Bruce Schneier: A Witch on Security
Bruce Schneier has got to be one of the smartest men alive. He runs a computer security company called Counterpane, but has outgrown his roots and become a kind of modern Cassandra, poking hole after hole in the systems and policies which we rely on to protect our world.
In his monthly newsletter–which is a must read–he writes about fraud, thievery, spying, scams, terrorists, war, bombs, forensics, airports, privacy, healthcare and just about everything else. But he’s not one of those paranoid crazies, in fact he’s frighteningly realistic. Awhile back he wrote this about the aftermath of 9/11 and Katrina:
Improving our disaster response was discussed in the months after
9/11. We were going to give money to local governments to fund first
responders. We established the Department of Homeland Security to
streamline the chains of command and facilitate efficient and
effective response.The problem is that we all got caught up in “movie-plot threats,”
specific attack scenarios that capture the imagination and then the
dollars. Whether it’s terrorists with box cutters or bombs in their
shoes, we fear what we can imagine. We’re searching backpacks in the
subways of New York, because this year’s movie plot is based on a
terrorist bombing in the London subways.Funding security based on movie plots looks good on television, and
gets people reelected. But there are millions of possible scenarios,
and we’re going to guess wrong. The billions spent defending airlines
are wasted if the terrorists bomb crowded shopping malls instead.Our nation needs to spend its homeland security dollars on two things:
intelligence-gathering and emergency response. These two things will
help us regardless of what the terrorists are plotting, and the second
helps both against terrorist attacks and national disasters.Katrina demonstrated that we haven’t invested enough in emergency
response. New Orleans police officers couldn’t talk with each other
after power outages shut down their primary communications system –
and there was no backup. The Department of Homeland Security, which
was established in order to centralize federal response in a situation
like this, couldn’t figure out who was in charge or what to do, and
actively obstructed aid by others. FEMA did no better, and thousands
died while turf battles were being fought.Our government’s ineptitude in the aftermath of Katrina demonstrates
how little we’re getting for all our security spending. It’s
unconscionable that we’re wasting our money fingerprinting foreigners,
profiling airline passengers, and invading foreign countries while
emergency response at home goes underfunded.Money spent on emergency response makes us safer, regardless of what
the next disaster is, whether terrorist-made or natural.This includes good communications on the ground, good coordination up
the command chain, and resources — people and supplies — that can be
quickly deployed wherever they’re needed.Similarly, money spent on intelligence-gathering makes us safer,
regardless of what the next disaster is. Against terrorism, that
includes the NSA and the CIA. Against natural disasters, that includes
the National Weather Service and the National Earthquake Information
Center.Katrina deftly illustrated homeland security’s biggest challenge:
guessing correctly. The solution is to fund security that doesn’t rely
on guessing. Defending against movie plots doesn’t make us appreciably
safer. Emergency response does. It lessens the damage and suffering
caused by disasters, whether man-made, like 9/11, or nature-made, like
Katrina.
If that isn’t wisdom, then I don’t know what is. Checkout Bruce Schneier, you’ll be shocked by what you learn.
