First – all of us are not terrorists, especially the 80 year old grandmother and 10 year olds you are groping. However, if the United States government continues with their current trend of invasion of privacy and near molestation of American citizens they may be well on their way to becoming a terrorist state. Additionally, it appears as if we are already being terrorized due to the number of ridiculous steps one has to take when flying, and we have done nothing to increase our security.
OK, that was my rant and I will attempt to deliver the rest in a logical matter taking security and risk into account.
There is a great quote regarding security that paraphrased states the protector has to be right 100% of the time but the attacker only has to be right once. There are a lot of targets for attackers, and note that I am not using the word terrorist, but I include them in this categorization. Shopping malls, restaurants, crowded bus and train terminals, trains, busses, subways, concerts, schools, etc. It is impossible to protect all of these locations 100% of the time from 100% of attackers. Furthermore, you have to classify the risks and distribute your finite amount of protections against them in a manner that reduces, but never eliminates the risk. This has to be balanced by protecting the rights and freedoms of the very people you are trying to protect in the first place, or you have accomplished nothing and the people intending to harm you (the attackers) have actually terrorized you and accomplished their main goal. I could go on discussing the need for intelligence and actual police work, which is the only item that has ever stopped attacks or terrorist activity, but instead I am focusing this blog on just aviation security.
The government has once again based their security posture on a reaction to a specific threat and not on the overall risks to commercial passenger aviation. The shoe bomber tried to detonate a device in his shoe, so we all remove our shoes, the underwear bomber tried to detonate a device in his pants, and now we are all getting groped and having naked images of ourselves taken when we fly. There was a device disguised as a toner cartridge, so now we can no longer bring those on board. In the old days, I had to make my pager beep so that the security people knew it was not a bomb, and every time I did this the same thought ran through my head “If someone could make a pager into a bomb, they could damn sure make it beep when they wanted”.
The new procedures will still not be able to find explosives hidden in or on the body, and anyone who has worked in a prison will tell you that for certain, and let you know how you would have to search someone to find them - let’s just say it ain’t pretty. People with medical devices or prosthetics will be especially embarrassed by the latest tactics, and in the end the TSA agent will still not know if the insulin pump contains anything we should not let on a plane. It is still far easier and less risky to get a job as a baggage handler or ramp employee and smuggle explosives on a plane, than it is to bring it through the front door or to simply mail the explosives in a cargo container. There are hundreds of other means as well, but again we are discussing a specific threat and need to be discussing risks and countermeasures at a broader level. In disaster planning, you don’t plan for a plane crashing through your building, you plan for any occurrence that could harm an employee or the facility and plan accordingly. Again, I am only speaking of aviation security here, and there are many more targets that are far easier than an aircraft to attack.
Ask yourself this, would the current tactics have stopped the 9/11 terrorists – no. That event was a black swan, and was not anticipated by the countermeasures in place at the time, and the next event may not be either. If we continue down the road of reacting to every event with draconian measures that undermine our privacy and freedoms, we will have accomplished nothing, not made our country any safer, and spent a lot of money in the process. We need to ensure that Police are on the job, the intelligence community gets the resources and recognition is desperately deserves and look at all of our risks and not just the one that the last terrorist used.
Wednesday, November 24, 2010
Tuesday, March 9, 2010
Out of the mouths of babes
My 6 year old, upon entering the room and noticing my Wife's laptop was in a the grips of a blue screen of death, remarked - just turn it off and back on again.
She is well on her way to an MCSE certification
She is well on her way to an MCSE certification
Tuesday, January 5, 2010
The Fruit Wars
I don’t read fiction books, and anyone who reads this blog, can attest that I am not a great writer either, but here is my first attempt at fiction. The conversations and meeting transcripts below take place in the mythical land of Securitavia between their leader, Supreme Overlord Goober, and General Really, his most senior advisor. Securitavia has just suffered a widespread grape attack from their neighbor to the East, where they were viciously pelted with grapes thrown over the 3-foot picket fence that separates Securitavia and their neighbor. SO Goober wants actions and answers and has called General Really to his office.
May 3
SOG – These grape attacks can never happen again, we must do something about it and quick.
GR – I would suggest strengthening our defenses and intelligence to combat these fruit attacks
SOG – I like the intelligence idea, after all we are going to need someone to blame if this happens again. What I really think we need is a grape embargo, and some anti-grape defenses. Grapes are small and light, so I think a 10 foot lace curtain should be plenty
GR – Sir, I beg to differ, but what if they change their tactics? I mean we shouldn’t base our defenses on their current tactics, but instead attempt to reduce our threats to a wider range of attacks.
