The security week that was: 10/17/08

Realistic security

I wrote in a previous recap column about how Georgia had stood up to the gun lobby and had banned guns in the non-secure side of airports. The issue had arisen because of a recent decision on the right to bear arms out of Washington, D.C., and had inspired the gun lobby to make moves to validate the right to bear in different locations.

I would guess most people in our country sit in the middle of the road: They probably highly value the right to bear arms, but they also recognize that there are locations where guns shouldn’t be allowed. Defining whether the non-secure side of an airport is the right place to allow guns is up to the public; often these are publicly owned facilities and it seems the public has to decide their norms.

A recent AP article that looked at this issue found that over one-third of the busiest U.S. airports allow guns in the non-secure areas of the terminals -- right up to the checkpoints. And that’s not OK with some people. “Some suggest that allowing guns in terminals is practically asking for them to be smuggled aboard a plane,” wrote the AP report covering this issue.

Rafi Ron, the former security chief of El Al Airlines and Ben Gurion Airport (Israel), who now works as an air security consultant, told the AP: “If your airport is not secure, then the security of your airplanes is jeopardized. You cannot separate the two.”

With all respect to Mr. Ron, who has proven time and time again to be very insightful into aviation security, I have to disagree. After all, separating the unsecure side from the secure side is why we have TSA security checkpoints. In the world of IT security, this would be like the firewall. It’s what separates the unclean side of the internet with all of its spam, malware, viruses from your hopefully clean PC. In reality, we could place that security division wherever we wanted to place it: It could theoretically be at the plane itself, right at the boarding gate. It could be between the terminals and the concourses, where it typically lies now. It could be at building entrances. It could even, if we wanted to spend the time doing full-scale people and vehicular searches, be at the airport perimeter, where people arrive via bus, train and car.

The practical approach seems to be placing it between the terminals and the concourses. This is because: 1) There is a distinct, readily available chokepoint. 2) This still allows concourse-to-concourse movement as planes change gates, flights are re-routed and redirected. 3) It limits the security checkpoint, which has a dramatic per passenger cost associated with it, to travelers only. 4) It limits the number of persons close to the plane, which means that there are less people to watch to ensure threats aren’t crossing over the last level of security.

In addition, if we’re going to say that guns can’t be in airports at all, then we have to actually enforce it. Otherwise it is like saying “We don’t allow viruses on this computer” and then not even bothering to run a virus check or a firewall.

And if we really are to enforce a gun ban and ensure that the entire airport is a sterile environment, then we would have to add a security checkpoint at all entrances to an airport’s facilities. Our airports would have to search all passengers as they arrive, before they check in. We would also have to search all family members there to help a traveler with luggage or welcome them home. Does it sound realistic to add a new set of security checkpoints and staff especially in this time of strapped budgets?

So, as we have it now, 13 of the nation’s 20 busiest airports don’t allow guns. And I’ll bet that if you are spotted with a gun inside those airports the airport police won’t hesitate to enforce the law. But I will also venture to bet that you won’t be checked to ensure you don’t have a gun or other weapon when you enter the airport facility.

In the end, it seems unfortunate that national interest is given to what is really an unrealistic topic. If we’re going to debate airport security, let’s focus on real threats like insider operations. Let’s focus on new technology to speed up the traveler screening process. Let’s focus on challenging airport workers who don’t display ID credentials. Let’s make sure that background checks on workers are being done properly and often enough. Let’s figure out how to make sure the right people are flagged by secondary screening checks and by the Do-Not-Fly list. We can ban guns all we want from airports, but if we’re not going to put teeth to it, why bother?

GAO to labs: Secure the toxins
Report finds weak security at 2 of nation’s highest-level biosafety research labs

If there’s one place you want research to be safe, it’s when you’re dealing with deadly germs and toxins. While part of the security will come from safety measures like air locks, still another aspect is classic physical security. But according to a GAO report, some Biosafety Level 4 labs – the labs which deal with deadly germs and toxins – were not using adequate physical security. They cited a lack of video surveillance and some areas of entrance did not have proper access controls in place or were not staffed by security. The report found that some of the labs assessed, however, had very good security in place. The two bio labs that had weak security – reportedly the one at the Southwest Foundation for Biomedical Research in San Antonio and one at Georgia State University in Atlanta – both responded that they would improve their security.

Recommended reading for security pros
Iran nationalism, Schneier’s newest book, Nilsson's book on IP video

Stephen Kinzer is author of All the Shah’s Men, the story of the 1953 CIA coup to overthrow Iranian prime minister Mohammad Mossadegh. While that book will set you back about $10-15, you don’t have to pay anything to read a fantastic historical summary of colonial and neo-colonial effects on Iran’s history by Kinzer which appears this month in the online version of Smithsonian Magazine. For a quick background education about anti-U.S. hostilities, this article, “Inside Iran’s Fury”, might just need to be required reading. It even ties in early U.S. military relations with Former Iraqi leader Saddam Hussein.

I would also suggest you check out Bruce Schneier’s newest book, Schneier on Security. He writes for Wired magazine, among others, and this book is largely a collection of his essays. If you’re looking for the kind of book that mixes philosophy with real-life security, or encryption with social engineering, this is it. I’ve been reading it in my spare time, and the small chapter essay format is great for stop-and-start reading when you’re pressed for time. The book comes out next week (Oct. 20 is the release date); you can pre-order from Amazon.

Fredrik Nilsson’s 440 page guide to intelligent network video presents some of the concepts you’ve seen in his columns which appear on and in Security Technology & Design, and there’s a lot more in the book. I just got my copy, so it’s too early for a personal review, but based on his credentials and work with IP video company Axis Communications, you can count on this book to showcase the current thinking and techniques used within IP video surveillance. I found the book available from Barnes & Noble online.

More news
Keynotes, stealing screener, electronic dog's nose

General Electric CSO Francis Taylor will keynote the ESX 2009 expo in Baltimore, Md. … A TSA screener from Newark was caught allegedly stealing electronics from passengers bags. … NIST has issued Special Publication 800-73-2; it provides specs for the HSDP-12 PIV card. … The IRS has self-identified security problems with its own computer systems which could weaken the security of taxpayer data. … SAIC landed an $18 million DARPA contract to develop a sensor that would be similar to the olfactory senses of a dog.

Finally, here is the list of our most read articles of the week. As always, thank you for visiting and subscribing to our newsletters.