EO 13636 Improving Critical Infrastructure Cybersecurity

The Executive Order

Fairly well done, Mr. President.  The order is addressed to people who report to you and written in the active voice.  It tells them clearly and directly what they are expected to do.  It fixes responsibility, accountability, and schedules.  It requires measurement and reporting.  It does not increase the power of the government to do anything, for example regulate or control privately owned infrastructure, that it is not already empowered to do.  It articulates clear limits on what is intended.  It also specifies self-corrective measures.

However, while it requires that actions should be “risk based,” it fails to establish or articulate the level of risk tolerance.  Instead, it leaves this determination to the various agencies of the government.  One must be concerned that the acceptable level will be poorly articulated in some cases and chosen for the benefit of the agency in others. 

Part of the problem that the order sets out to address is that the private owners of the infrastructure are each choosing their own level of risk.  This results in over spending by some and under spending by others.  This is clearly inefficient.  Think of a fence that is very high in some places but can be stepped over in others. 

This has been the problem with government security from the day one.  Instead of establishing an objective level of risk, the government relies upon the owner/author of a document, file, message,  or other data object, to specify its “classification,” that is, the set of protective measures to be implemented and paid for by others.  This results in "@least common" security.  That is why the government sets such a poor example of security. 

All in all, this is a good first effort.  It is not likely to do any harm.  However, the problem that it addresses is deeply rooted in culture and we know from bitter experience that culture is resistant to change.  However, Mothers Against Drunk (drinking and) Driving (MADD) and the anti-smoking campaign lend hope that we can do it.

Internet Security

We got the security we asked for.  

I remember all too vividly sitting with Sheila Brand and Marv Schaeffer in my conference room at 44 South Broadway in White Plains, trying to convince them that if DoD really wanted a B1 system from IBM, they should allow us to build it on the AS/400 platform where, among other things, object classification labels would be reliable.  They insisted that they needed something that would run the MVS job stream.  We were unable to convince them that was an over-constrained problem, that any system that could do that would, of necessity, be too open to be "secure" in any meaningful sense.They said that they understood that there would be compromises.  They went back to Washington and put so much pressure on their contractors, and indirectly on IBM, that we succumbed.

The results were bitter.  We devoted an entire annual release of MVS to building a B1 candidate and a lot of money getting it certified.  When we announced the results at SHARE, the reception was enthusiastic but the demand was far less so.  Marv Schaeffer was in the audience at the National Computer Security Conference when I announced that I had been heartened to hear that demand for the product was up by fifty percent until I was told that that was from 2 to 3.  

The issue was never about security but about magic.  It was about security at no cost.  This was not unique to DoD.  At every inflection point we have chosen open, popular, backward compatible, and cheap, over closed and secure.  How else does one account for the popularity of Android, particularly among geeks? Not only do they prefer Android to iOS but they heap scorn and vitriol on Apple for keeping iOS closed.   

One is reminded of Helen Custer's wonderful book describing wonderful Windows NT security. I thought "Right! Now they've got it!"  Of course, when Microsoft realized that it would not be open to legacy apps, games, and outside provided device drivers, the security architecture was first ruptured and then scrapped.  Today few Windows systems are operated in a manner that is as secure as Windows allows.

I think that the Internet began with the permissive rule, in part, because of a lack of imagination: no one was able to envision its success or importance.  Perhaps, in part, because the rule was necessary to its adoption.  Clearly one reason that TCP/IP drove SNA/SDLC from the market place was that it was an open architecture and an open implementation.  

All that said, the Internet is sufficiently secure for most of its applications. If this were not so, we would not be doing them.  That is not to say that it is secure as it might be.  Harry DeMaio liked to say that "Doing business on the Internet was like doing business in Times Square: while there is some business one would not like to do there, clearly a lot of business is done there."  On the other hand, a lot of fraud occurs in the private offices of Wall Street.  That is to say, all security and trust do not come from the environment.

Some trust comes from the reputation of one's trading partners.  When doing business on the Internet, I prefer to do business with the same firms that I have always done business with on the street, by phone, and by mail. These include American Express, Merrill Lynch, Fidelity, and Brooks Brothers.  There are exceptions.  I hold stock in Apple, Amazon, and eBay/PayPal.  No matter who you are, I am more likely to do business with you if you will accept payment from them.  Said another way, when doing business on the Internet, I rely upon the brand and compensating controls offered by my partners, not the Internet itself.  

