Entries Tagged "terrorism"

Page 27 of 80

Jeremy Clarkson on Security Guards

Nice essay:

Of course, we know why he’s really there. He’s really there so that if the bridge is destroyed by terrorists, the authorities can appear on the television news and say they had taken all possible precautions. Plus, if you employ a security guard, then I should imagine that your insurance premiums are going to be significantly lower.

This is probably why so many companies use security guards these days. It must be, because when it comes to preventing a crime, they are pretty much useless. No, really. If you are planning a heist, job one on the list of things to do is “take out the guard”. He is therefore not an impenetrable wall of steel; he’s just a nuisance.

And he’s not just a nuisance to the people planning to hit him on the head. He’s also a nuisance to the thousands of people who legitimately wish to enter or leave the building he’s supposed to be guarding.

At the office where I work, everyone is issued with laminated photo-ID cards that open all the barriers and doors. It is quite impossible to make any sort of progress unless you have such a thing about your person. But even so, every barrier and door is also guarded by a chap who, in a fight, would struggle to beat Christopher Robin. One looks like his heart would give out if you said “boo.” Another has a face that’s so grey that, in some lights, he appears to be slightly lilac. I cannot for the life of me work out what these people are supposed to achieve, apart from making the lives of normal people a little bit more difficult.

EDITED TO ADD (4/13): Another Clarkson essay, this one on security theater.

Posted on March 30, 2010 at 6:06 AM

Dead on the No-Fly List

Such “logic“:

If a person on the no-fly list dies, his name could stay on the list so that the government can catch anyone trying to assume his identity.

But since a terrorist might assume anyone’s identity, by the same logic we should put everyone on the no-fly list.

Otherwise, it’s an interesting article on how the no-fly list works.

Posted on March 24, 2010 at 6:38 AMView Comments

Small Planes and Lone Terrorist Nutcases

A Washington Post article concludes that small planes are not the next terror threat:

Pilots of private planes fly about 200,000 small and medium-size aircraft in the United States, using 19,000 airports, most of them small. The planes’ owners say the aircraft have little in common with airliners.

“I don’t see a gaping security hole here,” said Tom Walsh, an aviation security consultant. “In terms of aviation security, there are much bigger fish to fry than worrying [about] small aircraft.”

He said most would-be terrorists would draw the same conclusion—that tiny aircraft don’t pack a big enough punch. Planes like the one Stack flew weigh just a few thousands pounds and carry no more than 100 gallons of fuel. A Boeing 767 weighs 400,000 pounds and carries up to 25,000 gallons.

Richard L. Skinner, inspector general of the Department of Homeland Security, reviewed security at several general-aviation airports last year and concluded that general aviation “presents only limited and mostly hypothetical threats to security.”

What this analysis misses is our ability to terrorize ourselves. After all, who thought that a failed terrorist incident—nobody hurt, no plane crash, terrorist in custody—could cause so much terror?

On the face of it, Joseph Stack flying a private plane into the Austin, TX IRS office is no different than Nidal Hasan shooting up Ft. Hood: a lone extremist nutcase. If one is a terrorist and the other is a criminal, the difference is more political or religious than anything else.

Personally, I wouldn’t call either a terrorist. Nor would I call Amy Bishop, who opened fire on her department after she was denied tenure, a terrorist.

I consider both Theodore Kaczynski (the Unabomber) and Bruce Ivins (the anthrax mailer) to be terrorists, but John Muhammad and Lee Malvo (the DC snipers) to be criminals. Clearly there is grey area.

I note that the primary counterterrorist measures I advocate—investigation and intelligence—can’t possibly make a difference against any of these people. Lone nuts are pretty much impossible to detect in advance, and thus pretty much impossible to defend against: a point Cato’s Jim Harper made in a smart series of posts. And once they attack, conventional police work is how we capture those that simply don’t care if they’re caught or killed.

Posted on February 25, 2010 at 5:46 AMView Comments

Terrorists Prohibited from Using iTunes

The iTunes Store Terms and Conditions prohibits it:

Notice, as I read this clause not only are terrorists—or at least those on terrorist watch lists—prohibited from using iTunes to manufacture WMD, they are also prohibited from even downloading and using iTunes. So all the Al-Qaeda operatives holed up in the Northwest Frontier Provinces of Pakistan, dodging drone attacks while listening to Britney Spears songs downloaded with iTunes are in violation of the terms and conditions, even if they paid for the music!

And you thought being harassed at airports was bad enough.

Posted on February 10, 2010 at 12:39 PMView Comments

Outguessing the Terrorists

Isn’t it a bit embarrassing for an “expert on counter-terrorism” to be quoted as saying this?

