Kamis, 08 Juni 2006

Dan Geer on Converging Physical and Digital Security

Dan Geer published an interesting article in the May/June 2006 issue of IEEE Privacy and Security. He questions the utility of converging physical and digital security "within a common reporting structure." In brief:

This observer says convergence is a mirage. The reason is time. Everything about digital security has time constants that are three orders of magnitude different from the time constants of physical security: break into my computer in 500 milliseconds but into my house in 5 to 10 minutes...

That is true, but the value of compromising a system doesn't necessarily come from just getting a root shell. This is especially true when organized crime, corporate espionage, and foreign intelligence activities are involved. Achieving the goals of each of those groups usually takes more than a few minutes, with the first taking the least time and the last the most. Nevertheless, Dan is probably still right. What he says later is even more compelling:

Human-scale time and rate constants underlie the law enforcement model of security. The crime happens and the wheels of detection, analysis, pursuit, apprehension, jurisprudence, and, perhaps, penal servitude... law enforcement generally has all the time in the world, and its opponent, the criminal, thus must commit the perfect crime to cleanly profit from that crime.

In the digital world, crime must be prevented; once committed, it's likely never ameliorable -- data is never unexposed, for example. It's not the criminal who must commit the perfect crime but rather the defender who must commit the perfect defense.

Time is the reason.

Consequently, the physical world strategies of law enforcement are of limited value in the digital sphere. Law enforcement officials (or the military) are not our natural allies or even mentors.


At first I accepted this argument. Then I thought more closely about it. Time has nothing to do with this argument. Preventing crime is the key. The analog world example makes it sound acceptable that a crime has occurred. The digital world example makes it sound unacceptable that a crime has occurred -- "data is never unexposed, for example." Well, death is never reversed if a murder is committed. For horrible crimes like murder, as with the digital world, in the analog world "crime must be prevented; once committed, it's likely never ameliorable."

Geer doesn't see this, but he reaches a conclusion for the digital world that is already happening in the analog:

[The] only answer is preemption. Preemption requires intelligence. Intelligence requires surveillance. If, as digital security people, we have any natural allies or even mentors, they're to be found in the intelligence model of security, not the law enforcement model where this talk of "convergence" has itself converged.

And there we are -- London's Cameras:

British authorities have sought to reassure the public that no effort will be spared to prevent further atrocities. For that promise to become a reality, however, London needs to move more from after-the-event analysis to before-the-event anticipation.

Intelligence is one way to prevent risks from occurring, to the extent that intelligence can identify threats and direct counter-threat activities. Removing vulnerabilities is another way to prevent risks from occurring, but that is far more difficult in most circumstances.

0 komentar:

Posting Komentar