Tuesday, August 16, 2011

What Would You Do

What Would You Do is the name of a popular TV show which is something of a cross between Candid Camera and America's Most Wanted. The producers set up a controversial situation in a public location and with hidden cameras record people as they react. It is entertaining and generally provides a unique glimpse into our human nature with all of our bias and personal perspectives quickly exposed.

Reading current debates centered around how BART officials plan to deal with the threat of protests organized using cell phones and social media makes me wonder what any responsible security professional would do if put into a similar situation. By announcing the plan to shut down cell service in the BART stations, officials have raised the ire of many including the well know hactivist group Anonymous.

There has been a lot of controversy around officials attempting to mute the public by heavily filtering or shutting down the internet altogether as in the case of China and Egypt. The West typically decries this behavior citing the need for freedom of speech. But then we hear Number 10 Downing suggest blackberry communication be jammed to avoid further social unrest in London. Outrageous and hypocritical we would clearly say here in the good old US of A. We would never see that happen here. Then we read about transit officials in San Francisco suggesting similar steps in anticipation of a protest potentially disrupting their transportation system.

I do not want to get in the middle of a political or idealogical debate, but rather, like the popular TV show, I simply want to pose the question: If you knew in advance that your company was going to be targeted through the use of technology how would you respond? What if it was your management who angered the hactivist community by refusing to process payments for Wikileaks as Paypal did? Or it was your CEO who made some inflammatory statements or simply boasted that your network was impregnable inciting the black hat community.

How far would you be willing to go to ensure the safety, integrity, security and reliability of your operations? Would your industry matter? What if, for example, you ran a hospital and some anti-abortion group decided they were going to infiltrate your systems and prevent the distribution of patient medication? What if it was an airline and not a railway system under attack and the proposed attack would have an impact on passenger safety? What if your operation is an integral part of the nation's defense system or controls a nuclear power generating facility? Where would you draw the line? Does any of this make a difference in your response?

My point is this. It is easy to be critical and condemn the actions of other people. But for a moment try to imagine you are in the hot seat. Assume the stakes are high, including the potential loss of life. Under these conditions, it becomes a lot more difficult to say what the appropriate action would be.

In the words of  John Quinones, host of the show, "What would you do?"

Captain Joe

Follow me on Twitter @JPuglisiLLC