[psysec] psychological deterrence, security by obscurity and security theater.
Randall Murch
randallmurch at yahoo.com
Fri May 15 11:26:43 UTC 2009
In my former life (FBI) "hide in the open" (aka "small signal in big noise") was a commonly used term and practice. I used it in many forms throughout the operational phases of my careeer, as did many of my colleagues (in the FBI and other agencies)
Cheers
Randy
--- On Tue, 5/5/09, Gadi Evron <ge at linuxbox.org> wrote:
From: Gadi Evron <ge at linuxbox.org>
Subject: [psysec] psychological deterrence, security by obscurity and security theater.
To: "psysec" <psysec at whitestar.linuxbox.org>
Date: Tuesday, May 5, 2009, 1:36 PM
About a year ago I wrote an article about "Security Theater" together with a friend, Imri Goldberg, which shows a case study where security theater in fact works and prevents and/or mitigates suicide bombing attacks in Israel. It is based on the idea of psychological deterrence and how an attacker reacts to opposition.
What's security theater?
In security we have a concept called Security by Obscurity. It is self-explanatory. You obscure something to make it less of a target. Mostly by making sure people are not aware your security process exists, or hiding knowledge about the system.
Security by obscurity can be confused by many with secrecy, but while similar, they are not exactly the same. Security by obscurity for example can be used as a strong tool for an attacker, to hide in the crowd.
In the industry security by obscurity is often laughed at as useless as many who employ it simply have no security to speak of. But the fact is, it can ve a useful part of the over-all strategy.
In the last few years new terminology emerged called Security Theater, which discusses how some security measures are fake, and built only to make the people who see them feel safe (think TSA in the States).
Below is the case study I discussed above. I'd be happy for any opinion and input on this subject matter as I find it an important part of the security strategic process, which today is lacking in most places.
-----
Sometimes, Security Theater Really Works
By Gadi Evron and Imri Goldberg
http://www.csoonline.com/article/468569/Sometimes_Security_Theater_Really_Works
(URL may break, so: http://tinyurl.com/5u2qmq)
Security theater isn't necessarily as ineffective as the security community believes. In Israel, there is a guard at the entrance to every store. The guard isn't very useful to stop an attacker, and yet in several cases the guards' presence does make a difference, often at the cost of their lives.
..
..
-----
-- Gadi Evron,
ge at linuxbox.org.
Blog: http://gevron.livejournal.com/
Security blog: http://gadievron.blogspot.com/
_______________________________________________
psysec mailing list
psysec at whitestar.linuxbox.org
http://whitestar.linuxbox.org/mailman/listinfo/psysec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://whitestar.linuxbox.org/pipermail/psysec/attachments/20090515/46874e84/attachment.htm>
More information about the psysec
mailing list