Jonathan's Pancheria

dotcom Thousandaire

Bruce Schneier on intelligent terrorism security

He’s said it before in many different ways, but I finally found a bunch of statements in a single posting of his that summarizes his what I think is very correct thinking about terrorism prevention:

The problem with building security around specific targets and tactics is that its only effective if we happen to guess the plot correctly. If we spend billions defending [target type A] and terrorists bomb [target type B] instead, we’ve wasted our money. If we focus on [event type X] and terrorists attack [event type Y], we’ve wasted our money.

[…]

The following three things are true about terrorism. One, the number of potential terrorist targets is infinite. Two, the odds of the terrorists going after any one target is zero. And three, the cost to the terrorist of switching targets is zero.

We need to defend against the broad threat of terrorism, not against specific movie plots. Security is most effective when it doesn’t require us to guess. We need to focus resources on intelligence and investigation: identifying terrorists, cutting off their funding and stopping them regardless of what their plans are. We need to focus resources on emergency response: lessening the impact of a terrorist attack, regardless of what it is. And we need to face the geopolitical consequences of our foreign policy.

In 2006, UK police arrested the liquid bombers not through diligent airport security, but through intelligence and investigation. It didn’t matter what the bombers’ target was. It didn’t matter what their tactic was. They would have been arrested regardless. That’s smart security. Now we confiscate liquids at airports, just in case another group happens to attack the exact same target in exactly the same way. That’s just illogical.

The problem is it’s much harder to make it look like you’re doing something so when the next attack comes you can say how much work you were doing protecting target type A and event type X, and the only way you could have prevented the attacks on target type B and event type Y would be more resources.

Published on 04/09/2008 at 06:23PM under . Tags , ,

Comment Bruce Schneier on intelligent terrorism security

Powered by Typo – Thème Frédéric de Villamil | Photo L. Lemos