Food, Security

Blue Balls in Italy

Leave a comment

I can not wait to hear comedians comment on the news from Italy about suspicious cheese.

A batch of about 70,000 mozzarella balls which turned blue upon opening has been confiscated by food authorities in Italy, officials say.

Blue cheese? Apparently the Police are called in Italy when cheese goes blue. I would wager the cheese would get a completely difference reaction in England or France. Maybe the cheese was just shipped to the wrong market.

Some interesting facts in this incident:

  • 60% of Italians regularly eat mozzarella
  • The cheese in question was produced in Germany for “discount supermarkets”
  • The blue was by bacterium, not toxicity

Bacterium is essential to making cheese flavorful. The blue thus could be a good thing, or it could be bad. Control of bacterium is an interesting and ancient security issue, as an article from 1897 explains.

The food value of cheese is dependent upon the casein which is present. The market price, however, is controlled entirely by the flavour, and this flavour is a product of bacterial growth. Upon the action of bacteria, then, the cheese maker is absolutely dependent; and when our bacteriologists are able in the future to investigate this matter further, it seems to be at least possible that they may obtain some means of enabling the cheese maker to control the ripening accurately.

Italians outsource mozzarella to Germany? Engines and suspension, I can believe, but food? What were they thinking? Also notable that the police responded without any illness reported, just suspicion based on color.

Security

Circumcision Deaths in SA

Leave a comment

The Times reports that botched circumcisions performed on young boys in the Pondoland area of South Africa by unregistered “traditional” doctors have continued to cause complications that lead to death. The province law says only boys older than 17 can be circumcised but younger boys are exposed to risk.

Since the start of the winter circumcision season, boys had been brought into health facilities in “terrible condition”, most were dehydrated and some faced gangrene setting into their wounds.

Gangrene, let alone dehydration, should be giant clues here. In other words, the causes of death after surgery seem to be known and preventable.

Better regulation of the medical practices comes to mind as a step. I say better because it actually could be the strict enforcement of the post-17 law that leads to young boys circumcised without simple and effective medical procedures.

Circumcision of newborns that are already in a clean and healthy environment would remove the demand for the practice later. Education and training might also be a crucial area, especially when you consider who is allowed (hired?) to perform surgery, and the reference to tradition:

A 14-year-old boy was arrested in the Ngqeleni area of Transkei after performing illegal circumcisions on six youths, says the Eastern Cape health department.

[…]

“This really calls for community members, traditionalists, to re-look at this thing, because it’s no longer a customary ritual, it’s something else: boys just doing as they wish.”

I agree. I doubt tradition or custom is really what is at stake here. Since demand for circumcision is high, why not provide it earlier with a safe environment and remove the risk of these illegal and dangerous procedures later? The articles do not say.

History, Security

When does Cyber Attack become War?

1 Comment

Major David Willson is an attorney in the US Army. He has spent more than a decade providing legal advice to the DoD and NSA on information security. Yesterday at the BSides Denver conference Willson presented a paper titled “When does electronic espionage or a cyber Attack become an ‘Act of War’“. The BSides are an informal gathering of information security professionals from the local area.

His paper provides analysis and context to help with the definition of war, but he also offered concrete suggestions in his presentation for how nations can be better prepared to respond in the event of a cyber attack or cyber war. He calls for an international approach.

The audience response was interesting, to say the least. Most of the opposition came from a small vocal group that raised the following issues:

  • Can an International group be trusted?
  • Can an International group be trusted?
  • And last, but not least, can an international group…be trusted?

I say this in all seriousness. Although I would like to think security professionals are familiar with trust as it relates to controls (how to detect, prevent and verify) the mention of an international approach seemed to send certain people into a spell. A centralized authority model, especially one of international membership, clearly upset the audience; eyes rolled back, arms folded, heads shook.

One person in the audience asked several times “Who will be King?! Who will be the King of the group?!”

King?

It quickly appeared that political science concepts (study of human behavior) could have helped this group see past whatever hurdles they were stuck upon. They struggled to transition from the technical material to more organizational security. While (expectedly) comfortable discussing locksport (picking locks), the mention of human behavior and power relationships resulted in comments that went awry. Here are a few suggestions for what Willson’s presentation might have started with to better prepare this particular audience.

  1. Forms and types of governance (or how to distinguish monarchy from democracy)
  2. Allocation and transfer of power in decisions
  3. Disciplines (or how to distinguish realism from instrumental rationality, positivism and behavioralism)

This might have done the job, explaining why a centralized group with international authority would not easily be compromised by a “bad apple” (pun not intended).

One person shouted:

International authority? Someone could compromise it! Isn’t this a case where the cure is worse than the disease?!

Another person asked:

So the US could just turn off the network in another country?

First, this response suggested to me a group that works with information security can nonetheless be missing key concepts of how to apply security in a real world. Security professional know that controls can be used to detect and prevent unauthorized access. These concepts can be adapted and applied to the model(s) put forward by Willson. His point is that there is a legal framework for technical controls to be introduced. That makes sense and so we could have discussed how those controls might work to achieve the purpose of the model. Instead the audience heckled the speaker about unfamiliar topics they feared: politics, law and trust.

Second, it reminded me of non-interventionalism and isolationist movements in America. After the First World War, for example, instead of ratifying Versailles the US essentially walked away and refused to be involved with international security frameworks such as the League of Nations and International Court of Justice. The 1920s also saw tough tariffs raised on imports and immigration severely restricted.

Another example could be the American Revolutionary War. The alliance with France was essential to victory in the war, yet many in the US strongly distrusted and advocated against ties to foreign states. President Washington spoke out against intervention. Thomas Paine published a book on the subject titled provocatively Common Sense.

With all this in mind President Roosevelt presented the state of international affairs as a cause for intervention in 1940:

Some indeed still hold to the now somewhat obvious delusion that we of the United States can safely permit the United States to become a lone island, a lone island in a world dominated by the philosophy of force. Such an island may be the dream of those who still talk and vote as isolationists. […] On this tenth day of June, 1940, the hand that held the dagger has struck it into the back of its neighbor.

The US President said intervention was justified to fight a power when the goal of that power is to destroy American ideologies. This led to legal arguments like the Fourth Neutrality Act that enabled international support (US aid to France and Britain) for defense against German aggression.

It makes perfect sense to me why a military legal expert like Willson would make a case for a platform of cooperation to fight international cyber attacks and cyber war. It makes sense in non-commercial as well as commercial spheres. Companies that compete can still work together when it comes to fighting fraud and crime. It does not, on the other hand, make sense to me why this particular audience of security professionals was so delusional as to ask “who will be king” or shout “cure is worse than the disease”, unless they represent the philosophical equivalent of mis-guided American isolationists.

Although there is a colorful past of non-interventionalism movements in America, no argument of logic or historic reference was raised by the hecklers. They simply, and ironically, expressed that they have a fear of authority and of foreigners. I suspect if they were prepared better, or approached in a different way such as how to build a secure lock for a door of their car, they would be full of ideas how we might build authentication and authorization. Instead they sat and spun in fear.