What you don’t want to know will kill others
Security is a tricky place to work. There’s a billion ghost-threats out there, and figuring out what’s real and what’s probably is a huge task that you never get right. One of the ways you figure out what’s possible is the use of red teams where “friends” act as the foe and you find out what can really be done.
The FAA did this and then ignored the warnings, risks and people probably died as a result. Even worse, the FAA and DHS continue to try and cover it up. Was 9/11 preventable? Probably. Was it at least possible to reduce it’s likelihood and potential impact? Most certainly. You can find Mr. Dzakovic’s testimony to the 9/11 commission online:
What happened on 9-11 was not a failure in the system, it was a system designed for failure. FAA very conscientiously and deliberately orchestrated a dangerous façade of security, ignoring the laws cited above. They knew how vulnerable aviation security was. They knew the terrorist threat was rising, but gambled nothing would happen if we kept the vulnerability secret and didn’t disrupt the airline industry. Our country lost that bet.
I’ve done red teaming, both electronic and physical, and universally everyone falls if you’ve got enough room to maneuver in your rules-of-engagement. That’s not the point. The point is to find out what it takes and how easy it is, and then to adapt to those risks before they become real. You must always assume your opponent has as much, or more, capability than you do, and more importantly, is not bound by the same laws and regulations. That’s what makes “you” the good guy, and “them” the bad guy.
This entry was posted at 11:44 am on 26 November 2006 and is filed under Security. You can follow any responses to this entry through the post-specific RSS 2.0 feed.
No comments found.
Responses are currently closed, but you can trackback from your own site.