Presentation on theme: "Show Your Vulnerable Side: How to do a Vulnerability Assessment Roger G. Johnston, Ph.D., CPP Vulnerability Assessment Team Los Alamos National Laboratory."— Presentation transcript:
Show Your Vulnerable Side: How to do a Vulnerability Assessment Roger G. Johnston, Ph.D., CPP Vulnerability Assessment Team Los Alamos National Laboratory 505-667-7414 firstname.lastname@example.org@lanl.gov http://pearl1.lanl.gov/seals.default.htm LAUR-04-4147 Talk for the 50th Annual ASIS Conference, Sept 26-30, 2004 (Dallas, TX)
Physical Security consulting cargo security tamper detection nuclear safeguards training & curricula vulnerability assessments novel security approaches new tags & seals (patents) unique vuln. assessment lab The VAT has done detailed vulnerability assessments on hundreds of different security devices, systems, & programs. LANL Vulnerability Assessment Team The greatest of faults, I should say, is to be conscious of none. -- Thomas Carlyle (1795-1881)
This talk will focus primarily on vulnerability assessments of physical security, but presumably many of the ideas and principles also apply to other types of security such as: Physical Security computer security network & Internet security intellectual property security information & records security communications security Better be despised for too anxious apprehensions, than ruined by too confident security. -- Edmund Burke (1729-1797)
physical security: trying to protect valuable, tangible assets from harm. Examples of assets needing protection: Definitions peoplebuildingsmaterials equipmentproductschemicals documentsmoneyweapons drugs, food, & drink museum artifacts hazardous waste Security Guard: “Don't make me take off my sunglasses!” -- From the movie Bringing Out the Dead (1999)
The “harm” that we wish to avoid might involve: Definitions (con’t) theftdestructionsabotage vandalismterrorismespionage counterfeiting unauthorized access tampering The ultimate security is your understanding of reality. -- H. Stanley Judd
vulnerability assessment (VA): discovering and demonstrating ways to defeat a security device, system, or program. Should include suggesting counter-measures and security improvements. Definitions (con’t) He that wrestles with us strengthens our skill. Our antagonist is our helper. -- Edmund Burke (1729-1797)
Before thinking about how to assess physical security, we need to recognize that it is difficult and there are no guarantees of success. Especially because complacency, over- confidence, wishful thinking, and arrogance are not compatible with good security. Physical Security is Difficult! Danger breeds best on too much confidence. -- Pierre Corneille (1606-1684)
Why Physical Security is So Difficult The traditional performance measure for security is pathological: success is often defined as nothing happening. Cost/Benefit analysis is difficult. There are few meaningful standards, fundamental principles, models, or theories. Everything is a compromise & a tradeoff. There is always more spirit in attack than in defense. -- Titus Livius (59 BC)
Why Physical Security is So Difficult (con’t) Objectives are often remarkably vague. Security managers & personnel aren’t always creative or proactive, but adversaries may be. Adversaries and their resources are usually unknown to security managers, yet the adversaries understand the security systems. Society & employees often do not like security. We spend all our time searching for security, and then we hate it when we get it -- John Steinbeck (1902-1968)
Effective security management is highly multi- disciplinary: engineering, computer science, psychology, sociology, management, economics, communication, & law. Adversaries can attack at one point, but security managers may need to protect extended assets. Adversaries need exploit only one or a small number of vulnerabilities, but security mangers must identify, prioritize, & manage many vulnerabilities, including unknown ones. We have to get it right every day and the terrorists only have to get it right once. So we have to be ahead of the game. --TSA Spokeswoman Lauren Stover Why Physical Security is So Difficult (con’t)
Security functions are often tedious. Security personnel have trouble identifying security vulnerabilities because they don’t want them to exist. (It’s hard to think like the bad guys if you devote your career to being a good guy.) Why Physical Security is So Difficult (con’t) No problem can be solved from the same consciousness that created it. -- Albert Einstein (1879-1955)
Physical Security scarcely a “field” at all! - You can’t (for the most part) get a degree in it. - Not widely attracting young people, females, the best and the brightest. - Few peer-review, scholarly journals or R&D conferences. - Lots of snake oil salesmen. - Shortage of models, fundamental principles, metrics, rigor, standards, guidelines, critical thinking, & creativity. - Overly macho and often dominated by bureaucrats, committees, groupthink, “old boys” networks, linear/concrete/wishful thinkers. The only security is the constant practice of critical thinking. -- William Graham Sumner (1840-1910) Why Physical Security is So Difficult (con’t)
Major Tools for Improving Security Security Survey Risk Management (“Design Basis Threat”) Vulnerability Assessment If we don't succeed, we run the risk of failure. -- Dan Quayle
