Shamelessly stolen from Dave Farber’s Interesting People mailing list

Why is Department of Homeland Security worrying about file-swapping?

Simple, Dr. F:

a) MPAA posits that filesharing will kill the movie cartel.
{Dubious assumption - look at the Sony decision’s effects, but
follow along..}

b) If the movie cartel goes away, people will have less to fill
their time.

c) With less to do, the citizens may well start reading and
thinking again, as they did in generations past.

d) They just might run into the classic line from Pogo:

We have met the enemy, and he is us

and/or the Constitution while reading.

e) Armed with that, they might move to check the power
of Fatherland Security, and maybe even the Administration
as a whole.

f) Ergo, filesharing is a threat to them.

I guess that the Homeland Security boys and girls do some Risk Management after all.

So I see a link from techdirt to an article at the The NY Times about how the Dept. of Homeland Security has no Disaster Recovery Plans.

From the Times:

An internal audit released on Wednesday concluded that the department [of Homeland Security] had fundamentally failed to follow its own advice.

Computer systems at 19 department sites that served agencies like the Transportation Security Administration, Customs and Border Protection and the Coast Guard had no functioning backups or relied on obviously deficient or incomplete backups, the report by the inspector general of the department said. Even the Federal Emergency Management Agency, which is in charge of disaster recovery, was unprepared, the report said.

TechDirt’s take is that…

There are two ways to look at this. First, the Department of Homeland Security is so confident in its ability to protect this country and itself from any kind of disaster that no backup plan is needed. Alternatively, the Department of Homeland Security is a seriously screwed up bureaucracy that hasn’t put in place the most basic steps to protect its own systems while claiming to be able to tell us how to protect ourselves. Which one seems more likely?

I’m definitely going to go with Door #2 on this one. Of course, given the nature and quality of data they’d like to be collecting, I think I’m actually happy to hear that all it would take is a little bad luck or bad intentions to make it all go away.

So the nation’s milk supply is vulnerable. Yet another piece of “insecure” infrastructure.

The paper “is a road map for terrorists and publication is not in the interests of the United States,” HHS Assistant Secretary Stewart Simonson wrote in a letter to the science academy chief Dr. Bruce Alberts.

The paper gives “very detailed information on vulnerability nodes” in the milk supply chain and “includes … very precise information on the dosage of botulinum toxin needed to contaminate the milk supply to kill or injure large numbers of people,” Simonson wrote.

“It seems clear on its face that publication of this manuscript could have very serious public health and national security consequences.”

puh-leeze.

This vulnerability is getting attention only because researchers published the milk distribution equivilent of exploit code in a scientific journal. In case no one has noticed yet, pretty much every piece of infrastructure in the Western World is vulnerable to some sort of critical attack. That’s what happens when you build your infrastructure in a world where the threats from terrorism were deemed too low-likelihood to constitute an unacceptable risk.

So how would the attack work?

Under the most likely scenario, he wrote, a terrorist would buy toxin from an overseas black market laboratory, fill a one gallon jug with a sludgy substance containing a few grams of botulin, and pour it into an unlocked milk tank, or into a milk truck at a truck stop.

Ummm…ok… So what should we do about it?

He wrote that the FDA guidelines for locking milk tanks should be made mandatory, and said the dairy industry should improve pasteurization to eliminate toxins.

When we talk about a single truck, that’s only a few thousand gallons…a long way from “the nation’s milk supply.” And I hate to break it to those Guardians of Homeland Security, but I could have come up with that attack scenario and I never took any biology past the eight grade.

Could we “secure” the nation’s milk supply? Sure. Is it worth the cost? Not even close. It’s been too long of a week (and it’s only half over) for me to go google for statistics on how much milk is in the supply chain at any given time, but I’d be willing to bet that the value of every last gallon wouldn’t add up the cost of preventing an incident.

As to the risk of the toxins actually getting through? A few dead? To be brutally honest, when you consider that we’ve got chemical depots and LNG storage and transfer facilities which also sit unguarded but would produce much more violent, effective, and telegenic catastrophes if left undefended, I fail to see what the big deal is.

Final thought on this cynical, sarcastic Wednesday: If Terrorists are those who attempt to change the behavior of a populace by inspiring fear, doesn’tt the Department of Homeland Security meet that definition?

So according to this article over at Wired, people who ignored the advice of emergency services (aka 911) operators inside the World Trade Center on September 11th survived while those who listened to their instructions (”stay put, help will come”) died.