Bill Tupman, an expert on counter-terrorism from Exeter University, told BBC News: “The problem is trying to predict the mind of the al-Qaeda planner; there are so many things they might do.

“And it is also necessary to reassure the public that we are trying to outguess the al-Qaeda planner and we are in the process of protecting them from any threat.”

I think it’s necessary to convince the public to refuse to be terrorized. What frustrates me most about Abdulmutallab is that he caused terror even though his plot failed. I want us to be indomitable enough for the next attack to fail to cause terror, even if it succeeds. Remember: terrorism can’t destroy our country’s way of life; only our reaction to terrorism can.

Posted on February 9, 2010 at 6:07 AMView Comments

Scaring the Senate Intelligence Committee

This is unconscionable:

At Tuesday’s hearing, Senator Dianne Feinstein, Democrat of California and chairwoman of the Senate Intelligence Committee, asked Mr. Blair [the Director of National Intelligence] to assess the possibility of an attempted attack in the United States in the next three to six months.

He replied, “The priority is certain, I would say”—a response that was reaffirmed by the top officials of the C.I.A. and the F.B.I.

I don’t know what “the priority is certain” actually means, but now everyone is reporting that these agencies claim there will be a terrorist attack in the U.S. during the next six months.

Posted on February 5, 2010 at 11:59 AMView Comments

Security and Function Creep

Security is rarely static. Technology changes both security systems and attackers. But there’s something else that changes security’s cost/benefit trade-off: how the underlying systems being secured are used. Far too often we build security for one purpose, only to find it being used for another purpose—one it wasn’t suited for in the first place. And then the security system has to play catch-up.

Take driver’s licenses, for example. Originally designed to demonstrate a credential—the ability to drive a car—they looked like other credentials: medical licenses or elevator certificates of inspection. They were wallet-sized, of course, but they didn’t have much security associated with them. Then, slowly, driver’s licenses took on a second application: they became age-verification tokens in bars and liquor stores. Of course the security wasn’t up to the task—teenagers can be extraordinarily resourceful if they set their minds to it—and over the decades driver’s licenses got photographs, tamper-resistant features (once, it was easy to modify the birth year), and technologies that made counterfeiting harder. There was little value in counterfeiting a driver’s license, but a lot of value in counterfeiting an age-verification token.

Today, US driver’s licenses are taking on yet another function: security against terrorists. The Real ID Act—the government’s attempt to make driver’s licenses even more secure—has nothing to do with driving or even with buying alcohol, and everything to do with trying to make that piece of plastic an effective way to verify that someone is not on the terrorist watch list. Whether this is a good idea, or actually improves security, is another matter entirely.

You can see this kind of function creep everywhere. Internet security systems designed for informational Web sites are suddenly expected to provide security for banking Web sites. Security systems that are good enough to protect cheap commodities from being stolen are suddenly ineffective once the price of those commodities rises high enough. Application security systems, designed for locally owned networks, are expected to work even when the application is moved to a cloud computing environment. And cloud computing security, designed for the needs of corporations, is expected to be suitable for government applications as well—maybe even military applications.

Sometimes it’s obvious that security systems designed for one environment won’t work in another. We don’t arm our soldiers the same way we arm our policemen, and we can’t take commercial vehicles and easily turn them into ones outfitted for the military. We understand that we might need to upgrade our home security system if we suddenly come into possession of a bag of diamonds. Yet many think the same security that protects our home computers will also protect voting machines, and the same operating systems that run our businesses are suitable for military uses.

But these are all conscious decisions, and we security professionals often know better. The real problems arise when the changes happen in the background, without any conscious thought. We build a network security system that’s perfectly adequate for the threat and—like a driver’s license becoming an age-verification token—the network accrues more and more functions. But because it has already been pronounced “secure,” we can’t get any budget to re-evaluate and improve the security until after the bad guys have figured out the vulnerabilities and exploited them.

I don’t like having to play catch-up in security, but we seem doomed to keep doing so.

This essay originally appeared in the January/February 2010 issue of IEEE Security and Privacy.

Posted on February 4, 2010 at 6:35 AMView Comments

More Movie Plot Terrorist Threats

The Foreign Policy website has its own list of movie-plot threats: machine-gun wielding terrorists on paragliders, disease-laden insect swarms, a dirty bomb made from smoke detector parts, planning via online games, and botulinum in the food supply. The site fleshes these threats out a bit, but it’s nothing regular readers of this blog can’t imagine for themselves.

Maybe they should have their own movie-plot threat contest.

Posted on February 2, 2010 at 6:34 AMView Comments

1 25 26 27 28 29 80

Sidebar photo of Bruce Schneier by Joe MacInnis.