security terms and brief session 14 weapons of mass destruction course

Security Terms and BriefSecurity Terms and Brief

Session 14Weapons of Mass Destruction Course

SecuritySecurity

Is about reaction Is about criminals Is about protection Is about analysisIs about tradeoffs

9-119-11

Attacks were very efficient Major conceptualization Much discipline with perpetrators Simplistic technologically

Changed hijacking premiseFrom get plane on ground

9-119-11

New al Qaeda recruit typesWestern-basedOlderWife and children

Fairly high success rate

Since 9-11Since 9-11

Security in our country has been all about tradeoffs. What are we willing to give up for security.

I.D. checks on buildings

Patriot Act

Long lines at airports

TradeoffsTradeoffs

Going to your car in the deck Eating at a chain restaurant Attending the Superbowl or a concert Swimming in Lake Erie Driving to work Letting your kid go to the zoo on a school trip

TradeoffsTradeoffs

Brushing your teeth – time vs. decay Lock the door to your house – key v. burglary Type of car we buy – SUV/Volvo v. accidents Neighborhood Opened candy bar in the checkout

Sealed bar is better tradeoff.

What is Security?What is Security?

The act of preventing negative outcomes from the intentional, gratuitous or unwarranted act caused by another person or group of people.

Security SystemSecurity System

A set of things, concepts, barriers set up to prevent negative outcomes.

The outcomes are not always illegalTricking my way into the YMCAChanging grades in my teacher’s book

Attacker – performs intentional actHas negative connotation or positive

Security SystemSecurity System Attacks – a specific attempt or measure to break

the security system. Assets – the item, system or person being

protected by security system. Countermeasures – discrete parts added to a

security system to stave attacks – brick wall, door, lock, cameras, motion alarm, safe, combination lock, time lock, police response.

Implementing SecurityImplementing Security

When implementing a security system, there is always a series of questions you must ask.

Question 1Question 1

What asset are you trying to protect?The answer may seem clear but is it?Bank – money – reputationAirline – terrorists – use of tickets

Question 2Question 2

What are the risks to that asset?Is there a need for security?What is being defended?What are the consequences of a successful attack?Who wants to attack it and how?

Question 3Question 3

How well does the solution mitigate risk?If the solution does not solve problem. . . .How does the system interact with things around it?What are its operations and failures?

Question 4Question 4

What other risks does the system cause?Unintended consequences.Ripple effects.Are the new problems smaller than the old?Airline check in.Security on subways or public transit.

Finally – Question 5Finally – Question 5

What costs and trade-offs are involved?MoneyConvenienceComfortBasic freedomsTrade-offs are subjective so be careful of your target “audience”.

Threat vs. RiskThreat vs. Risk Threat – potential way an attacker may attack

your system. Risk takes into account likelihood of attack and

seriousness of a success. Shoplifting is a huge threat – but accepting the

risk is cheaper than countermeasures. We do bulky packaging on CDs, radios, electronics but you can still handle them.

Propensity of HumansPropensity of Humans Exaggerate spectacular but rare risks Downplay common risks Misestimate risk in unfamiliar situations Placing faces on risks magnifies them People underestimate risks they are willing to

take. . .(HIV - sex) Overestimate risk issues in public eye

HIV vs. West Nile Virus

Other Parts of Security - TermsOther Parts of Security - Terms

Policy – Someone defines “unwarranted action” and sets a rule that says we will protect this asset from those attacks.

Proxies – Players who act in the interest of others. FDA, FAA, Lawyers, Home Inspector.

Other Parts of SecurityOther Parts of Security

Security Theater – Outgrowth of security also being a state of mind. Countermeasures which provide a “feeling of security”

After 9-11 we posted National Guard troops on airportsTamper resistant seals on meds.Digital cellular prevents eavesdropping???

Security TheaterSecurity Theater

May scare off stupid attackersKids may be less willing to trade music on the Internet now – but how many are prosecuted?

Kids who were nervous in the D.C. sniper shoots period frequently asked parents to drive them home (instead of walking from school – negligible decrease in risk)

Other Parts of SecurityOther Parts of Security

Emergent effects – When one security system affects another unexpectedly.

Long screening lines back up traffic to ticketing.Intentional emergence – ATMs that steal PINs

Safety vs. SecuritySafety vs. Security

Safety – Having the right number of fire trucks Security – Preventing a pyro from overburdening

the system Safety – Knives accidentally left in luggage

screened out. Security – Preventing other sharp objects from

being in luggage positioned to avoid X-ray

System FailuresSystem Failures

Active – When security systems do what they are supposed to do but at the wrong time (more frequent of 2 types of failures)

Your key does not workGarage door opener does not openFace-scanner I.D.s the wrong personCar alarm goes off because you slammed the door of your car next to it.

System FailuresSystem Failures

Passive – When a security system fails in the face of an attack.

My luggage keyDoor lock fails when burglar picks itFace-scanner fails to I.D. terroristImagine a system that shoots terrorists on-sight but has a .01% passive failure rate 1:10,000