Proof can be found in the 298-page draft report issued in April by the National Institute on Standards and Technology called Occupant Behavior, Egress, and Emergency Communications. (In layman’s terms, that’s who got out of the buildings, how they got out, and why.) It’s an eloquent document, in many ways. The report confirms a chilling fact that was widely covered in the aftermath of the September 11 attacks. After both buildings were burning, many calls to 911 resulted in advice to stay put and wait for rescue. Also, occupants of the towers had been trained to use the stairs, not the elevators, in case of evacuation.

Fortunately, this advice was mostly ignored. According to the engineers, use of elevators in the early phase of the evacuation, along with the decision to not stay put, saved roughly 2,500 lives.

What’s unfortunate is that because of a single high-profile but low-likelihood event, rules that exist to minimize injury during a building fire will be universally ignored for years to come by people using the same sort of ignorant (il)logic as the people who cite Gary Busey’s surviving his helmet-less motorcycle accident as a reason for not wearing a helmet when they ride.

The rules that are in place for large-structure building fires exist because doing those things increase the odds that the average victim will survive and do so unharmed. Elevators have a bad habit of getting stuck when the power is lost and stariwells have a bad habit of turning into big chimneys in a fire. Until the fire department is able to determine what the actual conditions are inside the stairwell (and what conditions are going to be for as long as it would take for you to get yourself down that chimney/stairwell and out of the building), then 99.9% of the time you’re better off waiting to be told that you’re safe than taking it upon yourself and winding up suffocating in a stairwell to avoid dying in a building collapse that’s never going to happen.

In general, a layman is not going to have the background or training to accurately guess what’s going to come next unless it’s pretty obvious (”The room is on fire around me…I’d better leave.”). Just because someone posesses better information than the folks back in the 911 call center doesn’t necessarily mean that they are adequately trained to process it and come to the correct decision. You’re 3-4 times more likely to die of smoke inhalation than burns than from flames or a building collapse, but unless you’re an expert on the subject of burning buildings, you probably didn’t know that (I didn’t until I did a bunch of googling on the subject, and I got my Firemanship Merit Badge!).

This is true of any subject-specific Risk Analysis, but in the case of a building fire it’s one where making the wrong decision could get you killed.

Over at KasLog, there’s a posting about Microsoft opening the specification for their XML-based Office file formats:

Of course, the key bit is an open and well documented format, that third party applications can use to read and write Office documents. It will obviously benefit projects like Open Office and its users, but I think it will also benefit Microsoft, because there’ll be less concern about proprietary lock-in. It means you can use Microsoft products today, and switch with relative ease tomorrow, if you want to, or the need arises.

Microsoft won’t open their legacy formats is to ensure that competing products never do better than “get close” when it comes to importing legacy documents. So long as that is the perception, Office users will be unwilling to assume the risk of effectively “losing” data due to incompatibility. Microsoft is counting (correctly, I suspect) on a strong desire within their customer base to avoid that risk.

Microsoft is “opening” their format so they can maintain control of what features can be saved into a data file. So long as they can effectively dictate what information you can save into their formats, they control the pace of change and innovation in the Office Automation software market. That’s smart risk management on their part.

I also think that those issues, combined with the usual Inertia and Fear Of Change issues that dominate corporate desktop software decisions will ensure that no competing product gets too much of a foothold. And if things start to go badly for MS, they can always just create a new, closed format to use going forward.

I originally saw reference to this press release about the SEC pointing out that SOX checklists are worse-than-useless to improve the integrity of financial processes on Pete Spire Lindstrom’s blog:

Both management and external auditors must bring reasoned judgment and a top-down, risk-based approach to the 404 compliance process. A one-size fits all, bottom-up, check-the-box approach that treats all controls equally is less likely to improve internal controls and financial reporting than reasoned, good faith exercise of professional judgment focused on reasonable, as opposed to absolute, assurance.

If we all know that a chain is only as strong as its weakest link, why are we continually told that we must spread our compliance dollars evenly across the entire chain rather than targeting those weak links? Whatever happened to critical thinking, the efficient allocation of scarce resources, or any other rational approach to effectively solving problems in the absence of infinite resources? In this case, meeting the spirit of Sarbanes-Oxley and demonstrating the accuracy of our financial reporting in order to ensure investor confidence?

Adam Shostack has picked up on this, too:

I’ve lost count of the number of stupid, inflexible rules that people have described to me as imposed by their auditors. I’ve lost count of the rules that reduce, not improve security. I’ve lost count of the rules that cost money, without producing an improvement in either security or auditability.