Blogs

Editor's Note: The following is Jeffrey Grossmann's response to comments made by Tsung Y. (Bill) Soo Hoo, a faculty member in New Jersey City University's security studies department, concerning the July 30 article "Doctor of Security," which was about NJCU's new doctorate program in security studies and included quotes by Grossmann. Bill Soo Hoo commented using the name TYBill.

Reading the comments posted by TYBill regarding the July 30, 2012, article “Doctor of Security” reminds me of a bad television police docudrama where the hero agent has a sarcastic and condescending (yet funny) retort for every statement the suspect gives. In fact, those comments posted by TYBill do not appear to be typical opinion-based responses, rather, an underhanded attack on the veracity of a source. But I get ahead of myself…

Introductions are in order. My name is Jeffrey P. Grossmann (Grossmann spelled with a double “n” TYBill). I am an Assistant Professor and Program Director of Homeland and Corporate Security Studies at St. John’s University in Queens, New York. I have helped develop and continue to drive the Homeland and Corporate Security Program at St. John’s. I am the 2011-2012 Chair of the Academic and Training Programs Council of ASIS International (a highly regarded group of academic professionals dedicated to the betterment of security education). I maintain an education-based consulting practice where I work with the American Council on Education and the Department of Defense awarding academic credit to training programs throughout our armed forces (something as a veteran I am so proud to do). I have helped colleges and universities in the creation of their own homeland security programs. I have conducted research, been invited to speak at numerous security conferences, and continue to publish articles on both homeland security and generic security academic programs. In short TYBill (I use your screen name since you have chosen to remain anonymous), I have sufficient experience in this field to give an informed opinion on the creation of a security-themed academic program, regardless of your attack on my credibility.

You have taken offense to a few generalized comments regarding the state of homeland security and generic security education. My comments were aimed at providing some background to the world we both work in. I did not reference your program. In fact, I refuse to make public comments on any academic program, not just yours. My comments focused on the central issues confronting our industry (subject matter, accreditation, and the need for doctoral programs). You could even say that I included my own program in those generalized remarks concerning our industry.  

When I address an opinion in which I disagree (and there are a few), I try very hard not to attack the source of thought. In fact as an educator, I owe a duty to my students (and the industry) to help nurture and develop these young thought mechanisms. These opinions or thoughts will develop into ideas, ideas in which problems will be solved, innovative processes will be developed, and goals will be achieved. Yes TYBill, I do not necessarily agree with your remarks, however, I can appreciate your point of view. I will not call your comments “perplexing” or question your loyalty as you did with me, for I understand why someone so close to a cause would react the way you did to generalized criticism.

The truth of the matter is that our industry is growing. It is still in its infancy, especially homeland security education, when compared to similar academic disciplines such as criminal justice. There are legitimate questions which need to be answered. In particular, there are no formalized data sets showing the need for the creation of doctoral programs in the generic security industry at this time (none that I have encountered). You suggest that we create these programs in advance of such need. In fact TYBill, you went on to compare the development of a national homeland security program in response to the devastating terrorist attacks of 9/11, to the creation of educational programs. You made an off-handed and semi-patriotic point that since the government did not wait to address the terrorists attacks of 9/11 (and rightfully so), so too should your organization not wait to develop a doctoral program (not rightfully so). The Office of Homeland Security was established in mere weeks after 9/11/01 to address an “obvious” need. TYBill, instead of attacking opinion, make an argument for an “obvious” need in relation to the creation of a doctoral program in generic security studies. Do not insinuate that I should “rubber-stamp” approval of such an academic endeavor because of my standing in a professional association. Instead, explain how such a program will enhance my profession at this time. Refrain from making patriotic comparisons and concentrate on legitimate comparisons with other programs in similar disciplines.

TYBill, I am sure you did a wonderful job in the creation of your program. You should even be commended for completing such an arduous task. Please do not diminish your significant accomplishments by “bullying” folks who have legitimate questions. After all, isn’t that what makes this country so great, freedom of opinion?

-Jeffrey P. Grossmann, JD

If you're a hotel security professional, you may want to take a look at the research one hacker presented at last week's Black Hat security conference in Las Vegas. If you're anyone who stays in hotels, it will probably interest you as well.

Cody Brocious, a Mozilla software developer and security researcher, presented a paper at the conference on the vulnerabilities of the Onity HT lock system, which he claims is installed on about 10 million hotel guest room doors worldwide.

In the paper, Brocious claims the locks are "insecure by design" and exposes a number of what he calls "critical, unpatchable vulnerabilities."

The security hole Brocious was able to exploit is the DC port that exists at the bottom of the locks, which with the right device and a simple piece of open-source software offers access to the lock's memory. Brocious can plug his device, which he built for less than $50, into an Onity HT lock and, most of the time, gain access to the room, according to Forbes. Brocious claims it's not 100 percent reliable at the moment, but it's only a matter of time before he successfully tweaks his software to increase its success rate.