While my partners do make some attempt to ensure that transactions in my name actually originate with me, few offer the authentication that I would like.  (PayPal, Google, and DropBox are notable exceptions.) Therefore, I do not rely exclusively on the authentication mechanism but check the confirmations and statements that I receive from them out of band.  I like that American Express will let me choose, by type or size, which transactions they will confirm out of band.

I find Apple's experiment with iOS very hopeful.  Unlike Google (Android) and Microsoft (Windows Mobile), Apple was willing to forgo backward compatibility.  They are coming up on a million purpose built apps, from scratch, and in less than five years.  

 

Steve Jobs'And, so far, I have to say, people seem to be liking the iPad. We are selling an iPad every 3 seconds.'

I like Google's out-of-band authentication scheme and Verisign's scheme that turns every iOS or Android device into a one-time-password token. Given that anyone can license these for pennies per transaction, session, or file, that they scale from very small to very large, that they resist credential replay attacks, and that users can opt in or out, that they are so sparingly offered and sparsely used supports my thesis.  So does the fact that almost any system can be compromised by a bait message that appeals to some user's greed, lust, sloth, or even curiosity. 

Security in the Internet will never be better than the absolute minimum we can get away with.  It will never be quite as good as it should be or as we know how to make it.  While that will be good enough for most of its applications, we will continue to use it for some applications for which it is not safe.  No matter, how good a job we do,  there will always be breaches.  Get over it.  Collectively that is how we chose it and continue to choose it.  

Newtown and the Elephant in the Room

Once more we are victims of an outrageous shooting.  Once more an emotionally unstable young man has dressed himself in black, armed himself with all too available and too powerful guns, and slaughtered innocents.  

The elephant in the room is a fear, not merely a rational distrust but an irrational fear, of government.  A significant portion of those who resist all gun control see themselves as the beleaguered defenders of liberty.  

They have abandoned the Rule of Law.  They believe that not only do they need their guns to defend themselves against government but that they are the last bulwark against tyranny.  They expect to "man the barricades" as in the musical Les Miserable.

The purchase of guns has spiked after the last two presidential elections.  Part of this was motivated by the fear that the Obama administration is anti-gun and will ban future purchases.  Part of it is based upon a fear that government is on the brink of collapse and that one will need guns to protect oneself from one's neighbors.  Part is based upon the fear that the government will become so tyrannical that the citizen will need guns to depose the tyrants.  

Indeed purchases spike after every outrage.  The fear here is part that that there will be a political response to the outrage that will make purchases more difficult in the future.  However, it is also fear that police and the Rule of Law are so weak that vigilantes are necessary, that all citizens, including teachers, must be armed.  It is a rejection of the fundamental idea that the use of armed force must be reserved to the state.  

It is ironic that those who trust law the least, who resist all attempts to regulate guns, appeal to the Constitution, the source of our law, to justify their resistance.  Equally ironic is it that each outrage is used to justify the continuation of the conditions that led to it and will inevitably lead to the another; take up arms as a protection against one's neighbor.  It is ironic that the policies supported by those who fear government contribute to the conditions in which government is most likely to be controlled by a tyrant rather than by law.  

The choice is not between an armed citizenry and "black helicopters."  Rather it is a choice between the Rule of Law and rule by men, by vigilantes, by the strongest bully on the block, by the gang leader, the war lord, by the most lawless, by those most likely to set themselves up as prosecutor, judge, jury, and executioner.  

The very existence of the Elephant depends upon the fact that we pretend that he is not there.  The contribution of fear of government to this problem persists in part because we fail, indeed refuse, to talk about it.  We have to confront it.  Every generation has to recommit to the Rule of Law, must surrender its claim to armed force to the state.  Each generation must understand the choice between a government of law and one of men, each generation must make the choice anew.  

We must begin by confronting the Elephant, the rhetoric of fear, fear of the tyrant.  

Government Secrecy

Candidate Obama promised increased transparency in government.  Like all of his predecessors, he quickly increased secrecy.  However, rendering lip service to his promise, he appointed an advisory committee on classification policy.  As reported by Elizabeth Goitein, this committee has recently issued recommendations.

I was reminded of an editorial that I had done for InfraGard iGTV.  The following excerpt seems both responsive and instructive. 

