1.07.2010

Airport Security and Network Security


Once again, airport security is thrust into the limelight as it suffers an almost catastrophic failure to prevent the presence of explosives on passenger planes. A crackdown is about to ensue on many international flights, customers are in an uproar as ticket prices continue to reflect the security woes, and the lines only get longer. It can only make you feel that something isn't working.

Airport security is in many ways similar to network security. In network security, you have millions upon millions upon millions of data packets wanting access to your network, You know that 99.999% of those packets are just regular old communications going about their regular business, trying not to bother anybody, but needing to arrive on time. You can't rigorously check all the packets, because your network will break. But you have to have some layer of auditing, or else that .001% of data will wreak catastrophic damage on your systems. At this point, network security is all about setting rules that recognize good data and let it through without needless security checks. It's also about recognizing bad data based on signature files provided by Anti-virus products, as well as recognizing behaviors and traits exhibited by typically malignant data traffic. This is a very organic process, changing and growing every day, as dynamic as any human security system, if only on a different scale. Networks have to adapt on a daily basis as the threat environment changes and new technologies create greater and easier exploited vulnerabilities in even the most revered and venerable products on the market.

Security admins rely on religious tracking of log files and constantly educating themselves in the latest security  best practices to properly secure their systems. They know that the battles can be won, but the war is eternal. Unless you are constantly changing and adapting, you will lose the security battle. Every time. Security Admins understand that while performance needs to to take a hit sometimes to ensure good security, there's a fine line between acceptable slowdown and a broken system. Toeing that line is the challenge that ever admin faces, and knowing where to cross that line can mean the difference between uptime and financial ruin.

Also, there is no such thing as a random search of network traffic. You set up rules that flag suspicious traffic, and you can be running a low-level, unobtrusive scan of everything else as it passes through your routers and switches.

This could be a perfect model of how airport security should work. Of the hundreds of thousands of passengers flying on a given day, maybe one has malicious intent towards passengers. Maybe. This is because any attempt at mass destruction and crime on an enclosed airplane at 30,000 ft. is suicidal, and only the most deranged and extreme attempt it. Another little fact: At least 90% of extremist acts of violence done on planes are committed by dark, middle-eastern, Muslim young men. This is simply fact. There is no disputing this. They are being trained to do this overseas, as evidenced by the recent Christmas attack. When you have a clear as water pattern that makes sense, why would you try a random search?

If the logic is undeniable (try to deny it, it isn't really possible), then why are we so bad at making a working system that everyone is happy with?

The answer is little invention called "civil rights." I put in quotations because its usage deserves it. Somehow, it has become a civil right to be assumed innocent, even at the expense of lives. The argument becomes "You can't search me, that's an invasion of privacy! I have rights, you know!" When face with the cold logic of statistics and numbers, this argument is a moot point. If we know that people are pltting to blow up planes, and we know that in even the most conservative estimates, that person will be a dark, Arab, muslim, man, then why are we even having this discussion? And that's just the first fallacy of the argument. It is extremely selfish to think that your "privacy" (if you think that the TSA not knowing what goes on planes is privacy, then you're an idiot for other reasons) should endanger hundreds of lives. This isn't a personal attack on you, this is a precaution to try and stop criminals from killing you. Knowing you're innocent won't convince the TSA of anything. If you try to play the race card and tell me not to assume that just because you're Arab, you're a terrorist, I will play the moron card and tell you that i don't assume you are a terrorist. I assume that a terrorist will be someone who looks a lot like you. Therefore, I need to search you. I don't think you're guilty, but a guilty person would most likely be Arab. There's a big difference. In one, I am a racist. In the other, I am simply making logical and sound decisions on who search based on empirical evidence. It's not offensive, it's smart.

Obviously, we can't go around just searching Arabs. That leaves out the 5 or so percent of the population who would also commit horrible airplane crimes. We account for that 5 percent by doing a low-level, unobtrusive search on everybody. It would ideally be computer-run, would happen in seconds, and you wouldn't have to take your shoes off. I also don't think we need to be strip-searching every Arab. Aside from racial profiling, there is behavioral profiling. If we're not going to search every Arab, than we need to at least focus our behavioral monitoring on that demographic. It's proven to be a successful system in countries like Israel, where terrorism is an every-day threat, and there's no reason why it can't be enforced here in America. It's a lot cheaper than randomly scanning bags in state-of-the-art detection equipment, and it's about as unobtrusive as you can get.

I understand that there's a line somewhere that we're trying not to cross, but the numbers don't lie. We have start thinking like every other security environment, and be logical about our search criteria. Political Correctness is only an excuse until you have impaired an industry so much that half its airlines close their doors  or declare bankruptcy.

The Department of Homeland Security is of the opinion that their responsibility is not to catch terrorists, but  to prevent them doing whatever it is they do. If that means catching them at home or at work, then they've completed their job. That is what they'll tell you if you ask them how many terrorists they've caught at airports. They'll tell you that catching a bomber red-handed is not considered a success, and that's why you don't ever see it happen. They're usually caught long before that. Well, if that's the case, that terrorists aren't supposed to be caught at airports, then why are you spending so much time and money making airports look like border crossings? If you're so confident that you'll catch the bad guys before they sit on a plane, why don't you act like it?

IT security knows very well that giving data the "civil rights" and "privacy" that they deserve "as an American citizen" will end up in a compromised system. They also understand that you can't check all packets indiscriminately. It's about time that the TSA learns from their errors and starts treating security with the logic and know-how it necessitates.

2 comments:

Jonathan said...
This comment has been removed by the author.
Jonathan said...

Eh. Misphrased that, sorry.

Anyway, that's an interesting point of view on the issue. Thank you for sharing this! =)

Post a Comment