Or – what’s the link between conspiracy theories and information security?
A blog in honour of the victims of 9/11.
It’s 1:35 AM, and I just finished watching both 3 episodes of Californiacation then watched a BBC special on the never-ending conspiracy theories about 9/11. I feel I must write, so I do.
Earlier yesterday my beautiful and intelligent 12 years old daughter had told me she had learned about the attack in school. She described to me the story as we all heard it. “Oh, how little does she know; How little does she know that in the eyes of so many people she is nothing but a fool” I thought to myself as I looked sadly over the headlines of all the world leading newspapers of 12/11, the day after, that I found on some website.
For so many people my reality is just a fake. For them 9/11 was nothing more than a carefully planned conspiracy, for them, everything you heard was a lie. For them, it’s all about the perfect plan. After watching the BBC program I can only say that this virtual reality that those people live in reminded me why information security fails so many times.
What strike me so clearly is the fact obviously none of the people who believe in the conspiracy theories have ever been involved in information security.
Why? Because there is no such thing is a perfect plan.
Let’s start with keeping the whole plot secret. I have been involved in many projects throughout my career. IF there was such thing as a planned 9/11 and if they were forced to implement any discipline of information security, then the size of such project would have been SO huge that the chances of no information leakage is simply unrealistic. We talk about an event that requires so much secrecy that the ability of predicting a 100% success in maintaining such secret by a very large group of people is simply not realistic. There is no way such a secret would have stayed for so long, and a sudden death of a large group of people who were supporting such an operation in order to silence everyone is simply unrealistic in our days when information is so fluid. It was just another reminder that my reality has nothing to do with the way other human beings perceive the world. Sure, we probably could agree that the earth is turning around the sun, but other than that I’m pretty sure we don’t really share a lot in common with people who claim that 9/11 was a master plan.
What else can we learn from 9/11? That there is no perfect plan – neither to the attackers (United 93 who failed to reach the congress or the Whitehouse) and neither to the way the USA had constructed its aviation security. Still for many people this is all a fake. After many years in the field of information security I can testify I saw more events in which the organization I worked for had chosen to take the easier path and ignore security concerns then I would have wanted to see. Way, way too many events. Why? Because we are only humans and because most of us don’t really understand what it means. “The organization had failed to identify the threats”, “there was lack of awareness”, “security controls did not function when they were required to” – It was true in 9/11, but I’ve also heard it all before so many times in my line of work. Why do we believe what we believe in, why do we perceive what we perceive in, why do we do the things we do – those questions many times will be disregard by organizations, not understanding that our own perception sometimes construct our biggest risk.
I am sending my condolences to the families of the victims that have died in 9/1, and to everyone in the United States of America who will mourn today.
May love be forever in your hearts
© All rights reserved, 2011