Category Archives: Security

The Midnight Ride of Paul Revere

by Henry Wadsworth Longfellow (1807-1882)
(An extract of a performance by Danny Solis can be found on Poetry Slam)

Listen my children and you shall hear
Of the midnight ride of Paul Revere,
On the eighteenth of April, in Seventy-five;
Hardly a man is now alive
Who remembers that famous day and year.

He said to his friend, “If the British march
By land or sea from the town to-night,
Hang a lantern aloft in the belfry arch
Of the North Church tower as a signal light,–
One if by land, and two if by sea;
And I on the opposite shore will be,
Ready to ride and spread the alarm
Through every Middlesex village and farm,
For the country folk to be up and to arm.”

Then he said “Good-night!” and with muffled oar
Silently rowed to the Charlestown shore,
Just as the moon rose over the bay,
Where swinging wide at her moorings lay
The Somerset, British man-of-war;
A phantom ship, with each mast and spar
Across the moon like a prison bar,
And a huge black hulk, that was magnified
By its own reflection in the tide.

Meanwhile, his friend through alley and street
Wanders and watches, with eager ears,
Till in the silence around him he hears
The muster of men at the barrack door,
The sound of arms, and the tramp of feet,
And the measured tread of the grenadiers,
Marching down to their boats on the shore.

Then he climbed the tower of the Old North Church,
By the wooden stairs, with stealthy tread,
To the belfry chamber overhead,
And startled the pigeons from their perch
On the sombre rafters, that round him made
Masses and moving shapes of shade,–
By the trembling ladder, steep and tall,
To the highest window in the wall,
Where he paused to listen and look down
A moment on the roofs of the town
And the moonlight flowing over all.

Beneath, in the churchyard, lay the dead,
In their night encampment on the hill,
Wrapped in silence so deep and still
That he could hear, like a sentinel’s tread,
The watchful night-wind, as it went
Creeping along from tent to tent,
And seeming to whisper, “All is well!”
A moment only he feels the spell
Of the place and the hour, and the secret dread
Of the lonely belfry and the dead;
For suddenly all his thoughts are bent
On a shadowy something far away,
Where the river widens to meet the bay,–
A line of black that bends and floats
On the rising tide like a bridge of boats.

Meanwhile, impatient to mount and ride,
Booted and spurred, with a heavy stride
On the opposite shore walked Paul Revere.
Now he patted his horse’s side,
Now he gazed at the landscape far and near,
Then, impetuous, stamped the earth,
And turned and tightened his saddle girth;
But mostly he watched with eager search
The belfry tower of the Old North Church,
As it rose above the graves on the hill,
Lonely and spectral and sombre and still.
And lo! as he looks, on the belfry’s height
A glimmer, and then a gleam of light!
He springs to the saddle, the bridle he turns,
But lingers and gazes, till full on his sight
A second lamp in the belfry burns.

A hurry of hoofs in a village street,
A shape in the moonlight, a bulk in the dark,
And beneath, from the pebbles, in passing, a spark
Struck out by a steed flying fearless and fleet;
That was all! And yet, through the gloom and the light,
The fate of a nation was riding that night;
And the spark struck out by that steed, in his flight,
Kindled the land into flame with its heat.
He has left the village and mounted the steep,
And beneath him, tranquil and broad and deep,
Is the Mystic, meeting the ocean tides;
And under the alders that skirt its edge,
Now soft on the sand, now loud on the ledge,
Is heard the tramp of his steed as he rides.

It was twelve by the village clock
When he crossed the bridge into Medford town.
He heard the crowing of the cock,
And the barking of the farmer’s dog,
And felt the damp of the river fog,
That rises after the sun goes down.

It was one by the village clock,
When he galloped into Lexington.
He saw the gilded weathercock
Swim in the moonlight as he passed,
And the meeting-house windows, black and bare,
Gaze at him with a spectral glare,
As if they already stood aghast
At the bloody work they would look upon.

It was two by the village clock,
When he came to the bridge in Concord town.
He heard the bleating of the flock,
And the twitter of birds among the trees,
And felt the breath of the morning breeze
Blowing over the meadow brown.
And one was safe and asleep in his bed
Who at the bridge would be first to fall,
Who that day would be lying dead,
Pierced by a British musket ball.

You know the rest. In the books you have read
How the British Regulars fired and fled,–
How the farmers gave them ball for ball,
From behind each fence and farmyard wall,
Chasing the redcoats down the lane,
Then crossing the fields to emerge again
Under the trees at the turn of the road,
And only pausing to fire and load.

So through the night rode Paul Revere;
And so through the night went his cry of alarm
To every Middlesex village and farm,–
A cry of defiance, and not of fear,
A voice in the darkness, a knock at the door,
And a word that shall echo for evermore!
For, borne on the night-wind of the Past,
Through all our history, to the last,
In the hour of darkness and peril and need,
The people will waken and listen to hear
The hurrying hoof-beats of that steed,
And the midnight message of Paul Revere.

The new US Assistant Secretary for Cyber Security

I am not sure what to make of the news that a former employee of the Information Technology Association of America (ITAA) has been appointed to Assistant Secretary for Cyber Security.

First of all, sourcewatch has some extremely disturbing background information on the lobbying done by the ITAA on behalf of electronic voting companies:

ITAA has also tried to help its electronic voting machine manufacturer members combat an onslaught of negative publicity from technical problems, faulty security measures, concerns raised by computer scientists and security experts, and perceived conflicts of interest of company executives (especially Diebold Election Systems). It drafted a proposed PR plan for e-voting companies to “generate positive public perception.”[12], Draft of PR plan (PDF)

ITAA has opposed one of the more modest demands of e-voting critics — a paper receipt verifying each vote. ITAA president Harris Miller was quoted in the May 2004 issue of Congressional Quarterly’s Governing Magazine: “I think that the paper verification system is kind of giving people a false sense of security… I can give you a receipt, but if I started out the day by stuffing the ballot box with 50 ballots for Bush, I haven’t actually done anything to make the system secure.” In the same article, the Election Technology Council is identified as a new trade group within ITAA for voting machine manufacturers.

This stands in contradiction to Harris’ earlier remarks at the December 2003 press conference announcing the launch of the Election Technology Council, the e-voting machine manufacturers’ trade group: “The customer is always right. If the state and local election officials want paper ballots, the industry will provide those,” he remarked.[13]

If you work in information security I highly recommend you check out the “Draft of PR Plan” for Diebel. Oh, and you probably should make sure nothing breakable is near you when you read it.

Second, who is Greg Garcia? Here is Chertoff’s perspective, perhaps released by the ITAA, published on the Government Technology site:

“Greg joins the department from the Information Technology Association of America, where he was vice president for Information Security Policy and Programs. In that capacity, Greg led the public debate on cyber security policy and national cyber readiness.”

Led the public debate? I am having a hard time finding evidence of his existence prior to this announcement, let alone an outspoken role on US cyber security. Chertoff continued:

“He has worked closely with the department over the past few years in his role on the IT Sector Coordinating Council and working with industry to found the National Cyber Security Partnership. Greg helped to draft and enact the Cyber Security Research and Development Act of 2002 during his tenure with the U.S. House of Representatives Committee on Science.

I confess I had to lookup the NCSP. Even though I have been actively involved in information security in the private and public sectors for more than twelve years, I can not say the NCSP rings any bells. News.com provides an executive summary of their work:

Some security experts criticized the proposals as a way for companies to dodge any responsibility for the morass of security issues that plague firms and people on the Internet, a charge similar to that leveled against the National Strategy to Secure Cyberspace, which recommends that each Internet participant learn to secure his or her portion of the online domain.

That seems rather harsh, but what results have we seen since 2004? And on that note, the CSRDA was an allocation of $880 million over five years for research in cyber security. Wired described it this way:

Claiming that the Internet may be terrorists’ next target, the U.S. House of Representatives voted on Thursday to create a new generation of “cyber warriors” to protect America’s critical infrastructures.

Interesting. With only one year of funding left, I wonder how the new generation of information security students will emerge. Will the “cyber warriors” be realized, or are they ready? Can’t say I have heard much about them or the programs since the money was allocated, and yet there have been a number of high profile breaches during that same time. I searched through all the documentation provided by the House of Representatives on HR3394 and I also did not find mention of Greg’s name. I guess lobbyists who help draft the resolutions aren’t supposed to get the recognition, so no surprise there. Chertoff continued:

Greg has also worked to strengthen encryption control regulations while with the Americans for Computer Privacy and he was active on international trade and IT policy at the Americans Electronics Association.

As in the multi-million dollar lobbyist campaign to get Congress to relax export controls? Hm, that’s interesting. Wonder if he was working for Ed Gillespie. You may draw your own conclusions but this all reminds me of some other “surprise” appointments by the Bush administration. They are hard to pin down on the issues because they really do not want you to discuss facts and find out something you might not agree with. PR for hackable voting machines and working papers that transfer liability from corporations to consumers? Where does he stand on the issues? Let us hope Greg is able to turn the tide on the Bush administration and reign in corporate governance issues that precipitate security risks. But what are the odds, really.

California Prop 87

This is a rather sharp counter to the multi-million dollar campaign led by Chevron to kill Proposition 87 in California:

The full page New York Times ad run yesterday by your national political operation — the American Petroleum Institute — highlighted a messaging problem within your California campaign against Proposition 87. The ad stated: “… the global price of crude oil is the single most important factor in what you pay for fuel at the pump.” (Please see the full text of this ad, which I have attached.)

As a professional, I feel compelled to inform you that your California agents are taking your money and taking you for a ride.

The oil companies’ top flack in California, Chamber CEO Alan Zaremberg, has been saying Proposition 87 will increase gas prices at the pump. But according to the API “the global price of crude oil is the single most important factor in what you pay for fuel at the pump,” not local fees like the ones already charged in Alaska, Louisiana and Texas. Zaremberg is clearly off message and is clearly disregarding the oil industry’s talking points.

Zaremberg should be doing a better job in exchange for the $345,000 your industry has recently given to Chamber PACs. And he should remember who he works for: the California Chamber Board, on which Shell, Chevron, and Aera Energy, the Exxon/Shell joint venture, hold seats. In fact, the Immediate Past Chair of the Chamber is Aera’s CEO.

You might as well replace Zaremberg with Jack Coffey, who is currently a lobbyist for Chevron.

He at least was telling the truth when he summed up your position against Proposition 87 to the LA Times by saying:

“This is worth a lot of money to us.”

I urge you to make Mr. Coffey an offer without delay.

The level of corruption today in American politics, especially from the lure of petroleum companies, is said to be at an all time high (a tall order, given the infamous Harding and Grant administrations), but also disturbing is how these companies try to stoke fear in consumers by spreading disinformation about the economics of petroleum.

Edited to add (9/28/06):

I’ve noticed this post is getting a lot of traffic, even though I only provided an excerpt and a link to other sources. Some have even grouped me in with the “one-sided” list of pro-87 sites.

What I have found, essentially, is that people are intent on discussing the future cost of CA gasoline as though it is the most important consideration. In other words, some are trying to distill this measure down to a question of whether you are for or against higher prices at the pump. I find this disturbing as such a lopsided risk model has very dangerous consequences.

If we care only about the cash we hand over at the pump, and not other things at risk such as our health and welfare, then the business model for big oil is clear — manipulate pump costs with disregard for other factors.

The consequences of this are dangerous because this actually might be exactly what some consumers want. They would gladly have cheap gas at the cost of people being killed or maimed abroad or even at home.

