Q&A with: Technology executive Craig Peterson
Q. How big an issue is computer security these days? A. Every one of our clients ask for a way to find out what their employees were doing online. In fact, America Online and Salary.com have come out for the past two years with a survey that talks about some of the problems that businesses have been having. On average, employees are spending an hour a day on the Web doing completely non-work-related stuff. So we’ve taken the technology we’ve developed over the last 15 years now and rolled it into a new product, called NetSquealer that allows you to see exactly what your employees are doing, so that you can comply with federal and state laws. Q. What sort of laws? A. After the Enron failure, we got Sarbanes-Oxley, with all kinds of auditing requirements for businesses that are trading publicly. We’ve got HIPAA (Health Insurance Portability and Accountability Act) requirements and all these other things. There has been no good way for businesses to make sure they’re complying with those laws, and there has been no way for businesses to know if their employees are sending out things that are intellectual property. Q. Are there other issues you’re dealing with related to computer security? A. Absolutely. Once you’re online, you have tremendous exposure to all kinds of security problems. We’re stopping hackers, we’re stopping the spread of viruses. Internally, we’re providing extremely advanced firewall functions, so instead of just opening and closing a door, we actually look at what’s going through that door. We’ll actually screen it before it gets to your mail server. Q. Have security issues for businesses in general changed much since September 11th? A. Since September 11th, businesses are being held to a much higher standard for security. You might remember a journalist, Daniel Pearl [who was killed in Pakistan in 2002 by terrorists], and others who have been murdered over in Iraq. And you might have heard about the videos that were on the Internet of the beheadings and things — just horrible, horrible stuff. Well, those were actually distributed on U.S. corporate servers to businesses that had no idea that their computers were being used by terrorists for terrorist purposes, because they didn’t have appropriate security. So now you get a knock on the door from our friends at the FBI or maybe even the CIA, saying, “We noticed your computers have been used for illegal activity.” And so now you’re held accountable. And, in fact, there have been some lawsuits over it. Q. You’ve become an outspoken critic of airport security measures. How did you get interested in security issues at the airports? A. The airport stuff hit me personally. I would travel out to a client’s site because they might be having a problem or they might need a new system. And in my carry-on bag I would always have some screwdrivers, just in case I need them, and a pair of pliers and a few other things. And it really bothered me that a small pocketknife would be questioned by security when I went through. Q. Didn’t the terrorists on September 11th use box cutters? A. The problem that I have is that we’re paying attention to the wrong things. The plane over Lockerbie, Scotland was brought down by two ‘D’ cell-size bombs that were in the cargo hold of the airplane. If terrorists want to bring down an airplane, they’ll bring down the airplane. They don’t have to be passengers on board… There are so many ways to bring down an airplane that my point is there is nothing we can do to absolutely stop terrorists. Q. So should we do nothing? A. I think the problem is we’re focused on the wrong things. And it’s the same thing in business. Seventy percent of your problems in business and your monetary losses are not from the hackers coming from the outside. It’s your own employees taking your information and sending it out. It’s your own employees allowing and bringing in viruses and worms and spam. The same thing is true when we’re talking about airport security. We as Americans need to take responsibility ourselves to defend ourselves and to keep an eye out for terrorists. Q. But the fact that someone may report something suspicious doesn’t mean we don’t need the Transportation Security Agency checking things at the gates, does it? A. Until 1968, anyone could carry a pistol, concealed, onto an airplane in the United States. I don’t remember a whole lot of planes taken down by pistol-carrying people before 1968. Part of the reason is the cost of doing business for the bad guy. He might get shot. Q. So what should the TSA be doing? A. I think what they should be doing is looking for a profile. They’re talking about certain things, they’re acting certain ways. That’s the kind of thing I’m talking about. Now we’ve got a little bit of profiling. Try and buy an airline ticket with cash nowadays and see what happens when you try to go through security. They look at it and say, “Well, terrorists are likely to buy a one-way ticket and they’re likely to pay with cash.” Q. What about X-raying luggage and things like that? A. We can examine luggage and determine that there is a certain type residue in that luggage that would represent a certain type of bomb. Then the bad guys are going to use a different type of bomb and that’s exactly what we’re seeing. So the technology only goes so far. I think the bigger problem we’re seeing is that we assume the technology is working. So we see somebody who looks a little suspicious, but (we think) “He’s been through screening, I know TSA is working on it. I know his luggage has been X-rayed, so I’m not going to say anything.” The same thing is true in business. You know, companies have a firewall, companies have anti-spam software, so they think, “I’m safe I don’t need to worry about it any more.” But guess what? You do need to worry about it. Q. What are some of the things you think the TSA should stop doing? A. We should take their attention away from stupid things like liquids and gels, which is what they’re looking for right now. The average person out there now has the impression that these terrorists could take a bottle or energy drink and a tube of this other stuff that looks like hair gel and go into the bathroom spend five minutes and bring the plane down. People think that’s possible. Right now it’s not possible. Q. If they want to make us feel safer, why don’t they just tell it’s not possible? A. Well, it’s all public perception. Politicians rarely address the real problems. It’s all about addressing fears and concerns. It’s all about emotions and telling people what they want to hear.