June 07, 2005

The National Security Paradox

Last week, A Stanford University professor was set to publish a paper in the National Academy of Science Journal, detailing how terrorists might possibly contaminate the milk supply with toxins. The paper went on to suggest that these trucks have mandatory locks placed on them to protect against tampering. When the government found out about the paper, however, it immediately blocked it from publication, describing it as a "road map for terrorists."

Welcome to the National Security Feedback Loop: Information on how to improve National Security is being withheld because it shows that flaws exist in the system. But without professional analysis and exposition of these flaws, proper support for fixing them cannot be garnered, and they will be left open. In the ultimate irony, the Department of Homeland Security, it seems, is too insecure in itself to admit it's not perfect.

Compare this to the Microsoft model of dealing with viruses. Security companies and universities test and prod every bit of the Windows system in order to find flaws that might be exploited by a hacker. Once discovered, the flaws are reported to Microsoft, who in turn makes a press release to the public. They announce the flaw, usually give credit to the team who discovered it, describe the ways it can be exploited and release a downloadable software patch that will fix the problem in the short-term. Later, a more polished solution to the flaw may be released in a newer version of code.

Yes, there is sometimes a "window of opportunity" for hackers between the announcement and the release of the patch, but the I.T. community would rather be educated about the current threats so they can be on guard. By announcing the threats and then fixing them in a quick manner, the Microsoft team justifies its existence. People know what they are doing to protect us.

When was the last time the Department of Homeland Security warned us about a SPECIFIC threat and acted on it? I can only remember one time, when they caught wind of a threat to the Golden Gate Bridge. Other than that, we get the ludicrous color-coded Terror Alert System. "We have an unspecified threat from a confidential source that something might happen somewhere." So what should the public do? "Just go about your business as normal, just be VIGILANT." I never thought I'd say this, but the government could learn a few things from Microsoft.

Personally, I'd feel much more secure if the government took a threat under advisement, acted quickly on it and then informed the public of what it had done. Take the "Shoe Bomber" incident as an example. Because of this, every person must take off their shoes when going through airport screenings in order to defend against this most unlikely terrorist act. I'll give it an A for effort, but a D Minus for actual security. This proves that with public support, even small security threats can be funded and protected against. Now Imagine what could be accomplished with more dangerous, legitimate security holes that are discovered by scientists and professionals.

This would go far to assure the American public that our tax dollars were being spent on worthwhile, tangible projects with actual results instead of the "We're successful because we haven't had another attack" defense. The truth is that terrorist attacks this far from a group's power base don't happen very often. I could build an "Asteroid Defense System" and claim it's 100% effective, but that doesn't mean it's actually accomplished anything.

No comments:

Post a Comment