His paper is not an easy read, geared toward an audience of hackers, computer programmers and cryptographers. It even includes the software program that would allow such a device to pick the Onity HT locks. The Forbes article is much more accessible to the non-programmer reader.

Though he presented his research last week, Brocious's hack is not news to everyone. According to Forbes, Brocious's former employer, a startup that tried to re-engineer Onity's hotel front desk system and develop a cheaper alternative, sold the intellectual property behind his hack to the Locksmith Institute last year for $20,000. “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” Brocious told Forbes. “An intern at the NSA could find this in five minutes.”

Next time I'm at a hotel I'll be sure to run my fingers underneath the door lock and feel for a DC port.

Last week, six sewing needles were found in turkey sandwiches served to business-class passengers on six Delta flights from Amsterdam to four U.S. cities.

Some look at the event as the prank of a disgruntled employee that reveals how even competent security systems can fail every once in a while, but others are using the news as more fodder to argue that the largest hole in aviation security remains that surrounding the catering companies that service the airlines.

It was Gate Gourmet, one of the world's largest airline catering companies, that provided the turkey sandwiches with extra needle. This isn't the first time Gate Gourmet has been the focus of security concerns.

The troubling event reminds me of the story last October that broke when a Gate Gourmet employee at Atlanta's Hartsfield-Jackson International Airport blew the whistle on what he said was weak security at the caterer. The anonymous whistleblower took a video that shows several security lapses, including one segment that shows him accessing a catering cart that should be securely locked because it is destined for a future flight. In the video, he places an unauthorized orange juice container into one of the carts. "If I were some crazy lunatic, or Osama bin Laden sympathizer, I can come in and put anything on this plane," the whistleblower told Atlanta's Channel 2 news team at the time.

I could easily see another Gate Gourment employee sticking needles into sandwiches sitting on these carts, or even in the kitchen where they were made.

The Transportation Security Administration won't release specifics about the needle case as it's an ongoing investigation, but did say that the event does not represent a threat to national security.

The headlines this morning are dominated by news of the movie-theater massacre that took place very early this morning in the Denver suburb of Aurora, Colo. Here's a roundup of news and analysis about the event:

A 24-year-old lone gunman identified by police as James Holmes, a white male, burst into a midnight screening of the new Batman flick, "The Dark Knight Rises," threw a smoke grenade and opened fire on the audience with an assault rifle. There are 12 dead (10 died at the scene, and two at local hospitals) and more than 30 wounded, according to ABC News.

Police have Holmes in custody, arresting him in the theater parking lot. The FBI is assisting in the investigation and has said there's no reason to believe Holmes was associated with any larger terrorist organization. There is no known motive at this point.

While in custody, Holmes apparently referred to the presence of explosives in his nearby apartment. A SWAT team was deployed to the building, which was evacuated, and pushed a video camera through the outside window to investigate inside the apartment. No word yet on what they found.

While no one knows Holmes's motive at this point, ABC News went out on a limb and reported that they had found a reference to a "Jim Holmes" of Aurora, Colo., on the website for Colorado's Tea Party, according to Politico. Seems too soon to report such a thing without first confirming whether it's the same James Holmes. (Here's the Tea Party website ABC News cited.)

Holmes's rampage was the largest mass shooting in Colorado since the 1999 massacre at Columbine High School, which is only 15 miles from the site of this morning's shooting.

Dale Stockton, editor of www.LawOfficer.com, offers his commentary on the law enforcement response to this morning's shooting and best practices for responding to mass-casualty events.

Colorado's gun laws are fairly liberal, and this event has created the customary calls for stricter gun control.

The International Business Times includes a summary of the gun laws in Colorado, including the fact that gun registration is not required.

New York City Michael Bloomberg made his anti-gun beliefs known on a morning radio talk show. “Soothing words are nice,” Bloomberg said, according to Politico. “But maybe it’s time the two people who want to be president of the United States stand up and tell us what they’re going to do about it, because this is obviously a problem across the country. And everybody always says, ‘Isn’t it tragic?’”

CNN's Piers Morgan shared his opinion on Twitter this morning: "Horrendous details from this Colorado cinema shooting. America has got to do something about its gun laws. Now is the time."

Plenty of people jumped on his back, including journalist and columnist Michelle Malkin, who tweeted that "armed CO citizens have SAVED lives in mass shootings," including this link to information about a 2007 church shooting where an armed parishioner saved lives by taking down the shooter.

Janet Napolitano, secretary of the Department of Homeland Security, released a statement saying she was "deeply saddened" by the incident. "Federal, state, and local law enforcement agencies continue to respond to this horrific event and I have directed the Department of Homeland Security to provide any support necessary in the ongoing investigation," she said. "We are committed to bringing those responsible to justice. Our hearts and prayers go out to anyone impacted by this tragedy, especially the family and friends of those killed or injured.”

President Obama and Gov. Mitt Romney have said they will address the incident in remarks today.