Security Surveys vs. Risk Management vs. VAs Not really the same thing because they produce different results. The task of identifying Threats & Vulnerabilities, done as part of Risk Management (or DBT), is too often not really a Vulnerability Assessment. Security Surveys and Risk Management/DBT were major breakthroughs & are still useful… But they are not enough! Men do not like to admit to even momentary imperfection. My husband forgot the code to turn off the alarm. When the police came, he wouldn't admit he'd forgotten he code... he turned himself in. --Rita Rudner
Security Survey Basically a management walk around. Walk the spaces, looking for security problems. A checklist is often used. We made too many wrong mistakes. -- Yogi Berra
Limitations of Security Surveys Binary Close-ended Often unimaginative Not focused on adversaries Overly focused on the check list Does not encourage new countermeasures Expectation that problems will leap out at you It's better to be looked over than overlooked. -- Mae West, Belle of the Nineties, 1934
Risk Management Similar to Risk Management Techniques in other fields. Identify Assets, Threats & Vulnerabilities, Adversaries, Consequences, Safeguards & Countermeasures. Assign relative priorities and probabilities. (Generate lots of tables.) Field your resources appropriately. The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning. -- Charles Tremper
Design Basis Threat (DBT) “Design Basis Threat” is similar to Risk Management. DBT basically means “design your security to deal with the current real-world threats”. In practice, DBT tends to focus more on hardware and infrastructure than Risk Management does. A hypothetical paradox: what would happen in a battle between an Enterprise security team, who always get killed soon after appearing, and a squad of Imperial Stormtroopers, who can't hit the broad side of a planet? -- Tom Galloway
Limitations of Conventional Risk Management (or DBT) There is rarely any guidance on how to determine the Threats & Vulnerabilities other than looking at past security incidents. But that is being reactive, not proactive. Not good enough post-9/11, in a rapidly changing world, or for dealing with rare catastrophic events. Still binary & close-ended You can never plan the future by the past. -- Edmund Burke (1729-1797)
More Limitations of Conventional Risk Management (or DBT) Often done unimaginatively The attack probabilities are usually a fantasy Suffers from overconfidence in tables and the “fallacy of precision” Not done from the perspective of the adversaries The time to repair the roof is when the sun is shining. -- John F. Kennedy (1917-1963)
More Limitations of Conventional Risk Management (or DBT) Tendency to let the good guys and existing security measures define the adversaries & attack modes Often used to justify the status quo--typically does not encourage new countermeasures Ignores simple/cheap countermeasures when the attack probabilities are judged (rightly or wrongly) to be low or zero It isn't that they can't see the solution. It is that they can't see the problem. -- G.K. Chesterton, The Scandal of Father Brown (1935)
Vulnerability Assessment Perform a mental coordinate transformation and pretend to be the bad guys. (This is a lot harder to do than one might think.) Gleefully look for trouble, rather than seeking to reassure yourself that everything is fine. Unlike Security Surveys or Risk Management, don’t let the good guys define the problem or its parameters. It is sometimes expedient to forget who we are. -- Publilius Syrus (~42 BC)
security survey: issue orders to close & lock window! risk management: ignore if not envisioned as part of a specific threat or attack from a likely adversary; otherwise, design procedure to close & lock window. VA: Oh boy, an open window! What mischief can this lead to? Example: Open Window You can observe a lot by just watching. -- Yogi Berra
Vulnerability Assessment Steps 1.Fully understand the device, system, or program and how it is REALLY used. Talk to the low-level users. 2.Play with it. 3.Brainstorm--anything goes! 4.Play with it some more. Scientists are the easiest to fool. They think in straight, predictable, directable, and therefore misdirectable, lines. The only world they know is the one where everything has a logical explanation and things are what they appear to be. Children and conjurors--they terrify me. Scientists are no problem; against them I feel quite confident. -- Spoken by Zambendorf in Code of the Lifemaker, (James Hogan, 1987)
Vulnerability Assessment Steps 5. Edit & prioritize potential attacks. 6. Partially develop some attacks. 7. Determine feasibility of the attacks. 8. Devise countermeasures. It's awful hard to get people interested in corruption unless they can get some of it. -- Will Rogers (1879-1935)
Vulnerability Assessment Steps 9.Perfect attacks. 10.Demonstrate attacks. 11.Rigorously test attacks. 12.Rigorously test countermeasures. A thing may look specious in theory, and yet be ruinous in practice; a thing may look evil in theory, and yet be in practice excellent. -- Edmund Burke (1729-1797)
