Tuesday, December 14, 2004

Concentration of resources

Bruce Schneier has a thought on the ability to concentrate resources and how it confers a significant advantage.

...the ability to concentrate resources. The defender must defend against all possible attacks, while the attacker can concentrate his forces on one particular avenue of attack. This precept is fundamental to a lot of security, and can be seen very clearly in counterterrorism. A country is in the position of the interior; it must defend itself against all possible terrorist attacks: airplane terrorism, chemical bombs, threats at the ports, threats through the mails, lone lunatics with automatic weapons, assassinations, etc, etc, etc. The terrorist just needs to find one weak spot in the defenses, and exploit that. This concentration versus diffusion of resources is one reason why the defender's job is so much harder than the attackers.

I had mentioned that principle in a conversation with one of the adopted nephews. Having watched some of the crime/forensic science shows on TV, I pointed out to him that the police have a big advantage when investigating a crime. The criminal has a very small window of opportunity to get everything right – to hide clues, to spot anything that might give him away, to cover tracks, etc. The police have all the time they can afford to spend, and can sometimes wait years for technology to catch up with the state of the evidence. (For example, murders are being solved now by the use of DNA typing technology that was invented years after the crime was committed.)

I hope I made the point that "crime doesn't pay". However, this is also an example of the advantage going to the side that can concentrate resources.

This same principle guides security questioning at the Ben Gurion Airport in Israel. In this example, the attacker is the security screener and the defender is the terrorist.

>snip<

Security is impressively tight at the airport, and includes a potentially lengthy interview by a trained security screener. The screener asks each passenger questions, trying to determine if he's a security risk. But instead of asking different questions -- where do you live, what do you do for a living, where were you born -- the screener asks questions that follow a storyline: "Where are you going? Who do you know there? How did you meet him? What were you doing there?" And so on.

See the ability to concentrate resources? The defender -- the terrorist trying to sneak aboard the airplane -- needs a cover story sufficiently broad to be able to respond to any line of questioning. So he might memorize the answers to several hundred questions. The attacker -- the security screener -- could ask questions scattershot, but instead concentrates his questioning along one particular line. The theory is that eventually the defender will reach the end of his memorized story, and that the attacker will then notice the subtle changes in the defender as he starts to make up answers.

When someone proposes some principle or explanation of how the world works, I look for generalizability. The more different things a principle can reasonably explain, the more I'm inclined to believe it's true.

No comments: