Microsoft man says too much security is bad thingWar on Terror is over-hyped (and over here)By Nick Farrell: Thursday 09 August 2007, 09:11Click here to find out more!A VOLISH INSECURITY expert has issued a stinging attack on the US's War on Terror.Steve Riley, senior security strategist at Microsoft said that too much security was a bad thing and when the cost of mitigating the risk outweighs the cost of that which you are trying to protect, it all gets a bit silly.In a paper entitled "Making the Tradeoff: Be Secure or Get Work Done" Riley said that there is a basic rule about security. You take the cost of securing an asset and measure it against the current cost of leaving things as they are.In other words if a couple of machines go down every week because of security vulnerabilities, that is a cost which can be measured and taken into consideration. He said it was possible to apply this rationalisation to non-IT examples including the US's War on Terror.He said no one is really made safer by taking their shoes off to go through metal detectors. X-ray scanners which can see right through people's clothing is an unacceptable breach of privacy and people should not want to live in a society where this is the accepted norm.Parents paranoid about kidnapping, forbid their children to talk to strangers. However the result, according to Riley, is a generation which can't ask for help when the only source of help is a stranger.This results in a lack of human interaction which is the basis of any civilised society.An IT security approach would be to teach kids to recognise the attacks, rather than react negatively to an imagined fear. In other words recognise the methods of attack, rather than focus on stopping the tools.Attacks usually come through the easiest method open to the attacker. The September 11 terrorists used planes to destroy the World Trade Centre because it was the easiest method at their disposal, he said.He warned that if a terrorist wishes kill people at an airport, forcing people to take their shoes off will not stop a terrorist from detonating a bomb in the security lineup queue.According to APC magazine, a DVD of Riley's talk to the US Tech.Ed on the subject of security was censored and removed by organisers. Well that is the land of the free for you. µ