Brain Storming Nothing can inhibit and stifle the creative process more--and on this there is unanimous agreement among all creative individuals and investigators of creativity--than critical judgment applied to the emerging idea at the beginning stages of the creative process.... More ideas have been prematurely rejected by a stringent evaluative attitude than would be warranted by any inherent weakness or absurdity in them. The longer one can linger with the idea with judgment held in abeyance, the better the chances all its details and ramifications [can emerge]. -- Eugene Raudsepp, Managing Creative Scientists and Engineers (1963). In theory there is no difference between theory and practice. In practice there is. -- Yogi Berra
What if you can’t have or afford outside vulnerability assessors? Use smart, hands-on, creative people inside your organization who are not associated with security. Seek: wise guys, trouble makers, smart alecks, schemers, organizational critics, loophole finders, questioners of tradition and authority, outside-the- box thinkers, artists, hackers, tinkerers, problem solvers, & techno-nerds. Could Hamlet have been written by committee, or the Mona Lisa painted by a club? Could the New Testament have been composed as a conference report? Creative ideas don't spring from groups. They spring from individuals. -- Alfred Whitney Griswold (1885-1959)
Vulnerabilities are often obvious to outsiders… To see what is in front of one's nose needs a constant struggle. -- George Orwell (1903-1950)
Other Reasons for Doing a Vulnerability Assessment mental rehearsal fresh perspectives fun/relieves tedium increased alertness bluffing (don’t underestimate) enhanced sense of professionalism educational/professional development for security staff can involve other members of the organization, thus increasing employees’ security awareness can help justify additional resources for security Without deviation from the norm, progress is not possible. -- Frank Zappa (1940-1993)
Tricky Aspects of Vulnerability Assessments (VAs) No meaningful standards or underlying theory Defeats are a matter of degree & probability No clear endpoint Wishful thinking is hard to avoid. Nothing is easier than self-deceit. For what each man wishes, that he also believes to be true. -- Demosthenes (382-322 BC)
Tricky Aspects of VAs (con’t) Recursion (chasing a moving target) Most security failures are due to human error, which is hard to model and predict. Testing/Demonstration realism can be difficult to achieve. We are never deceived; we deceive ourselves. -- Johann Wolfgang von Goethe (1749-1832)
General Attributes of Effective VAs 1. No conflicts of interest or wishful thinking. 2. No “Shoot the Messenger” Syndrome. No retaliation or punishment against security personnel or managers when vulnerabilities are found. 3. Use of independent, imaginative assessors who are psychologically predisposed to finding problems and suggesting solutions, and who (ideally) have a history of doing so. When people are engaged in something they are not proud of, they do not welcome witnesses. In fact, they come to believe the witness causes the trouble. -- John Steinbeck (1902-1968)
Attributes of Effective VAs 4. No binary view of security. 5. Rejection of a finding of zero vulnerabilities. 6. Rejection of the idea of “passing” the VA, or of VAs as “certification”. 7. Discovering vulnerabilities is viewed as good (not bad) news. When we were children, we used to think that when we were grown-up we would no longer be vulnerable. But to grow up is to accept vulnerability... To be alive is to be vulnerable. -- Madeleine L'Engle
Attributes of Effective VAs 8.Done early, iteratively, and periodically. 9.Done holistically, not by component, sub-system, function, or layer. (Attacks often occur at interfaces.) 10.No unrealistic time or budget constraints on the VA, or on what attacks or adversaries can be considered. 11. Done in context. He that will not apply new remedies must expect new evils; for time is the greatest innovator. -- Francis Bacon (1561-1626)
Attributes of Effective VAs 12.No underestimation of the cleverness, knowledge, skills, dedication, or resources of adversaries. 13.The good guys don’t get to define the problem, the bad guys do. 14.Simple, low-tech attacks are examined first. A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. -- Douglas Adams (1952-2001)
Attributes of Effective VAs 15.Findings are reported to the highest appropriate level without editing, interpretation, or censorship by middle managers. 16.No confusion about the difference between VAs and other kinds of hardware testing (materials, environ- mental, ergonomic, field readiness) or personnel testing. The first principle is that you must not fool yourself-- and you are the easiest person to fool. -- Richard Feynman (1918-1988)
Attributes of Effective VAs 17. The following attacks are all considered: fault analysis false alarming poke the system wait & pounce backdoor attacks impersonation social engineering tampering with security training insiders, outsiders, insiders + outsiders Evil is easy, and has infinite forms. -- Blaise Pascal (1623-1662)
Attributes of Effective VAs 18.Rohrbach’s Maxim must be considered: No security system will ever be used properly (the way it was designed) all the time. 19.Shannon’s Maxim must be considered: The adversaries know and understand the security systems, strategies, and hardware being used. Inanimate objects can be classified scientifically into three major categories; those that don't work, those that break down and those that get lost. -- Russell Baker Everything secret degenerates … nothing is safe that does not show how it can bear discussion and publicity. -- attributed to Lord Action (1834-1902)
