There should be one if there isn’t already. And unless someone objects, today seems like as good a day as any to celebrate the brilliance of his words, most of which I find useful in meetings about risk:
“No snowflake in an avalanche ever feels responsible.”
“Doubt is uncomfortable, certainty is ridiculous.”
“Judge a man by his questions rather than by his answers”
“The more I read, the more I meditate; and the more I acquire, the more I am enabled to affirm that I know nothing”
“It is forbidden to kill; therefore all murderers are punished unless they kill in large numbers and to the sound of trumpets” (a softer variation is that some think it’s ok to write buggy code if you write so much of it that your pride and profit keep it going in spite of inefficiency and harm)
and finally, with regard to today’s news that the FTC has fined ChoicePoint $15 million…
“Every man is guilty of all the good he didn’t do.”
Here’s to Voltaire and to his role in the age of Enlightenment!
He was a poet’s poet:
Understand idleness better. It is either folly or wisdom; it is virtue in wealth and vice in poverty. In the winter of our life, we can enjoy in peace the fruits which in its spring our industry planted. Courtiers of glory, writers or warriors, slumber is permitted you, but only upon laurels.
I think this is brilliant (pun intended). It reminds me of the concept of armored spaces that protect the inhabitants while retaining visual/light capabilities, but this adds in a component of also powering itself. Plain glass windows have been ok, but they clearly have drawbacks (ok, sometimes the puns just jump out). In this case the UV is blocked by walls, while a solar panel collects energy and glass fibers distribute the light. So, fiberlight (plus video) should provide a radical reduction in risks while maintaining many benefits from windows.
Wonder what Milton would have said about this fine use of talent to produce technology that might protect those who speak out in favor of a republic and against the supreme executive (e.g. he feared he “lost his light” because of writings like “the Tenure of Kings and Magistrates” and his support of Cromwell)…
When I Consider How My Light Is Spent
by John Milton (1608-1674)
When I consider how my light is spent
Ere half my days in this dark world and wide,
And that one talent which is death to hide
Lodged with me useless, though my soul more bent
To serve therewith my Maker, and present
My true account, lest he returning chide,
"Doth God exact day-labour, light denied?"
I fondly ask. But Patience, to prevent
That murmur, soon replies: "God doth not need
Either man's work or his own gifts: who best
Bear his mild yoke, they serve him best. His state
Is kingly; thousands at his bidding speed
And post o'er land and ocean without rest:
They also serve who only stand and wait."
Recent events in the waters off the Somali coast are probably a sign of things to come. Pirates there have been a serious problem for many years (although historically dwarfed by the waters near Indonesia or even Nigeria), and the modern Navy has tended to only intervene and respond to civilian vessels after a mayday. This means that the Pirates are essentially taking the opportunity to attack highly vulnerable and ill-prepared victims.
The main difference between pirates and terrorists seems to be that the latter is motivated by some political mission, whereas the former are just hoping to increase their wealth by force (motivated by greed). When we heard about the cruise ship that was hit with an a RPG, but managed to repel the attackers with a loud noise, we were led to believe there were just pirates afoot (and not internationally funded criminal syndicates with a political agenda).
While that’s likely, one has to wonder at what (economic) point does the market for pirates give way to the politics of terrorists? Al Qaeda, of course, has been rumored to be discussing the use of vessels, including large fuel tankers, at sea in the same fashion as they had used airplanes on 9/11. Makes sense that they would discuss any vehicle under the sun given the nature of suicide bombing and the need to rapidly and discreetly “insert” themselves into a civilian zone.
Relative spatial density of reported pirate incidents in the Gulf of Aden for 2008 Therefore, if the threat of pirates increases far enough and ships remain vulnerable, eventually terrorists will make the glaringly obvious connection. The question then becomes whether countermeasures will be able to detect and prevent sufficient numbers of attacks to catch all those that might be linked to terror motives, and whether the root cause should/can be addressed rather than the symptoms.
