Information Warfare: Putting The Blame Where It Never Belonged

Archives

July 4, 2011: Earlier this year, the U.S. DHS (Department of Homeland Security) ran a fairly common type of security check on government employees and contractors who work in secure (closed to the public) buildings and work on secret data. The test consisted of leaving data CDs and thumb (USB) drives on the ground in their parking lots. About 60 percent of these items were taken inside, and office computers were used to see what was on the CDs and thumb drives. This is how hackers often get into secret networks. The DHS security people, who ran the test, issued a press release bemoaning the failure of people with security clearances (and training in how to preserve secrets) to recognize this as a ploy to load a virus or worm onto secret networks. This was kind of lame, because this sort of ploy has been used for decades, and the security experts still have not dealt with it.

What the DHS security boffins missed, along with most people in the security business, is that such failures are not the fault of users (who have other jobs to occupy them), but the security people, whose sole job is preserving secrets. This is a common problem. In any manufacturing industry, there is often a bad attitude towards "dumb users." The creators of complex gear seem to miss the point that one point of designing such a product is to make it easy to use. Apple has long recognized this, and one of their catch phrases is that "it just works." Apple has grown prosperous by not thinking of their customers as clueless users, but as valuable customers who deserve products that are easy to use and just work.

There have been an increasing number of people in the security field who are adopting the Apple attitude. Take, for example, the problem with CD drives and USB ports on computers with access to secret data. You can modify the operating system to not allow unauthorized CDs or thumb drives to be used on these PCs. Sure, it's more work for the security people (who would have to work with similarly "user hostile" software and hardware developers), but in the end it's less hassle for the users, and fewer security problems. Sometimes doing things the right way takes a little more effort, and the use of a bit more insight.

 


Article Archive

Information Warfare: Current 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 


X

ad
0
20

Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close