Entries Tagged "physical security"

Page 5 of 24

Keys to the Crown Jewels Stolen?

At least, that’s the story:

The locks at the Tower of London, home to the Crown Jewels, had to be
changed after a burglar broke in and stole keys.

The intruder scaled gates and took the keys from a sentry post.

Guards spotted him but couldn’t give chase as they are not allowed to leave their posts.

But the story has been removed from the Mirror’s website. This is the only other link I have. Anyone have any idea if this story is true or not?

ETA (11/14): According to this BBC article, keys for a restaurant, conference rooms, and an internal lock to the drawbridges were on the stolen key set, but the Crown Jewels were never at risk.

Posted on November 14, 2012 at 5:57 AMView Comments

Security at the 9/11 WTC Memorial

There’s a lot:

Advance tickets are required to enter this public, outdoor memorial. To book them, you’re obliged to provide your home address, email address, and phone number, and the full names of everyone in your party. It is “strongly recommended” that you print your tickets at home, which is where you must leave explosives, large bags, hand soap, glass bottles, rope, and bubbles. Also, “personal wheeled vehicles” not limited to bicycles, skateboards, and scooters, and anything else deemed inappropriate. Anyone age 13 or older must carry photo ID, to be displayed “when required and/or requested.”

Once at the memorial you must go through a metal detector and your belongings must be X-rayed. Officers will inspect your ticket­that invulnerable document you nearly left on your printer — at least five times. One will draw a blue line on it; 40 yards (and around a dozen security cameras) later, another officer will shout at you if your ticket and its blue line are not visible.

I’m one of the people commenting on whether this all makes sense.

I especially appreciated the last paragraph:

The Sept. 11 memorial’s designers hoped the plaza would be “a living part” of the city — integrated into its fabric and usable “on a daily basis.” I thought that sounded nice, so I asked Schneier one last question. Let’s say we dismantled all the security and let the Sept. 11 memorial be a memorial like any other: a place where citizens and travelers could visit spontaneously, on their own contemplative terms, day or night, subject only to capacity limits until the site is complete. What single measure would most guarantee their safety? I was thinking about cameras and a high-tech control center, “flower pot”-style vehicle barriers, maybe even snipers poised on nearby roofs. Schneier’s answer? Seat belts. On the drive to New York, or in your taxi downtown, buckle up, he warned. It’s dangerous out there.

Posted on September 11, 2012 at 6:45 AMView Comments

Shared Lock

A reader sent me this photo of a shared lock. It’s at the gate of a large ranch outside of Victoria, Texas. Multiple padlocks secure the device, but when a single padlock is removed, the center pin can be fully lifted and the gate can be opened. The point is to allow multiple entities (oil and gas, hunting parties, ranch supervisors, etc.) access without the issues of key distribution that would arise if it were just a single lock. On the other hand, the gate is only as secure as the weakest padlock.

EDITED TO ADD (9/14): A less elegant way to do the same thing.
A slightly different implementation of same idea: removal of any one lock allows locking bar to retract from pole and gate to open. And an interesting comment from someone who deals with this in his work.

Posted on August 29, 2012 at 6:37 AMView Comments

Attacking Fences

From an article on the cocaine trade between Mexico and the U.S.:

“They erect this fence,” he said, “only to go out there a few days later and discover that these guys have a catapult, and they’re flinging hundred-pound bales of marijuana over to the other side.” He paused and looked at me for a second. “A catapult,” he repeated. “We’ve got the best fence money can buy, and they counter us with a 2,500-year-old technology.”

Posted on July 10, 2012 at 4:33 AMView Comments

Russian Nuclear Launch Code Backup Procedure

If the safe doesn’t open, use a sledgehammer:

The sledgehammer’s existence first came to light in 1980, when a group of inspecting officers from the General Staff visiting Strategic Missile Forces headquarters asked General Georgy Novikov what he would do if he received a missile launch order but the safe containing the launch codes failed to open.

Novikov said he would “knock off the safe’s lock with the sledgehammer” he kept nearby, the spokesman said.

At the time the inspectors severely criticized the general’s response, but the General Staff’s top official said Novikov would be acting correctly.

EDITED TO ADD (7/14): British nukes used to be protected by bike locks.

Posted on June 27, 2012 at 6:30 AMView Comments

Interview with a Safecracker

The legal kind. It’s interesting:

Q: How realistic are movies that show people breaking into vaults?

A: Not very! In the movies it takes five minutes of razzle-dazzle; in real life it’s usually at least a couple of hours of precision work for an easy, lost combination lockout.

[…]

Q: Have you ever met a lock you couldn’t pick?

A: There are several types of locks that are designed to be extremely pick-resistant, as there are combination safe locks that can slow down my efforts at manipulation.

I’ve never met a safe or lock that kept me out for very long. Not saying I can’t be stumped. Unknown mechanical malfunctions inside a safe or vault are the most challenging things I have to contend with and I will probably see one of those tomorrow since you just jinxed me with that question.