I picked up a morsel of news several months ago that SEALs were actively training to rescue a large ship that had been commandeered in the Indian Ocean. The shipping company decided to pay a ransom (e.g. pirate motives were satisfied) rather than have the US military take it back by force. It’s hard to say more without the full details but it seems lucky to me that all those attackers wanted was money. My guess is the Navy was thinking the same thing, and the Seals were probably extremely disappointed in having their mission cancelled, so it’s no surprise to now hear in the mainstream press that US warships have started engaging the threat more and more proactively. The AP report regarding the latest Somali case notes that:
The Churchill is part of a multinational task force patrolling the western Indian Ocean and Horn of Africa region to thwart terrorist activity and other lawlessness during the U.S.-led war in Iraq
“Thwart terrorist activity and other lawlessness” is exactly what I am talking about. Does this mean the US Navy is now set to enforce the law in International waters? And do they need to mention multinational forces and the Iraq war in order to justify enforcing the law? The article also mentions “The Navy said it captured the dhow in response to a report from the International Maritime Bureau in Kuala Lumpur on Friday…” but it remains to be seen why this pirate ship in particular was of interest to the US Navy and why this is making mainstream news.
Beyond the threats of lawlessness, we still must face the general issue of vulnerability of ships. Although I’ve seen some improvements, I have to say that things like electrified fences have serious draw-backs. Aside from falling into one yourself, it is a single control point and rather prone to failure (electricity is not plentiful or reliable at sea) as well as somewhat easy to work around (attackers might just move on to the next vessel, but if they are everywhere what would stop them from just developing insulation/shorting equipment?). While naval engineering has made great strides in making boats more seaworthy, this has not translated into innovation in private boating anti-piracy measures. When you think of the boating industry in general, do consumers want to spend money on teak fittings, extra shipping capacity, or surveillance cameras and ammunition? Thus, I think the best answer today actually is a reduction in threats, which means that (multi)national forces will have to find ways to cooperatively police the International waterways before the path of the pirates is joined by terrorists. I hate to say it, but it reminds me of the “great Naval powers”…what would Admiral Nelson do?
2019: Updated to add UNOSAT maps to replace deprecated secure-marine.com links
Few of us are probably lucky enough to invent something as contagious as a Security-Tubby or a Barney character. Instead, we are stuck with the task of creating “fun” posters with slogans.
One of my more successful ones so far has been based on the saying “Ctrl-Alt-Del when you leave your seat”.
People tell me that no matter how rediculous they might find security slogans at first, eventually this one grows on them and they can’t help but sing it aloud when they leave the office. You know you have won over your users when they start to beg for more effective ways to comply with the “Ctrl-Alt-Del song”.
I usually give them a tip like the following:
Although a screen lock button is already provided in most X distros, including Linux, Windows folks are usually in need of a shortcut. They’re simple to create with the following command:
Then change the icon to something that looks like a “lock”. The orange key seems most popular among XP users (consistency helps the helpdesk) and can be found in the following library:
%SystemRoot%\system32\shell32.dll
Just put the button wherever convenient (desktop, taskbar, start, etc.) Although the setup is easily scripted and deployed over the network, sometimes it is best to hand it out to all your users like a present during the holiday season — “Security wishes you a safe and secure holiday. We hope you enjoy this new button.”
And believe it or not, people who start using this button will still say “hey, I did the Ctrl-Alt-Del thing, go check my screen”, even though they no longer are touching the keyboard when they step away. Ah, the power of security slogans.
Unfortunately not all slogans are as catchy. Messages from security easily get lost in the sea of information users have to process every day and most of the other material they hear is so polished that phrases like “don’t get hooked by phishers” tend to blend right into the wallpaper. Thus, I believe the world of security would be far better off if more wordsmiths and poets were employed to craft our message, perhaps even at the state or federal level. Nothing too fancy would be necessary as the slogans that always seem to do best are the simple ones — “loose lips might sink ships”.
I think 
