As one aviation security consultant commented after the bombing, "This is the nightmare scenario."
From airports to federal facilities to shopping malls - the international engineering community is increasingly engaged in a security innovations race. Security is fundamentally about prevention. A security system is the set of things put in place, or done, to prevent adverse consequences. Like any other system, security systems can be attacked, can have flaws, and can fail. Security is an ongoing process; it's never done.
International security expert Bruce Schneier, in his book Beyond Fear: Thinking Sensibly About Security In An Uncertain World (2003), outlines a five-step process to analyze and evaluate security systems technologies, and practices.
- Step One: What assets are you trying to protect? This question might seem basic, but a surprising number of people never ask it. The question involves understanding the scope of the problem. For example, securing an airplane, an airport, commercial aviation, the transportation system, and a nation against terrorism are all different security problems, and require different solutions.
- Step Two: What are the risks to these assets? Here we consider the need for security. Answering it involves understanding what is being defended, what the consequences are if it is successfully attacked, who wants to attack it, how they might attack it, and why.
- Step Three: How well does the security solution mitigate those risks? Another seemingly obvious question, but one that is frequently ignored. If the security solution doesn't solve the problem, it's no good. This is not as simple as looking at the security solution and seeing how well it works. It involves looking at how the security solution interacts with everything around it, evaluating both its operation and its failures.
- Step Four: What other risks does the security solution cause? This question addresses what might be called the problem of unintended consequences. Security solutions have ripple effects, and most cause new security problems. The trick is to understand the new problems and make sure they are smaller than the old ones.
- Step Five: What costs and trade-offs does the security solutions impose? Every security system has costs and requires trade-offs. Most security costs money, sometimes substantial amounts; but other trade-offs may be more important, ranging from matters of convenience and comfort to issues involving basic freedoms like privacy. Understanding these trade-offs is essential.
Some of this seems obvious and the process will not lead to the answer. The point is that the process will provide a mechanism to evaluate a proposed answer. It is about the questions. The engineering community must constantly ask new and different questions. As famous foreign policy expert and author George Kennan commented in a 1949 speech to the Academy of Political Science - "The problems of this world are deeper, more involved, and more stubborn than many of us realize." For the engineering community, that means in the context of security systems, it's never done.