Ma Bell, got ill communication
July 8, 2003 1:13 PM   Subscribe

He can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys.
posted by elwoodwiles (21 comments total)
 
Nobody can protect Anything from Anybody who is willing to commit the resources to attack it. That is because the attacker has all the advantages: he knows the target, the time, the means and the method.

The best you can hope for is "don't put all your eggs in one basket" mitigation, redundant systems, rapid repair, and just maybe effective counterintelligence. And even then, there are some things it is just not cost effective to defend, leaving you with nothing but the 'revenge' option.

However, paranoia is always justifiable to the paranoid. The excuse of "safety" can be, and is, used to seize any power you want--no matter how ludicrous the "threat" is.

Case in point, if I cut the line to your phone, it does almost nothing to the national fiber optic network. You just shrug it off and wait a week for the repair guy. Even 10,000 phone lines, probably very little, if fixed within a few days. If I disrupt a major node, it could do a lot of harm, but will likely be fixed very rapidly, possibly in hours. Much of its normal traffic will be re-routed.

So how much defense does a major node need? Armed guards? A rapid reaction force? Or just a guy to check phone company IDs as they enter the building? There are tens or hundreds of thousands of 'secure' facilities in the US with only a 'security' guy at the door, if that. As valuable as they might be, they just aren't worth the expense of all that extra security. Paranoia be damned.
posted by kablam at 1:54 PM on July 8, 2003


The response to this paper is "burn it?"

The federal government should hire this guy right now. They need exactly these kinds of minds coming up with attack scenarios and asking what you can do to mitigate problems.
posted by weston at 2:02 PM on July 8, 2003


Oh my God! Not the Beastie Boys! He must be a Terrorist!
posted by MarquisDeShad at 2:02 PM on July 8, 2003


There is exactly one reasonable course of action if it is truly believed that his thesis is that important.

1) Have somebody over at the DOD or DHS give it a classified status immediately.

2) Make this young man a short term government contractor and pay him for the information, in return for making him sign a perpetual NDA.

3) Cut some kind of deal with his college so he gets his degree. Really, it's only fair. He did more work than a lot of grad students I have known.

4) Since he will still know how he obtained his information, and by what methodologies he came to his conclusions, he should be strongly encouraged to take a position in the DOD or DHS, at an appropriate and competitive salary of course. This means his considerable skills will be used in the service of his country, unlikely to fall into the eeeeevil clutches of terra-ists.
posted by ilsa at 2:07 PM on July 8, 2003


Great story, thanks elwoodwiles.
posted by vito90 at 2:14 PM on July 8, 2003


Further scariness:

"This is why CEOs of major power companies don't sleep well these days," Derrick said, flattening the pages with his fist. "Why in the world have we been so stupid as a country to have all this information in the public domain? Does that openness still make sense? It sure as hell doesn't to me."

And that's the general response of a certain type of authority figure: hide information. The problem with this is that in order for a society to run healthily, certain information has to be available publically. Hiding things for security sake can easily become a segue to hiding things for less ethical reasons.

Not to mention the fact that often hiding information just doesn't work. As kablam pointed out, a determined researcher (let alone an intelligence officer) can find out quite a bit.

The Bush administration was right about one thing from the outset: total defense coverage from terrorism threats in the country is impossible, your best hope is to go after and disrupt the offenders. I hope they also realize exactly how people like Gorman can be useful and don't learn the wrong lessons from his work.
posted by weston at 2:14 PM on July 8, 2003


he should be strongly encouraged to take a position in the DOD or DHS

It would not be appropriate for the government to "strongly encourage" anyone to make one particular career choice over another.
posted by rushmc at 2:22 PM on July 8, 2003


Oh my God! Not the Beastie Boys! He must be a Terrorist!

Well, they do sing about sabotage.
posted by Asparagirl at 2:30 PM on July 8, 2003


The killer point to me in regard to this furor is that the dissertation was compiled using publicly available data. So if Mr. PhD found it, so can we, or whoever, and classifying the dissertation won't accomplish diddly.
posted by billsaysthis at 2:38 PM on July 8, 2003


Assuming the original online data sources haven't been taken offline or classified already. Which many have, post-9/11.
posted by Asparagirl at 2:44 PM on July 8, 2003


3) Cut some kind of deal with his college so he gets his degree.

