Our Reaction Is the Real Security Failure

By Bruce Schneier
AOL News
January 7, 2010

In the headlong rush to "fix" security after the Underwear Bomber's unsuccessful Christmas Day attack, there's far too little discussion about what worked and what didn't, and what will and will not make us safer in the future.

The security checkpoints worked. Because we screen for obvious bombs, Umar Farouk Abdulmutallab -- or, more precisely, whoever built the bomb -- had to construct a far less reliable bomb than he would have otherwise. Instead of using a timer or a plunger or a reliable detonation mechanism, as would any commercial user of PETN, he had to resort to an ad hoc and much more inefficient homebrew mechanism: one involving a syringe and 20 minutes in the lavatory and we don't know exactly what else. And it didn't work.

Yes, the Amsterdam screeners allowed Abdulmutallab onto the plane with PETN sewn into his underwear, but that's not a failure either. There is no security checkpoint, run by any government anywhere in the world, designed to catch this. It isn't a new threat; it's more than a decade old. Nor is it unexpected; anyone who says otherwise simply isn't paying attention. But PETN is hard to explode, as we saw on Christmas Day.

Additionally, the passengers on the airplane worked. For years I've said that exactly two things have made us safer since 9/11: reinforcing the cockpit door and convincing passengers that they need to fight back. It was the second of these that, on Christmas Day, quickly subdued Abdulmutallab after he set his pants on fire.

To the extent security failed, it failed before Abdulmutallab even got to the airport. Why was he issued an American visa? Why didn't anyone follow up on his father's tip? While I'm sure there are things to be improved and fixed, remember that everything is obvious in hindsight. After the fact, it's easy to point to the bits of evidence and claim that someone should have "connected the dots." But before the fact, when there are millions of dots -- some important but the vast majority unimportant -- uncovering plots is a lot harder.

Despite this, the proposed fixes focus on the details of the plot rather than the broad threat. We're going to install full-body scanners, even though there are lots of ways to hide PETN -- stuff it in a body cavity, spread it thin on a garment -- from the machines. We're going to profile people traveling from 14 countries, even though it's easy for a terrorist to travel from a different country. Seating requirements for the last hour of flight were the most ridiculous example.

The problem with all these measures is that they're only effective if we guess the plot correctly. Defending against a particular tactic or target makes sense if tactics and targets are few. But there are hundreds of tactics and millions of targets, so all these measures will do is force the terrorists to make a minor modification to their plot.

It's magical thinking: If we defend against what the terrorists did last time, we'll somehow defend against what they do one time. Of course this doesn't work. We take away guns and bombs, so the terrorists use box cutters. We take away box cutters and corkscrews, and the terrorists hide explosives in their shoes. We screen shoes, they use liquids. We limit liquids, they sew PETN into their underwear. We implement full-body scanners, and they're going to do something else. This is a stupid game; we should stop playing it.

But we can't help it. As a species we're hardwired to fear specific stories -- terrorists with PETN underwear, terrorists on subways, terrorists with crop dusters -- and we want to feel secure against those stories. So we implement security theater against the stories, while ignoring the broad threats.

What we need is security that's effective even if we can't guess the next plot: intelligence, investigation and emergency response. Our foiling of the liquid bombers demonstrates this. They were arrested in London, before they got to the airport. It didn't matter if they were using liquids -- which they chose precisely because we weren't screening for them -- or solids or powders. It didn't matter if they were targeting airplanes or shopping malls or crowded movie theaters. They were arrested, and the plot was foiled. That's effective security.

Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We're reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.

If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.

earlier essay: Fixing a Security Problem Isn't Always the Right Answer
later essay: Stop the Panic on Air Security
categories: Airline Travel, Terrorism
back to Essays and Op Eds

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..