Liquid Explosives, IPS, and Security Theater.

Thomas Ptacek | August 10th, 2006 | Filed Under: Uncategorized

A bit off topic for us, so I’m going to apologize and keep it terse.

It’s a running joke that the terrorists are having fun at our expense by getting the TSA to ban various things from commercial aircraft. It started with sharps, and the ludicrous theater of trying to isolate all objects which could be used by humans as weapons. Then shoes. The joke went, “it’s only a matter of time before we have to deal with the underpants bomber.”

After today’s events, you gotta figure al Qaeda is sitting around in their Pakistani safe houses trying to think of the next stupid thing they can get us to restrict.

Their problem now: it’s going to be hard to get them to top “fluid”.

What am I missing here? Or did they miss the memo? Last time I checked, humans (and their pets) were mostly made out of fluid, with all manner of bladders, sacs, and glands to hold excess. The suicide bombers are going to die anyways. Doesn’t drug interdiction have basically the same problem, and limited success, against much less sophisticated and dedicated attackers?

You can’t find a better example of why IPS-style reactive security is a bad strategy. When the defender does something dramatic in reaction to an attempted attack, they give the attacker influence over their behavior. Smart attackers will use that influence as a vector. Haven’t these people ever played chess?

What really protects commercial airplanes is that very few people want to blow them up, and the people who do rarely have the ability to execute. The needle-in-the-haystack TSA strategy doesn’t make a dent. In this case, intelligence saved the day. Intelligence works. So does emergency response. Designing new point-deployed countermeasures based on extrapolating from one example drawn from an infinite number of possible attacks? Not so much.

Viewing 6 Comments

    • ^
    • v
    When you criminalize Gatorade, and only the criminals will have Gatorade.
    • ^
    • v
    What is the function of the countermeasures that are being put in place in air ports? If you believe that, on some level, they are intended primarily to protect us from a terrorist threat, then, yeah, this really is a bad strategy. I think there are at least two other ways of looking at this.

    The first is analogous to an IPS or IDS or whatever security solution is fashionable at the moment. The person in charge of network security knows that sooner or later something really bad is going to happen, and ultimately there isn’t a way to make sure that it won’t. The IPS functions as a means of diverting accountability. Either it creates the appearance of due diligence, or it can even persuade the attacker to be careful enough to not get caught or bring their game to a really sophisticated level that no one could be expected to block (insertion attacks are kind of like the shoe bomber in this analogy). Airport security is the managed perception of due diligence on the part of the decision makers in government in order to avoid accountability.

    There is another way of looking at this that is even more cynical. If you are going to base your claim to power on the presupposition that you are going to do more than “the other guy” to combat a real or imagined threat, then you really have to demonstrate this somehow. It also helps to choose a means of expression that a lot of people are going to see and remember. Lots of people fly on airplanes, and forcing people to take their shoes off and walk across a dirty floor in their bare feet really makes an impression, after all. Even if there wasn’t a serious terrorist threat, we would still have to check our Gatorade at the terminal. It’s just too useful as a reminder to the electorate of why we need these particular people in power.

    There are real strategies that we could employ to combat terrorism, and they exist across the political spectrum. It seems likely that any effective strategy would involve some major changes to our society that people who are comfortable with the status quo won’t like. Consequently, they aren’t really widely discussed or debated, and I don’t think the will exists to implement them anyway. Ultimately, however, I just don’t think these airport security schemes have anything to do with it. However, none of this is necessarily bad strategy from some other perspectives…
    • ^
    • v
    They're going to have the hair bomber, and we'll all end up looking like skinheads.
    • ^
    • v
    Have you considered the possibility that the TSA restrictions are designed less to keep planes safe and more to make passengers *feel* safe and therefore ensure people continue to use air travel?
    • ^
    • v
    If that's the case, it's had the opposite effect: the current trend story seems to be people making the dumb risk decision to drive short-haul trips instead of taking shuttles, not because of fear but because of intolerance of security delays.
    • ^
    • v
    If the new rules are permanent, then the reaction is insane^H^H^H^H^H^Hpoorly thought out.

    OTOH, if the authorities believe that only a portion of the would-be perps for this particular attack have been caught, then perhaps by banning the kinds of items these specific bad guys are (note present tense) planning to use, this specific attack can be nullified w/out every last perp being captured (until they plan a different attack, that is).
    At least I am hoping this is the thinking. I can't think of another reason these latest rules make sense, as far as actual (as opposed to make-believe) risk reduction is concerned.

Trackbacks

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus