Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Re: Concepts: Security and Obscurity

From: danogh () gmail com
Date: 12 Apr 2007 00:45:50 -0000
I think there are two incompatible arguments going on here. Security, as a risk management exercise, can never measure 
and therefore can never acknowledge a security benefit through obscurity.
Hidden silos dont suddenly let you know when they've become unhidden. The motorcade doesnt get alerted when the "bad 
guys" have sussed out the SUV with the president in it.
Every single measure used to secure the silo and the  president has to assume that the knowledge is not secret. The 
secrecy cannot be considered a benefit.

Security as a people management exercise, however, does benefit from obscurity. Human beings can be confused, 
misdirected or manipulated by the information provided to them but the effectiveness of this is a function of their 
intent and their motivation. Through patient intelligence work silo locations become known. An assault on a motorcade 
can assume that the targets location is unknown and plan accordingly. Or the information can fall into the wrong hands 
through the simple process of clumsy human interactions.
In all cases it is the target that is at a disadvantage because the target never knows that the jig is up. The time of 
security benefit provided by obscurity is really a time of increased uncertainty for the target. When will the 
hail-mary pass get fumbled?
Previous By Date Next
Previous By Thread Next

Current thread: