What is Security? A Chapter from Live Free or Die Hard…
Alright, so probably not the best inspiration for this entry, but nonetheless it struck a chord with me when I went to see Live Free or Die Hard — Security. That is, how does one define security?
Simply put, security is not just the best encryption or the latest and greatest technology, it’s a behavior, a mindset, and an new-world understanding of risks. In the movie, the most vulnerable component in the nation’s security, is the asynchronous network and the ability to seize control of entire systems via computer and the effects would impact government forces, civilians, and result in their rise of power.
Now, I know, the movie is fiction; however, it did combine some logical ideology such as a Firesale. The idea of a firesale is to obtain control by means of chaos in freezing transportation, collapsing the economy, and disrupting government infrastructure. Certainly this is a problem with not only our country, but also others around the world as they (like us) are growing in technology reliance.
The questions to ask, after seeing some vulnerabilities in LFDH would be:
- Who manages and is directly responsible for security of a system (or a process)?
- In making global changes (e.g. not more than a 10-mile radius impact), what overrides or additional security clearances is necessary?
- Is there any AI mechanisms to detect failure and restrict to a fail-safe mode and lockout operators?
- If one or more systems are down, can your system manage itself or provide a means of alert?
- How does one verify an alert has taken place (e.g reporting scientific data, instead of a “dummy light” approach)?
- Do you utilize verifiable communications? Do all stakeholders acknowledge the risks of not using verifiable communications (e.g. Analog Radio)?
Anyhow, those were just a few questions a security analyst might ask when providing a review of a system such as our government.
Sometimes, there is no means of resolving all these questions — but if we ask the questions and provide the most reasonable solution and acknowledge all risks involved — that will make for a safer and more reliable system. I observe everyday that people are afraid to ask questions. That fear resonates in not just in large corporations, but I would only imagine it holds true in government organizations, too.
So, before you stand firm on how new and tight your security is on something; ask yourself is it really secure to all methods of attack? If not, what can be done to minimize it? And to what extent will you disclose such risks.
Finally, what is your definition of security? Or, if you want, share your thoughts on the LFDH movie in the comments below.
Security means different things to different people.
Sometimes your security can be seriously breached by
a politician wearing a coat and tie, or someone handling your money. It doesn’t have to be an evil computer whiz, or someone with a bomb strapped to themselves.
Our lack of overall leadership only serves to feed all the above in separating you from your money and your loved ones.
Thanks for visiting my blog and sharing your comment. I agree that security is more than preventing bombs and computer hackers.
However, I would like to point out the need for parity in gaining knowledge of such attacks. Without compromising a system itself, we much learn to openly embrace its flaws and not depend on others to protect it.
For example, computer viruses. Sure, it might be easy to depend on anti-virus vendors to patch things and clean viruses … but it does not solve the problem of how virus spread (e.g. e-mail, opening attachments, etc.). Only until a person understands the dynamic environment they exist in, the user is the source of any security vulnerability and not the vendor (which they depend on).
See what I mean?
Anyhow, thank you very much for visiting and leaving a comment. I look forward to further comments on my other entries.
What is security? Comedy option: 230 grain Gold Dot JHP.
Real answer: I think the human side of the equation is always going to be the weakest link in any security scheme- why hack a bank’s computer system when you can slip a C-note to the 19 year old teller with a drug habit? Get an entry-level job at a rinky-dink call center and you can write down 300 credit card numbers in the first week. Grandma didn’t tear up her statements before she threw them away? There goes her identity. I think companies need to get serious about who they hire and monitoring them in addition to spending a fortune on gee-whiz technology.
When I was in the Navy they spent tens of millions of your tax dollars on the most advanced security systems you can imagine; but the most time and training was spent on the human factor- how tired is that Marine at the gate? Did he just let his buddy past without searching him for a camera phone? Did that guy just avoid being scanned by using his rank to intimidate the guard? How long has it been since that civilian contractor’s clearance was re-verified? Who drinks? Who has a gambling problem?
I don’t think any technological solutions are worth very much until questions like those can be answered.
Also LOL @ the thinly-veiled Bush-bash in the first comment… I don’t like him either but relax man, I hear he’s not running in 2008.
Another way to look at is from the perspective of Weimar Republic Germany (hey I wasn’t the one who started with the politics). How much civil liberty are we willing to give up in order to make sure we have answers to the questions in my other post? Hey, if you’re not doing anything wrong what do you have to hide, right?
What are we going to do when we get our Weimar- when someone comes along and says they will control the border, beat the terrorists, make the trains run on time, or whatever… and all we have to do is not ask too many questions.
Is it happening now with Real ID (your papers, please)? Is it happening with watch lists and CCTV surveillance? Military-style SWAT raids with explosives and automatic weapons to serve nonviolent search warrants for petty drug charges? How much security is enough- and who watches the watchers?