Attributes of Effective VAs 20.The vulnerability assessors need to praise the good things because: + We want the good things to be recognized and to continue. + Security managers need to be willing to arrange for future VAs. + Discussing the good things will make security managers more willing to hear about potential problems. 21.It should be clear up front that the vulnerability assessment will produce more suggestions and countermeasures than are likely to be implemented. Security mangers (not the assessors) should ultimately decide which (if any) make sense to employ. Our only security is our ability to change. -- John Lilly
Don’t Overlook the Insider Threat! The insider threat is often overlooked or underestimated, and can be very difficult to deal with. Disgruntled employees are a particular insider threat. We have met the enemy and he is us. -- Walt Kelly, the words of Pogo in Earth Day 1971 cartoon strip
Disgruntled Workers Research shows that employee disgruntlement is associated with perceptions of unfairness & inequity, not necessarily objective conditions. Disgruntled employees are known to be a risk for workplace violence, espionage, theft, & sabotage. What has posterity ever done for me? -- Groucho Marx (1890-1977) Honesty may be the best policy, but it's important to remember that apparently, by elimination, dishonesty is the second-best policy. -- George Carlin
Workplace Violence (USA) ~ 1 million victims of workplace violence each year >1000 workers killed each year due to workplace homicide Homicide is the number one cause of on-the-job deaths for female employees Source: NIOSH Always go to other people’s funerals. Otherwise they might not come to yours. --Yogi Berra
Causes of Increasing Worldwide Employee Disgruntlement global downsizing & outsourcing weakening of labor unions & collective bargaining increased use of temp & limited-term employees the disappearance of lifetime employment increased workforce diversity We have to distrust each other. It's our only defense against betrayal. -- Tennessee Williams (1911-1983)
Causes of Increasing World- Wide Employee Disgruntlement (con’t) technical obsolescence the rapid pace of organizational change increased whistle-blowing depersonalization caused by increased urbanization, expanding bureaucracy, the growth of multinational corporations, and the increased use of email & virtual meetings No one can build his security upon the nobleness of another person. -- Willa Cather (1873-1947)
Disgruntled Americans American employees are particularly at risk for disgruntlement due to characteristic traits: identity is based on work work long hours strong individualism traditional belief in fairness traditional belief in “American Dream” Americans do not abide very quietly the evils of life. -- Richard Hofstadter In every American there is an air of incorrigible innocence, which seems to conceal a diabolical cunning. -- A. E. Housman (1859-1936)
Disgruntlement Countermeasures Listen, acknowledge, validate, & empathize with employees. Allow employees to freely offer suggestions & concerns. Have legitimate complaint resolution processes. Too often these are non-existent, ineffective, adversarial, or fraudulent, especially in large or bureaucratic organizations. This is very dangerous (and bad for productivity). Be aware that employee perceptions about fairness are the only reality. Treat departing employees & retirees well. Sincerity is everything. If you can fake that, you've got it made. -- Comedian George Burns (1896-1996)
Also, Don’t Forget About… Computer & Computer Media physical security! Relations with public, neighbors, & local authorities Effective security awareness training for all employees Even if you're on the right track, you'll get run over if you just sit there. -- Will Rogers (1879-1935)
Or about having plans to deal with… Espionage Sabotage Terrorism Natural Disasters War & Civil Unrest Product Tampering Illness & Epidemics Industrial Accidents Strikes & Labor Unrest When choosing between two evils, I always pick the one I never tried before. -- Mae West (1893-1980)
Product Tampering On a bag of Fritos: You could be a winner! No purchase necessary. Details inside. Tamper-Evident Packaging Model of how to effectively deal with product tampering: J&J
Warnings 1.high tech ≠ high security 2.inventory function ≠ security function If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. -- Bruce Schneier
Why High-Tech Devices & Systems Are Usually Vulnerable To Simple Attacks l Still must be physically coupled to the real world l Still depend on the loyalty & effectiveness of user’s personnel l The increased standoff distance decreases the user’s attention to detail l Many more legs to attack
Why High-Tech Devices & Systems Are Usually Vulnerable To Simple Attacks (con’t) l The high-tech features often fail to address the critical vulnerability issues l Users don’t understand the device l Developers & users have the wrong expertise and focus on the wrong issues l The “Titanic Effect”: high-tech arrogance
Inventory Counting and locating our stuff. No nefarious adversary. Will detect innocent errors by insiders, but not surreptitious attacks by insiders or outsiders.
