus as the Throat Sucking Authority is part of that "keep the rif-raf scared" policy you need to let the Politicos know by Force Majeure (from the Latin "casus fortuitus" via France ~ superior force) that, this is not what the "rif-raf voters" want...

Step [7], "Make your force superior",

All forces both big and small can shift mountins it just requires a force multiplier to act and or the time to do it.

There are many ways to do it some just use charm other weapons of mass determination. Which ever works best for the manpower you start with is best initialy.

Mind you as a friend once put it "A long pole with a sharp end just needs the right place to be put.. oh and a fulcrum helps when sense does not ;)".

Step [], "Control the force",

But the force must not be seen as an "unruly mob".

As firstly the spector of people bearing rope, pitchforks and burning tourches tend to make politicians scream "lynch mob" which is generaly counter productive (which is why they or their lobyist friends do infere it quite often).

Secondly the lobyists though seldom heard by the "rif-raf voters" have the ear of the politicians, and you need to be organised so that your voice is clear and loud to drown the leaches out.

There are two ways to deal with lobyists, the first is unfortunatly the "hang em high" method of "sticking heads on poles on the city gates to act as a deterant". Whilst having a pleasing medieval appeal to it, lobyists like most rodents scurry around doing their business in the dark, and thus quite happily walk (and deficate/urinate) on the bodies of their fallen peers and some have been known to stop and nibble on a nice ripe corpse or two in the process. Thus they tend not to be detered but encoraged by you removing their competition...

The second and perhaps best way is to get down and dirty and play the game in ways even they won't.

The first thing to do is lift the lid on the festering sewar they frequent and bring them out in the light for all to see, thus remove their pretence of being "kept in the dark". Then taking them to the cleaners one way or another such that their act is judged and found to "offend the public morals" in a way that hurts. The best way is to stop the money flow by making them and those for whom they act impotent by turning them into "laughing stocks".

Once the laughter starts you make it abundantly clear that those who associate with them will be likewise held up to public ridicule and carefull and indepth analysis of their lives in all respects carried out in the full light of the public gaze.

Unfortunatly as cushy money making carears are on the line you can expect the lobyists to start fighting back so it will get dirty.

Which means you have to win the "hearts and minds" of the public first. The real impediment to this is those who control the media. But as was once pointed out to me the only person who cannot be detered is the one with nothing to lose and everything to gain.

I could go on with the juciy bits involving stakes decapitation defenistration and immuring, but apparently we are civilised these days (yeah right, pass me the mallet ;)

PackagedBlueJanuary 11, 2010 12:19 PM

Clive has a nice contribution at 6:09 pm.

Might I add a line from the movie, Sneakers, Cosmo: "Its all about the information."

OrispaJanuary 13, 2010 4:19 AM

We need to be secured everywhere. We always try to avoid everything which might become threat. Cybersecurity Theater has to be considered.

JTJJanuary 13, 2010 9:43 AM

You have a fan at the CBC (Canadian Broadcast Corp). The news satire show "This hour has 22 minutes", did a straight out skit called "Security theater" mocking airport screening. It was marginally funny, but bang on. I don't know if it is or will be a running gag, but there is no shortage of content. Sorry for no URL. You'll have to hunt the cbc's website.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..