Entries Tagged "mitigation"

Page 7 of 8

Truckers Watching the Highways

Highway Watch is yet another civilian distributed counterterrorism program. Basically, truckers are trained to look out for suspicious activities on the highways. Despite its similarities to such ill-conceived still-born programs like TIPS, I think this one has some merit.

Why? Two things: training, and a broader focus than terrorism. This is from their overview:

Highway Watch® training provides Highway Watch® participants with the observational tools and the opportunity to exercise their expert understand of the transportation environment to report safety and security concerns rapidly and accurately to the authorities. In addition to matters of homeland security – stranded vehicles or accidents, unsafe road conditions, and other safety related situations are reported eliciting the appropriate emergence responders. Highway Watch® reports are combined with other information sources and shared both with federal agencies and the roadway transportation sector by the Highway ISAC.

Sure, the “matters of homeland security” is the sexy application that gets the press and the funding, but “stranded vehicles or accidents, unsafe road conditions, and other safety related situations” are likely to be the bread and butter of this kind of program. And interstate truckers are likely to be in a good position to report these things, assuming there’s a good mechanism for it.

About the training:

Highway Watch® participants attend a comprehensive training session before they become certified Highway Watch® members. This training incorporates both safety and security issues. Participants are instructed on what to look for when witnessing traffic accidents and other safety-related situations and how to make a proper emergency report. Highway Watch® curriculum also provides anti-terrorism information, such as: a brief account of modern terrorist attacks from around the world, an outline explaining how terrorist acts are usually carried out, and tips on preventing terrorism. From this solid baseline curriculum, different segments of the highway sector have or are developing unique modules attuned to their specific security related situation.

Okay, okay, it does sound a bit hokey. “…tips on preventing terrorism” indeed. (Tip #7: When transporting nuclear wastes, always be sure to padlock your truck. Tip #12: If someone asks you to deliver a trailer to the parking lot underneath a large office building and run away very fast, always check with your supervisor first.) But again, I like the inclusion of the mundane “what to look for when witnessing traffic accidents and other safety-related situations and how to make a proper emergency report.”

This program has a lot of features I like in security systems: it’s dynamic, it’s distributed, it relies on trained people paying attention, and it’s not focused on a specific threat.

Usually we see terrorism as the justification for something that is ineffective and wasteful. Done right, this could be an example of terrorism being used as the justification for something that is smart and effective.

Posted on December 8, 2005 at 12:12 PMView Comments

Reinventing 911

(That’s the 911 emergency service, not the September 11th date.)

This is a really interesting article from Wired on emergency information services. I like the talk about the inherent strength of agile communications systems and its usefulness in disseminating emergency information. Also the bottom-up approach to information.

Posted on December 6, 2005 at 12:05 PMView Comments

Hurricane Security and Airline Security Collide

Here’s a story (quote is from the second page) where airline security is actually doing harm:

Long lines and chaos snarled evacuees when they tried to catch flights out from two of Houston’s airports. After about 100 federal security screeners failed to report to work Thursday, scores of passengers missed flights and waited for hours at sparsely monitored X-ray machines and luggage conveyors. Transportation Security Administration officials were at a loss for an explanation and scrambled to send in a team of replacement workers from Cleveland.

This isn’t an easy call, but sometimes the smartest thing to do in an emergency is to suspend security rules. Unfortunately, sometimes the bad guys count on that.

If I were in charge, I would have let people onto the airplanes. The trade-off makes sense to me.

Posted on September 23, 2005 at 9:10 PMView Comments

Katrina and Security

I had an op ed published in the Minneapolis Star-Tribune today.

Toward a Truly Safer Nation
Published September 11, 2005

Leaving aside the political posturing and the finger-pointing, how did our nation mishandle Katrina so badly? After spending tens of billions of dollars on homeland security (hundreds of billions, if you include the war in Iraq) in the four years after 9/11, what did we do wrong? Why were there so many failures at the local, state and federal levels?

These are reasonable questions. Katrina was a natural disaster and not a terrorist attack, but that only matters before the event. Large-scale terrorist attacks and natural disasters differ in cause, but they’re very similar in aftermath. And one can easily imagine a Katrina-like aftermath to a terrorist attack, especially one involving nuclear, biological or chemical weapons.

