Security Terms and BriefSecurity Terms and Brief
Session 14Weapons of Mass Destruction Course
SecuritySecurity
Is about reaction Is about criminals Is about protection Is about analysisIs about tradeoffs
9-119-11
Attacks were very efficient Major conceptualization Much discipline with perpetrators Simplistic technologically
Changed hijacking premiseFrom get plane on ground
9-119-11
New al Qaeda recruit typesWestern-basedOlderWife and children
Fairly high success rate
Since 9-11Since 9-11
Security in our country has been all about tradeoffs. What are we willing to give up for security.
I.D. checks on buildings
Patriot Act
Long lines at airports
TradeoffsTradeoffs
Going to your car in the deck Eating at a chain restaurant Attending the Superbowl or a concert Swimming in Lake Erie Driving to work Letting your kid go to the zoo on a school trip
TradeoffsTradeoffs
Brushing your teeth – time vs. decay Lock the door to your house – key v. burglary Type of car we buy – SUV/Volvo v. accidents Neighborhood Opened candy bar in the checkout
Sealed bar is better tradeoff.
What is Security?What is Security?
The act of preventing negative outcomes from the intentional, gratuitous or unwarranted act caused by another person or group of people.
Security SystemSecurity System
A set of things, concepts, barriers set up to prevent negative outcomes.
The outcomes are not always illegalTricking my way into the YMCAChanging grades in my teacher’s book
Attacker – performs intentional actHas negative connotation or positive
Security SystemSecurity System Attacks – a specific attempt or measure to break
the security system. Assets – the item, system or person being
protected by security system. Countermeasures – discrete parts added to a
security system to stave attacks – brick wall, door, lock, cameras, motion alarm, safe, combination lock, time lock, police response.
Implementing SecurityImplementing Security
When implementing a security system, there is always a series of questions you must ask.
Question 1Question 1
What asset are you trying to protect?The answer may seem clear but is it?Bank – money – reputationAirline – terrorists – use of tickets
Question 2Question 2
What are the risks to that asset?Is there a need for security?What is being defended?What are the consequences of a successful attack?Who wants to attack it and how?
Question 3Question 3
How well does the solution mitigate risk?If the solution does not solve problem. . . .How does the system interact with things around it?What are its operations and failures?
Question 4Question 4
What other risks does the system cause?Unintended consequences.Ripple effects.Are the new problems smaller than the old?Airline check in.Security on subways or public transit.
Finally – Question 5Finally – Question 5
What costs and trade-offs are involved?MoneyConvenienceComfortBasic freedomsTrade-offs are subjective so be careful of your target “audience”.
Threat vs. RiskThreat vs. Risk Threat – potential way an attacker may attack
your system. Risk takes into account likelihood of attack and
seriousness of a success. Shoplifting is a huge threat – but accepting the
risk is cheaper than countermeasures. We do bulky packaging on CDs, radios, electronics but you can still handle them.
Propensity of HumansPropensity of Humans Exaggerate spectacular but rare risks Downplay common risks Misestimate risk in unfamiliar situations Placing faces on risks magnifies them People underestimate risks they are willing to
take. . .(HIV - sex) Overestimate risk issues in public eye
HIV vs. West Nile Virus
Other Parts of Security - TermsOther Parts of Security - Terms
Policy – Someone defines “unwarranted action” and sets a rule that says we will protect this asset from those attacks.
Proxies – Players who act in the interest of others. FDA, FAA, Lawyers, Home Inspector.
Other Parts of SecurityOther Parts of Security
Security Theater – Outgrowth of security also being a state of mind. Countermeasures which provide a “feeling of security”
After 9-11 we posted National Guard troops on airportsTamper resistant seals on meds.Digital cellular prevents eavesdropping???
Security TheaterSecurity Theater
May scare off stupid attackersKids may be less willing to trade music on the Internet now – but how many are prosecuted?
Kids who were nervous in the D.C. sniper shoots period frequently asked parents to drive them home (instead of walking from school – negligible decrease in risk)
Other Parts of SecurityOther Parts of Security
Emergent effects – When one security system affects another unexpectedly.
Long screening lines back up traffic to ticketing.Intentional emergence – ATMs that steal PINs
Safety vs. SecuritySafety vs. Security
Safety – Having the right number of fire trucks Security – Preventing a pyro from overburdening
the system Safety – Knives accidentally left in luggage
screened out. Security – Preventing other sharp objects from
being in luggage positioned to avoid X-ray
System FailuresSystem Failures
Active – When security systems do what they are supposed to do but at the wrong time (more frequent of 2 types of failures)
Your key does not workGarage door opener does not openFace-scanner I.D.s the wrong personCar alarm goes off because you slammed the door of your car next to it.
System FailuresSystem Failures
Passive – When a security system fails in the face of an attack.
My luggage keyDoor lock fails when burglar picks itFace-scanner fails to I.D. terroristImagine a system that shoots terrorists on-sight but has a .01% passive failure rate 1:10,000