.....government systematically over classifies, partly out of bureaucratic habit, sometimes for political reasons, partly because the cost of protection is born by the users and custodians, not the classifier, of the data. At least partly as a consequence, it under protects.  Leaks are the inevitable consequence.  

Note that while these leaked documents are embarrassing and while the leaks will inevitably make recruiting more difficult, few of them required or deserved exceptional protection

As much as some national security types resist the idea, classification is an economic decision.  It  may not be a decision about the value of the data, or even about the value of preserving its  secrecy, but it is a decision about the cost that one is willing (for others) to incur to protect the data.  It is a decision about how to allocate scarce, in some cases limited security resources.  We protect data at the expense of data that we do not protect.  

Finally, we are relying on the integrity of people because they are cleared instead of because they are monitored and supervised.  According to the Times, only half of the computers in the SIPRNET are even equipped to monitor users for unusual access and far fewer than that are actually supervised.  

The Bush administration abused intelligence sources and distorted the security culture.  WikiLeaks is the inevitable result.

The pendulum must swing back but we have to both do the right thing and do things right.  Since the alleged leaker is alleged to have copied the data to a CD that he pretended to be listening to, DoD has ordered the removal of CD drives and USB ports.  This will prove to be about as effective forbidding the use of earphones. 

The right direction is fundamental, if not obvious.  We must classify fewer documents and limit access to those we do.  We must limit the access that insiders have, hold them accountable for the access they use, and use them to protect us from the outsiders.  We must clear fewer people and investigate, monitor, and supervise them better.  We must do all this while reforming the culture that rewards, rather than punishes, over classification

There are no surprises in this list, no silver bullets, no magical expectations.  Just hard work.  Please do not whine about how hard this is. Do not complain because it is difficult.  Do not even mention that there will still be leaks and that we will still be blamed.  That is why we are called professionals and are paid the big bucks."  

You may also want to check out my entry in this blog on the subject of Classification and Labeling

,

It's the data, Stupid!

 

(ConSec '12 presentation based upon this blog.)

 

One of the things that I try to bring to the table is historical perspective.    I argue for the importance of history, that if we do not know where we cane from, we cannot appreciate where we are, much less where we are going. I have been here longer than the average bear.  I can see things across time that are difficult to appreciate at a point in time.  

When I was selling computers for IBM and for almost a generation, we matched the scale of the computer to that of the enterprise.  Each enterprise had one computer, the most powerful that it could afford.  Chief executive officers did not have the discretion to buy a computer.  It was an economic decision for the enterprise comparable to that of building a new plant or committing to a new product.  It was a board level decision. While the CEO could say "no," he could not unilaterally say "yes."

As the scale of the technology has changed, as its price has fallen and its efficiency has exploded, the decision making has moved.  

By the time that the "minicomputer" came on the market, the decision had fallen to the level of the department.  We did not consciously make a decision to do that.  It was simply a reflection of the scale, price, and efficiency.  However, until very recently, most computers used in the enterprise were still purchased, owned, and managed, not to say controlled,  by the enterprise.

Recently we passed a tipping point;  most computers are now purchased, owned, and to the extent that they are. managed, by individuals, by consumers.  We buy them at Wal-Mart and Costco, next to groceries, diapers, paper towels, and bottled water.  Because they are so cheap and so powerful, they are used for things that we could not have imagined as recently as a decade ago.  

As I sit here, there are seven computers within 5 feet of me and nine screens within 9 feet.  They are all connected and interoperable. Moreover, to a first order approximation, they are connected to, and will inter-operate with, any and every computer in the world.  These do not count the application-only computers like my cable box, Sling-box, and "Smart-TV;"  they all "boot" so I assume that they are "computers."  

As I sit here, I am waiting for one great niece to decide between a Kindle Fire and an iPad and am replacing an iPhone for another who dropped her's in the toilet at the mall.  The discretion, the decision making power, has now fallen to the children.  Remember?  The decision is made one level below the guy who signs the order, the check or the credit card?  I only pay, the kids decide.  Their decisions impact the enterprise and the infrastructure, those things that you and I are expected to control and protect. 

Infants use computers.  I choose the term "use" advisedly.  They use them for their "work," at their age indistinguishable from "play," learning to master their environment.  They project the capability of one computer as requirements on another.  They "swipe" across TV screens and even magazine pages.  Seven year-olds write critical reviews of applications, and teen-agers know more about computers than the information technology elites of a generation ago.  Different things perhaps, but more.  