Improving our disaster response was discussed in the months after 9/11. We were going to give money to local governments to fund first responders. We established the Department of Homeland Security to streamline the chains of command and facilitate efficient and effective response.

The problem is that we all got caught up in “movie-plot threats,” specific attack scenarios that capture the imagination and then the dollars. Whether it’s terrorists with box cutters or bombs in their shoes, we fear what we can imagine. We’re searching backpacks in the subways of New York, because this year’s movie plot is based on a terrorist bombing in the London subways.

Funding security based on movie plots looks good on television, and gets people reelected. But there are millions of possible scenarios, and we’re going to guess wrong. The billions spent defending airlines are wasted if the terrorists bomb crowded shopping malls instead.

Our nation needs to spend its homeland security dollars on two things: intelligence-gathering and emergency response. These two things will help us regardless of what the terrorists are plotting, and the second helps both against terrorist attacks and national disasters.

Katrina demonstrated that we haven’t invested enough in emergency response. New Orleans police officers couldn’t talk with each other after power outages shut down their primary communications system—and there was no backup. The Department of Homeland Security, which was established in order to centralize federal response in a situation like this, couldn’t figure out who was in charge or what to do, and actively obstructed aid by others. FEMA did no better, and thousands died while turf battles were being fought.

Our government’s ineptitude in the aftermath of Katrina demonstrates how little we’re getting for all our security spending. It’s unconscionable that we’re wasting our money fingerprinting foreigners, profiling airline passengers, and invading foreign countries while emergency response at home goes underfunded.

Money spent on emergency response makes us safer, regardless of what the next disaster is, whether terrorist-made or natural.

This includes good communications on the ground, good coordination up the command chain, and resources—people and supplies—that can be quickly deployed wherever they’re needed.

Similarly, money spent on intelligence-gathering makes us safer, regardless of what the next disaster is. Against terrorism, that includes the NSA and the CIA. Against natural disasters, that includes the National Weather Service and the National Earthquake Information Center.

Katrina deftly illustrated homeland security’s biggest challenge: guessing correctly. The solution is to fund security that doesn’t rely on guessing. Defending against movie plots doesn’t make us appreciably safer. Emergency response does. It lessens the damage and suffering caused by disasters, whether man-made, like 9/11, or nature-made, like Katrina.

Posted on September 11, 2005 at 8:00 AMView Comments

Security Lessons of the Response to Hurricane Katrina

There are many, large and small, but I want to mention two that I haven’t seen discussed elsewhere.

1. The aftermath of this tragedy reflects on how poorly we’ve been spending our homeland security dollars. Again and again, I’ve said that we need to invest in 1) intelligence gathering, and 2) emergency response. These two things will help us regardless of what the terrorists are plotting, and the second helps in the event of a natural disaster. (In general, the only difference between a manmade disaster and a natural one is the cause. After a disaster occurs, it doesn’t matter.) The response by DHS and FEMA was abysmal, and demonstrated how little we’ve been getting for all our security spending. It’s unconscionable that we’re wasting our money on national ID cards, airline passenger profiling, and foreign invasions rather than emergency response at home: communications, training, transportation, coordination.

2. Redundancy, and to a lesser extent, inefficiency, are good for security. Efficiency is brittle. Redundancy results in less-brittle systems, and provides defense in depth. We need multiple organizations with overlapping capabilities, all helping in their own way: FEMA, DHS, the military, the Red Cross, etc. We need overcapacity, in water pumping capabilities, communications, emergency supplies, and so on. I wrote about this back in 2001, in opposition to the formation of the Department of Homeland Security. The government’s response to Katrina demonstrates this yet again.

Posted on September 6, 2005 at 12:15 PMView Comments

Cameras in the New York City Subways

New York City is spending $212 million on surveillance technology: 1,000 video cameras and 3,000 motion sensors for the city’s subways, bridges, and tunnels.

Why? Why, given that cameras didn’t stop the London train bombings? Why, when there is no evidence that cameras are effectice at reducing either terrorism and crime, and every reason to believe that they are ineffective?

