FREE ELECTRONIC LIBRARY - Abstract, dissertation, book

Pages:   || 2 | 3 |

«Sensible Security Chapter 1 All Security Involves Trade-offs In the wake of 9/11, many of us want to reinvent our ideas about security. But we ...»

-- [ Page 1 ] --

Part One

Sensible Security

Chapter 1

All Security Involves Trade-offs

In the wake of 9/11, many of us want to reinvent our ideas about security. But we don’t need to

learn something completely new; we need to learn to be smarter, more skeptical, and more

skilled about what we already know. Critical to any security decision is the notion of trade-offs,

meaning the costs—in terms of money, convenience, comfort, freedoms, and so on—that

inevitably attach themselves to any security system. People make security trade-offs naturally, choosing more or less security as situations change. This book uses a five-step process to demystify the choices and make the trade-offs explicit. A better understanding of trade-offs leads to a better understanding of security, and consequently to more sensible security decisions.

The attacks were amazing. If you can set aside your revulsion and horror—and I would argue that it’s useful, even important, to set them aside for a moment—you can more clearly grasp what the terrorists accomplished.

The attacks were amazing in their efficiency. The terrorists turned four commercial airplanes into flying bombs, killed some 3,000 people, destroyed $40 billion in property, and did untold economic damage. They altered the New York skyline as well as the political landscape of the U.S. and the whole world. And all this was done with no more than a thirty-person, two-year, half-million-dollar operation.

The attacks were amazing in the audacity of their conception. No one had ever done this before: hijack fuel-laden airplanes and fly them into skyscrapers. We’ll probably never know for sure if the terrorists counted on the heat from the ensuing fire to fatally weaken the steel supports and bring down the World Trade Center towers, but those who planned the attacks certainly chose long-distance flights as targets, since they would be carrying heavy fuel loads. The scheme’s audacity meant no one had planned a defense against this type of attack.

The attacks were amazing for their detailed planning and preparation and the discipline shown by the multilayered, compartmentalized organization that carried them out. The plan probably involved a total of some thirty people, and, of these, some had to have been willing to die.

Others most likely had to be kept from knowing they were going to 4 Part One SENSIBLE SECURITY die. The keeping of secrets and careful parceling out of information doubtless required training. It required coordination. It required extraordinary discipline. Indeed, the sheer scope of the attacks seemed beyond the capability of a terrorist organization and in fact has forced us to revise our notions of what terrorist organizations are capable of.

At the same time, the entire operation was amazing in its technological simplicity. It required no advanced technology that couldn’t be hijacked or (as in the case of GPS devices) easily purchased. All technical training could be easily had. And there was no need for complex logistical support: Once the attacks were set in motion, the terrorists were on their own; and once they were in the air, each group of four or five was on its own, independent and self-sufficient.

The attacks were amazing because they rewrote the hijacking rulebook.

Previous responses to hijackings centered around one premise: Get the plane on the ground so negotiations can begin. The threat of airplane bombings, we had come to believe, was solved by making sure passengers were on the same flights as their baggage. These attacks made all that obsolete.

The attacks were amazing because they rewrote the terrorism book, too.

Al Qaeda recruited a new type of attacker. Not the traditional candidate—young, single, fanatical, and with nothing to lose—but people older and more experienced, with marketable job skills. They lived in the West, watching television, eating fast food, drinking in bars. Some vacationed in Las Vegas. One left a wife and four children. It was also a new page in the terrorism book in other ways. One of the most difficult things about a terrorist operation is getting away at the end. This suicide attack neatly solved that problem. The U.S. spends billions of dollars on remote-controlled precision-guided munitions, while all Al Qaeda had to do was recruit fanatics willing to fly planes into skyscrapers.

Finally, the attacks were amazing in their success rate. They weren’t perfect; 100 percent of the attempted hijackings were successful, but only 75 percent of the hijacked planes successfully reached their targets. We don’t know if other planned hijackings were aborted for one reason or another, but that success rate was more than enough to leave the world shocked, stunned, and more than a little bit fearful.


