Opinion

Eight Years After 9-11: Better Security or Just Luck?

On this anniversary of the 9-11 terrorist attacks, some security practitioners believe America's a safer place. Others say the absence of a major attack in eight years is just a matter of chance. Who's right?

By Bill Brenner and Derek Slater

September 11, 2009CSO

There have been many terrorist attacks around the world these last eight years, but nothing matching the magnitude of what happened on Sept. 11, 2001. In an informal poll of security experts, some say it's a testament to better security at landmark buildings, ports, military installations and elsewhere. Others attribute the stateside peace as a matter of luck.

Recall that before 9-11, the Department of Homeland Security did not exist (although most of its components did). The Transportation Security Administration had not been created; nor had its rules and procedures that have engendered so much debate among security professionals as well as airline travelers. On the cybersecurity side, awareness of real or potential digital espionage and warfare is much higher today, though also subject to disagreement. Cybersecurity leadership in the government has been subject to quite a bit of turnover. Privately-owned critical infrastructure companies and groups have taken some steps, creating security programs and leadership positions.

Unquestionably, then, action has been taken and money spent. Still vulnerabilities remain, and so does the debate over the country's level of safety.

The 'lucky' view is held by Dennis Thibodeaux, director of digital forensics at the American College of Forensic Examiners Institute and chairman of the American Board of Information Security and Computer Forensics. As far as hes concerned, the government has wasted billions of dollars on security theater and largely ignored needed defenses for critical infrastructure.

"We are NOT SAFER since 9-11," he said. "We have been extremely lucky. They wont attack us by air next time, but will take advantage of our weaknesses in port security and commercial shipping. Ports, power plants, dams, bridges—they're all vulnerable. They will get here by simply walking across the border from Mexico or Canada."

Also see CSO's exclusive interview with noted expert Steve Flynn, Port and Cargo Security: How is the USA Doing Now?


Tim Giles, former director of security at IBM and author of the book How to Develop and Implement a Security Master Plan, cited DHS's color-coded advisory system as an example of a largely ineffective measure. "It was totally misused in the beginning," he said. "Of the five color codes, the level was never one of the two lowest. Every time they raised the code it would cost police departments millions of dollars in overtime, and half of the time [DHS] didn't even tell them why they were raising it. There are just a lot of problems with that. The new department is looking into doing away with that system, which would be good."

9-11

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors