Thursday, May 31, 2007

MRAPs Lose to Arms Race

Three weeks ago I wrote about Vulnerability-Centric Security regarding the Mine Resistant Ambush Protected (MRAP) vehicle, the US Army's replacement for the Hummvee pictured at left. I consider the MRAP an example of the failures of vulnerability-centric security. This morning USA Today's story MRAPs can't stop newest weapon validates my thoughts:

New military vehicles that are supposed to better protect troops from roadside explosions in Iraq aren't strong enough to withstand the latest type of bombs used by insurgents, according to Pentagon documents and military officials.

As a result, the vehicles need more armor added to them, according to a January Marine Corps document provided to USA TODAY...

"Ricocheting hull fragments, equipment debris and the penetrating slugs themselves shred vulnerable vehicle occupants who are in their path," said the document...

EFPs are explosives capped by a metal disk. The blast turns the disk into a high-speed slug that can penetrate armor.


Even with additional armor, the augmented MRAPs will still be vulnerable. This is because attackers possess advantages that defenses cannot overcome. In April I wrote Threat Advantages, which describes the strengths I see digital threats offering.

At least John Pike understands this problem.

It's doubtful new armor can stop all EFPs, said John Pike, director of Globalsecurity, a Washington-based defense think tank.

"Short of victory, they're going to continue to figure out ways to kill Americans," Pike said of the insurgents. "In any war, it is measure and countermeasure."


Investor's Business Daily agrees:

[W]e know the insurgency won't be put down with such defensive technologies. Better armor won't kill jihadists and suicide bombers. Better intelligence and better offensive tactics will.

In the digital realm, offense means actions to deter, investigate, apprehend, prosecute, and incarcerate threats. Sitting behind higher, deeper walls is not the answer. Neither is trusting the victim (the hardware, OS, application, or data) to defend itself.

5 comments:

Anonymous said...

It is always better to kill the threat, but sometimes that is not possible (political/legal reasons/trouble finding them, etc). If I had a choice of riding in a soft shell Hummer or an MRAP I would take the MRAP any day.

Jonathan said...
This comment has been removed by a blog administrator.
Richard Bejtlich said...
This comment has been removed by the author.
Anonymous said...
This comment has been removed by a blog administrator.
Richard Bejtlich said...
This comment has been removed by the author.