1 / 23

Security Brief and Terms II

Security Brief and Terms II. Session 15 YSU Weapons of Mass Destruction. Risk – Attacker’s View. Risk Aversion A measure of what an attacker is willing to lose. What was the risk aversion (low or high)? Timothy McVeigh John Hinkley Scott Peterson Martha Stewart Robert Blake

hall
Download Presentation

Security Brief and Terms II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Brief and Terms II Session 15 YSU Weapons of Mass Destruction

  2. Risk – Attacker’s View • Risk Aversion • A measure of what an attacker is willing to lose. • What was the risk aversion (low or high)? • Timothy McVeigh • John Hinkley • Scott Peterson • Martha Stewart • Robert Blake • 9-11 Hijackers

  3. Risks to The System? • Important to know your attacker and their level of risk aversion • Know the tools available. . . • Public Health Department • Irrational disgruntled client • Disgruntled • Religious fundamentalist bioterrorist aiming to eliminate public health system

  4. Types of Attackers • Opportunistic – Rather risk averse • Speeders • Kids in a candy store • Lady with lottery ticket • Professional – Less risk averse/calculated • Brinks job

  5. Types of Attackers • Emotional • Attacks are statement attacks • Often make no sense to others • 1993 World Trade Center • Embassy bombings • Susan Smith • Richard Reid

  6. Groups of Concern - Emotional • Religious • Hezbollah, IRA, Al Qaida, • Political • FLNC, Red Brigade • Issue • Earth First, ACT UP,

  7. Homicide Bombers • What is Israel’s response to homicide bombers?

  8. “I’m Sorry Attacks” • I have pulled this one at LAX when I realized that my favorite multipurpose tool was still attached to my belt. • I also pulled this at LAX years before trying to bring home fruit on the plane. • Plausible deniability • Weapons to Nicaragua.

  9. Changing the Rules • New form of hijacking – White House Memo • Hijacking – Northwest U.S. • MIT Students – Las Vegas • NORAD – Cobalt Devices • 9-11 Attackers

  10. Security System Issues • In General – Complexity = Vulnerability • In General – Standardization = Vulnerable • Home alarms • Computer firewalls • Combination locks • Car alarms • Airport security • Class Breaks

  11. Security Structure - School • Camera in Parking Lot • Sign on Door • Buzzer and Camera • I.D. and Verification • Accompanying Party

  12. Security Structure • Single-Layer Defense Technique • Store manager with deposit • Sequential – No Link • Mote, Wall, Hot Oil • Sequential – Linked • Motion detector, phone line, monitoring system, dispatch

  13. Security In-Depth • Assures that if one system fails a second can pick up the slack. (how many?) • Bank • House • Airport • Courtroom • Mall

  14. Weakest Link Consideration • Harry Potter • 3-headed dog • Snare plant • Locked door – flying keys • Chess game • Troll • Logic patterns • Magic mirror • All Difficult

  15. Brittle Layers Fail Badly • Concrete Bunker • Computer Systems • Door on HVAC • Nuclear Plant

  16. Dynamic Systems Can Adapt • Static security works great for copycats • When there is only one way to attack • Before submarines • Dynamic • Human immune system • 1 type of potato • Human observation is flexible • Flight 93 before and after phone calls

  17. Flexibility of People • December 14, 1999 • Ahmed Resam • Diana Dean said he was hinky • This flexible system worked but. . • It was a form of profiling (not for Arabs)

  18. Secrets • Security relying on secrets is brittle • Codes for nuclear missile vs. • Secret door

  19. What About Profiling? • Everyone does it daily. • Not always malicious. • The way you dress, tone of voice, the way you “carry yourself”, the car you drive, the language you use, your occupation and certainly your race and ethnicity.

  20. Does Profiling Work Well? • Depends on three factors • The accuracy of the intuition • All Italians love pasta. • All Arabs are Muslims. • How effective it is when it is institutionalized • If you are on 224 on a Saturday night, you might be up to something – DUI. • How commonplace the characteristics are • Men wearing earrings for example 50’s vs. 00’s

  21. Profiling • Often fails – real attackers are few and far between. • True attackers may dye their hair, trim beard etc. • If all attackers are of a single race or ethnicity, it may make sense • El Al Airlines heavily profile Arab men. • But what about Richard Reid?

  22. Three Last Terms • Identification – Who are you? • “Please insert ATM card” • Ticket and photo I.D. • Authentication – Prove it. • “Type in your code” • Answer question or biometric scanners • Authorization – You are allowed to do this. • Withdraw, deposit, get balance, pay loan • Enter the terminal

  23. Summing Up Security • There is much more to learn • Monitor, detect, notify and respond • In general • Flexible systems • Resilient in the face of attack • With security in depth

More Related