Security Theater

There's little downside to being alarmist about terror, so we spend too much on measures that evoke feelings of security without actually improving it.

At the time, it seemed reasonable. Richard Reid tried to ignite explosives hidden in his shoe while aboard a December 2001 flight from Paris, so Congress banned butane lighters on planes.

But in retrospect, the costs of the ban outweighed the benefits. Airport retailers had to stop selling lighters. Lighter vendor Zippo Manufacturing Co. laid off more than 100 workers in part because of the prohibition. Transportation Security Administration screeners at one point had to confiscate 30,000 lighters every day, quadrupling the amount of garbage the agency had to dispose of. TSA even had to hire a contractor to help with all the extra trash.

Meanwhile, the security benefit was minimal. Passengers were allowed to bring matches on board planes, so a determined bomber still could ignite explosives. TSA Administrator Kip Hawley later acknowledged that the search for lighters distracted screeners from the much more important task of watching for explosives and bomb components. As of Aug. 4, Hawley announced in late July, the ban will be lifted.

Author and security consultant Bruce Schneier has dubbed such cost-ineffective measures "security theater" because they evoke feelings of security without actually improving it. But it's easy to understand how the lighter ban came to pass. Lawmakers wanted to show voters they were doing something in response to Reid and the Sept. 11 terrorist attacks. Airlines were eager to restore confidence and happy to let the federal government take on the cost and responsibility of baggage screening. Neither had a motivation to argue that shoe bombers did not represent a serious enough threat to aviation to merit the lighter ban, or even to ask the question of whether they posed such a threat. Alarm overpowered reasonable cost-benefit analysis and a measured response.

Welcome to homeland security, where everyone has an incentive to exaggerate threats. A Congress member whose district includes a port has little to lose and much to gain by playing up the potential for container-borne terrorism. A city with a dam talks up the need to protect critical infrastructure. A company selling weapons-detection technology stresses the vulnerability of commercial aviation. A civil servant evaluating homeland security grant applications has an interest in over-estimating dangers that might be addressed by grantees rather than denying funding and risk blame in the event of a disaster.

Each has an incentive to be alarmist. Hardly any of the players has good reason to contemplate terrorism reasonably or to consider threats in terms of probability and finite budget resources. That lonely job falls to the Homeland Security Department, which, four years after its creation, is just beginning to integrate the complicated notion of risk analysis into its work. Most observers credit Homeland Security Secretary Michael Chertoff with talking enough about risk-not just threats-to bring some improvement. But they also say the climate of fear makes it nearly impossible to have a dispassionate discussion about the real threat of terrorism and the response it truly merits.

Overblown

John Mueller suspects he might have become cable news programs' go-to foil on terrorism. The author of Overblown: How Politicians and the Terrorism Industry Inflate National Security Threats, and Why We Believe Them (Free Press, 2006) thinks America has overreacted. The greatly exaggerated threat of terrorism, he says, has cost the country far more than terrorist attacks ever did.

Watching his Sept. 12, 2006, appearance on Fox & Friends is unintentionally hilarious. Mueller calmly and politely asks the hosts to at least consider his thesis. But filled with alarm and urgency, they appear bewildered and exasperated. They speak to Mueller as if he is from another planet and cannot be reasoned with.

That reaction is one measure of the contagion of alarmism. Mueller's book is filled with statistics meant to put terrorism in context. For example, international terrorism annually causes the same number of deaths as drowning in bathtubs or bee stings. It would take a repeat of Sept. 11 every month of the year to make flying as dangerous as driving. Over a lifetime, the chance of being killed by a terrorist is about the same as being struck by a meteor. Mueller's conclusions: An American's risk of dying at the hands of a terrorist is microscopic. The likelihood of another Sept. 11-style attack is nearly nil because it would lack the element of surprise. America can easily absorb the damage from most conceivable attacks. And the suggestion that al Qaeda poses an existential threat to the United States is ridiculous. Mueller's statistics and conclusions are jarring only because they so starkly contradict the widely disseminated and broadly accepted image of terrorism as an urgent and all-encompassing threat.

American reaction to two failed attacks in Britain in June further illustrates our national hysteria. British police found and defused two car bombs before they could be detonated, and two would-be bombers rammed their car into a terminal at Glasgow Airport. Even though no bystanders were hurt and British authorities labeled both episodes failures, the response on American cable television and Capitol Hill was frenzied, frequently emphasizing how many people could have been killed. "The discovery of a deadly car bomb in London today is another harsh reminder that we are in a war against an enemy that will target us anywhere and everywhere," read an e-mailed statement from Sen. Joe Lieberman, I-Conn. "Terrorism is not just a threat. It is a reality, and we must confront and defeat it." The bombs that never detonated were "deadly." Terrorists are "anywhere and everywhere." Even those who believe it is a threat are understating; it's "more than a threat."

Mueller, an Ohio State University political science professor, is more analytical than shrill. Politicians are being politicians, and security businesses are being security businesses, he says. "It's just like selling insurance-you say, 'Your house could burn down.' You don't have an incentive to say, 'Your house will never burn down.' And you're not lying," he says. Social science research suggests that humans tend to glom onto the most alarmist perspective even if they are told how unlikely it is, he adds. We inflate the danger of things we don't control and exaggerate the risk of spectacular events while downplaying the likelihood of common ones. We are more afraid of terrorism than car accidents or street crime, even though the latter are far more common. Statistical outliers like the Sept. 11 terrorist attacks are viewed not as anomalies, but as harbingers of what's to come.

