Posted on 04/16/2002 5:46:42 AM PDT by the
If security has a silly season, we're in it. After September 11, every two-bit peddler of security technology crawled out of the woodwork with new claims about how his product can make us all safe again. Every misguided and defeated government security initiative was dragged out of the closet, dusted off, and presented as the savior of our way of life. More and more, the general public is being asked to make security decisions, weigh security tradeoffs, and accept more intrusive security.
Unfortunately, the general public has no idea how to do this.
But we in computer security do. We've been doing it for years; we do it all the time. And I think we can teach everyone else to do it, too. What follows is my foolproof, five-step, security analysis. Use it to judge any security measure.
Step one: What problem does the security measure solve? You'd think this would be an easy one, but so many security initiatives are presented without any clear statement of the problem. National ID cards are a purported solution without any clear problem. Increased net surveillance has been presented as a vital security requirement, but without any explanation as to why. (I see the problem not as one of not having enough information, but of not being able to analyze and interpret the information already available.)
Step two: How well does the security measure solve the problem? Too often analyses jump from the problem statement to a theoretical solution, without any analysis as to how well current technology actually solves the problem. The companies that are pushing automatic face recognition software for airports and other public places spend all their time talking about the promises of a perfect system, while skipping the fact that existing systems work so poorly as to be useless. Enforcing a no-fly zone around a nuclear reactor only makes sense if you assume a hijacker will honor the zone, or if it is large enough to allow reaction to a hijacker who doesn't.
Step three: What other security problems does the measure cause? Security is a complex and inter-related system; change one thing and the effects ripple. If the government bans strong cryptography, or mandates back-doors, the resultant weaker systems will be easier for the bad guys to attack. National ID cards require a centralized infrastructure that is vulnerable to abuse. In fact, the rise of identity theft can be linked to the increased use of electronic identity. Make identities harder to steal through increased security measures, and that will only make the fewer stolen identities more valuable and easier to use.
Step four: What are the costs of the security measure? Costs are not just financial, they're social as well. We can improve security by banning commercial aircraft. We can make it harder for criminals to outrun police by mandating 40 mph speed maximums in automobiles. But these things cost society too much. A national ID card would be enormously expensive. The new rules allowing police to detain illegal aliens indefinitely without due process cost us dearly in liberty, as does much of the PATRIOT Act. We don't allow torture (officially, at least). Why not? Sometimes a security measure, even though it may be effective, is not worth the costs.
Step five: Given the answers to steps two through four, is the security measure worth the costs? This is the easy step, but far too often no one bothers. It's not enough for a security measure to be effective. We don't have infinite resources. We don't have infinite patience. As a society, we need to do the things that make the most sense, that are the most effective use of our security dollar.
Some security measures pass these tests. Increasing security around dams, reservoirs, and other infrastructure points is a good idea. Not storing railcars full of hazardous chemicals in the middle of cities should have been mandated years ago. New building evacuation plans are smart, too. These are all good uses of our limited resources to improve security.
This five-step process works for any security measure, past, present, or future:
1) What problem does it solve?
2) How well does it solve the problem?
3) What new problems does it add?
4) What are the economic and social costs?
5) Given the above, is it worth the costs?
When you start using it, you'd be surprised how ineffectual most security is these days. For example, only two of the airline security measures put in place since September 11 have any real value: reinforcing the cockpit door, and convincing passengers to fight back. Everything else falls somewhere between marginally improving security and a placebo.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.