An ex-employee at the San Francisco International Airport claims the security people doing the passenger screening cheat to pass the tests by federal auditors.  Bruce Schneier writes about the necessity of having trusted people.  This is true.  What he doesn't point out is that in this case it's probably an unsolvable problem.  Security is no stronger than the weakest link.  When you have thousands of people you have to trust to ensure the “sterile area” of the air transportation system is secure the odds of having one or more untrustworthy people is asymtotically close to one.

The odds of getting weapons onboard a plane when the passenger makes no attempt to hide the weapon is about 20%.  When the auditors deliberately try to evade security they classify the test results.  My guess is the results approach a 100% failure rate.

It's time to consider alternatives.  Obtaining public acceptance of scientifically sound methods of security is a better position to be in than using publicly acceptable methods that can never succeed.

IMO there are to many stupid people in the world to waste any time worrying or complaining about them.

Greg Hamilton
11/11/2001
Insights Training Email List

Kim du Toit has a picture of a poster from a previous war entitled “What did you do today ... for freedom?“  It turns out I have been thinking about that a lot the last few days.  I just woke up a short while ago so I'll write about yesterday instead of today.

What did I do for freedom yesterday?  I reviewed proposals for some Navy money and voted on which should be given funding and which should be dropped this time.  Then I worked on a portion of a solution to plug a security hole in our computers. 

But I can't tell you how many times I think about Adam and wonder if there was a countermeasure for Vehicle Borne Improvised Explosives Devices (VBIEDs) that I should have thought of.  Without more details on what exactly happened to Adam I don't know if any of my ideas could have made any difference.  But I keep thinking maybe there was something more I should have done with the ideas I did have or were suggested to me.  I presented them and sold them as best I could to management last fall but they didn't go anywhere that I know of.  They could have been passed on to people better able to implement than I and classified--I just don't know.  But could I have followed up more and pushed harder?  Could I have gotten something implemented and deployed in time to have prevented Adams death?  Probably not.  But what about the next VBIED?  Is there one that next week or next month or next year that will kill or injury Walter or my nephew or a few years from now after my niece graduates from West Point?  Is there something I could have done or should do to prevent it?  What if I had found someone to give my information on people searching for bomb building information sooner?  Technically, it's not my job.  My job is with computer security.  I'm working to keep our computers and computer networks safe from attack.  Worthwhile endeavors in our fight to preserve our freedoms, but I often feel it's not as pressing as solving the simple brute force attacks used by our current adversaries.

What to do?  Do my job as best I can, keep thinking, and keep feeding ideas to those who's job it is to solve the immediate problems.  It's time to get ready for work.  Today and every day is important.

The problems of victory are more agreeable than the problems of defeat, but they are no less difficult.

Winston Churchill
Speech
House of Commons
11/11/42

The following is only very slightly edited from a class I took yesterday.  I think it's good advice for everyone.

We have become vulnerable everywhere because today's terrorist confronts the United States indirectly.  This tactic exploits our vulnerabilities and negates our superior tactical and strategic advantage.  The terrorists are looking for headlines, high mortality, and high shock value.  The reality is that the risk is now on our home front.  We no longer can assume we are safe in the continental United States; as demonstrated by September 11, 2001 terrorist events.  The terrorists are bringing the fight to us.

You can help CI by being aware of activities that are precursors of a terrorist event and may provide a warning that saves lives and property.  The fundamental indicator is unusual and suspicious activities.  We must all remain alert to possibilities that are virtually limited only by one's imagination.  We cannot accept the risk of complacency.  Our defense: unpredictability, situational awareness, patience, and vigilance.  Awareness, the eyes and voice of each individual, is critical to the success of the war against terrorism. 

A partial list of things worthy of additional attention:

• People near a facility using or carrying video cameras or observation equipment (for example night vision devices)
• People parking, standing or loitering over several days with no apparent reasonable explanation
• Suspicious vehicles, something that is not normal for the situation or area
• Unusual questioning about the facility or personal information
• Frequent telephone calls claiming to be wrong numbers
• Abandoned packages, briefcases, or suitcases
• Low-flying aircraft, possibly observing the area
• Any activity considered suspicious or unusual to you from what you normally observe.

Reliability in a handgun is extremely important.  If you point it at someone and all it does is go CLICK when you pull the trigger you don't have much leeway in talking your way out of the situation.  I mean, what are you going to say?  "I wasn't serious when I pulled the trigger?"

Eric Engstrom

Political power grows out of the barrel of a gun.

Mao Tse-Tung, also Mao Zedung
Problems of War and Strategy, speech
6 Nov. 1938

Whoever is careless with the truth in small matters cannot be trusted with important matters.

Albert Einstein

I just found out via Kim duToit that Adam Plumondore was killed in a car bomb explosion.  Adam and his co-worker Walter assisted Eugene Econ with the Precision Rifle Clinic last year. I had a few pictures that were taken by Ry and Michael of the Saturday night dinner during Boomershoot 2004 that I had never put up.  Some of those included pictures of Adam.  I put those up on my photo album a few minutes ago.  We all are saddened by this loss.

Update: See also this blog entry.
Update2: I found another picture and uploaded it here.

In a most pleasant change from normal I didn't have to drive 150 miles home after work Thursday or Friday.  Barb, Xenia, and Xenia's friend Sara drove over Thursday night to spend the weekend with me.  This saved me six hours of driving while still getting to be with my family for the weekend. 

I made pancakes yesterday morning for the girls and myself.  We had lunch at the Chinese buffet.  I got discount tickets at work and last night we went to see Finding Neverland. We all cried.  It was a great movie.  So here I sit, in bed, with Barb asleep beside me.  Life is good.