Meant to counter nefarious adversaries, typically both insiders & outsiders. Watch out for mission creep: inventory systems that come to be viewed as security systems! Security
tag: an applied or intrinsic feature that uniquely identifies an object or container. types of tags inventory tag (no malicious adversary) anti-counterfeiting tag (counterfeiting is an issue) security tag (counterfeiting & lifting are issues) buddy tag or token (counterfeiting is an issue) lifting: removing a tag from one object or container and placing it on another, without being detected. Example: Tags Never answer an anonymous letter. -- Yogi Berra
bar codes rf transponders (RFIDs) contact memory buttons Tags: Classic examples of confusing Inventory & Security, High-Tech & High-Security Usually easy to: * lift * counterfeit * spoof the reader Between the idea and the reality, Between the motion And the act Falls the Shadow. -- T.S. Eliot, The Hollow Men, 1925
GPS: Another classic example of confusing Inventory & Security, High-Tech & High-Security The private sector, foreigners, and 90+% of the federal government must use the civilian GPS satellite signals. These are unencrypted and unauthenticated. They were never meant for critical or security applications, yet GPS is being used that way! If you put tomfoolery into a computer, nothing comes out of it but tomfoolery. But this tomfoolery, having passed through a very expensive machine, is somehow ennobled and no-one dares criticize it. -- Pierre Gallois
Attacking GPS Receivers Blocking: just break off the antenna, or shield it with metal; not surreptitious. Jamming: easy to build a noisy rf transmitter from plans on the Internet; not surreptitious. Spoofing: surreptitious & (as we’ve demonstrated) surprisingly easy for even unsophisticated adversaries using widely available GPS satellite simulators. Physical attacks: appear to be easy, too.
GPS Cargo Tracking GPS Satellite Tracking Information Sent to HQ (perhaps encrypted/authenticated) GPS Signal (vulnerable here) GPS is great for navigation, but it does not provide high security.
Warnings (con’t) 3.Don’t place undue confidence in data encryption or authentication! 4.Don’t place undue confidence in biometrics! 5.Don’t assume counterfeiting is difficult! Only fools are positive. -- Moe Howard (1897-1975)
Data Encryption/Authentication Intended for public communication between two secure points. Provides reliable security if and only if the sender and the receiver are physically secure. The security of a cipher lies less with the cleverness of the inventor than with the stupidity of the men who are using it. -- Waldemar Werther
Counterfeiting Usually easier than developers, vendors & manufacturers claim. Often overlooked: The bad guys usually only needed to counterfeit the apparent performance of the security device, not the device itself or its real performance. The handwriting on the wall may be a forgery. -- Ralph Hodgson (1871-1962)
Warnings (con’t) 6.Watch out for the multi-layer fallacy: Believing that multiple layers of bad security equals good security. 7.Security managers will usually over-estimate the difficulty of defeating their security, and under-estimate the cleverness, determination, & resourcefulness of adversaries. 8.Adversaries can usually bluff their way into a facility or organization more easily than might be imagined. The simple act of paying attention can take you a long way. -- Keanu Reeves
9. Watch out for fuzzy thinking: scapegoating wishful thinking “one-size fits all” sloppy terminology conflicts of interest design by committee ambiguous functions & goals failure to understand the end user’s world ignoring changing circumstances & adversaries lack of periodic, effective vulnerability assessments forgetting that security is a probabilistic compromise over-confidence in standards, testing, & precedence Warnings (con’t) You’ve got to be very careful if you don’t know where you are going, because you might not get there. -- Yogi Berra
security survey ≈ safety “walkaround” security risk management or “design basis threat” ≈ safety “what if?” exercises security vulnerability assessment ≈ “adversarial” safety analysis??? Optimizing Safety In case of contact [with this chemical], immediately wash skin with soap and copious amounts of water. If swallowed, wash out mouth with water provided the person is conscious, and call a physician. -- Material Safety Data Sheet for sucrose (table sugar)
32 Attributes of Flawed Security Programs 1. Widespread arrogance & overconfidence. 2. Security is viewed as binary. (This inhibits improvement.) 3. Insiders are not viewed as a threat. 4. Overly focused on paperwork, auditors, regulations, & formality. 5. Security & security managers are micro- managed by unqualified business executives.
