This post was going to be titled Risk of Threat Intelligence, but I'll need that title later.
Billy Rios is director of threat intelligence at Qualys, one of dozens in the threat intelligence racket, er, space. Rios made news this week at Black Hat by revealing vulnerabilities in the airport security systems that TSA agents use to login at work and detect explosives
Rios gave details on security weaknesses he discovered in both the Morpho Detection Itemiser 3 trace-explosives and residue detection system, and the Kronos 4500 time clock system used by TSA agents to clock in and out with their fingerprints, which could allow an attacker to easily gain user access to the devices. (Dark Reading)
It's a good reveal, worthy of BlackHat. And the fanfare Rios generated for himself and Qualys is one other thing: another example of how we microfocus on particular system flaws while ignoring the security architecture shortcomings that generate the flaws.
True, these logical access issues could be exploited by evil-doers bent on blowying up a plane. More likely, evil-doers plotting another 911 event might choose to circumvent TSA logical access controls just by hiring on with TSA airport security.
Exposing a particular TSA flaw, as Rios did, distracts us from thinking about the bad assumptions upon which TSA lives, breathes, and expands its presence and cost. Does the behemoth of TSA airport security infrastructure actually increase the security of air travel? Or is the absence of a subsequent 911 event more likely due to terrorists being satisfied with making the U.S. spend a trillion+ dollars on dubiously effective airport screening systems.
Further inquiry: look up Bruce Schneier's 2012 undelivered testimony to Congress: bit.ly/V59gEw. Schneier was originally invited to testify but removed at TSA's request. TSA key TSA rep declined to appear: cnn.it/1pHUBu1