Tuesday, March 11, 2008

Lessons in adaptability: a TSA screener's response to the MacBook Air


Most IT people have probably seen a commercial for the MacBook Air, even if we haven't seen one in person. It's thin, it doesn't have a standard optical drive, and may not even have a spinning hard drive if it has the SSD option.

A post on Wide Awake Developers offers a good reminder about awareness and security training. The TSA employees who were faced with a MacBook Air didn't recognize it as a laptop - according to the post, they called it a "device", and delayed the poster long enough to make him miss his flight. The good news is that the TSA agents did eventually ask for their normal "boot the machine and demonstrate an application" method of validating that it is a computer. A perfect process? No, but at least they eventually got through to it.

What's the lesson? It's a simple one: don't forget to teach adaptability and to have a method for dealing with unrecognized issues and technologies when you're building a security system. Adaptable security models are more likely to catch issues, and can prevent process breakdowns that can cost money or response time. Every system should have a fall through catch-all - if something doesn't fit the expected norms, a process needs to take over that will handle the event.

There's one more lesson to be learned thanks to the MacBook Air - don't lose it. Steven Levy demonstrates how easy it is to lose a small device, and with a decent size drive in it, an unencrypted MacBook or other small, executive friendly device can expose a large amount of data.

Creative Commons licensed Flickr photo credit to Marcin Wichary.

No comments: