--AlexSchroeder, 11-Sep-2006
There are two kinds of security. One is control, and one is creating "organic" security.
Your post talks about visible/invisible security, but control-based security can be either (rent-a-cops or CCTV, respectively). How about this division:
Organic security builds on self-healing systems and generally systems that are in a deep equilibrium. Most problems are dealt with equilibrium-seeking processes before the problems actually can be seen. Costs of organic security are hidden (but are typically shared by other processes in the system). Organic security can be grown basically by guaranteeing that everyone has a relatively nice life and a good safety net; applying a friendly foreign policy; by creating right type of cities (architecture and population mix); teaching understanding and tolerance to your kids; and being able to actually calculate statistical probabilities for bad things instead of falling for populistic security theatre.
Control-based security has to be constantly maintained by exerting an outside force. The costs are clearly visible, and the control is broken at any time, security ends there. Control-based security is fine in safety engineering and certain software systems, but I generally loathe it when it is applied to people - for control is expensive, it decreases freedoms, usually forgets the probabilities of bad things and concentrates on security theatre that "looks good", and false positives abound. In addition, it is usually completely ineffective against professionals, because they will just pick another target.
I believe that I would both feel and be much safer with the first option...
--avs, 12-Sep-2006
Yup. Well said.
--JanneJalkanen, 12-Sep-2006
Really? I'd disagree with the point avs made on control-based security merely concentrating on "theatre that looks good." That may be true for a lot of security in a post 9/11 world (consider restrictions on the flights in the US that used to include not allowing anyone to bring on a toenail clipper), however not all of it is mere theatre.
If that was true then we wouldn't need any security at airports. Someone could board a plane without the need for going through a metal detector or anything else.
Perhaps the point is that we can't have metal detectors everywhere and adding extra scrutiny just adds to personal apprehension over the security itself. There is truth in that. However, all of this is a balancing act. If you were a police officer and received information about a credible threat, wouldn't you do whatever is in your power to prevent it? If you didn't do anything and something bad happened would you feel partially responsible? If you did too much and nothing happened, did your timely action (adding extra security to a building) prevent the attack?
Balance is the key and unfortunately, it is not always used intelligently based on the problem. It seems in the US, we've got a certain amount of security that is used for political expediency to cause that additional fear you feel and so make people flock towards the hawkish political party, or to show that the party in power is doing everything to protect you from your unknown assailant.
I followed the link over to your blog from the jspwiki update. Thanks for the update and great work on that. In typical wiki fashion, I couldn't keep my mouth shut on this blog post :-).
--JeffR, 12-Sep-2006
@JeffR:
Agreed, not all control-based security is theatre. Much of it, however, is.
Metal detectors at airport gates are good control-based security. Access keys to company buildings are good control-based security.
But IMO, that's about as far as it goes. The rest of society would be better off with organic security.
--avs, 13-Sep-2006
More info...
Add comment
Back to entry
|
"Main_comments_110906_1" last changed on 13-Sep-2006 08:58:27 EEST by avs. |