Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
*********************************** *********************************** ** 11 September 2001 ** *********************************** *********************************** "THE RISKS ARE OBVIOUS." BUT PERHAPS NOT OBVIOUS ENOUGH. 11 September 2001 will be painfully remembered by most of the planet's population for the coordinated hijacking of four jetliners and the ensuing surprise attacks on New York City's World Trade Center and the Pentagon, with thousands of lives lost and enormous consequential after-effects. Our hearts go out to everyone close to those who were so irrevocably affected -- including the crash victims, the firemen and other emergency workers in New York City, and especially the UA93 passengers whose efforts evidently saved the lives of others. We are once again reminded how fragile our lives and civic infrastructures are, and how interdependent we all are. Although violent and sudden large-scale termination of people's lives has previously been all too familiar in many countries of the world, many of us have hitherto largely taken too much for granted. Hopefully, the aftermath of this fateful day will dramatically increase public awareness of some of the vulnerabilities in our lives and risks to our freedom. However, the events should come as no surprise, because many warnings have been widely ignored. For example, the President's Commission on Critical Infrastructure Protection of the previous U.S. Administration identified serious vulnerabilities in telecommunications, electric power and other energy sources, transportation, financial services, emergency services, and government continuity. It noted how interdependent these critical infrastructures are, and how they are all related to information technologies. It also observed difficulties in coordination among and within different infrastructures, and perhaps most relevant, a general lack of public awareness. In many respects, complacency has been seen across the board in response to that report. In addition, the White House Commission on Safety and Security (the Gore Commission) identified many serious risks in aviation. (Also, see my paper <http://www.csl.sri.com/neumann/air.html>, presented at the January 1997 International Conference on Aviation Safety and Security, co-sponsored by that commission and George Washington University.) Various analyses of commercial aviation and air-traffic control over the past 18 years within the Department of Transportation have identified potentially serious vulnerabilities that merit closer attention. More recently, a U.S. General Accounting Office report identified many serious problems in airport security. But, perhaps because the risks and threat levels seemed low, or possibly because institutional bureaucracy is so deeply entrenched, very little action was deemed necessary. Unfortunately, some of the issues recognized therein have now come home to roost. As a society, we in the U.S. seem to be unwilling to take certain prudent precautions — perhaps because they would cost too much, or be too inconvenient, or would seriously degrade service. Apparently, we suffer from a serious lack of foresight. The Risks Forum has persistently considered risks associated with our technologies and their uses, but we often note that many of the crises and other risk-related problems have resulted from low-tech events, misguided human behavior, or malicious misbehavior. In short, the typical search for high-tech solutions to problems stemming from social, economic, and geopolitical causes has frequently ignored more basic issues. Over-endowing high-tech solutions is riskful in the absence of adequate understanding of the limitations of the technology and the frailties and perversities of human nature. Whereas there are high-tech solutions that might be effective if properly used, we should also be examining some low-tech and no-tech approaches. One pervasive theme in the Risks Forum over the past 16 years has been the ubiquity of systemic vulnerabilities relating to security, reliability, availability, and overall survivability, with respect to human enterprises, society at large, and to systems, applications, and enterprises based on information technologies. Evidently, we still have much to learn. Let us seek to build a better world, and remain true to our human values and constitutional foundations. Also, let us beware of seeming solutions -- technological or otherwise — that result in further escalation of the risks. Sadly, because of the inherent vulnerabilities in those seeming solutions, we are always at risk, whether we realize it or not. Peter G. Neumann
Please report problems with the web pages to the maintainer