RSS FeedBlogs

Unscrewing Security

Alec Muffett

RSS FeedSubscribe to this blog
About Author
Alec Muffett

Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source. He is an independent consultant, writer, and speaker specialising in security education.

Learning about Cybersecurity from an Unnatural World

Radio 4 on Security: Bio, Cyber or otherwise...

Article comments

I was listening to the rerun of File On 4[1] this evening, and a chap from the FBI said something very sensible about Cybersecurity.

Albeit the programme itself was nothing to do with cybersecurity and its tone was mildly hysterical in conflating domestic DIY-biologists and science experimenters - complete with fearsome plans downloaded from the internet - with anthrax outbreaks, vox-pop Oxford ethicists, and preparedness for "Olympic bioterrorism".

Oh, and the destruction of humanity was mentioned.

But still a FBI agent (from the Weapons of Mass Destruction Directorate) said something very clever about how to deal with biosecurity, and therefore how to deal with security in general, and thus how to deal with cybersecurity:

FBI Special Agent Edward Yue[2] said:

Our approach is providing [the biology research community] the situational awareness that there are these risks and concerns [of bioterrorists manufacturing bioweapons] - and it's basically how do we empower [the community] to be able to have the ability to identify possible security concerns or potential criminal activity and take action? We're establishing what I like to call a neighbourhood watch-type type mentality...

BBC presenter:

And are you confident that that is sufficient to deal with the potential for harm which these biological techniques could introduce into the hands of someone who wishes us great ill?


It's gonna be an evolving process, right? Because of the fact that the science in all these different realms are moving so rapidly, it's going to be very challenging to get the requisite regulations or statutes to cover these very concerns that you're mentioning. So that's why our stance is to be proactive...


So your idea is that this will be a self-policing group of amateurs?




The impression I get is that the horse has already left the stable, and you're trying to come up with ways of dealing with its potential for bad behaviour? Is that right?


Partially. You're right on the fact that the horse has left the barn but that's been the case with the life-sciences for decades now; there's only a limited number of personnel in the law-enforcement arena, but then it's untenable to put everything on lockdown and provide oversight. That won't address the other potential issue of it becomes so onerous for the scientist to engage in their work we [would be] stifling, potentially, advances in beneficial technologies and solutions

(Minor edits in [brackets])

This community engagement is basically sound thinking - and it's not due to lack of funding because the US has spent $60 billion over a decade on biodefence; doubtless a lot of that has gone on complex projects and training, but the fact that at the end of that the FBI's approach is still to work with the community - to make them threat-aware and have them self-policing is very interesting.

Likewise for information security: I would greatly support efforts to spend money on grassroots community building over regulation, certification, monitoring and interception.

The programme also went to considerable lengths to suggest that biology research today is only slightly more complex than cookery, and took time to compare and contrast big "Level 4 Containment" research labs - with airtight doors and showers - with the home-brew equivalents made from bric-a-brac.

Strange to consider then that the laptops used by even the most elite of security pentesters use are precisely the same as those of any (other?) teenager.

Follow me as @alecmuffett on Twitter and this blog via the RSS feed.

[1] 18Mb MP3 at the BBC
[2] spelling may differ, audio citation only


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *