I heard a news story this morning about the possible bomb that was found at Newark Airport. The reporter went on to say that TSA is “ratcheting up security” and searching bags with more scrutiny in the event the threat is real.
What I want to know is (and can’t seem to find the answer to): why is it we “ratchet up security” when a such threat is detected rather than putting controls and processes in place that allow us to remain vigilant at all times?
So, we see a threat, we scurry to lock things down, and a few minutes or weeks later (or years in the case of the 9/11 attacks) we get back into our old complacent ways. I wrote about this phenomenon earlier this year in this piece for Security Technology Executive magazine:
…I just don’t get it.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”