Individual and Collective Security
From the SOE Syllabus of Lectures at Camp X

I always enjoyed WWI and WWII writings. It’s always a good source of inspiration, knowledge and entertainment. All sort of stories have been written by and about many persons involved in these great wars. I was enjoining another writing from this epoch. I’m currently reading documents of STS-103 (Camp X, a SOE training camp in Canada). There is an excerpt on Individual and Collective Security taken from Syllabus of Lectures HS 7/55 in SOE documents in the National Archives.

====================================

INDIVIDUAL AND COLLECTIVE SECURITY

1. DEFINITION.

Security: ‘Precautions taken by the individual for his own personal protection and the protection of his Organization from the enemy’.

Without these precautions, it is dangerous to attempt regular and impossible to attempt irregular warfare alone or in conjunction with other people.

2. APPLICATION.

a) Apparent absence of enemy C.E. measures should never be allowed to engender over-confidence. (Cf. graph of agent’s confidence.)

b) Insecurity by an individual may jeopardize not only his own safety but the safety of the organization with which he is in contact.

3. INFORMATION.

Basis of your self-protection is good information. As much as possible provided before departure, but you must check and supplement on arrival. Information required on:

i) Local Conditions.

ii) Local Regulations.

iii) Enemy methods.

iv) Enemy personnel.

v) Your own subordinates.

4. INCULCATION.

a) Security cannot be taught by rule of thumb. It is a frame of mind attainable though self-discipline and self-training that will make the taking of precautions a ‘habit’. (Cf. crossing a road.)

b) What is a habit’ A single action committed so often as to become automatic. What precautionary actions must we practice so often that they become a habit’

5. COMMUNICATION.

The answer is ‘Communicatory Actions’. Secret and confidential information can reach the enemy through our carelessness in:

a) Speech.

b) Writing.

c) Behaviour.

a) Speech.

Adoption of hush-hush attitude through vanity.

Confiding in friends to ease nervous strain.

Mentioning facts you are not ‘outwardly’ supposed to know, or isolated facts which can be strung together.

Telling people more than they need to know.

Compromising telephone-conversations through misuse of conventions. (E.g. NOT ‘Three lambs with sweets and toys who need instruction in malaria’ BUT ‘Three chaps with some goods for Harry who need instruction in my subjects’.)

b) Writing.

Commit as little as possible to writing. Memorise if you can.

If you must carry documents, select what you must carry.

Burn all secret waste and carbons.

c) Behaviour.

Be inconspicuous. Avoid all limelight by being an ‘average’ citizen in appearance (height, clothes) and conduct (drink, women).

Be tidy. All engaged on secret work must be methodical in their habits ‘ e.g. it is mainly knowing exactly where he has placed his belongings and arranged his room that an individual can detect disturbance by police search.

Have good ‘Cover’ ‘ the innocent activity undertaken or invented to conceal the secret aspects of his activity. Good cover must be consistent with necessary overt behaviour and non-compromising.

(For application to operational Agent see A.4.)

Be observant. Observe and deduce. (E.g. face or voice seen or heard twice suggesting you are being followed. Smell or real coffee in France suggestion someone occupied in Black Market.)

Have foresight. See danger early. (E.g. axis agent in café, policemen checking papers.)

Plan for emergency. Alternative courses in case of accident (RV’s) pre-arranged conversation when talking to colleague in case of sudden interrogation. Danger signs.

====================================

Most of this information is always relevant and will be for decades. For example check out 2.b). It’s probably the best point when you deal with contractors or associate companies. All security experts will tell you it; the security policies of your associates and contractors need to be in harmony with yours. They need to be as strong as yours and followed by them as you follow yours. If he has a lack of security he will be a treat to your own security. It’s the fact for computer security but also for any other type of security. The point 4.a) relate what I always said before on this blog: education. People need to be educated in this way. Security can’t be a habit if never educated before.

I think that this excerpt is a good refreshment reading for any person that cares about his own security, the security of his relatives or if that person works in any field of security.

Software implication in pharmaceutical production
How lives can be at risk and the implication of governments

I was talking with one of my coworkers. He was talking of one of his friend that works has a software developer for a company that develop products for drugs pills quality control in the pharmaceutical industry. He tells me that they had some problem with their production. They had many in deep bugs and architecture misconceptions. The result is the inefficacity of their product (we’ll call it: PhaQualCon) that lead to the apparition of false results. They have an abnormal level of false results; but the product is already used by pharmaceutical manufacturers. It seem a normal software development problem with normal consequences on the product. It’s possibly the problem of many technological projects (and probably all type of projects). My co-worker was saying that pharmaceutical companies have a threshold of false results not to exceed. The problem is that they can accept, refuse and remake some production tests to degrease their false results average. By this practice they can change some numbers to make them acceptable. So, this is not illegal in itself but I don’t think that this is really fair. I don’t know how the pharmaceutical industry work, but I can imagine that this is normal procedures and habits.