There are some things that are beneath their level of notice.  For the most part they are agnostic as to where an application runs and its data is stored.  They are oblivious as to what we used to call "speeds and feeds."  

It is almost impossible to remember that the first iPhone came out only five years ago and that about all it could do was phone calls, do e-mail, and browse.  Oops, I forgot; play music.  Apple and Google now have a couple of major announcements and ship dates a year.  Just to keep up! Teens track the features in new versions of iOS the way my generation tracked new car models.  By the time that YOU have figured out the security implications of one new product, another has shipped.  

I remember when I had to keep a list of e-mail gateways and use embedded addresses to get from one domain to another.  No longer; the address space has flattened.  Now I keep a list, shorter, but still a list, of application proxies to get me around fire-walls and other security restrictions.  When the Naval Postgraduate School blocked my access to AOL Instant Messenger, two students quietly gave me the addresses of two different proxies.  Proxies now come plug-n-play-in-a-box or simply run as servers in the Internet.

One niece and nephew go to a very traditional school, elite, but so traditional that they are still expected to carry fifty pounds of paper in and out of school everyday.  They can take their iPhones, but cannot use them, and iPads and MacBooks must still be left at home.  So, they use Dropbox, Evernote, and thumb-drives.  No matter what controls or road-blocks we throw in their way, they will get around them.     

The good news is that there are only two popular operating systems for the most popular consumer products, right?  iOS and Android?  All you have to know about, right?  The bad news is that there are dozens of versions of Android, all different, most open.   There is more bad news.

RIM has not gone away.  Windows Mobile has hardly gotten here.   Playstations and X-Boxes are becoming richer and more open.  Even Play Station Portables and DS Lites are being opened some.  Proxies and servers are popping up everywhere to expand their capabilities even further.  

As I write this on Evernote, I am using the Window's Evernote Client on my  Dell, but I am using the screen and key-board on my MacBook Air.  In order to find the Windows system across the room, the MacBook goes to an addressability server in the Internet where the Dell has published its IP address and port, perhaps thousands of miles away, and then comes back to a computer five feet away.  

             

The devices at the the edge are becoming smaller, cheaper, more diverse, more powerful, at an exponential rate. Now it is not news that one can buy gigabytes on a chip the size of one's pinky nail for $1/gig or that one can buy a terra-byte to fit in one's shirt pocket for under $100-.  

All of this is by way of saying that you cannot prevent contamination and leakage at the edge.  You no longer own or control the edge.  You cannot even see it.  It has been a battle since the edge began to include PCs but it is now clearly a lost cause.  It has probably been the wrong strategy all along.  

Focus on the data.  You do not control the edge but you do control the center.  

Know which data you want to protect.  The books of account, intellectual property, personally identifiable data.  You cannot protect all your data to the level that is required by these.

Prefer closed systems for this sensitive data.  Think AS/400 and Lotus Notes but you can close any system.  

Prefer object-oriented formats and databases to flat files for all sensitive data.  This should include document management systems.  The common practice of storing documents as file system objects is not appropriate for sensitive documents.  

Control access as close to the data source as possible.  

Prefer application-only access.  Prefer purpose-built application clients; think "apps." 

 

Prefer end-to-end encryption,that is edge device to application, not to the network, not to an operating system.  Remember that what appears to you to be the edge device may be a proxy for the real edge device.  

Prefer strong authentication for sensitive data; consider the edge device identity, for example, EIN or MAC address, as one form of evidence. Consider out-of-band to the user to resist replay.  

Meter the data rate at the source, not the edge; prefer one record or page at a time.  

Provide a high level of service.  You can make any control or restriction at least tolerable provided that you couch it in a sufficiently high level of service.  Remember that most leakage is of gratuitous copies.  These trade off cheap local storage against expensive bandwidth and high network latency.  The faster you can deliver data from the source, the fewer copies will be made at the edge.  

Now I am not in the business of recommending products here.  However, if you want to make the above easy, get Lotus Notes.  I can mention it because it has no competition.  

These measures are probably too expensive for the least sensitive data in the enterprise.  However, they are mandatory for the most sensitive data. It is for drawing the line that we are called professionals and paid the big bucks.

