Security Theatre and the problem of management ignorance

This morning started with two complimentary pieces.  The first was an article in The Star entitled Ottawa Pushing ISP Code of Conduct (hat tip to Robert Beggs).  The second piece was a podcast by NPRs Planet Money on just why it takes so long, and can cost so much, to electronically transfer money (hat tip to John Armenta).  Both of these pieces tie in to our series on the war in your wallet.

The first piece on an ISP code of conduct is quite an interesting piece of security theatre.  The primary thrust is to download responsibility for certain types of hacking protection to ISPs as policy, and focus on relatively mundane forms of malware such as botnets.  While that is a worthwhile goal, I do have to wonder why our government is focusing so heavily on that and not looking towards their own security in the form of, let’s say, the social engineering attacks that allowed someone to steal all the data from the Ministry of Finance.

Now, I called this type of action “security theatre”, and that’s a term you will be hearing a lot more of in the future.  At it’s core, “security theatre” refers to actions that have a lot of hype and appear in very public ways to increase “security” while, in actuality, doing very little functional good (the TSA comes to mind such as this piece of brilliance).

So, why do I call the ISP code of Conduct security theatre?  Simple, when it comes to actual security threats, botnets are chump change, but the policy will have a large impact on most people, especially as they see the smaller ISPs disappearing.  In effect, the policy will have little actual functional effect on security while, at the same time, being quite public: classic security theatre.

The second piece from NPR is a really nice discussion of part of the electronic backbone of the financial system in the US.  While it doesn’t deal with security per se, it does deal with the fascinating question of why it takes so long for money to go through electronic networks and why it can cost so much.  If you want to get a really good on the ground view of why these happen, you should listen to it.  One question you may want to keep in mind is where does the money go when it is “in transit”, and who benefits from the time lag.

Leave a Reply

Your email address will not be published. Required fields are marked *