Posted on May 29, 2012 at 6:03 AMView Comments

Hawley Channels His Inner Schneier

Kip Hawley wrote an essay for the Wall Street Journal on airport security. In it, he says so many sensible things that people have been forwarding it to me with comments like “did you ghostwrite this?” and “it looks like you won an argument” and “how did you convince him?”

(Sadly, the essay was published in the Journal, which means it won’t be freely available on the Internet forever. Because of that, I’m going to quote from it liberally. And if anyone finds a permanent URL for this, I’ll add it here.)

Hawley:

Any effort to rebuild TSA and get airport security right in the U.S. has to start with two basic principles:

First, the TSA’s mission is to prevent a catastrophic attack on the transportation system, not to ensure that every single passenger can avoid harm while traveling. Much of the friction in the system today results from rules that are direct responses to how we were attacked on 9/11. But it’s simply no longer the case that killing a few people on board a plane could lead to a hijacking. Never again will a terrorist be able to breach the cockpit simply with a box cutter or a knife. The cockpit doors have been reinforced, and passengers, flight crews and air marshals would intervene.

This sounds a lot like me (2005):

Exactly two things have made airline travel safer since 9/11: reinforcement of cockpit doors, and passengers who now know that they may have to fight back.

I’m less into sky marshals than he is.

Hawley:

Second, the TSA’s job is to manage risk, not to enforce regulations. Terrorists are adaptive, and we need to be adaptive, too. Regulations are always playing catch-up, because terrorists design their plots around the loopholes.

Me in 2008:

It’s this fetish-like focus on tactics that results in the security follies at airports. We ban guns and knives, and terrorists use box-cutters. We take away box-cutters and corkscrews, so they put explosives in their shoes. We screen shoes, so they use liquids. We take away liquids, and they’re going to do something else. Or they’ll ignore airplanes entirely and attack a school, church, theatre, stadium, shopping mall, airport terminal outside the security area, or any of the other places where people pack together tightly.

These are stupid games, so let’s stop playing.

He disses Trusted Traveler programs, where known people are allowed bypass some security measures:

I had hoped to advance the idea of a Registered Traveler program, but the second that you create a population of travelers who are considered “trusted,” that category of fliers moves to the top of al Qaeda’s training list, whether they are old, young, white, Asian, military, civilian, male or female. The men who bombed the London Underground in July 2005 would all have been eligible for the Registered Traveler cards we were developing at the time. No realistic amount of prescreening can alleviate this threat when al Qaeda is working to recruit “clean” agents. TSA dropped the idea on my watch — though new versions of it continue to pop up.

Me in 2004:

What the Trusted Traveler program does is create two different access paths into the airport: high security and low security. The intent is that only good guys will take the low-security path, and the bad guys will be forced to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to take the low-security path.

Hawley’s essay ends with a list of recommendations for change, and they are mostly good:

What would a better system look like? If politicians gave the TSA some political cover, the agency could institute the following changes before the start of the summer travel season:

1. No more banned items: Aside from obvious weapons capable of fast, multiple killings — such as guns, toxins and explosive devices — it is time to end the TSA’s use of well-trained security officers as kindergarten teachers to millions of passengers a day. The list of banned items has created an “Easter-egg hunt” mentality at the TSA. Worse, banning certain items gives terrorists a complete list of what not to use in their next attack. Lighters are banned? The next attack will use an electric trigger.

Me in 2009:

Return passenger screening to pre-9/11 levels.

Hawley:

2. Allow all liquids: Simple checkpoint signage, a small software update and some traffic management are all that stand between you and bringing all your liquids on every U.S. flight. Really.

This is referring to a point he makes earlier in his essay:

I was initially against a ban on liquids as well, because I thought that, with proper briefing, TSA officers could stop al Qaeda’s new liquid bombs. Unfortunately, al Qaeda’s advancing skill with hydrogen-peroxide-based bombs made a total liquid ban necessary for a brief period and a restriction on the amount of liquid one could carry on a plane necessary thereafter.

Existing scanners could allow passengers to carry on any amount of liquid they want, so long as they put it in the gray bins. The scanners have yet to be used in this way because of concern for the large number of false alarms and delays that they could cause. When I left TSA in 2009, the plan was to designate “liquid lanes” where waits might be longer but passengers could board with snow globes, beauty products or booze. That plan is still sitting on someone’s desk.

I have been complaining about the liquids ban for years, but Hawley’s comment confuses me. He says that hydrogen-peroxide based bombs — these are the bombs that are too dangerous to bring on board in 4-oz. bottles, but perfectly fine in four 1-oz bottles combined after the checkpoints — can be detected with existing scanners, not with new scanners using new technology. Does anyone know what he’s talking about?

Hawley:

3. Give TSA officers more flexibility and rewards for initiative, and hold them accountable: No security agency on earth has the experience and pattern-recognition skills of TSA officers. We need to leverage that ability. TSA officers should have more discretion to interact with passengers and to work in looser teams throughout airports. And TSA’s leaders must be prepared to support initiative even when officers make mistakes. Currently, independence on the ground is more likely to lead to discipline than reward.