Attributes of Flawed Security Programs (con’t) 6. Security personnel are reluctant to report problems or security incidents, or ask questions. 7. Security problems, vulnerabilities, & incidents are covered-up. 8. Vulnerability assessment are rare; security is rarely tested. 9. “What if?” mental or walk-through exercises are rare, instead of being done daily or weekly.
Attributes of Flawed Security Programs (con’t) 10. Security personnel receive little training or practice, and are given few opportunities for professional advancement. 11.Security supervisors & managers are not well respected by subordinates. 12.Security managers rarely chat informally with regular (non-security) employees. 13.Security personnel are not well respected by non-security personnel.
Attributes of Flawed Security Programs (con’t) 14.The morale and self-esteem of security personnel is low. Appearance is poor. 15.Low-level security personnel are treated poorly. 16.Low-level security personnel are rarely recognized for good work. 17.Security training exercises are unrealistic & tedious. 18.Security personnel have few opportunities to demonstrate their prowess in contests/exercises.
Attributes of Flawed Security Programs (con’t) 19. Security personnel feel no loyalty or connection to their employer, or to the employees and the organization they are protecting. 20. The organization lacks a fair and effective grievance or complaint resolution process for disgruntled employees (whether security or non-security personnel).
Attributes of Flawed Security Programs (con’t) 21. Security personnel are not briefed at the start of a shift, nor checked for fitness of duty. 22. Security personnel are not debriefed after their shift. 23. No pre-employment screening of employees; no periodic, thorough background and reliability checks performed on security and other critical personnel.
Attributes of Flawed Security Programs (con’t) 24. Unexplained or unexpected absences of security personnel are not investigated, nor are sudden outbreaks of widespread illness. 25. Critical security personnel accept food and drink from colleagues & co-workers. 26. Rosters, duty assignments, & schedules of authorized work are not well protected from tampering. Paper documents and verbal orders for security personnel are taken at face value.
Attributes of Flawed Security Programs (con’t) 27. Security personnel do not know exactly how and when to summon help or sound an alarm. 28. There are no clear policies on the use of physical force (including lethal force and force against coworkers), or else those policies are largely unknown to security personnel and rarely discussed in a “what if?” format. 29. Security personnel are vague on exactly what is expected of them.
Attributes of Flawed Security Programs (con’t) 30. The health and safety of security personnel is a low priority. Insurance and medical coverage is absent or poor. 31. VIPs are allowed to bypass standard security procedures. 32. Security managers are automatically fired when there is a major security incident. Low-level security personnel are automatically disciplined or fired when there is a minor security incident.
We have a CD containing related papers & reports. Available today or request a copy at email@example.com@lanl.gov The LANL Vulnerability Assessment Team http://pearl1.lanl.gov/seals/default.htm Roger Johnston, Ph.D., CPP, Ron Martinez, Leon Lopez, Sonia Trujillo, Adam Pacheco, Anthony Garcia, Jon Warner, Ph.D., Alicia Herrera, Eddie Bitzer, M.A. Ring the bells that still can ring. Forget your perfect offering. There is a crack in everything. That's how the light gets in. -- Anonymous
A new scholarly, non-profit peer review journal: The Journal of Physical Security http://jps.lanl.gov Security can only be achieved through constant change, through discarding old ideas that have outlived their usefulness and adapting others to current facts. -- William O. Douglas (1898-1980)
Security is like liberty in that many are the crimes that are committed in its name. -- Robert H. Jackson, dissenting opinion in U.S. vs Shaughnessy, 1950