There are few things as pointless,  and damaging, as creating a false sense of security.  Despite this we – both as individuals and as a collective group – frequently engage in doing so.

This kind of behavior – frequently called Security Theater, especially when done in an official capacity – is dangerous, pointless and wasteful.

Security Theater is – at it’s core – doing something that looks like security for the sake of being able to say that we’re doing something to combat a threat.  There are many problems with this.

  • It gives a false sense of security,  which lowers alertness and creates complacency.
  • It wastes valuable time and money – both of which could be used to combat real threats
  • It can do no wrong – when it fails to deter or prevent a threat it’s not because the system failed it’s “because we need it to be more strict”.
  • It often ventures into the land of the ridiculous – treating 4 year olds and geriatrics as serious threats.

Humans are historically bad at subjectively identifying risks with any degree of accuracy. We need to stop being reactive in our approach to security – especially when our reactions appear to be knee-jerk in origin – and take a pro-active approach to managing risks.  People in the security space understand this very well – one of the most important pieces of an effective security program is risk management.  By it’s nature this means being proactive about identifying and mitigating real potential risk using effective mitigation strategies.

(Author’s note: another incarnation of Security Theater is “Checklist Security“, which is what happens when you have an ineffective security program)

Security Theater is beyond stupid – it’s negligent.

We can do better.

We must do better.