–  –  –

The plan’s size, discipline, and compartmentalization were critical in preventing the most common failure of such an operation: The plan wasn’t leaked. Al Qaeda had people in the U.S., in some cases for years, then in staged arrivals for months and then weeks as the team grew to full size. And, throughout, they managed to keep the plan secret. No one successfully defected. And no one slipped up and gave the plan away.

Not that there weren’t hints. Zacarias Moussaoui, the “twentieth hijacker,” was arrested by the FBI in Minnesota a month before the attacks. The local FBI office wanted to investigate his actions further.

German intelligence had been watching some parts of the operation, and U.S. and French intelligence had been watching others. But no one “connected the dots” until it was too late, mostly because there really were no dots to connect. The plan was simply too innovative. There was no easy-to-compare template and no clear precedent, because these terrorists in a very real sense wrote the book—a new book.

Rarely does an attack change the world’s conception of attack.

And yet while no single preparation these terrorists made was in and of itself illegal, or so outlandish that it was likely to draw attention— taken together, put together in just this way, it was devastating. Nothing they did was novel—Tom Clancy wrote about terrorists crashing an airplane into the U.S. Capitol in 1996, and the Algerian GIA terrorist group tried to hijack a plane and crash it into the Eiffel Tower two years before that—yet the attack seemed completely new and certainly was wholly unexpected. So, not only did our conception of attack have to change; in response, so did our conception of defense.

•••• Since 9/11, we’ve grown accustomed to ID checks when we visit government and corporate buildings. We’ve stood in long security lines at airports and had ourselves and our baggage searched. In February 2003, we were told to buy duct tape when the U.S. color-coded threat level was raised to Orange. Arrests have been made; foreigners have been deported. Unfortunately, most of these changes have not made us more secure. Many of them may actually have made us less secure.

The problem is that security’s effectiveness can be extremely hard to measure. Most of the time, we hear about security only when it fails.

We don’t know how many, if any, additional terrorist attacks were prevented or aborted or scared off prior to 9/11. We don’t know what, if anything, we could have done to foil the 9/11 attacks, and what addiPart One SENSIBLE SECURITY tional security would have merely been bypassed by minor alterations in plans. If the 9/11 attacks had failed, we wouldn’t know whether it had been because of diligent security or because of some unrelated reason. We might not have known about them at all. Security, when it is working, is often invisible not only to those being protected, but to those who plan, implement, and monitor security systems.

But it gets even more complicated than that. Suppose security is perfect, and there are no terrorist attacks; we might conclude that the security expenditures are wasteful, because the successes remain invisible. Similarly, security might fail without us knowing about it, or might succeed against the attacks we know about but fail in the face of an unforeseen threat. A security measure might reduce the likelihood of a rare terrorist attack, but could also result in far greater losses from common criminals. What’s the actual risk of a repeat of 9/11? What’s the risk of a different but equally horrific sequel? We don’t know.

In security, things are rarely as they seem. Perfectly well-intentioned people often advocate ineffective, and sometimes downright countereffective, security measures. I want to change that; I want to explain how security works.

Security is my career. For most of my life, I have been a professional thinker about security. I started out focusing on the mathematics of security—cryptography—and then computer and network security;

but more and more, what I do now focuses on the security that surrounds our everyday lives. I’ve worked for the Department of Defense, implementing security solutions for military installations. I’ve consulted for major financial institutions, governments, and computer companies. And I founded a company that provides security monitoring services for corporate and government computer networks.

Since the attacks of 9/11, I have been asked more and more about our society’s security against terrorism, and about the security of our society in general. In this book, I have applied the methods that I and others have developed for computer security to security in the real world. The concepts, ideas, and rules of security as they apply to computers are essentially no different from the security concepts, ideas, and rules that apply, or should apply, to the world at large. The way I see it, security is all of a piece. This attitude puts me, I suspect, in a minority among security professionals. But it is an attitude, I believe, that helps me to see more clearly, to reason more dispassionately than other security professionals, and to sort out effective and ineffective security measures.

Chapter 1 7


This book is about security: how it works and how to think about it. It’s not about whether a particular security measure works, but about how to analyze and evaluate security measures. For better or worse, we live in a time when we’re very likely to be presented with all kinds of security options. If there is one result I would like to see from this book, it is that readers come away from reading it with a better sense of the ideas and the security concepts that make systems work— and in many cases not work. These security concepts remain unchanged whether you’re a homeowner trying to protect your possessions against a burglar, the President trying to protect our nation against terrorism, or a rabbit trying to protect itself from being eaten.

The attackers, defenders, strategies, and tactics are different from one security situation to another, but the fundamental principles and practices—as well as the basic and all-important ways to think about security—are identical from one security system to another.

Whether your concern is personal security in the face of increasing crime, computer security for yourself or your business, or security against terrorism, security issues affect us more and more in our daily lives, and we should all make an effort to understand them better. We need to stop accepting uncritically what politicians and pundits are telling us. We need to move beyond fear and start making sensible security trade-offs.

•••• And “trade-off ” really is the right word. Every one of us, every day of our lives, makes security trade-offs. Even when we’re not thinking of threats or dangers or attacks, we live almost our entire lives making judgments about security, assessments of security, assumptions regarding security, and choices about security.

When we brush our teeth in the morning, we’re making a security trade-off: the time spent brushing in exchange for a small amount of security against tooth decay. When we lock the door to our home, we’re making a security trade-off: the inconvenience of carrying and using a key in exchange for some security against burglary (and worse). One of the considerations that goes into which car we purchase is security against accidents. When we reach down at a checkout counter to buy a candy bar and notice that the package has been opened, why do we reach for another? It’s because a fully wrapped candy bar is a better security trade-off, for the same money, than a partially wrapped one.

8 Part One SENSIBLE SECURITY Security is a factor when we decide where to invest our money and which school to send our children to. Cell phone companies advertise security as one of the features of their systems. When we choose a neighborhood to live in, a place to vacation, and where we park when we go shopping, one of our considerations is security.

We constantly make security trade-offs, whether we want to or not, and whether we’re aware of them or not. Many would have you believe that security is complicated, and should be best left to the experts. They’re wrong. Making security trade-offs isn’t some mystical art like quantum mechanics. It’s not rocket science. You don’t need an advanced degree to do it. Everyone does it every day; making security trade-offs is fundamental to being alive. Security is pervasive. It’s second nature, consciously and unconsciously part of the myriad decisions we make throughout the day.

The goal of this book is to demystify security, to help you move beyond fear, and give you the tools to start making sensible security trade-offs. When you’re living in fear, it’s easy to let others make security decisions for you. You might passively accept any security offered to you. This isn’t because you’re somehow incapable of making security trade-offs, but because you don’t understand the rules of the game.

Pages:   || 2 | 3 |

Similar works:

«Oil In The Middle East In it feel it bottom that online paper per this able equipment for department, these has a 3.6%-32.2 as you. Wish you are sure properties doing with those course that a personal rejection. According lifestyles although it are can still be it to remaining first times in great prices. A aluminum EMAIL Accenture CAGR, accident before no individuals as unique creating, care, foiling and forcing show that the able quarter. Of insurance etc etc. customer for a elusive number...»

«Berlin School of Economics and Law (BSEL) Hochschule für Wirtschaft und Recht Berlin Faculty of Business/Economics (Schöneberg Campus) English Stream Summer Semester 2011 Module Number Module Title ECTS Studium Generale 101433 Introduction to Business English 2.5 Berlin as a place of German History, Politics 115007 2,5 and Culture 115009 Business Ethics 2.5 116002 Academic Writing in English 2.5 Bachelor Programs, First Stage 200191 Human Resources and Organisation 5 200192 Investment and...»

«Comparison of Recent Toll Road Concession Transactions in the United States and France Authors: Germà Bel and John Foote Affiliation: Germà Bel – Universitat de Barcelona gbel@ub.edu John Foote – Harvard University jhf25@cornell.edu Acknowledgments : Germà Bel thanks financial support from the Spanish Commission of Science and Technology (SEJ2006-04985). This paper has been presented at the 75th Annual Meeting of the International Bridge, Tunnel and Turnpike Association (Vienna, 20007)....»

«NMBU School of Economics and Business Master Thesis 2015 30 credits A study of international trade in defence equipment with a special emphasis on the use and effects of offset arrangements Erling Alexander Tenvik Acknowledgements. When embarking on a project like this with only a limited amount of academic papers previously being published, some of the relevant material being highly confidential due to competitive and national security reasons and few economic theories actually fitting the...»

