Market Curiosity: Exploring Markets And Systems

August 26, 2013

Economic response to why fire hydrant locations should stay “secret”

Filed under: Castpoints, Editorials, Systems — Tags: — Jeff Fitzmyers @ 9:29 am

The following was sent to a lot of people via a list. The response:

cricket

I don’t know why? The following seems to be a very rational and concrete way to handle a complicated situation:

I like Bruce Schneier’s take on security. A great way to evaluate options is to put a price tag on all the variables so they can be easily compared.

A) Hydrant information is already public, just not convenient. And to some degree, pipe information is probably knowable “enough” just from connecting dots on a map because small pipes flow into bigger pipes, and the start and end of lines are obvious.
– The cost to an attacker to gather this data is very low.
– The cost of keeping this data (servers, managing and monitoring access) is ???
– The benefits (in $$$) to making parts of this info transparent so it can be used is ???
– There are benefits to local people taking ownership of local infrastructure — they take care of it more. What is that worth ($$$)?
“Security by obscurity” has low value.

B) Past threats
– What was the cost of each way stopping past threats?
– What is the cost of each preventive measures? Including false positives.
Typically, standard police work probably stopped the threats, and or the majority of threats would have a  minor effect.

C) The public’s fears are typically very irrational and disproportionate.
– What is the real cost, in dollars, of mitigating each of those fears?
– Rank all threats via probability.
– What is the cost of mitigating real threats?
Present this information to the public and ask them how much money they want to spend, in aggregate, and per person. It’s educational without being preachy or boring, takes pressure off policymakers (who would prefer to go overboard to be able to say, “we did everything possible” rather than have a problem on their watch (I would!)), and people have an easy way to compare alternatives so discussion can be concrete.

D) Out of date data.
– Just indicate when updated. If it’s very important, the user can double check things.

E) The GIS data.
Applying the general 3 levels of threat:

  • The opportunistic (stealing stuff from unlocked cars, etc.). Basic common sense (locks, gates) fixes the vast majority of this. GIS data is safe because these people don’t even know what GIS is — it has no value to them.
  •  The moderately determined (people who deploy a moderate amount of resources). People could spend weeks in planning, join a company to get trust, passwords, etc. One rule of thumb is that roughly 75% of security problems are inside jobs. If true in this case, that automatically provides a ratio of problems to solve.
  • The very well funded, typically government, military, etc. Basically can’t readily protect against them — too costly.

Mr. Schneier often says, after the obvious threats are addressed, it’s often better to allocate resources for monitoring and fast intervention and remediation, rather than on increasingly low risk reward situations. Darwin’s adaptability.

Leave a Comment »

No comments yet.

RSS feed for comments on this post.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: