[ Check out my latest post on the HP Security Blog: “The Secure Web Series, Part 2: How to Avoid User Account Harvesting” ]
Many are celebrating the outcome of the Boston bombing standoff that happened yesterday. They shouldn’t be.
One of the two suspects was captured alive, and on the surface that appears to be a victory, but to any trained eye both the handling of the event, and its outcome, were a colossal failure.
The Goals of Terrorism
Terrorists are all about asymmetric warfare, a tactic whereby they spend very few resources in order to make us spend much more. And on that score the Boston bombing was an absolute victory for them.
Here’s what we broadcast to every terrorist worldwide yesterday:
- By spending around $40 you can cause our entire country to soil itself for 24 hours, cause a major U.S. metropolitan area to completely shut down, and cost us around 300 million dollars
- By spending around $40 you can turn United States of America into frightened children. You can make them afraid to go about their business. You can force them to look at each other suspiciously in a way that undermines their sense of freedom.
- Terrorists now have the upper hand in the U.S., because any idiot with $100 and a throwaway telephone can create mass pandaemonium in the most powerful country in the world.
Think about that.
What happens if tomorrow someone throws a pipe bomb in a 7-eleven, and then 20 minutes later calls a few news stations and says that there are 30 bombs planted in key businesses and schools around the country.
Everything. Completely. Stops.
They shut down our country–all by spending resources that round down to zero.
Why? Because our response in the Boston incident was obscenely over the top. I’m sure the Israelis still haven’t stopped laughing at us. Shut down Tel Aviv because someone killed a couple of people with a bomb? Are you kidding me?
Oh, but wait, “We’re not Israel”, I hear you saying. People don’t attack us much. Great, so we need to set the precedent now, because it’s likely to get a lot more common from here on out.
The Proper Response
Here’s how you’re supposed to handle this type of thing:
- Continue functioning: panic is the worst possible response you can have. You must continue operating to let the attackers know that their efforts will have limited effect
- Handle the issue quietly and professionally: eliminate the threat and then calmly let people know it’s been dealt with, as it always will be, and that they should continue doing #1
Quite simply, our response yesterday of shutting down a fucking city over a pipe bomb virtually guaranteed that we’ll be attacked again. By overreacting and priming everyone for panic the next time we have reduced our security, not improved it.
Shame on us. I truly hope we seek out some actual security experts to guide our national response to this type of threat. The longer it takes us to do so the more we embolden those who currently seek to commit additional terror acts against the United States.
1 Here is a previous post of mine on the same topic of terrorism resilience
- Terror Defense Based on Resilience Rather than Avoidance
- Information Security Resilience
- The Answer to Terrorism is Resilience
- Why You Should Have a BugOutBag
- Republicans Know an Obamacare Win Means a GOP Loss in 2016
- iPhone vs. Android: A Picture’s Worth a Thousand Words
- How the Norwegians Reacted to Terrorism | Schneier
Thank you for visiting.blog comments powered by Disqus