cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer I

Different kinds of security

For years, no, actually decades, I have read, with pleasure and reliance, a certain columnist’s columns on politics in BC. He has been knowledgeable, analytical, and educational. Due to his taking on a field outside his expertise in 2020, that of the pandemic, I am rapidly losing any and all of the respect that I ever had for his journalistic abilities.

 

https://vancouversun.com/opinion/columnists/vaughn-palmer-dix-ducks-and-covers-before-fessing-up-on-...

 

His latest column chides Health Minister Adrian Dix for being careful in his answer about a question involving the rise of infections in long term care homes. Yes, Dix might have answered earlier and more directly that staff is responsible for most outbreaks in long term care. But that is a loaded question right now. Staff are responsible for outbreaks because they are the ones moving between the community and the homes. What do you want to do about that? Ban the staff? Leave the homes unattended, and let the residents shift as best they can from their beds?

 

But the columnist isn't content to raise that nonsensical issue. He then goes on to blame the "second wave" surge on the election. Anyone who takes the time to look at the case numbers can see that the election made almost no contribution to the surge, which clearly dates from Thanksgiving dinners and parties.

 

The columnist then takes up the cudgel on behalf of the idea of "routine" testing for staff. As he has been told many times when he raises the (same) question on "The Dr. Bonnie Show (co-starring Adrian Dix and Nigel Howard)," there IS routine testing of medical staff. It's just that the routine varies depending upon the level of medical and public health risk, and not at the call of some political columnist.

 

Testing of every staff member twice a week would still leave at least a four day window every week during which people could become infected and infectious. In fact the window would be longer, since test results take about 24 to 48 hours to be processed. And who is it that would do these tests (by the way, how many LTC staff are there in the entire province of BC?), and what work would not be done while they are doing them? Risk management is obviously not the columnist's field.

 

It may just be CoVID fatigue and increased irritability on my part, but I am growing distressed with the poor quality of the Sun's coverage of the pandemic, and it's seeming pursuit of the scandalous over the informative. And so I fired off this rant to some of my friends in security.

 

And got a response back:

 

> Did you send this to the wrong mailing list?

 

So, I definitely did not make the point I wanted to make properly. I suppose a bit more detail (and a bit less rant) is in order.

 

Lemme start with a seminar I did some time back. Unusually, it was actually in Vancouver. I had two candidates, sitting next to each other, as it happened, who both worked for government, but came from radically divergent security situations, as became obvious when we discussed the good old CIA triad of Confidentiality, Integrity, and Availability.

 

One worked for E-Comm. These are the people who, among other things, answer the phones when you call 911. The E-Comm people don't exactly broadcast their calls, but confidentiality is not their first concern. That's availability. When somebody in trouble calls 911, somebody HAS to answer the phone. (I had a tour through E-Comm one time, and their business continuity and resilience planning is really impressive.)

 

Sitting beside him was a candidate from one of the business development banks of the federal government. These agencies provide loans to businesses that want to expand their business. Since the idea is expansion, most of the loans aren't exactly secured by traditional equity. In order to ensure that the money (mostly) goes to actually building business, the companies have to provide masses of information about themselves, their markets, and their plans. This data is highly confidential: if it ever got into the hands of their competitors, the companies could be in real trouble. So everything is kept strictly confidential, and almost all their security is directed that way. But availability? As he said himself, "Hey, we're the federal government. If we disappeared for a month, who would even notice?"

 

I guess what the columnist doesn't see (and what I didn't really allow for), is that he has worked for decades in politics. Politics is definitely a long game. It doesn't really happen all that fast. It's important to have a really good memory, going back decades. You need to analyse. And you've got all the time in the world to analyse, because nothing is going to happen very quickly. You need to look, in minute detail, at what the government, and political figures, are doing, while they are doing it, to point out minor flaws so that, by the time an act is passed, it's perfect. (It never actually is perfect, but that's what you are aiming for.)

 

But a pandemic isn't politics, even though a lot of political work is involved. A pandemic is emergency management. You have to do something, because, if you don't, people will die. And, often, anything you do is better than doing nothing, because if you do nothing, people will die. So, delaying things while you look for a perfect solution is wrong, because, in emergency management, "the best" is very definitely the enemy of the good. Pandemics are fluid, and you make the best choice you can, at the time, with limited information, and change plans when the information changes, and hope, rather desperately, that the first plans you made don't run completely counter to later information. But you make a choice, and do it, because, if you don't, people will die.

 

In emergency management, you do try to get divergent opinions, to try and make sure that you don't make a drastic mistake. But the very last thing you need, in the middle of a pandemic or other disaster, is someone publicly second-guessing what you are doing. That can wait for the "after action" debriefings. During the crisis, having some political columnist (with no training in emergency management, or even risk management) saying that you are making a mistake is just messing with the messaging you are trying to get out to the public. And, if that happens, people might die.

 

There are different types of security. They are useful in different types of situations. There is no "one size fits all." We need to apply the right security to the right situation. And we definitely don't want to apply the wrong security to the wrong situation.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
AppDefects
Community Champion

Re: Different kinds of security

@rslade are you sure you didn't send this to the wrong list 🤔

rslade
Influencer I

Re: Different kinds of security

> AppDefects (Community Champion) mentioned you in a post! Join the conversation

>  are you sure you didn't send this to the wrong list

It's people like you what cause unrest 🙂

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
I walked until midnight in the storm, then I went home and took a
sauna for an hour and a half. It was all clear. I listened to my
heart and saw if there were any signs of my destiny in the sky,
and there were none - there were just snowflakes.
- Pierre Elliott Trudeau recounting a `walk in the
snow' at a news conference announcing his resignation, Feb. 29, 1984
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468