Austin to Aurora

Austin 1966

San Ysidro CA 1984

Edmond OK, 1986     

Ridgewood NJ 1991

Royal Oak MI 1991     

Dearborn MI 1993

Dana Point CA 1993

Oklahoma City 1995

Dunblane Scotland  1996

Columbine 1999

Goleta CA 2006

Virginia Tech 2007

Fort Hood TX 2009

Tucson AZ 2011

Utoya Norway 2011

A tragic litany.  More tragic because we have already forgotten some of the worst of them.  More tragic because they have become routine.  More tragic because it does not include the hundreds that die in gun violence every day.  Yet more tragic because we stand immobile as the rate and the scale escalate.  

Aurora CO 2012.  The citizens of Aurora can take great pride in their own courage and in how their First Responders reacted in the face of this insanity.  Of course,  New York City grants nothing in courage to any other city.  We have the most courageous and disciplined citizens.  We are confident that we have the best trained, best led, most professional, and most heroic fire and police men and women in the world.  We were not surprised to learn that the leader of Aurora's finest is one of ours.

Have you ever heard a more professional press briefing than was given by Aurora's Chief of Police, Dan Oates?  It was complete, accurate, and measured.  He said exactly what he intended to say.  He knew with precision what he did not want to say and deflected questions on those things in a professional manner.  Those of us who have been there understand that such a degree of professionalsim is the result of a lifetime of training, discipline and  experience.  We all got a little teary when he realized what a great job his team had done, that all the training had paid off.  

Another professional briefing came from Lt. Andra Brown of the San Diego Police Department.  She was called out of bed at dawn to run interference for the accused perpetrator's family.  That briefing is not yet on YouTube but perhaps it will still show up.  However, another of her interview is and it demonstrates that she is a pro.

Even the media has been restrained and professional.  They have not hounded the families of the victims, or even of the perpetrator, with "How does it feel to …..?"  While some of the questions put to the authorities were not going to get an answer, they were respectful and legitimate.  They gave the professionals the opportunity to explain to an anxious public why they cannot be answered.

I hope that our response as a nation continues to be measured and proportionate.  That is not to say "business as usual."  Business as usual is not proportionate.  

We need to take another look at gun control.  We are law enforcement and security professionals; ours is the art of the possible.  We do not allow the perfect to become the enemy of the good. Some place between where we stand and giving up any pretense at the Second Amendment, there has to be better place.  

That place includes an assault weapon ban, a ban on large capacity magazines, and a tax and controls on the purchase of ammunition.  Guns did not cause these events and no change in the law, which will no be more than marginally effective, is going to prevent them.  Dunblane and Utoya tell us that.  However, these are changes that stand on their own merit.  They are measured and consistent with both the Rule of Law and civil liberties.   

Our presidential candidates tell us that we should not act out of the anger and grief of the moment, that it is not timely.  I agree that we should not act out of anger and grief.  However, it is a year and a half since Tucson and two generations since Austin.  I stand with Mayor Bloomberg who asks "If not now, when?"

Over the weekend a journalist pointed out  that  the Metropolis of Batman is what our cities will look like if we surrender the state's monopoly on the use of armed force.  Batman is not a real hero.  Real heroes do not wear masks; they wear little shields that say "Serve and Protect."  Real heroes do not wear capes; they wear turn-out coats.  

No, Batman is a thug, a vigilante.  He has given up on the Rule of Law, on the idea of civil society.  We pretend that he is on the side of the good guys,  but we cannot allow individuals to administer their own brand of justice.  At least one, probably most, of the perpetrators of events in that litany, were, at least part of the time, at least in their own sick heads,  administering their own brand of justice.  

From Robin Hood to Batman, fantasy is populated by vigilantes.  It is part of our culture. It is motivated by our innate sense of justice and our frustration when an imperfect system fails to deliver it.  It is motivated by our historic fear of tyranny.  But we are grown-ups.  Grown-ups do not act out their juvenile fantasies.  We do not lionize those that do.  Vigilanteism is the problem, not the solution,

As citizens we have to be worthy of our First Responders.  We have to commit to the Rule of Law.  We have to perfect government, not abandon it.  Without surrendering our Liberties, we have to give up any claim to vigilante justice.. 

As law enforcement and security professionals we too have to commit to the Rule of Law.  If we are to maintain the state's monopoly on the use of force, then as the agents of the state, we must use it conservatively and professionally.  We must be civil.  We have to emulate the best of our peers and follow the best of our leaders.  We have to forswear arrogance, swagger, and intimidation.  Only then will we be seen as professionals and be paid the big bucks.

