terrorism Archives - Page 77 of 80 - Schneier on Security

Entries Tagged "terrorism"

Page 77 of 80

Security Trade-Offs

An essay by an anonymous CSO. This is how it begins:

On any given day, we CSOs come to work facing a multitude of security risks. They range from a sophisticated hacker breaching the network to a common thug picking a lock on the loading dock and making off with company property. Each of these scenarios has a probability of occurring and a payout (in this case, a cost to the company) should it actually occur. To guard against these risks, we have a finite budget of resources in the way of time, personnel, money and equipment—poker chips, if you will.

If we’re good gamblers, we put those chips where there is the highest probability of winning a high payout. In other words, we guard against risks that are most likely to occur and that, if they do occur, will cost the company the most money. We could always be better, but as CSOs, I think we’re getting pretty good at this process. So lately I’ve been wondering—as I watch spending on national security continue to skyrocket, with diminishing marginal returns—why we as a nation can’t apply this same logic to national security spending. If we did this, the war on terrorism would look a lot different. In fact, it might even be over.

The whole thing is worth reading.

Posted on April 22, 2005 at 12:32 PM • View Comments

Security as a Trade-Off

The Economist has an excellent editorial on security trade-offs. You need to subscribe to read the whole thing, but here’s my favorite paragraph:

The second point is that all technologies have both good and bad uses. There is currently a debate about whether it is safe to install mobile antennas in underground stations, for example, for fear that
terrorists will use mobile phones to detonate bombs. Last year’s bombs in Madrid were detonated by mobile phones, but it was the phones’ internal alarm-clock function, not a call, that was used as the trigger mechanism. Nobody is suggesting that alarm clocks be outlawed, however; nor does anyone suggest banning telephones, even though kidnappers can use them to make ransom demands. Rather than demonising new technologies, their legitimate uses by good people must always be weighed against their illegitimate uses by bad ones. New technologies are inevitable, but by learning the lessons of history, needless scares need not be.

Posted on April 11, 2005 at 1:05 PM • View Comments

Secrecy and Security

Nice op-ed on the security problems with secrecy.

Some information that previously was open no doubt needs to be classified now. Terrorism alters perspectives. But the terrorist threat also has provided cover for bureaucrats who instinctively opt for secrecy and public officials who would prefer to keep the public in the dark to avoid accountability.

Posted on April 7, 2005 at 9:40 AM • View Comments

Recently I wrote about the government requiring pilots not to fly near nuclear power plants, and then not telling them where those plants are, because of security concerns. Here’s a story about how someone found the exact location of the nuclear power plant in Oyster Creek, N.J., using only publicly available information.

But of course a terrorist would never be able to do that.

Posted on April 6, 2005 at 9:05 AM • View Comments

Sandia on Terrorism Security

I have very mixed feelings about this report:

Anticipating attacks from terrorists, and hardening potential targets against them, is a wearying and expensive business that could be made simpler through a broader view of the opponents’ origins, fears, and ultimate objectives, according to studies by the Advanced Concepts Group (ACG) of Sandia National Laboratories.

“Right now, there are way too many targets considered and way too many ways to attack them,” says ACG’s Curtis Johnson. “Any thinking person can spin up enemies, threats, and locations it takes billions [of dollars] to fix.”

That makes a lot of sense, and this way of thinking is sorely needed. As is this kind of thing:

“The game really starts when the bad guys are getting together to plan something, not when they show up at your door,” says Johnson. “Can you ping them to get them to reveal their hand, or get them to turn against themselves?”

Better yet is to bring the battle to the countries from which terrorists spring, and beat insurgencies before they have a foothold.

“We need to help win over the as-yet-undecided populace to the view it is their government that is legitimate and not the insurgents,” says the ACG’s David Kitterman. Data from Middle East polls suggest, perhaps surprisingly, that most respondents are favorable to Western values. Turbulent times, however, put that liking under stress.

A nation’s people and media can be won over, says Yonas, through global initiatives that deal with local problems such as the need for clean water and affordable energy.

Says Johnson, “U.S. security already is integrated with global security. We’re always helping victims of disaster like tsunami victims, or victims of oppressive governments. Perhaps our ideas on national security should be redefined to reflect the needs of these people.”

Remember right after 9/11, when that kind of thinking would get you vilified?

But the article also talks about security mechanisms that won’t work, cost too much in freedoms and liberties, and have dangerous side effects.

People in airports voluntarily might carry smart cards if the cards could be sweetened to perform additional tasks like helping the bearer get through security, or to the right gate at the right time.

Mall shoppers might be handed a sensing card that also would help locate a particular store, a special sale, or find the closest parking space through cheap distributed-sensor networks.

“Suppose every PDA had a sensor on it,” suggests ACG researcher Laura McNamara. “We would achieve decentralized surveillance.” These sensors could report by radio frequency to a central computer any signal from contraband biological, chemical, or nuclear material.

Universal surveillance to improve our security? Seems unlikely.

But the most chilling quote of all:

“The goal here is to abolish anonymity, the terrorist’s friend,” says Sandia researcher Peter Chew. “We’re not talking about abolishing privacy—that’s another issue. We’re only considering the effect of setting up an electronic situation where all the people in a mall, subway, or airport ‘know’ each other—via, say, Bluetooth—as they would have, personally, in a small town. This would help malls and communities become bad targets.”

Anonymity is now the terrorist’s friend? I like to think of it as democracy’s friend.

Security against terrorism is important, but it’s equally important to remember that terrorism isn’t the only threat. Criminals, police, and governments are also threats, and security needs to be viewed as a trade-off with respect to all the threats. When you analyze terrorism in isolation, you end up with all sorts of weird answers.

