Educause Security Discussion mailing list archives
<SPAM> Re: emergency alert system
From: Stephen John Smoogen <smooge () UNM EDU>
Date: Tue, 15 Apr 2008 15:35:28 -0600
HALL, NATHANIEL D. wrote:
Mike Iglesias wrote:John C. A. Bambenek, GCIH, CISSP wrote:*sigh* These systems are really a very very bad idea.I won't argue with you on that point.Could you tell why you believe these systems area bad ideas? I am curious why you are against them.
I do not have enough data to say if they are definitively good or bad. However, there are several down side reasons for them: 1) They take time to get data out. While the service can get the data and have it out from them in 2-3 minutes.. It can take hours for the various Cell phone and pager companies to deliver the messages when you have 10k or more recipients. 2) The message is not guaranteed to reach its recipients, but people expect it to. 3) The message length most cell phone carriers allow does not allow for you to give precise information (what to do, what is the threat, where to go, who to avoid, whats going on) and the delay in getting updates out can make a bad message worse. All of these mean that you are going to have misinformation about what is happening as people do and do not get messages. The telephone game will cause messages changed as people tell others what they heard from someone else. There is also a tendency to use the idea that getting the information out is all you need to do... but it is only a step. What are the evacuation guides, do people go to a safe spot or leave the building. Do you drill regularly?(not if you are billed per incident by your service provider) Do you have training programs to teach people what to do? How do you co-ordinate it? Is local law enforcement part of this planning? The paranoid view on this would also add: 1) The messages are forgeable. Once a standard message is chosen to help people realize its important.. an attacker could chose to empty a classroom etc by sending a message to people in the room. 2) The plans have to take in multiple contingencies... they can't just be one size fits all. If an attacker knows of the plans, is he going to use them to push people to their killing zone? Then there is the fact that while such events seem to be more common, are they a high enough risk for the amount of resources spent on it. There are other methods at lower costs that can help people feel and be more secure. -- Stephen Smoogen -- ITS/Linux Administrator MSC02 1520 1 University of New Mexico Albuquerque, NM 87131-0001 Phone: (505) 277-8219 Email: smooge () unm edu How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"
Current thread:
- <SPAM> Re: emergency alert system Stephen John Smoogen (Apr 15)
- <Possible follow-ups>
- <SPAM> Re: emergency alert system Kevin Shalla (Apr 15)
- <SPAM> Re: emergency alert system Mike Iglesias (Apr 15)
- <SPAM> Re: emergency alert system Randy Marchany (Apr 15)
- <SPAM> Re: emergency alert system John C. A. Bambenek, GCIH, CISSP (Apr 15)
- Re: <SPAM> Re: emergency alert system Brad Judy (Apr 15)
- Re: <SPAM> Re: emergency alert system Allison Dolan (Apr 16)
- Re: <SPAM> Re: emergency alert system Roger Safian (Apr 16)
- Re: <SPAM> Re: emergency alert system Valdis Kletnieks (Apr 16)
- Re: <SPAM> Re: emergency alert system John C. A. Bambenek, GCIH, CISSP (Apr 18)
- Re: <SPAM> Re: emergency alert system Brad Judy (Apr 18)
(Thread continues...)