3) (a.) This is a gold mine for the college. Use the research and the 'deal' to ask for a grant to do more research, even if it is for DOD.
posted by MzB at 2:44 PM on July 8, 2003


OMG!... Dam you AsparaGirl et al, you stole my post.

"Got more flavours than a packet of macaroni."
posted by carfilhiot at 2:48 PM on July 8, 2003


ahem.
[via slashdot]

That is all.
posted by Civil_Disobedient at 2:50 PM on July 8, 2003


while it WAS compiled from public sources, I don't think he's getting a doctorate in library studies. Most likely, it sounds like the core of his real reasearch is that he built mathematical models to analyze shitloads of data and come up with optimal breakpoints.

While getting the data from the public domain is most certainly a thing tehruhrists can do, building really hard models to calculate exactly what would be the most disruptive is a very hard problem requiring serious crunching. But, since GWU isn't publishing the details, I'm not certain thats what his research was on, but thats what I read out of it.
posted by fiz at 4:06 PM on July 8, 2003


Okay.

It's been said before. It will be said again. Security through obscurity is not security. If you know something, you absolutely must assume that someone else does. Perhaps the "burn it!" people will actually come around to this viewpoint when they realize that either a) the terrorists already have a similarly useful model (or simply a similarly useful pile of data and a lot of time on their hands) for planning infrastructure attacks or (more likely) b) they don't care because there are more cost-effective means of terrorizing a population than fucking with its phones or electricity in repairable ways (keeping in mind of course that ALL such damage is repairable, in so far as it was humans, Americans even, that built the damn system in the first place).

No system can ever be made invulnerable to attack, and no amount of wishing, classifying, burning theses and denying graduation to people who suddenly became dangerous because they had the time and inclination to think about things in a particular way can change that. The best you can hope to do is to divert attack, usually by making an attack prohibitively expensive and therefore inducing the attackers to attack a less expensive, lower impact target. With telephone and power networks, simply ensuring than a coordinated attack on fewer than n points will have a maximum impact of m service outages for a maximum of t days (for comfortable m, n, and t) should do.
posted by Vetinari at 5:58 PM on July 8, 2003


This guy puts me in mind of a story about when Tom Clancy published his first novel, The Hunt for Red October, back in 1984. Then-Secretary of the Navy, John S. Lehman, went apeshit when he read it. "Who the hell cleared this?!" He wanted to know, but nobody needed to clear anything. Clancy (and ghost-coauthor Larry Bond) had gotten all their data from publicly available sources about modern submarines and weapon systems.
posted by alumshubby at 4:25 AM on July 9, 2003


It would not be appropriate for the government to "strongly encourage" anyone to make one particular career choice over another.

rushmc, maybe not, but the Navy recruiter told me, "Don't even go near those Air Farce wing-wiper weenies."
posted by alumshubby at 4:28 AM on July 9, 2003


No system can ever be made invulnerable to attack

Quite true, BUT...

...large sectors of the population can be convinced that it can, which serves the purposes of the politicians nearly as well.
posted by rushmc at 6:00 AM on July 9, 2003


alumshubby:

<nitpick>
You're thinking of Red Storm Rising, the book Clancy (and Larry Bond) wrote about a conventional World War III between the Soviets and NATO. The Hunt for Red October was solely Clancy's work. Cite
</nitpick>
posted by Bluecoat93 at 6:03 AM on July 9, 2003


I read that Red October itself started a fuss at the Pentagon, when a congressman or congressional staffer called the Department of the Navy and demanded to know why the congressman hadn't been briefed on the Soviet Navy's caterpillar drive.
After some frenzied dashing about by confused senior staff, a junior officer started to burst out laughing, as he had read the then new book.
posted by kablam at 6:40 AM on July 9, 2003


Bluecoat, maybe I'm conflating it with a (now grown vague) memory that Clancy used Larry Bond's Harpoon war game to work out the particulars of some naval-engagement scenes. Or am I out to lunch there too? (shrugs)
posted by alumshubby at 9:14 AM on July 9, 2003


« Older Photoblog your life   |   Freewheelin Ken Oakley Newer »


This thread has been archived and is closed to new comments