Vital Systems Security

Today, Harvey Molotch and Noah McLain gave a talk entitled “Learning From the Subway: How to Do Security For Example” at Columbia Sociology. Based on 100+ hours of ethnographic research conducted by McLain in the New York subway system, Molotch and McLain made an argument argument for a notion of security that extends beyond counter-terrorism measures. They emphasized the inefficiency of the security measures imposed from top such as FEMA and DHS and argued for security measures that will improve regular use conditions and that can also be used under emergencies, such as a better ventilation system. Furthermore, their focus was also on how in everyday practices the subway personnel bent the formal rules to keep the subway running safe and efficiently. With a Latourian emphasis on the agency of objects, they demonstrated how the personnel found new ways of dealing with the pressing practical everyday problems of operating a subway system. Read the rest of this entry »

The engineering society IEEE’s general magazine Spectrum has a featurette on “Open Source Warfare” in the November online version. It’s written by Robert Charette, who normally tracks software failures at his blog Risk Factor. The article is a good one, as these things go, spurred on by John Robb’s recent book Brave New War. Robb is a RAND researcher who has been writing about so-called open source warfare for a few years now. I thought I’d post this here because it’s obviously of concern to me that the term open source is being applied in this way. What it means to the RAND researchers and people who think the concept makes sense, is captured by my title here though: jihadists and insurgents are said to be more efficient at innovating their techniques because they are “free from the administrative burdens of maintaining their own infrastructure…” and can rely on Wal Mart and Fedex to supply and ship the things they need to make household bombs.

So, my analysis of open source is useful here, in that I think they are absolutely right about this, but that it is only one piece of what makes open source distinctive… but lacks many others. There is no mention of the intellectual property related aspects, or the specific mode of openness that characterizes software projects, much less the specifc IT tools people use. But it is correct about one thing, which is the reliance on existing standardized infrastructures and hardware, such as the widely shared PC architecture, file formats (for insurgents’ videos), the Internet, secure international credit transactions for online purchasing and so on.

The phrase “administrative burdens” is a peculiar one though. Much or the article focuses on the weapons acquisition process of the US Military, arguing that the process simply takes a long time. The implicit argument seems to be that this process and the time it takes to acquire weapons should be changed and shortened. I wonder though, whether this is just another way of arguing that the military should have less oversight, more secrecy, and less accountability… which would be pretty much the opposite of what open source can and has achieved in other areas.

One of the things I would like to do more on the blog is to introduce the work of various people we know and run into who are doing work related to vital systems security. I wanted to start by introducing a PhD student I met in Finland last year named Antti Silvast. Antti, who has a background in engineering, is working on the question of electric system reliability, particularly against the background of deregulation and increasing concerns about critical infrastructure protection. As will be immediately evident, Antti’s work is very much connected to concerns that have been central to the collaboration.

Read on for a description of Antti’s work that he sent along.

Read the rest of this entry »

This may come as a surprise to no one: The Intelligence Community (IC) of the US, comprising over a dozen agencies across the civilian and military spheres, has introduced a variety of social networking technologies in order to facilitate… no, not dating … but rather knowledge dissemination and sharing across organizational and professional silos and compartments. The not-so-original named “Intellipedia” was announced in 2006, and modeled after… well, I think you can figure that one out. A number of sites have some interesting info on it, including of course Wikipedia. You can also find more info than you probably want on it here.

The point of all this is not to re-hash old news; rather it is to flag an interesting debate within (and, of course, outside) the IC, which has been sparked by the decision to go ahead with a number of social networking technologies. In addition to Intellipedia, there is now “A-Space.” Can you guess what that emulates? Yes, A-Space, tagged as a kind of MySpace for Spies — probably unfairly — has been introduced as a way to get people talking with each other across intra- and inter-agency lines. Crudely put, the contours of the debate just mentioned revolve around two views: On one hand are those who feel that social networking technologies will help to break down the ossified barriers which contributed to the well-documented intelligence failures around 9.11. If Jane can’t post certain documents and invite others with a similar security clearance to have a look and make comments; or if Joe can’t float certain ideas to his peers or cast about for others, then (the argument goes) the IC will not have properly taken advantage of today’s cutting-edge technologies to help reform the byzantine rules and governance structures having to do with the community’s knowledge production and dissemination. On the other hand runs the counter-argument, loose lips sink ships. A slip here, a misstatement there, and irreparable harm may come either to the security interests of the US or to actual operatives in the field — or both. If Jane’s document contains sensitive information that Joe is not supposed to know about (even if he has a comparable clearance), then Jim’s cover might get blown. And that could be bad.