Posted on April 5, 2005 at 9:26 AM • View Comments

Anonymity and the Internet

From Slate:

Anonymice on Anonymity Wendy.Seltzer.org (“Musings of a techie lawyer”) deflates the New York Times‘ breathless Saturday (March 19) piece about the menace posed by anonymous access to Wi-Fi networks (“Growth of Wireless Internet Opens New Path for Thieves” by Seth Schiesel). Wi-Fi pirates around the nation are using unsecured hotspots to issue anonymous death threats, download child pornography, and commit credit card fraud, Schiesel writes. Then he plays the terrorist card.

But unsecured wireless networks are nonetheless being looked at by the authorities as a potential tool for furtive activities of many sorts, including terrorism. Two federal law enforcement officials said on condition of anonymity that while they were not aware of specific cases, they believed that sophisticated terrorists might also be starting to exploit unsecured Wi-Fi connections.

Never mind the pod of qualifiers swimming through in those two sentences—”being looked at”; “potential tool”; “not aware of specific cases”; “might”—look at the sourcing. “Two federal law enforcement officials said on condition of anonymity. …” Seltzer points out the deep-dish irony of the Times citing anonymous sources about the imagined threats posed by anonymous Wi-Fi networks. Anonymous sources of unsubstantiated information, good. Anonymous Wi-Fi networks, bad.

This is the post from wendy.seltzer.org:

The New York Times runs an article in which law enforcement officials lament, somewhat breathlessly, that open wifi connections can be used, anonymously, by wrongdoers. The piece omits any mention of the benefits of these open wireless connections—no-hassle connectivity anywhere the “default” community network is operating, and anonymous browsing and publication for those doing good, too.

Without a hint of irony, however:

Two federal law enforcement officials said on condition of anonymity that while they were not aware of specific cases, they believed that sophisticated terrorists might also be starting to exploit unsecured Wi-Fi connections.

Yes, even law enforcement needs anonymity sometimes.

Open WiFi networks are a good thing. Yes, they allow bad guys to do bad things. But so do automobiles, telephones, and just about everything else you can think of. I like it when I find an open wireless network that I can use. I like it when my friends keep their home wireless network open so I can use it.

Scare stories like the New York Times one don’t help any.

Posted on March 25, 2005 at 12:49 PM • View Comments

The Silliness of Secrecy

This is a great article on some of the ridiculous effects of government secrecy. (Unfortunately, you have to register to read it.)

Ever since Sept. 11, 2001, the federal government has advised airplane pilots against flying near 100 nuclear power plants around the country or they will be forced down by fighter jets. But pilots say there’s a hitch in the instructions: aviation security officials refuse to disclose the precise location of the plants because they
consider that “SSI”—Sensitive Security Information.

“The message is; ‘please don’t fly there, but we can’t tell you where there is,'” says Melissa Rudinger of the Aircraft Owners and Pilots Association, a trade group representing 60% of American pilots.

Determined to find a way out of the Catch-22, the pilots’ group sat down with a commercial mapping company, and in a matter of days plotted the exact geographical locations of the plants from data found on the Internet and in libraries. It made the information available to its 400,000 members on its Web site—until officials from the Transportation Security Administration asked them to take the information down. “Their concern was that [terrorists] mining the Internet could use it,” Ms. Rudinger says.

And:

For example, when a top Federal Aviation Administration official testified last year before the 9/11 commission, his remarks were
broadcast live nationally. But when the administration included a transcript in a recent report on threats to commercial airliners, the testimony was heavily edited. “How do you redact something that
is part of the public record?” asked Rep. Carolyn Maloney, (D., N.Y.) at a recent hearing on the problems of government
overclassification. Among the specific words blacked out were the seemingly innocuous phrase: “we are hearing this, this, this, this
and this.”

Government officials could not explain why the words were withheld, other than to note that they were designated SSI.

Posted on March 24, 2005 at 9:48 AM • View Comments

Nuclear Terrorism False Positives

From the AP:

A man who recently had received radiation treatment for a medical condition set off a nuclear alert detector on a fire engine, prompting police to close down a roadway in Escondido while authorities searched for a nuclear weapon.

Posted on March 21, 2005 at 8:07 AM • View Comments

Radiation Detectors in Ports

According to Reuters:

The United States is stepping up investment in radiation detection devices at its ports to thwart attempts to smuggle a nuclear device or dirty bomb into the country, a Senate committee heard on Wednesday.

Robert Bonner, commissioner of U.S. Customs and Border Protection, told a Senate subcommittee on homeland security that since the first such devices were installed in May 2000, they had picked up over 10,000 radiation hits in vehicles or cargo shipments entering the country. All proved harmless.

It amazes me that 10,000 false alarms—instances where the security system failed—are being touted as proof that the system is working.

As an example of how the system was working, Bonner said on Jan. 26, 2005, a machines got a hit from a South Korean vessel at the Los Angeles seaport. The radiation turned out to be emanating from the ship’s fire extinguishing system and was no threat to safety.

That sounds like an example of how the system is not working to me. Sometimes I wish that those in charge of security actually understood security.

Posted on March 16, 2005 at 7:51 AM • View Comments

Destroying the Earth

This is a fascinating—and detailed—analysis of what would be required to destroy the earth: materials, methods, feasibility, schedule. While the DHS might view this as a terrorist manual and get it removed from the Internet, the good news is that obliterating the planet isn’t an easy task.

Posted on March 15, 2005 at 5:30 PM • View Comments

←Previous 1 … 75 76 77 78 79 80 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.