Cyberwarfare

It has been awhile since I posted, but I am by no means out of touch with recent events, especially those surrounding WikiLeaks.

The purpose of WikiLeaks is to enforce the open government policy by stealing or otherwise obtaining through improper channels information that should remain private for reasons of security (bodily harm) or privacy (emotional harm) and releasing that information to the public on the Internet. Service providers have withdrawn their service from this organization, including hardware and network access to host it, and they, in turn, have become the target of electronic assault by WikiLeaks supporters, primarily distributed denial-of-service attacks (DDoS) by a group identified as "Anonymous".

Numerous tech columnists (including Paul Mah at FierceCIO) have commented that small businesses should be aware of the risk they run by neglecting security practices with respect to their computing resources; while giants like Amazon did not suffer interruptions of service due to the attacks, they have enormous capability to identify and respond to the attacks in real-time, whereas small shops with disgruntled customers would have a far worse time identifying, responding, and recovering from such an attack.

I plan to do some traveling this holiday season, by plane and by private automobile, and transportation security is one of those places where the information technology sector's security practices could be applied analogously to great effect. One of the first things an IT security consultant must do is define the perimeter of the system. For transportation security, this can be tricky due to the several modes of transportation available to the public. Then, at the gateways (the ordinary vulnerability), the problem of detecting the unforeseen is both easier and more difficult for transportation officials. For computing, as long as you can trust the integrity of the code running the gatekeeper, spotting an unauthorized or otherwise malicious entry is relatively straight-forward. For transportation, it must be well-defined what is a harmful object or even a harmful disposition in a person crossing into the region, and the depth of the search for these things can easily violate a person's privacy and dignity as a human person (not simply a data packet, which can be searched exhaustively with no moral consequence). It seems that anything could be a weapon, and any number of otherwise innocuous substances could even be transported within the human body across security lines. With the advent of millimeter wave and backscanner search devices at airports, the skin is the new boundary of concealment; a traditional metal detector would detect metallic objects under the skin (this does not address non-metallic explosive materials).

The issues go on and on; it is essentially impossible for an institution like the TSA to engage in a flawless preventative security policy because of the creativity of the human mind that can be applied to any set of substances or objects to derive a tool to accomplish any task. Rather, as in cyber-security, a distributed model would be most important. Intelligent agents authorized by society as a whole to enforce security and intervene in the case of an incident that jeopardizes security or privacy in transportation should be ubiquitous and equipped to respond to a wide variety of circumstances. Likewise, ordinary citizens (who are naturally ubiquitous in this respect) should also be educated and equipped (at least virtually) to respond to situations that jeopardize their security or privacy or that of those around them. In this way, would-be perpetrators would be stopped early on and over time this reality would become a deterrence.

The moral of the story: be vigilant!

Registered Linux User #370740 (http://counter.li.org)