There's No Such Thing as Ubiquitous SecurityBy Lawrence Walsh | Posted 2009-07-20 Email Print
BLOG: What does the Indonesia hotel bombings and the Twitter hack have in common? The public calls for broader, more stringent security. Incidents like these are often followed by chatter about widespread vulnerabilities and imminent threats. But we shouldn't race to lock down every potential target or avenue of attack. As Frederick the Great said, "He who defends everything defends nothing."A headline in USA Today last week read: "Jakarta blasts puts spotlight on hotel security."
In the same week, a headline on CNN read: "Twitter hack raises questions about 'cloud computing."
Why are these two headlines linked? It’s because they’re making sweeping assumptions about the consistency of security threats based on two isolated incidents.
Now, let’s get back to the hotel bombing incident.
Malaysia, the world’s largest Muslim nation and the largest economy in Southeast Asia, suffered its first major terrorist attack last week when a group linked to al-Qaeda launched suicide attacks against two hotels in the capital, Jakarta. These hotels were fortified, meaning that visitors and guests must pass through a security checkpoint before entering the grounds and bags are inspected upon entering the building.
The fact that terrorists defeated these security measures has some people calling for an examination of security measures at hotels around the world. In much of the western world, people can drive right up to hotels, leave vehicles idling outside the main lobby, park cars in underground garages, and bring bags and crates into the building without inspection. While the threat is global, Western hotels are able to forego extraordinary security because they do not face the same threat level as their Middle East, Asia and South America counterparts.
The Twitter hack - much like major hacks again TJX, Monster.com, Ameritrade, AOL, ChoicePoint, Heartland and the numerous compromises of the Pentagon and NASA - are more than just random breaches, but rather targets of opportunity. They were both target rich (meaning that they had valuable assets worth stealing or compromising) and accessible, much like the Ritz Carlton and J.W. Marriott in Jakarta. The combination of those two elements makes targets such as these of high value to hackers (or terrorists). But that doesn’t mean that every high value target is being attacked or targeted.