The Rule of Law

We use the code words, the rubric, the concept,  Rule of Law, often without thinking about what the concept  embraces. Indeed our application of the Rule is still evolving.  Every now and then it is useful to enumerate the components and measure ourselves against them.  

One definition of the Rule of Law is that every citizen is subject to the law.  "Not even the King" is exempt.  Thus, the concept of the Rule of Law is antithetical to the idea of the "Divine Right of Kings."

Under the Rule of Law, all use of deadly force is reserved to the king and his agents, to the state and the police.  While a citizen may use force in the defense of his home, in public places he has a "duty to retreat."  While we recognize certain exceptional circumstances in which an "un-sworn" citizen may exercise police powers, "exceptional" is the key word and the guiding principle.  

Recently, in an expressed intent to "reduce crime," some states have adopted laws which expand the circumstances under which the citizen may resort to armed force, but the results have been mixed at best.

Included in the idea of "not even the King" is that of a limited state and government. While most orderly and stable governments have generally accepted limits, in our constitutional system, at least in theory, ours is a government of enumerated powers.  The government may do only those things that it is explicitly authorized to do.  Everything else is reserved to the citizen and implicitly forbidden to the state. Our officials, officers, magistrates, and agents swear "to preserve and protect the Constitution." This is in stark contrast to the British who swear allegiance and loyalty to the sovereign, even though their Magna Carta may be the earliest example of express limits on the king.

Included in our understanding of the Rule of law is the presumption of innocence.   Some of us may think of this in terms of the responsibility of the state to bear the burden of proof in criminal trials.  However, this right follows us into the street.  We do not have to demonstrate our innocence in order to be able to travel.  "Driving while Hispanic" is not a crime and cannot be made one, not even in Arizona or Louisiana.  

An Independent judiciary is essential to the rule of law. Whether appointed or elected, the judiciary must, be able to operate without interference from or fear of other branches of government.  Military courts and tribunals are an exception to this rule so they must be used with care and restraint.  

Part of the idea of the rule of law is that of sanctity of contract, i.e., parties must do what they promise to do.   Indeed, a special form of contract, called treaty, is the basis of international law.  While most contracts are routinely carried out, and while they are rarely called upon to do so, under the Rule of Law, the courts may be called upon to adjudicate and enforce contracts.

The rule says the citizen may not be deprived of life or property without due process of law, that is without "following the exact course of the law."  Of course, killing a citizen without charge, indictment, arraignment, bail, timely trial by jury, and right of appeal would violate this principal.  "Nice people do not do that."  States that even pretend to the Rule of Law would not do that.  

While it may not be obvious until stated, the idea of equality before the law is implicit in the idea of the Rule of Law, that is, all are subject to the law.  Not only must the state treat all citizens equally, it must protect one from another.  This idea is troubling in a democracy because it is an exception to the Democratic Rule, the one that says "the majority rules."  Under the Rule of Law, the majority may not use the coercive power of the state to tyrannize and terrorize any minority.  The majority may not use the coercive power of the state to enforce majoritarian orthodoxy.  No thought police.  No censorship. No state religion or prayer.  The state may not compel an oath, any oath, not even one, particularly not one, of allegiance to the state.  

A fundamental test of the Rule of Law is that the citizen should not live in fear.  He should not fear his neighbors; he should not fear the King and his officers.  The citizen surrenders his right to the use of force to the state in return for protection from the thugs.  That is no bargain if he must fear the king more than the thugs.  Many of our minorities live in perpetual fear of the king. Do I have to name them?  We should all keep in mind that if the state can oppress anyone with impunity, it can oppress everyone with immunity.  

Like Liberty, the Rule of Law is indivisible.  The whole depends on each of the parts. One cannot pick and choose among them.  Pull out a brick and the structure falls. Courts, legislatures, law enforcement professionals, even information assurance professionals, and individual citizens must play their role in checking the inherently coercive power of the king and his minions. "The price of liberty is eternal vigilance."

The alternative to the Rule of Law is rule by men, fallible, corruptible, zealous, and ambitious men.  We call it tyranny.  As law enforcement and security professionals, we are often in the role of officers of the state; that is why this is an appropriate forum for this discussion.  We must periodically remind ourselves that we take our oath to the law, not to the majority, not to the state.  To carry out our duties in a professional manner and earn the big bucks, we must  strive for accuracy, honor, restraint, and courtesy.   We must wear the Rule of Law as our uniform, as our only authority.