For want of a single ethernet card, an airport was lost ...
stephen at sprunk.org
Tue Aug 21 03:11:33 UTC 2007
Thus spake "Bill Stewart" <nonobvious at gmail.com>
> While the goals of the system, as identified by the GAO, include
> a brief phrase about "facilitate legitimate travel and trade", the
> rest of the report appears to entirely ignore it.
> ... it appears that the designers of both the technical and
> operational sides are also ignoring the goal of facilitating
> legitmate travel and trade.
> ... Certainly the operational side didn't have processes for
> supporting travellers with reasonable-looking papers in the
> event of a computer failure.
The problem is that if you have a second path of entry with lesser security
protocols, attackers will find a way to get themselves onto that path. For
instance, imagine the terrorists have papers that look legit but they know
won't pass computer cross-references; any time they want to come in, they
would just disrupt the computer network and force the agents to rely on the
papers alone. That's why people get stuck on the runways waiting for the
computers to come back up.
Such secondary procedures are okay in the banking world, where you can back
out transactions that an audit reveals are fraudulent after the fact. The
same does not apply to letting persons across a border where you can't
retroactively deny them entry after they've killed a bunch of people (and,
most likely, martyred themselves). It's the same problem with voting
systems, actually: the anonymity requirements mean all security hinges on
making sure only authorized people vote, and only once at that; you can't
back out fraudulent votes after they're cast, which is why all of the
attacks are on the authorization system and being undetected in an audit
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
More information about the NANOG