SOG – Nonsense, get me some anti-grape technology, and let’s really focus on that one item.
June 1st
Securitavia’s neighbors to the East are now using straws to spit pomegranate seeds through the holes in the lace curtain, erected previously, and the anti-grape shield that was installed has been little help in the defense of this new strategy. The banning of grapes within the area has also left the innocent, non-grape throwing people, with no grapes to eat. Our story picks up again in the offices of Supreme Overlord Goober and General Really
SOG – how could this have happened?
GR – Well Sir we, only protected ourselves against a grape attack
SOG – Who’s dumb idea was that?
GR – I wonder
SOG – well what should we do now?
GR – I would suggest we increase our intelligence budget, spend more money on recovering from these attacks, and look at our defenses across the board including processes for fruit management, and near picket fence access procedures.
SOG – Couldn’t we just blame the intelligence agency?
GR – Sir, I really don’t think that will help
SOG – Nonsense, blame them and let’s ban pomegranates and straws in the entire region.
July 5th
Securitavia has suffered another attack, this time by a Securitiavian citizen that attacked an 18-wheeler full of pigs with a homemade watermelon cannon. SO Goober is surprised how this could have happened. The Neighbors to the East were all on the no grape and pomegranate list. Once again he calls General Really to his headquarters.
SOG – We need more money for protection against pig transports immediately. I love my ribs and bacon, and by God no one is going to jeopardize that.
GR – Sir, we simply can’t protect everything, but we can get more police on the streets to patrol, and reduce our risks somewhat. We also need to pay attention to first responders for any type of emergency – not just your dinner.
SOG – No that doesn’t sound right
GR – Really?
SOG – What we need are armed guards on all of the pig transport trucks to guard against this type of thing
Frustrated by the senseless spending and ridiculous measures that offer no security, but instead place costs and burdens on the majority of non-fruit throwing people of Securitavia, General Really takes a job in the private sector – where the same conversations happen. Supreme Overlord Goober eventually retired, got chubby and moved to Miami, leaving the security concerns of Securitavia to his successor.
May 3
SOG – These grape attacks can never happen again, we must do something about it and quick.
GR – I would suggest strengthening our defenses and intelligence to combat these fruit attacks
SOG – I like the intelligence idea, after all we are going to need someone to blame if this happens again. What I really think we need is a grape embargo, and some anti-grape defenses. Grapes are small and light, so I think a 10 foot lace curtain should be plenty
GR – Sir, I beg to differ, but what if they change their tactics? I mean we shouldn’t base our defenses on their current tactics, but instead attempt to reduce our threats to a wider range of attacks.
SOG – Nonsense, get me some anti-grape technology, and let’s really focus on that one item.
June 1st
Securitavia’s neighbors to the East are now using straws to spit pomegranate seeds through the holes in the lace curtain, erected previously, and the anti-grape shield that was installed has been little help in the defense of this new strategy. The banning of grapes within the area has also left the innocent, non-grape throwing people, with no grapes to eat. Our story picks up again in the offices of Supreme Overlord Goober and General Really
SOG – how could this have happened?
GR – Well Sir we, only protected ourselves against a grape attack
SOG – Who’s dumb idea was that?
GR – I wonder
SOG – well what should we do now?
GR – I would suggest we increase our intelligence budget, spend more money on recovering from these attacks, and look at our defenses across the board including processes for fruit management, and near picket fence access procedures.
SOG – Couldn’t we just blame the intelligence agency?
GR – Sir, I really don’t think that will help
SOG – Nonsense, blame them and let’s ban pomegranates and straws in the entire region.
July 5th
Securitavia has suffered another attack, this time by a Securitiavian citizen that attacked an 18-wheeler full of pigs with a homemade watermelon cannon. SO Goober is surprised how this could have happened. The Neighbors to the East were all on the no grape and pomegranate list. Once again he calls General Really to his headquarters.
SOG – We need more money for protection against pig transports immediately. I love my ribs and bacon, and by God no one is going to jeopardize that.
GR – Sir, we simply can’t protect everything, but we can get more police on the streets to patrol, and reduce our risks somewhat. We also need to pay attention to first responders for any type of emergency – not just your dinner.
