Beyond Fear

There is an old story about the wind and the sun. The wind claims superiority over the sun in every way possible. The sun then says "Okay, I challenge you to a contest. You have to make that man you see over there take off his coat." The wind accepts this challenge and proceeds to blow wind on the man to make him remove his coat. But it only causes the man to pull his coat more tightly around his body. The wind sees this, and then just starts blowing wind much harder on the man. The sun then sighs (you know how suns are sometimes) and shines as brightly as possible. The man, feeling much warmth then decides it is time to remove his coat. The moral of the story is that understanding what you are up against is the real problem solver. The amount of effort, although also important, will accomplish nothing if headed in the wrong direction. This is a very important lesson among many others in one of the best books that I have ever read called Beyond Fear.

Beyond Fear is a book written by Bruce Schneier. Basically, it's all about security. It gives facts about what is the best form of security and how to obtain it. In this post 9/11 world, this is a very important topic. Unfortunately, we fail to understand how best to obtain good security, and yes, sometimes we are the wind. Schneier comments that the two major priorities are that we must be safe, but that also we must feel safe. These two do not work together completely, sometimes they don't work together at all. Sometimes you may feel safe but all the while are not safe at all. If you want an example look at all of the quite humorous footage of people doing the "duck and cover" method to avoid death from a nuclear attack. Also, sometimes you may feel unsafe but all the while you are very safe from whatever you are afraid of. I would give an example but I can't think of one besides global warming. So, this is something that every employee of the CIA, FBI, DHS, etc. should understand very well, right? Well, isn't this something that even you should understand too? Because, regardless of the fact that your name isn't Jack Bauer, this still is a concept that you should be very familiar with. So how can one know whether a proposed security initiative is worth it? For that answer, I have the five questions that must be asked in order to decide. Here they are.

1. What are you trying to protect?

2. What are the risks to what you are trying to protect?

3. How does this "solution" mitigate those risks?

4. Does this "solution" cause any more risks?

5. What are the trade-offs to this "solution"?

An example of this may be in order. As I just mentioned, this is a concept that everyone should understand. To an extent, you probably have already asked yourself these five questions. EVEN TODAY!!!! Take for instance, brushing your teeth (hopefully a daily experience for you).

1. What are you trying to protect?
protection of teeth and gums. Maybe even protection against bad breath.
2. What are the risks to what you are trying to protect?
Gingivitis, plaque, tartar, teeth just simply falling out, etc.
3. How does this "solution" mitigate those risks?
Very well, actually. I doubt you'll soon find any dentist who disagrees.
4. Does this "solution" cause any more risks?
Well, the truth is that many people do brush too hard, which isn't good. Besides that, nothing serious as far as I know.
5. What are the trade-offs to this "solution"?
The cost is minimal, and so is the time it takes.

After looking at each answer to the proposal of brushing teeth, it should be obvious that brushing teeth is very much worth it. After looking at these five questions, one should be able to have a clear understanding of the best form of security for any security initiative. When I was growing up in Ankeny, IA (a suburb of Des Moines) we did fire drills and tornado drills in school. In other parts of the country, earthquake drills are more appropriate.

Beyond Fear asks us to use our head, not our heart. It demands us to act on what we know to be afraid of instead of what our instinct tells us to be afraid of. So, what was the best way to handle the aftermath of 9/11? Was it to close down all flights for a certain period of time? In this country, 40,000 people die every year due to automobile accidents. Many others have severe injuries. By all accounts, it is much safer to fly than to drive. However, who wanted to fly? I didn't. Likewise, during the sniper crisis in the D.C. area people were afraid of being shot instead of being killed in a car accident. Another interesting fact is that more people have been killed by pigs than by sharks. Who would have ever guessed that we, as humans, should be more afraid of pigs than sharks?

This society that we live in demands security on a daily (or even hourly) basis. The biggest reason for this is that technology has vastly expanded our lifestyle. For instance, let's say there's a store owner in Philadelphia in the 1600's. This fictional store owner is the only person who works in the store. This store owner has to worry about robbers coming into his or her store and stealing his or her stuff. The owner also should worry about the store being burned down. Lastly, the owner has to worry about selling enough goods and services to stay in business. Call me crazy, but that seems to be the limit of the store owner's concerns. Now let's fast-forward to Wal-Mart, Target, Safeway whatever you want. Along with what the store owner has to deal with, these businesses have to worry about embezzlement, credit and debit card fraud, bad checks, counterfeit products, etc. Since these are chains, these shopping locations' problems are increased drastically. Not to mention the Internet! These chains also provide the opportunity to buy from the Internet, without ever leaving the home. What all of this means is that these companies have many more targets with a bullseye attached to themselves than the lone store owner ever had. But, remember, the most secure solutions are not always the best. Customers who go to buy something get mad when credit or debit is not accepted, and that's not good for business. However, they do like to see video cameras making sure that shoplifters have another obstacle to get through.

One way to resolve this problem is to have multiple obstacles for one to breach security. An example that Schneier makes is in Harry Potter and the Sorcerer's Stone. In order to get the Sorcerer's Stone, the Three-headed dog named Fluffy, the chessmatch, the riddle to make the potion, and the desire to have the stone but not use it were all obstacles to having the Sorcerer's Stone. Likewise, some safes have both a combination and a keyhole that must be used.

As mentioned before, the CIA, FBI, DHS, and many others are forced to know and understand this concept inside and out. There is however, one other group of people who may understand this even better than anyone else. You can find them in Las Vegas and they make sure that when the day is done, their casino has as much money left over as possible. You may have heard about the six MIT students who went to Vegas and left with $3 million because they knew how to play the game blackjack. Because of what they did, they will never be able to be in a casino ever again. A person's walk is as identifiable as a fingerprint, a person's reaction to winning big is completely evaluated by "the eyes in the sky" to see if it's a genuine win, or if it's staged, and these people in charge of security in a casino know how to keep the cash flowing their way.

When it's all said and done, this is a fantastic book. Anyone unaware of the concept should read this ASAP. As with almost anything, there is however one criticism worth mentioning. In the beginning of the book, Schneier talks about 9/11. I don't remember what he says exactly, but he almost speaks about the day in a positive light. More or less, he tells us that it showed us fantastically that security was sub par that day. It's just that he used the wrong wording in my opinion.

Does this mean that if we understand everything to this, that will solve all our problems? Of course not. Sin is as constant as gravity. There will continue to be murders, thefts, and so on. In fact, with this increasingly complicated world, it may only get worse. But this book encompasses the vast subject of security and how best to obtain it. And because of this book, among many other reasons, I am so bright that my parents call me sun. That was funny wasn't it?