So the problem that I saw is not there. He is in the fact that these manufacturers rely on some type of quality control machines to know the average number of pills that are not conform to the specifications and then give these production test results to the government to make their production accepted. The machine not only counts this statistic but also discards or keeps pills. They rely on products such as PhaQualCon and they know that they aren’t trustable. Some manufacturers stopped their contract with the company but others don’t. Globally the production quality of drug pills relies on some piece of software that controls some type of hardware. The question is: What can stop pharmaceutical companies to pay the developer company of PhaQualCon to “add bugs” in their software to help them to have acceptable production quality tests accepted by the government? If they get cough, they have only to say that the problem is the result of a software bug and that this is not their fault. The company that develop PhaQualCon don’t seem to be supervised by some governmental agencies. They don’t have accounts to give to anybody. If their bad product is accepted by pharmaceutical manufacturer then he will be used to classify drugs pills for me and you. If such regulation exist and that the developer of PhaQualCon have accounts to give to some government, what ensure that the software have not been modified to adapt to the “exigencies” of the pharmaceutical manufacturer? If such a system (probably some type of certification) exists, will the certified system be reviewed monthly, quarterly, annually?

There are many questions on the subject. I think that this is our duties to ask them. Why? Because drugs can put lives of people at risks if drugs pills aren’t really exactly what they are supposed to be.

New Canadian dollars
A possible psychological security treat

A month ago we got our new Canadian 20$. I just get my first some days ago. I was just checking it since then. This is a really beautiful piece of work. Many flashy features and probably one of the securest money on earth. While checking it, I had an interrogation by remembering what some peoples say about it. Check out his accessibility features. One of them consists of a series of symbols formed by raised dots separated by a smooth surface to help blind people. The problem is that many people think that this is a security feature.

To understand the treat you need to have in mind that people will usually rely on only one simple security feature to discover if the bank note is a real one or a counterfeit. It’s normal that they’ll not check every security measures. If they think that the raised dots is a security feature of the bank note, and also think that this is a simple feature to check, he’ll rely on it to discover the validity of the note.

The problem is that this feature is really easy to forge; anybody can do it. So, if you counterfeit money, add this ‘security feature’ and give it to seller that rely on this feature; you’ll be able to pass it for real money and your goal will be reached.

Another inconvenient is that these dots will eventually disappear. If you have a legitimate 20$ with erased dots and that the seller think that this is a false one because the dots are not present then you’ll have some inconvenience because he’ll not accept it as legitimate and he’ll possibly call the police.

Finally, another time, the only way to erase the treat is by educating people specially them who manipulate a great load of money in their work.

Urban Legends on security
What technology neophytes can think

Last week a came around an interesting “study” done by Secure Computing. What is interesting is to see what people can think about things that they don’t really understand. In many cases it’s probably the Arabic telephone effect that create such monstrosity. If I have one suggestion to say; it’s to read them and discuss about them with persons in your entourage that may think that these urban legends can be true. Remind that one of the best security practice is education; anybody can do it.
There is the list published by Secure Computing:

1. “Hackers can legally break into web sites that lack “warning” notices.”
2. “Some Windows system files are really malicious and should be deleted.”
3. “Hotel card keys secretly record personal information, which could be maliciously taken advantage of without the person knowing.”
4. “Including a fake entry in your e-mail address book will prevent e-mail Trojans.”
5. “A digital cell phone can be infected with a virus merely by answering a phone call.”
6. “Search engine “crawlers” perform security checks and notify you of vulnerabilities.”
7. “Thieves are using lists of “out of office” auto-replies to target homes for burglary.”
8. “Free patches e-mailed to you will protect your PC from the latest worm or viruses.”
9. “Signing up with a “Do Not Spam Registry” will stop you from getting spam.”
10. “Elf Bowling and Blue Mountain Greeting Cards contain viruses.”

Enjoy them, laugh at yourself and think that many people can think that they are real possible treats. Just keep in mind that the situation is normal, otherwise urban legend wouldn’t exists. Then if you’re not sure about a thing that a person tell you; just do some research on a trusted web site and you’ll be able to assess the treat by yourself.

What if?
The game to learn on yourself in special situations

A good way to learn things on yourself in special situation is by playing the “What if?” game. The purpose of the game is to imagine you in special life situations.

The first thing that you need to play at this game is a trigger event. This can be an event on the street that you see; a special scene in a movie; while discussing with another person; while watching news; etc. Then you ask yourself: what I had done in the same situation? Then you think of you in the same situation. What you can do in same the same hypothetical situation with your talents and abilities. You can think of many things, some wonderful, other surrealist. The important is that you think of yourself in the situation. Then you’ll play with your thoughts and learn by the process.

Why to play at this game? The answer is simple. Human learns by experience. He can get his experience by practice, reading, observation and in our present case by thinking. This is a really healthy exercise that can let you learn many things on your own personality. Plus it can help your to react more rapidly in certain special situations that can happen in you everyday life. Try it. It can be really funny. You can easily play at it anytime, alone or with a friend.