The attack surface is too large

When examining the security of a system we have something called the “attack surface”. This is the area exposed to threats. If the system being studied is a web site then among other things the attack surface is composed of the physical server, open ports, and the URL for the site. These “surfaces” can be attacked. For example the the URL could be attacked with alternate pages and query strings. If you get lucky and/or know what you are doing you can obtain access to configuration files (such as this one I just found) which frequently contain information that can be used to get unauthorized access. The larger the attack surface the harder it is to make the system secure.

In a free society the attack surface is enormous and we, consciously or unconsciously, have decided the benefits of an open free society out weigh the susceptibility to attack and/or the cost to defend the attack surfaces. For example the grocery store keeps all the fresh fruits and vegetables accessible for the customers to directly examine. This allows anyone to tamper with them for their own evil purposes. We don’t have armed guards and security systems for the entire length of our water supply. We don’t have the means to realistically protect our air supply from nuclear, biological, or chemical (NBC) attacks.

When an attack surface is so large that it is essentially indefensible the smart security experts will put their limited security resources into mitigate the risk. In the case of our water supply we have multiple systems and medical facilities which reduce the number of people affected from a single point attack and provide care for those that are affected.

These principles are well known and adhered to by security professionals. I must therefore conclude that TSA (A Security Theater) isn’t concerned with real security. More evidence of this just came in:

The government has not been able to keep track of all the airport security uniforms and badges it issues, which makes secure areas in airports vulnerable to terrorists posing as authorized officials, according to an internal review released Friday.

The Homeland Security Department’s inspector general looked at five airports across the country from October 2006 through June 2007. The IG found major deficiencies in the Transportation Security Administration’s ability to keep track of uniforms, particularly after an employee leaves the job.

As some of us discussed at the Gun Blogger Rendezvous having a uniform and/or just being able to speak the language will get you access to places and things that should have been way out of bounds.

Another attack surface in airplane security is the process for screening materials that are allowed past the security check point:

If some copycat terrorists try to bring their liquid bomb through airport security and the screeners catch them — like they caught me with my bottle of pasta sauce — the terrorists can simply try again. They can try again and again. They can keep trying until they succeed. Because there are no consequences to trying and failing, the screeners have to be 100 percent effective. Even if they slip up one in a hundred times, the plot can succeed.

The same is true for knitting needles, pocketknives, scissors, corkscrews, cigarette lighters and whatever else the airport screeners are confiscating this week. If there’s no consequence to getting caught with it, then confiscating it only hurts innocent people. At best, it mildly annoys the terrorists.

To fix this, airport security has to make a choice. If something is dangerous, treat it as dangerous and treat anyone who tries to bring it on as potentially dangerous. If it’s not dangerous, then stop trying to keep it off airplanes. Trying to have it both ways just distracts the screeners from actually making us safer.

The attack surface the TSA is trying to protect is just too large. We should spend that money on alternatives. What we are doing now is just entertainment for those that enjoy security theater.