cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

"One Minute Left": Hockey, CoVID-19, vaccines, and infosecurity vs hacking

A while back I wrote up a piece on the lessons that ice hockey brings to risk management. Today some lessons from hockey for CoVID-19 management, and thence to security.

 

BC Premier John Horgan has already provided the initial sports analogy. He pointed out that, when running a marathon race, and the final tape comes in site, you don't relax. You dig down and put all your reserves into one final sprint. The CoVID-19 point being that we now have a vaccine. In fact, more than one, with more showing promise of coming on stream shortly. But, as the sports analogy suggests, just because we have a vaccine doesn't mean we stop isolating at home, or physical distancing when out, or handwashing at every turn, or wearing a mask.

 

The equivalent hockey analogy is "the final minute." Hockey periods are twenty minutes long. (With some exceptions that we don't need to go into, now.) For nineteen minutes, the clock just shows the remaining time in minutes and seconds. But, for the final minute of each period, the clock counts down seconds and tenths of seconds.. Because hockey scores are so low, people forget how fast hockey is, as a game. The whole play can go from end to end, in six seconds (and, in a breakaway, even less). This means that, theoretically, in the final minute of a period or a game, the play can go end to end ten times over. And I've seen an Olympic gold medal game decided in the final three seconds. So, when the final minute comes, you put everything you've got into the game.

 

CoVID-19 can be equally fast moving. Let the Rt number go above one, and you start getting exponential growth. As human beings, we only barely understand linear growth, so we don't automatically see the implications of exponential growth, but it's what leads to chain reactions and explosions. So you can have case numbers in single digits and think that you have everything under control. And then it gets a little higher, and you think case numbers in the 30s are OK. And then you think case numbers in the hundreds are OK, and then 300s, and then thousands, and all of a sudden your whole medical system is overwhelmed. And, at that point, a vaccine becomes problematic. Because we don't know how well the vaccine will work on people already infected. And gathering people for vaccines might be a problem if there is high community transmission. Also, the vaccines we've got aren't "one and done." So far the vaccines that have been approved require two shots, with time between and after, so the "final minute" stretches to possibly two and a half months even after you get your first shot. Plus the fact that the vaccine production is only starting, and the fact that 95% effective is not 100% effective, so nobody is safe until everybody in the world is safe, and ...

 

The first security lesson to take from this is that there is only so much we can learn from attacking systems. Many teachers think that teaching security students to attack systems will teach them valuable lessons. That is true, but only so far. There is one lesson that attacking cannot teach you, and that is that, when attacking, you only have to be right once. When you are defencing, you have to be right ALL THE TIME. In security, you can never let your guard down. Not even when you are looking forward to homomorphic encryption or differential privacy or blockchain or cloud or whatever new technology you think is going to be the "magic bullet" "vaccine" that will render security obsolete. (Spoiler alert: security will never be obsolete.)

 

While I was thinking of this, I was also watching the World Juniors. And the Canada versus Slovakia game presented another "last minute" lesson. Something else that tends to happen in the last minute of the game is "pulling the goalie." In hockey you are only allowed to have six men on the ice at any one time. One of these is generally the goalie. But in certain situations, where your team is down by a single goal, and the last minute is coming up, you sometimes take the goalie off the ice so that you can add an extra attacker. This is a desperation move, which is why you only do it when you are going to lose anyway. In the Canada/Slovakia game, Canada was leading two to nothing when they got a penalty in the last few minutes. This means Canada has to take a man off the ice for a time, and the Slovaks had a five-to-four man advantage. Being two goals down, and a man up, the Slovaks decided it was worth the risk to pull the goalie, give themselves a six-to-four two man advantage, and it paid off: they got a goal. Then they got overconfident. With the teams back at even strength, they pulled the goalie again, to give themselves a man advantage. They put the pressure on in the Canadian zone, but one pass back to their point man at the blue line hopped over his stick. As he turned to get it, a Canadian player got past him and picked up the puck. Well, when you have the puck and are ahead of the race, and are facing an empty net, the only question remaining is whether you will panic, shoot too soon, and miss. The Canadian player didn't panic, and the game ended three to one. (Yet another risk management lesson from hockey.)

 

In regard to the pandemic, we are relying on the benefits of the vaccine. But we can't rely on that too much, or too soon. As with security, we need to think of defence in depth. The vaccine is one layer, but relying solely on the vaccine is a desperation move, and it carries enormous risks. We need to keep using our protections of isolation, handwashing, distancing, and so forth, right to the end of the game.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
5 Replies
AppDefects
Community Champion

Nice write-up. Now go talk to the Ontario Minister of Health because rather than fight for the puck and win they would rather hold back COVID-19 doses. Ditto goes for our Quebecois friends. Like everything else in Canada only the elite will win.

rslade
Influencer II

> AppDefects (Community Champion) posted a new reply in Threats on 12-29-2020

> rather than fight for the puck and win they would rather hold back COVID-19
> doses.

So, freezing the vaccine is like freezing the puck? A defensive play that may save
you if you are leading, but ultimately is a poor posture for winning and may let
someone else sneak up on you?

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Instructions for living a life: Pay attention. Be astonished.
Tell about it. - Mary Oliver
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
AppDefects
Community Champion

That's the problem with hockey today too much defense. I'm not a fan of icing the puck either. We need more forwards that can skate, shoot, and score. Save lives today. Inoculate the masses.

GerryS
Contributor II

Excellent write up!

 

Great analogy.

 

Imagine what the game would be like if the 19 minutes of each period was played like the last minute.

 

Would that be a great approach to security or would you burn yourself and staff out.

 

The defense in depth approach is an absolute necessity. Relating it to hockey your forwards would be first line of defense (though much more focused on offense), defense men second line of defense and lastly the goalie, fourth could be considered the goal posts but at that point the shot (attacker) has already missed the goal.

rslade
Influencer II

> GerryS (Contributor I) posted a new reply in Threats on 12-31-2020 10:52 AM in

> Excellent write up!   Great analogy.

Thank you.

>   Imagine what the game would be
> like if the 19 minutes of each period was played like the last minute.

Exhausting! For both players and fans. Some of the World Junior games start out
that way, and I figure the winner is going to be the team that has the stamina to
keep up the pace. (Or the coach that can make the necessary line changes at the
necessary pace.)

>   Would
> that be a great approach to security or would you burn yourself and staff out.

Well, since your security team doesn't face the lmit of how many "men" you can
put on the front lines, if you can get the C-suite to give you the resources I think
it would be a great approach.

>   The defense in depth approach is an absolute necessity. Relating it to hockey
> your forwards would be first line of defense (though much more focused on
> offense), defense men second line of defense and lastly the goalie, fourth could
> be considered the goal posts but at that point the shot (attacker) has already
> missed the goal.

In the lead up to the 2010 Olympics, somebody put together a great ad, to a
modifiied version of the Blue Danube Waltz, showing all kinds of clips of shots on
goal where the staccato notes at the end of each line of the piece were replaced by
the "tings" as the pucks hit the goal posts and top bar (and bounced away). (I also
remember the Women's Gold Medal game where, for some reason, the Canadians
had pulled the goalie and an American player shot on an empty net ... from too
far way and had it bounce off the post and out.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
If you have accomplished all that you have planned for yourself,
you have not planned enough. - Meddigo Message
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468