I have had an abiding interest in the last few years around questions of what makes knowledge dangerous, including the forms dangerous knowledge takes. In this case, it seems, danger exists not so much at the level of the individual (at least, I don’t see it that way), but in the fact that a (rhizomatic?) network of information threatens extant structures that govern information — structures which adhere to values and practices associated with secrecy. One question, interesting to pose, difficult to study: What effect will these technologies and this form of social organization have not only on the production and dissemination of knowledge, but on the forms knowledge takes? What form(s) will dangerous knowledge take both in the IC and in the public at large as these technologies evolve and are embedded more firmly in a variety of critical infrastructures? Indeed, at a more general level: What is the relationship between information and infrastructure?

A recent trilateral powwow originally designed to focus on economic and security issues across Canada, Mexico and the United States, has become the principal venue through which said countries are coordinating their pandemic preparedness efforts. What this coordination entails is an interesting question. A recent piece from the informative CIDRAP news service describes a recently released report detailing some of the issues the countries see themselves facing. One issue (comprising one chapter in this report): critical infrastructure. One strategy to tackle the problem of critical infrastructure protection: Resiliency. None of this is surprising or new. What is interesting, to me anyway, is how these concepts will ‘operate’ or be actualized in practice in and across these different national contexts. Is there such a thing as North American Critical Infrastructure? How about North American Resiliency?

For some reason, all of this calls to mind the notion of “regionalization”, which has been pushed — albeit not very hard — by a number of federal agencies and states which foresee advantages to realizing efficiencies in preparedness efforts — check out an example from AHRQ here. These efficiencies are based not only in economics, per se, but in geographies as well. Counties have banded together, as have states, in a variety of different emergency services and disaster preparedness contexts (e.g., one EMS agency covering several counties; states and counties signing mutual aid agreements in times of need, etc.) for decades. The dynamics of multinational ‘regionalization,’ I suspect, is substantially different.

Here is an interesting piece on infrastructure repair and maintenance by Stephen Graham and Nigel Thrift.

ABSTRACT: This article seeks to demonstrate the centrality of maintenance and repair to an understanding of modern societies and, particularly, cities. Arguing that repair and maintenance activities present a kind of ‘missing link’ in social theory, which is usually overlooked or forgotten, the article begins by recalling Heidegger’s concept of material things as being ‘ready to hand’. The main elements of practices of repair and maintenance are then elaborated on so as to help establish the argument that, by focusing on failure and breakdown in technical artefacts and systems, their vital contribution can be brought to the fore. The article then moves on to suggest that prevailing cultural constructions, and imaginations, of the ‘infrastructure’ that sustains modern societies, actively work to push repair and maintenance activities beyond the attention of social science. To exemplify these arguments, the article explores in detail some of the repair and maintenance activities that sustain, first, the nexus between computer communications and electricity and, second, the system of automobility. The article concludes by excavating a politics of repair and maintenance in modern cities and societies.

A recent series of NY Times articles has tracked novel risks emerging from the global food and drug supply chain. China, as has been mentioned before, seems to be the key source of threat. The major issue is that given the complexities of the supply chain (and the practice of erasing the original suppliers in order to protect the middleman) there is no way of tracking where ingredients come from - such as glycerin in toothpaste - and so if it turns out that there are dangerous counterfeit supplies, it is impossible to locate and punish the offending supplier. From the vantage of VSS, what is significant is both the sense that a global food and drug supply system generates novel risks, and the emerging demand to regulate this “global pipeline” of pharmaceutical and food ingredients. Developing a reliable tracking system will be a crucial step. There are similarities here to the solution proposed by Stephen Flynn to the problem of the uncertain origin of shipping containers - or to current European efforts to track the origins of GM foods, as described in this article by Javier Lezaun.

This recent issue of Social Studies of Science contains a series of articles on Hurricane Katrina.

Here is an interesting critique of the work of NGO’s in the field of global health: The Challenge of Global Health

Apparently, there are now more than 60,000 AIDS-related NGOs alone. The piece, published in Foreign Affairs, also includes an exchange between journalist Laurie Garrett and medical anthropologist Paul Farmer.

Bob Herbert in today’s times has an op-ed on our decaying infrastructure that sounds like the late-1970s/early 1980s discussion. The column is not of much interest in itself, but refers to a CSIS Commission on Public Infrastructure that has been active (or has existed, at any rate) since 2004. There is a link to a 2006 panel on Guiding Principles for Strengthening America’s Infrastructure, and Herbert refers to recent testimony by Felix Rohatyn, the head of the Commission (who some will remember as a key player in negotiating New York City’s way out of financial crisis in the 1970s; sounds like a pretty interesting guy on other fronts as well). In any case, the interesting questions would obviously be: How do these proposals — classic questions of population security — relate to the substantial work in CSIS on Critical Infrastructure Protection? And is there any chance that these issues will get a different kind of hearing now that the democrats have more voice in the government? I wasn’t able to find the recent Rohatyn testimony, but this is one interesting possible space of movement in a shifted set of security emphases under new political conditions.