Ry and Stephanie are doing their part in our efforts to make people more comfortable with the recreational use of explosives and firearms.  Ebay seems like as good a place as any to reach the general population.

Thank you!

All our objectives are predicated on the belief that the interests of public safety demand a reduction in the availability and attractiveness of guns of all kinds.

1. Minimum age of 18 for the ownership, use and possession of all guns.
2. Ban on the sale, manufacture and import of imitation guns and their possession in a public place.
3. Certification of all deactivated weapons.
4. Inclusion of airguns in certification system.
5. One certification system for all legal weapons i.e. rifles, shotguns, airguns.
6. Multi-shot rifles and shotguns to be banned.
7. Practical or Combat shooting or any other shooting practice which involves the simulation of real life situations and/or the use of human shaped targets to be banned.
   Abolition or radical reconstitution of the Firearms Consultative Committee.

We recognise the existence of a significant minority interest in shooting for sport, and our proposals are aimed at striking an appropriate balance between the sport-shooting interest and the overriding interest in public safety.

Gun Control Network
Our Objectives as of February 19, 2005

Since emotions are few and reasons are many (said the robot, Giskard), the behaviour of a crowd can be more easily predicted than the behaviour of one person can.

Isaac Asimov

I help design and implement solutions to improve security of various things against intelligent, determined adversaries.  I think I'm pretty good at it.  But I don't think I would have envisioned and prevented the dust bunny that took down a network supporing thousands for hours.

I was in a meeting this afternoon where we were figuring out how to handle all the different possible failure situations in a communication protocol.  As we progressed I was getting more and more concerned.  The designers were explaining how things would work and I would come up with all these different situations they hadn't considered.  Things like (not exactly, but close enough to get the point across) if your encryption keys are being updated every ten minutes what happens when your main unit goes down and you have to bring online the back up control center 100 miles away?  How does the backup know what the current keys are?  They hadn't thought of that.  Lots and lots of examples like that things they hadn't thought of but were valid concerns.  They were very good with finding solutions to the “hand grenades” I was throwing at them, but it bothered me that I was the only one coming up with the complications.  I may be better than the average person at thinking of all the exceptions to a general rule (my wife sometimes gets angry with me when I do this in “normal conversation”) but I'm far from perfect.  What about all the exceptions I hadn't thought of?  If two or more people from different perspectives are “lobbing hand grenades” at the proposed solution I would feel a lot better about the robustness of the solution.  I didn't say anything about it, I just stewed on it, “Who else can we get to take a look at this for vulnerabilities?  Should I hire an outside consultant to review our work?  We really need to make sure we have thought of nearly everything...”  I was right in the middle of those thoughts when one of the guys told a story of something happened at the lab a year or two ago.  I burst out laughing and continued even though they kept insisting it wasn't funny.  Of course it wasn't funny to them, they were there until the wee hours of the morning bringing the network back up with thousands of people needing for them to be successful.  All I could think about was that I knew that no matter how many people were brought in or who those people were, they wouldn't have envisioned a killer dust bunny.

If you have a critical resource like an engine on a airplane or a computer system that your entire company requires to function you go to extraordinary efforts to make sure it doesn't fail or that you can fail in a graceful manner. A power failure to a system with a UPS can give the computer a few minutes warning the power is going away when the batteries go dead. The computer then gets to shutdown gracefully. If one computer system and/or UPS system fails the second computer system and it's independent UPS can continue without skipping a beat until the primary can be fixed. But as reliability engineer Ted Yellman from Boeing (and Teltone where I met him) once told me many years ago, "The question usually isn't how reliable or how many redundant systems you have, it's how independent they are." In this case someone was routing some cables through the false ceiling over the computer room for the network at the lab. Some dust came down (technically not a dust bunny, but it makes a better story if it is a dust bunny) and the fast moving air in the computer room pulled the dust into the smoke detector. The smoke detector set off the fire control mechanism which "knew" that you don't want the electricity on when you turn on the sprinklers. And since designers of the fire control system knew the computers were on a UPS, not just the normal power mains, it shut down the UPS as well. That brought down the all the computers, main and backup, in a fraction of a second without the computers able to gracefully shutdown. Imagine planting your face in the middle of your plate of spaghetti during dinner instead of going to your room and getting in bed to fall asleep. And so it was with a room full of racks filled with computers--splat! It took them something like 170 man hours to bring the system back up. Some of the computers hadn't been turned off in a year or more and some hard drives and other hardware failed on startup. Other systems had corrupted files systems that were discovered after they booted. The startup procedure had been written before new equipment and software had been installed. It was a nightmare--they had to diagnosis and repair a complex system under time pressure with multiple simultaneous and unknown failures.

So I'm thinking what hope do we have to guard against determined, intelligent adversaries when something as undetermined and unintelligent as a dust bunny can take us out?  And I'm reminded of the joke about computer programmers versus carpenters.

If carpenters build houses like programmers wrote software the first woodpecker that came along would destroy civilization.

Yesterday morning I sent an email to some people at a company I knew was about to release a product using SHA-1.  I got this back last night:

Hi Joe,

 

Just saved me an email I was about to send you a similar one...

We've been tracking this since yesterday and evaluating what it means to us.

I'll keep you posted of our evaluation and next step plan.

Thanks!

... religion is needed for restraining rude populations, which have to be ruled, whereas rational demonstration is for such, of a contemplative nature, as know how to rule themselves and others.

Guido (Giordano) Bruno
1548-burned at the stake, on this day in history, February 17 1600