One reason is that it’s the “movie plot threat” of the moment. (You can hear the echos of the movie plots when you read the various quotes in the news stories.) The terrorists bombed a subway in London, so we need to defend our subways. The other reason is that New York City officials are erring on the side of caution. If nothing happens, then it was only money. But if something does happen, they won’t keep their jobs unless they can show they did everything possible. And technological solutions just make everyone feel better.

If I had $212 million to spend to defend against terrorism in the U.S., I would not spend it on cameras in the New York City subways. If I had $212 million to defend New York City against terrorism, I would not spend it on cameras in the subways. This is nothing more than security theater against a movie plot threat.

On the plus side, the money will also go for a new radio communications system for subway police, and will enable cell phone service in underground stations, but not tunnels.

Posted on August 24, 2005 at 1:10 PMView Comments

The Myth of Panic

This New York Times op ed argues that panic is largely a myth. People feel stressed but they behave rationally, and it only gets called “panic” because of the stress.

If our leaders are really planning for panic, in the technical sense, then they are at best wasting resources on a future that is unlikely to happen. At worst, they may be doing our enemies’ work for them – while people are amazing under pressure, it cannot help to have predictions of panic drummed into them by supposed experts.

It can set up long-term foreboding, causing people to question whether they have the mettle to handle terrorists’ challenges. Studies have found that when interpreting ambiguous situations, people look to one another for cues. Panicky warnings can color the cues that people draw from one another when interpreting ambiguous situations, like seeing a South Asian-looking man with a backpack get on a bus.

Nor can it help if policy makers talk about possible draconian measures (like martial law and rigidly policed quarantines) to control the public and deny its right to manage its own affairs. The very planning for such measures can alienate citizens and the authorities from each other.

Whatever its source, the myth of panic is a threat to our welfare. Given the difficulty of using the term precisely and the rarity of actual panic situations, the cleanest solution is for the politicians and the press to avoid the term altogether. It’s time to end chatter about “panic” and focus on ways to support public resilience in an emergency.

Posted on August 9, 2005 at 7:25 AMView Comments

London Transport Bombings

I am on vacation today and this weekend, and won’t be able to read about the London Transport bombings in depth until Monday. For now I would just like to express my sympathy and condolences to those directly affected, and the good people of London, England, Europe, and the world. Targeting innocents might be an effective tactic, but that doesn’t make it any less craven and despicable.

I would also like to urge everyone not to get wrapped up in the particulars of the terrorist tactics. We need to resist the urge to react against the particulars of this particular terrorist plot, and to keep focused on the terrorists’ goals. Spending billions to defend our trains and busses at the expense of other counterterrorist measures makes no sense. Terrorists are out to cause terror, and they don’t care if they bomb trains, busses, shopping malls, theaters, stadiums, schools, markets, restaurants, discos, or any other collection of 100 people in a small space. There are simply too many targets to defend, and we need to think smarter than protecting the particular targets the terrorists attacked last week.

Smart counterterrorism focuses on the terrorists and their funding—stopping plots regardless of their targets—and emergency response that limits their damage.

I’ll have more to say later. But again, my sympathy goes out to those killed and injured, their family and friends, and everyone else in the world indirectly affected by these acts as they are endlessly repeated in the media.

Posted on July 7, 2005 at 1:27 PMView Comments

Mitigating Identity Theft

Identity theft is the new crime of the information age. A criminal collects enough personal data on someone to impersonate a victim to banks, credit card companies, and other financial institutions. Then he racks up debt in the person’s name, collects the cash, and disappears. The victim is left holding the bag. While some of the losses are absorbed by financial institutions—credit card companies in particular—the credit-rating damage is borne by the victim. It can take years for the victim to clear his name.

Unfortunately, the solutions being proposed in Congress won’t help. To see why, we need to start with the basics. The very term “identity theft” is an oxymoron. Identity is not a possession that can be acquired or lost; it’s not a thing at all. Someone’s identity is the one thing about a person that cannot be stolen.

The real crime here is fraud; more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise of information-based credentials gives it a modern spin. A criminal impersonates a victim online and steals money from his account. He impersonates a victim in order to deceive financial institutions into granting credit to the criminal in the victim’s name. He impersonates a victim to the Post Office and gets the victim’s address changed. He impersonates a victim in order to fool the police into arresting the wrong man. No one’s identity is stolen; identity information is being misused to commit fraud.