Anyone who believes in obtaining the absolute maximum best for themselves while feeling little or no responsibility towards others (and expects everyone else to act this way) is not going to make intentionally good decisions for the majority of people. Beware the extremists who claim they are center-right or even centrists in the political spectrum and thus advocating for improvements to the general welfare, when they are not. They will make decisions that are good only for those who share their extreme minority views.

And so, with Prop 87, you find a number of extremists coming forward to say “hey, don’t touch my gas prices!”. Compare that to the ruling this week by a U.S. District Judge that the Department of Interior’s Bureau of Land Management (BLM) failed to consider the cumulative environmental impact of widespread oil and gas drilling (e.g. the big picture of risk) in the National Petroleum Reserve, Alaska (NPRA). The judge rejected the BLM’s decision and sent the matter back to the agency for further analysis.

The difference in perspective might be best explained with food as an analogy. Would someone pay $1 for a burger instead of $2, if they were told that by paying $1 today they would have to pay $50 for that same burger five years from now to survive? In other words, would they be willing to make a small investment now in order to maintain a relatively flat cost of living adjustment versus face a crisis? Before you answer, extremists would try to divert the argument away from a yes or no and instead ask whether anyone should ever trust a government to invest money wisely. Their position on this issue is that you should only give your hard-earned money to the oil companies, because in some weird way they think that oil companies will be more fair, more representative and more in tune with your interests than your elected representatives.

The foundation of California Prop 87 is the economics of risk. We know that the oil companies have been given tax breaks and therefore extra margins in California. And we know that they are not using their record profits to create an alternative energy market. Many see this as mismanagement of the resources they are allowed to refine. Some see this as their discretion to do as they please. The question is whether they should continue to get giant tax breaks or should taxes be applied, just like in every other state, in order for the state to allocate funds towards new technology and emerging energy markets that will lower the future cost of living from a broad perspective.

Choose your risks and manage them wisely.

Bluegills enlisted in the war on terror(able water)

Here is a fine example of how allow-list strategies are far superior to block-list:

Since Sept. 11, the government has taken very seriously the threat of attacks on the U.S. water supply. Federal law requires nearly all community water systems to assess their vulnerability to terrorism.

Big cities employ a range of safeguards against chemical and biological agents, constantly monitoring, testing and treating the water. But electronic protection systems can trace only the toxins they are programmed to detect, Lawler said.

Bluegills — a hardy species about the size of a human hand — are considered more versatile. They are highly attuned to chemical disturbances in their environment, and when exposed to toxins, they experience the fish version of coughing, flexing their gills to expel unwanted particles.

Nice. The fish monitor the quality of water by living in “known good” conditions. It’s usually an impossible race to try and keep up with detection of all the latest attacks, or known bad conditions, which is why an allow-list such as this is the preferable approach when possible.

I am reminded of fish I caught on a line when I was growing up. When I was older I returned to some of my favorite spots only to find warnings posted by the government about toxic levels of poison that had resulted from pesticide and herbicide runoff. I was told the infamous Agent Orange of Vietnam was still legal if you sprayed it on the backs of cattle to keep insects away. The rain would then wash the poison into the ground and rivers which fed our ponds and lakes. The areas had become toxic to fish and thus humans due to weak regulation of agricultural industries.

More information about the bluegill system can be found here:

The iABS monitors fish behavior using a pair of non-contact electrodes mounted above and below each of eight bluegills. As the fish move in the chamber and ventilate their gills, muscle contractions generate electrical signals in the water that are monitored by a computer. When abnormal fish behavior is identified, the iABS provides immediate alarm notification and can start an automated water sampler to permit follow-up chemical analysis.

So if local fish die as a result of weak environmental regulations, and the water quality has already been ruined by an environmentally hostile department of agriculture, the worry about terrorists putting toxins in the water and killing bluegills seems well-intentioned yet a little less pressing than the already present problems.

Should community water systems assess their vulnerability to all toxins, as I mentioned back in February, or just the ones from “terrorists”? Will homebuyers start to demand air and water quality records and tests prior to home purchase, to ensure a functioning security system that will protect their health?