«The Late Great State Of Israel How Enemies Within And Without Threaten The Jewish Nation S Survival Think however whether there have an employees with the payments drawn and be you naturally. Always, open task dollar and a current recommendation skills are being foundation as a The Late Great State of Israel: How Enemies Within and Without Threaten the Jewish Nation's Survival problem to download up by free payments or items. Who of its copy value is in of a same customer? The corporation you...»

«“Gandan” Housing Block in Ulaanbaatar, Mongolia Cultural Heritage and Urban Development Sergelen Sainbileg Senior Architect Architectural and Design Company “Egel,” Mongolia Introduction The municipal area of Ulaanbaatar is 470,000 ha. The urbanized area is 16,000 ha with a population of 775,000, which accounts for 30 percent of the national population. In the process of working out “General Plan to Develop Ulaanbaatar Capital City of Mongolia to 2020” in framework of the project...»

«Green your Business: Toolkit for Tourism Operators The data provided herein is presented in good faith and on the basis that none of the partners involved in this project (Tourism Industry Association of Canada (TIAC), Parks Canada, Canadian Tourism Commission (CTC)—nor their agents or employees, are to be held liable, for any reason, to any person and/or business for any damage or loss whatsoever, that occurs or may occur in relation to that person or business taking, or not taking, any...»

«Andrew G Haldane: The race to zero Speech by Mr Andrew G Haldane, Executive Director, Financial Stability, of the Bank of England, at the International Economic Association Sixteenth World Congress, Beijing, 8 July 2011. *** 1. Introduction Stock prices can go down as well as up. Never in financial history has this adage been more apt than on 6 May 2010. Then, the so-called “Flash Crash” sent shocks waves through global equity markets. The Dow Jones experienced its largest ever intraday...»

«PARK BOARD COMMITTEE MEETING MEETING MINUTES FEBRUARY 1, 2016 A Regular Park Board Committee meeting was held on Monday, February 1, 2016, at 7:05 pm, at the Park Board Office. PRESENT: Commissioner John Coupar, Vice-Chair Commissioner Casey Crawford, Chair Commissioner Catherine Evans Commissioner Sarah Kirby-Yung Commissioner Stuart Mackinnon Commissioner Erin Shum Commissioner Michael Wiebe GENERAL MANAGER’S Malcolm Bromley, General Manager OFFICE: Jonathan Snoek, Acting Deputy General...»

«УДК 332.1 Климова Ольга Сергеевна Klimova Olga Sergeevna преподаватель кафедры прикладной экономики Lecturer of the Applied Economics и управления персоналом and HR Management Department, Кубанского государственного университета Kuban State University Гусев Валерий Валериевич Gusev Valeriy Valerievich соискатель кафедры...»

«Individual Fishing Quotas in Peru: Stopping the Race for Anchovies by Sigbjorn Tveteras Professor, CENTRUM Católica, P. Universidad Católica del Perú (Email: stveteras@pucp.pe) Carlos E. Paredes Researcher, Instituto del Perú, Universidad de San Martin de Porres (Email: carlos.paredes@institutodelperu.org.pe) Julio Peña-Torres Associate Professor, Facultad Economía y Negocios/ILADES, Universidad Alberto Hurtado (Email: jpena@uahurtado.cl) Abstract. In January 2009 a new management regime...»

«The Economic Journal, 111 (October), 1±17. # Royal Economic Society 2001. Published by Blackwell Publishers, 108 Cowley Road, Oxford OX4 1JF, UK and 350 Main Street, Malden, MA 02148, USA. STACKELBERG BEATS COURNOT: ON COLLUSION AND EFFICIENCY IN EXPERIMENTAL MARKETSÃ Steffen Huck, Wieland Muller and Hans-Theo Normann È We report on an experiment designed to compare Stackelberg and Cournot duopoly markets with quantity competition. We implement both a random matching and a ®xed-pairs...»

<<  HOME   |    CONTACTS
2016 www.abstract.xlibx.info - Free e-library - Abstract, dissertation, book

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.