Information Security – A National Perspective

A few days ago while watching CNN, I realized something that was quite daunting that the press doesn’t really seem to understand. First a little background… I do a bit of information security work for my company, but also in addition to that, I read about security and what not like it’s my job (oh wait, it is), but I’m talking on my off hours when most people are sitting back and drinking Corona (mmmm, good with lime). So it startled me the other day when watching CNN and realized that having a free press could be a great strength, but at the same time a very weak link.
It is true that the press tends to be able to shed light on situations, presenting all sides and facets of a situation (after reading through eight or nine different news accounts with different spins, you can generally get the whole picture). However, at the same time, when reporting how different agencies are handling and dealing with different “scares” and “false alarms” and “incidents” you give your enemy a picture of what it is that you’re doing. Call it passive reconnaisance if you like. It’s like the raptors in Jurassic Park II. They would jump and touch different portions of fence, strength testing it. Computer Hacker’s tend to do the same thing. Rather than launching a full force attack, they merely toss up a port scan or see how many times till the system locks out their IP address for not being able to put in a correct password for a user name.
By having the news cover all of this, yes, it tells us that they care and that they’re doing everything that they can to make sure that situations are handled properly, however they’re also giving any enemy a sneak peak into how the organization runs, also giving them an idea of where to strike the help so that it cannot help.
Bank robbers use this practice too – seeing what the response time is for the police to get to the bank that they’re robbing. If you’ve seen Ocean’s Eleven then you know that “organized” crime attempts to plan things out, gathering as much information as they can so that they don’t get caught.
Am I the only person that notices this? For a computer hacker or bank robber to get information they typically have to practice some sort of “Social Engineering” in that they are deceitful as to their identity and get information that they they’re after. It’s almost as though we’re showing our cards to the rest of the table, still expecting to win at this hand of poker. By having the press continually talk about the readiness and policies and procedures that are in place, there is a bit of anxiety relief that the public no longer suffers from, but at the same time, it’s like poker, your opponent knows exactly how you’re playing your cards.
Of course we do have the flip side of all this. If we limit the press to one viewpoint, one vantage point, then we are only making our own lives even harder as we have locked ourselves down to one perspective, one view. It would be like going to Baskin Robbins, all 31 flavours are exactly identical. Definitely a catch 22. Post your comments though, I’m interested to hear what you all think.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s