At 11:41 PM -0600 12/14/04, Bruce Schneier wrote: > Security Notes from All Over: Israeli > Airport Security Questioning > > >http://www.schneier.com/blog/archives/2004/12/security_notes.html > >In both "Secrets and Lies" and "Beyond Fear," I discuss a key >difference between attackers and defenders: the ability to concentrate >resources. The defender must defend against all possible attacks, >while the attacker can concentrate his forces on one particular avenue >of attack. This precept is fundamental to a lot of security, and can >be seen very clearly in counterterrorism. A country is in the position >of the interior; it must defend itself against all possible terrorist >attacks: airplane terrorism, chemical bombs, threats at the ports, >threats through the mails, lone lunatics with automatic weapons, >assassinations, etc, etc, etc. The terrorist just needs to find one >weak spot in the defenses, and exploit that. This concentration versus >diffusion of resources is one reason why the defender's job is so much >harder than the attackers. > >This same principle guides security questioning at the Ben Gurion >Airport in Israel. In this example, the attacker is the security >screener and the defender is the terrorist. (It's important to >remember that "attacker" and "defender" are not moral labels, but >tactical ones. Sometimes the defenders are the good guys and the >attackers are the bad guys. In this case, the bad guy is trying to >defend his cover story against the good guy who is attacking it.) > >Security is impressively tight at the airport, and includes a >potentially lengthy interview by a trained security screener. The >screener asks each passenger questions, trying to determine if he's a >security risk. But instead of asking different questions -- where do >you live, what do you do for a living, where were you born -- the >screener asks questions that follow a storyline: "Where are you >going? Who do you know there? How did you meet him? What were you >doing there?" And so on. > >See the ability to concentrate resources? The defender -- the >terrorist trying to sneak aboard the airplane -- needs a cover story >sufficiently broad to be able to respond to any line of >questioning. So he might memorize the answers to several hundred >questions. The attacker -- the security screener -- could ask >questions scattershot, but instead concentrates his questioning along >one particular line. The theory is that eventually the defender will >reach the end of his memorized story, and that the attacker will then >notice the subtle changes in the defender as he starts to make up answers.
-- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