The crime involves two very separate issues. The first is the privacy of personal data. Personal privacy is important for many reasons, one of which is impersonation and fraud. As more information about us is collected, correlated, and sold, it becomes easier for criminals to get their hands on the data they need to commit fraud. This is what’s been in the news recently: ChoicePoint, LexisNexis, Bank of America, and so on. But data privacy is more than just fraud. Whether it is the books we take out of the library, the websites we visit, or the contents of our text messages, most of us have personal data on third-party computers that we don’t want made public. The posting of Paris Hilton’s phone book on the Internet is a celebrity example of this.

The second issue is the ease with which a criminal can use personal data to commit fraud. It doesn’t take much personal information to apply for a credit card in someone else’s name. It doesn’t take much to submit fraudulent bank transactions in someone else’s name. It’s surprisingly easy to get an identification card in someone else’s name. Our current culture, where identity is verified simply and sloppily, makes it easier for a criminal to impersonate his victim.

Proposed fixes tend to concentrate on the first issue—making personal data harder to steal—whereas the real problem is the second. If we’re ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.

Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial intuitions. That means that any solution can’t involve the account holders. That leaves only one reasonable answer: financial intuitions need to be liable for fraudulent transactions. They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions.

They can’t claim that the user must keep his password secure or his machine virus free. They can’t require the user to monitor his accounts for fraudulent activity, or his credit reports for fraudulently obtained credit cards. Those aren’t reasonable requirements for most users. The bank must be made responsible, regardless of what the user does.

If you think this won’t work, look at credit cards. Credit card companies are liable for all but the first $50 of fraudulent transactions. They’re not hurting for business; and they’re not drowning in fraud, either. They’ve developed and fielded an array of security technologies designed to detect and prevent fraudulent transactions. They’ve pushed most of the actual costs onto the merchants. And almost no security centers around trying to authenticate the cardholder.

That’s an important lesson. Identity theft solutions focus much too much on authenticating the person. Whether it’s two-factor authentication, ID cards, biometrics, or whatever, there’s a widespread myth that authenticating the person is the way to prevent these crimes. But once you understand that the problem is fraudulent transactions, you quickly realize that authenticating the person isn’t the way to proceed.

Again, think about credit cards. Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone, or Internet, where no one verifies the signature or even that you have possession of the card. Even worse, no credit card company mandates secure storage requirements for credit cards. They don’t demand that cardholders secure their wallets in any particular way. Credit card companies simply don’t worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.

This same sort of thinking needs to be applied to other areas where criminals use impersonation to commit fraud. I don’t know what the final solutions will look like, but I do know that once financial institutions are liable for losses due to these types of fraud, they will find solutions. Maybe there’ll be a daily withdrawal limit, like there is on ATMs. Maybe large transactions will be delayed for a period of time, or will require a call-back from the bank or brokerage company. Maybe people will no longer be able to open a credit card account by simply filling out a bunch of information on a form. Likely the solution will be a combination of solutions that reduces fraudulent transactions to a manageable level, but we’ll never know until the financial institutions have the financial incentive to put them in place.

Right now, the economic incentives result in financial institutions that are so eager to allow transactions—new credit cards, cash transfers, whatever—that they’re not paying enough attention to fraudulent transactions. They’ve pushed the costs for fraud onto the merchants. But if they’re liable for losses and damages to legitimate users, they’ll pay more attention. And they’ll mitigate the risks. Security can do all sorts of things, once the economic incentives to apply them are there.

By focusing on the fraudulent use of personal data, I do not mean to minimize the harm caused by third-party data and violations of privacy. I believe that the U.S. would be well-served by a comprehensive Data Protection Act like the European Union. However, I do not believe that a law of this type would significantly reduce the risk of fraudulent impersonation. To mitigate that risk, we need to concentrate on detecting and preventing fraudulent transactions. We need to make the entity that is in the best position to mitigate the risk to be responsible for that risk. And that means making the financial institutions liable for fraudulent transactions.

Doing anything less simply won’t work.

Posted on April 15, 2005 at 9:17 AMView Comments

1 5 6 7 8

Sidebar photo of Bruce Schneier by Joe MacInnis.