Security luminary Bruce Schneier has described security theater as a series of countermeasures designed to provide the feeling of improved security while doing little or nothing to actually make us safer.
I found the perfect example of that last week during a trip to New York for CSO's forum on PCI security.
During some downtime I decided to take a walk around Midtown and wound up at the Empire State Building. I decided to go up to the observation deck, figuring it would be a quick side trip.
Inside, I went through a screening line that resembles a TSA airport security checkpoint or the security line one wades through when entering a court building. Fine, I thought. This is just the way it is in the post 9-11 world. This is arguably the best known building in Manhattan and it's a tempting target for terrorists.
From there, however, people are sent through a ridiculous maze on the way to the first elevator. It's partly designed to guide people to the right places, though it seemed to sow more confusion instead. It also appears designed to slow down anyone who might be looking to cause trouble.
Along the way, peddlers stake out parts of the maze and try to sell you things: a hand-held device that tells you where to find certain landmarks below, a fancy map that does the same, etc.
This brought two things to mind: First, the security layout may well be a sham designed to slow people down so peddlers can sell them stuff. Second, if it's genuinely designed for security, it's all theater and no substance.
If anything, the maze creates more of a security risk by throwing obstacles in the way of people who might have to evacuate in an emergency.
This space is usually devoted to vendors and PR flaks who try to use FUD to drum up publicity for security products. But the government and owners of places like the Empire State Building also use FUD as a device in their own brand of security theater.
By setting up loud security barriers like this, they are doing their part to create an atmosphere of fear, when they are really out to make people feel safe.
All I know is this: If a skyscraper is on fire and I need to get out in a hurry, the last thing I want is a big obstacle course in my way on the ground floor.
About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD - overhyped security threats that ultimately have little impact on a CSO's daily routine. The goal: help security decision makers separate the hot air from genuine action items. To point us toward the industry's most egregious FUD, send an e-mail to email@example.com.