SOG – No that doesn’t sound right
GR – Really?
SOG – What we need are armed guards on all of the pig transport trucks to guard against this type of thing
Frustrated by the senseless spending and ridiculous measures that offer no security, but instead place costs and burdens on the majority of non-fruit throwing people of Securitavia, General Really takes a job in the private sector – where the same conversations happen. Supreme Overlord Goober eventually retired, got chubby and moved to Miami, leaving the security concerns of Securitavia to his successor.
Friday, November 20, 2009
Model Privacy Policy issued by the Feds
The FTC and seven other Federal agencies released their model privacy policy based on interviews with consumers and feedback from all of the agencies involved. Any organizations that fall under the regulatory auspices of one of those agencies, or has GLBA requirements would be well advised to take this “requirement” into consideration before it comes up in an action against the organization and you are facing an auditor asking you why you did not take this into consideration. See intro from the press release and a link to the entire release as well as the template.
From the FTC
Eight federal regulatory agencies today released a final model privacy notice form that will make it easier for consumers to understand how financial institutions collect and share information about consumers. Under the Gramm-Leach-Bliley Act (GLB Act), institutions must notify consumers of their information-sharing practices and inform consumers of their right to opt out of certain sharing practices. The model form issued today can be used by financial institutions to comply with these requirements. Read more
Thursday, November 5, 2009
What if the e-mail says s-i-p-c?
There is a bill pending as part of the Investor Protection Act (section 508) that would require ISP’s to block content where scammers are posing as SIPC Members. Ask anyone that has tried to block scam e-mails or web sites, and they will tell you long sad stories about the impracticality of this exercise. And here is a news flash for the House – the e-mails and web sites you are attempting to block here, do not always clearly state SIPC member, or “we are a fraudulent site". They can use any number of tricks to hide the content from scanning including images that aren’t named “SIPC fraudulent logo.bmp” and HTTPS connections. Judges have already thrown out prior requirements of this type looking for porn. What’s next – using a BBB seal without rights? Wouldn’t it be better to solve the broader problem of consumer protection instead of looking at one type of fraud? The last I checked, check fraud was still the most prevalent fraud in America.
Story follows from cnet http://news.cnet.com/8301-13578_3-10390779-38.html
Story follows from cnet http://news.cnet.com/8301-13578_3-10390779-38.html
Tuesday, November 3, 2009
Comcast's Constant Guard
Comcast is set to debut its “Constant Guard” program that will alert users if they suspect their machine is infected with malware. Apparently they are already doing this via telephone, and want to automate the process through browser notifications. As someone who used to manage IPS, I cannot imagine trying to do this on this scale, but I applaud them for trying this anyways. There are however two big issues with this – not to mention the nine others.
1. Privacy – exactly what are they watching here, and what are they sending in the way of interceptions
2. They are copying what the malware distributors are doing right now with fake A/V solutions that are actually malware, and it is going to be impossible for novice computer users, who apparently got infected in the first place to know the difference between Comcast and Malware.
Story below
http://ca.news.finance.yahoo.com/s/08102009/34/biz-f-business-wire-comcast-unveils-comprehensive-constant-guard-internet-security-program.html
1. Privacy – exactly what are they watching here, and what are they sending in the way of interceptions
2. They are copying what the malware distributors are doing right now with fake A/V solutions that are actually malware, and it is going to be impossible for novice computer users, who apparently got infected in the first place to know the difference between Comcast and Malware.
Story below
http://ca.news.finance.yahoo.com/s/08102009/34/biz-f-business-wire-comcast-unveils-comprehensive-constant-guard-internet-security-program.html
Thursday, June 18, 2009
Pending Canadian legislation proposes new snooping capabilities for authorities
Interesting story reported by Canwest News Service out of Canada
OTTAWA — Police will be given new powers to eavesdrop on Internet-based communications as part of a contentious government bill, to be announced Thursday, which Public Safety Minister Peter Van Loan has said is needed to modernize surveillance laws crafted during "the era of the rotary phone."
Original Story by Canwest News Service
OTTAWA — Police will be given new powers to eavesdrop on Internet-based communications as part of a contentious government bill, to be announced Thursday, which Public Safety Minister Peter Van Loan has said is needed to modernize surveillance laws crafted during "the era of the rotary phone."
Original Story by Canwest News Service
Subscribe to:
Posts (Atom)