This is a great idea, but it’s going to cost money. Being a TSA screener is a pretty lousy job. Morale is poor: “In surveys on employee morale and job satisfaction, TSA often performs poorly compared to other government agencies. In 2010 TSA ranked 220 out of 224 government agency subcomponents for employee satisfaction.” Pay is low: “The men and women at the front lines of the battle to keep the skies safe are among the lowest paid of all federal employees, and they have one of the highest injury rates.” And there is traditionally a high turnover: 20% in 2008. The 2011 decision allowing TSA workers to unionize will help this somewhat, but for it to really work, the rules can’t be this limiting: “the paper outlining his decision precludes negotiations on security policies, pay, pensions and compensation, proficiency testing, job qualifications and discipline standards. It also will prohibit screeners from striking or engaging in work slowdowns.”

TSA workers who are smart, flexible, and show initiative will cost money, and that’ll be difficult when the TSA’s budget is being cut.

Hawley:

4. Eliminate baggage fees: Much of the pain at TSA checkpoints these days can be attributed to passengers overstuffing their carry-on luggage to avoid baggage fees. The airlines had their reasons for implementing these fees, but the result has been a checkpoint nightmare. Airlines might increase ticket prices slightly to compensate for the lost revenue, but the main impact would be that checkpoint screening for everybody will be faster and safer.

Another great idea, but I don’t see how we can do it without passing a law forbidding airlines to charge those fees. Over the past few years, airlines have drastically increased fees as a revenue source. Sneaking in extra charges allows them to advertise lower prices, and I don’t see that changing anytime soon.

5. Randomize security: Predictability is deadly. Banned-item lists, rigid protocols — if terrorists know what to expect at the airport, they have a greater chance of evading our system.

This would be a disaster. Actually, I’m surprised Hawley even mentions it, given that he wrote this a few paragraphs earlier:

One brilliant bit of streamlining from the consultants: It turned out that if the outline of two footprints was drawn on a mat in the area for using metal-detecting wands, most people stepped on the feet with no prompting and spread their legs in the most efficient stance. Every second counts when you’re processing thousands of passengers a day.

Randomization would slow checkpoints down to a crawl, as well as anger passengers. Do I have to take my shoes off or not? Does my computer go in the bin or not? (Even the weird but mostly consistent rules about laptops vs. iPads is annoying people.) Yesterday, liquids were allowed — today they’re banned. But at this airport, the TSA is confiscating anything with more than two ounces of aluminum and questioning people carrying Tom Clancy novels.

I’m not even convinced this would be a hardship for the terrorists. I’ve gotten really good at avoiding lanes with full-body scanners, and presumably the terrorists will simply assume that all security regulations are in force at all times. I’d like to see a cost-benefit analysis of this sort of thing first.

Hawley’s concluding paragraph:

In America, any successful attack — no matter how small — is likely to lead to a series of public recriminations and witch hunts. But security is a series of trade-offs. We’ve made it through the 10 years after 9/11 without another attack, something that was not a given. But no security system can be maintained over the long term without public support and cooperation. If Americans are ready to embrace risk, it is time to strike a new balance.

I agree with this. Sadly, I’m not optimistic for change anytime soon. There’s one point Hawley makes, but I don’t think he makes it strongly enough. He says:

I wanted to reduce the amount of time that officers spent searching for low-risk objects, but politics intervened at every turn. Lighters were untouchable, having been banned by an act of Congress. And despite the radically reduced risk that knives and box cutters presented in the post-9/11 world, allowing them back on board was considered too emotionally charged for the American public.

This is the fundamental political problem of airport security: it’s in nobody’s self-interest to take a stand for what might appear to be reduced security. Imagine that the TSA management announces a new rule that box cutters are now okay, and that they respond to critics by explaining that the current risks to airplanes don’t warrant prohibiting them. Even if they’re right, they’re open to attacks from political opponents that they’re not taking terrorism seriously enough. And if they’re wrong, their careers are over.

It’s even worse when it’s elected officials who have to make the decision. Which congressman is going to jeopardize his political career by standing up and saying that the cigarette lighter ban is stupid and should be repealed? It’s all political risk, and no political gain.

We have the same problem with the no-fly list: Congress mandates that the TSA match passengers against these lists. Rolling this back is politically difficult at the best of times, and impossible in today’s climate, even if the TSA decided it wanted to do so.

I am very impressed with Hawley’s essay. I do wonder where it came from. This wasn’t the same argument Hawley made when I debated him last month on the Economist website. This definitely wasn’t the same argument he made when I interviewed him in 2007, when he was still head of the TSA. But it’s great to read today.

Hopefully, someone is listening. And hopefully, our social climate will change so that these sorts of changes become politically possible.

ETA (4/16): Slashdot thread.

Posted on April 16, 2012 at 12:29 PMView Comments

1 3 4 5 6 7 24

Sidebar photo of Bruce Schneier by Joe MacInnis.