Monday, October 20, 2008
Hawaii unclear on security concept
by Larry Geller
Hawaii’s Civil Defense needs to learn a few things about, well, civil defense. Let me tell you a short story. We need to go back in time to New York City in the late ‘60s.
I started working for GE at their computer center in the giant window that fronted their headquarters building on Lexington Avenue in New York. Having a room full of computers was briefly a prestige thing, and GE wanted to show it off.
At lunchtime we would often run all the tape drives simultaneously, feed a huge stack of (blank) punch cards through the high-speed reader, and, really amazing, let the super speed paper tape reader shoot a line of yellow tape across the room, where it hit a column and piled up in a heap on the floor.
It was quite a show, and drew crowds that filled the sidewalk outside the show window.
But the Viet Nam war was drawing protests, and so GE moved the computers out of the building and to safety in a proper computer center in New Jersey. Three months after we left, a bomb blew out the window and the room where I had worked.
Companies rapidly learned that one aspect of security is not to let potential evildoers know where their sensitive parts were located. Another thing they did was tighten access security. Suddenly there were guards at the entrance to office buildings and card keys and IDs were needed for entry.
Later came the metal detectors at court houses and other government buildings.
Data centers are obvious targets. Lob a bomb into a computer center and the heart of the organization is destroyed. It becomes unable to conduct its business. So the location of data centers became closely guarded secrets, and they were erased from building maps. Why ask for trouble? Guaranteed, an attacker would go for the data center.
That was 30 years ago. In terms of security, Hawaii may still be in the dark ages, and so may be vulnerable.
Hawaii’s state government remains refreshingly accessible. A visitor can walk right into the office of the governor or any legislator without showing any ID or going through the metal detectors that are now commonplace elsewhere. It’s a good thing, of course. We have amazing access to our elected officials. And to their data center. Here’s part of the map published on the Capitol website:
The computer room (“Senate Data Systems”) is plainly indicated, and you can see how close to the stairs it is located. Easy pickin’s. I’ll bet if someone knocked on the door, they’d open it.
Today’s Advertiser front page includes a detailed map of the state’s proposed new State Civil Defense Emergency Operations Center. The map clearly shows the location of both the data center and underground tanks. Whoops! You’d think those are exactly the things they would like to keep secret. If those little yellow boxes didn’t appear on the map, no one would notice, no one would care. But here they are, a map to guide potential attackers. The map even includes streets and the location on Oahu, in case terrorists get lost in Kahala.
If Civil Defense is foolish enough to provide such a map, it might have been nice if the paper declined to print it. Ok, it’s news, but publication in paper and on the Internet means this sensitive center can be the subject of scrutiny anywhere in the world.
One doesn’t have to be an alarmist to take basic security precautions. They serve all of our best interests. To start with, don’t publish information with vulnerable targets highlighted in yellow. This is Security 101, not rocket science. Just common sense.
Imagine what would happen to tourism and to the economy if there were a security incident in Hawaii, even if no one were killed or injured?