Demystifying Security

Sept. 11 was so dramatic and scary that even suggesting that some of the resulting fear is unjustified seems blasphemous. Indeed, the release in July of a new National Intelligence Estimate and its reports of a resurgent al Qaeda served to renew and stoke those fears. But the point is not that terrorists don't exist, or that terrorist attacks won't happen. It's that the pervasive alarm about terrorism obscures the most important question the nation must grapple with: "What level of protection is enough?" Seeking 100 percent security is quixotic. There always will be some risk, but how much can we live with?

This question remains unanswered because the political climate created by alarmists, however well-intentioned, prevents it from being raised. Those who try are quickly punished. Democratic presidential candidate John Kerry said in 2004 that the goal should be to reduce terrorism to the level of organized crime-a nuisance but not "the focus of our lives." The Bush campaign immediately pounced, calling Kerry "unfit to lead," and he never used such rhetoric again.

The question "How much risk can we live with?" cuts to the heart of homeland security because the answer should guide the way government spends money, the primary tool for fighting terrorism. We simply cannot protect everything, and because budget resources are limited, spending security money protecting one asset means leaving another vulnerable. We must spend effectively and strategically. That means employing sound cost-benefit analyses to reduce risk to manageable levels is the only reasonable goal. Industry has a word for this kind of strategic thinking: risk management.

"Risk management is about playing the odds," writes Schneier in Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, 2003). "It's figuring out which attacks are worth worrying about and which ones can be ignored. It's spending more resources on the serious attacks and less on the frivolous ones. It's taking a finite security budget and making the best use of it. We do this by looking at the risks, not the threats."

Schneier wants to demystify security for the masses. He rails against the paternalism of politicians and pundits who, he says, purport to have the answers to complex security dilemmas. Schneier, who once implemented security solutions for the Defense Department and has consulted for other governments and financial institutions, says there are no right answers. Security is all about trade-offs, and anyone can make those judgments.

'Peanut Butter' Spending

DHS has received $130 billion in budget authority since 2001 and that certainly buys more security. But more security does not necessarily make the country more secure. How much risk has that $130 billion bought down? No one knows because DHS has neither a long-term, risk-based strategic plan nor a comprehensive way of measuring risk reduction. Mueller, Schneier and many others suggest that politics, not risk, determines how the department spends money. It's not the politics of insider contracts and influence peddling, but the need to be seen as responding somehow to bad news while at the same time not knowing which reaction, if any, is appropriate.

Examples of questionable priorities abound. Intelligence and warning capabilities are less visible than detectors and other more high-profile security measures, but nearly everyone agrees they are vital to counterterrorism. Yet such programs account for less than 1 percent of government spending on homeland security, according to the Congressional Research Service.

Veronique de Rugy, a fellow at the American Enterprise Institute for Public Policy Research and a visiting scholar at George Mason University's Mercatus Center, has studied DHS' budget extensively. She points out that TSA will have spent more than $14.7 billion in five years screening airline passengers when it could have reduced most of the risk with a single measure that will cost only $100 million over 10 years: reinforcing cockpit doors. A would-be hijacker's options are severely limited if the cockpit is inaccessible.

De Rugy sees significant problems in DHS grant programs. By the end of fiscal 2008, DHS will have given $12 billion in grants to state and local governments without a way to measure whether the investment has reduced the risk of terrorism. In particular, de Rugy faults congressional requirements that originally guaranteed each state a minimum allotment. Instead, DHS should be focusing on a few high-risk areas, she says. "They think 'If we do something about it, no matter what [good it does], then we can claim we're on top of everything,' which is exactly the opposite," says de Rugy. "If you're spread really thin, you're not achieving anything."

Chertoff refers to this as "spreading the money around like peanut butter on a piece of bread, with everybody getting a little bit." He opposes it. In his first major address as secretary in March 2005, Chertoff said DHS actions should be dictated by risk, not by threats, even though threats capture the focus and imagination of the public and media. "A terrorist attack on the two-lane bridge down the street from my house is bad, but has a relatively low consequence compared to an attack on the Golden Gate Bridge," he said.

The secretary's influence is visible in homeland security grant programs. At first, the department crudely calculated risk by using population as a proxy. Later, figures for the extent of threat and the presence of critical infrastructure were added to the equation. Chertoff introduced a new equation: Risk is equal to threat times vulnerability times consequence.

For the first time, DHS is considering probabilities in the calculations that drive grants and other security investments.

And after the department's controversial Urban Areas Security Initiative grants ignited a firestorm last year, officials refined the program. Applicants now must submit an investment justification for the funds they are requesting. The list of critical infrastructure considered when calculating a city's risk now has only 2,100 facilities-mostly dams, power plants and other significant structures, according to Chertoff. (The fiscal 2006 list, mocked for including a popcorn factory and a hot dog stand, included 200,000 assets.) And perhaps most significantly, DHS now rates all parts of the country as equally vulnerable to attack. Thus, the likely consequences of an attack account for 80 out of 100 "risk points," making that the predominant factor in choosing where to allocate $746 million. The other 20 points are determined by threat analyses.

Risk Simulator

Risk management long has been used in the finance, insurance and engineering fields. But applying it to counterterrorism is much more difficult because uncertainty about terrorists' intent and capabilities requires some guesswork. Chertoff gets credit for elevating the concept of risk, but even his backers say the department has a long way to go. "I applaud him; he introduced the idea of risk and it has caught on," says Randy Beardsworth, formerly DHS' assistant secretary for strategic plans. "But it's caught on at the 101 level. We need to move to the graduate level-the 501." This is where risk gets more complicated. Beardsworth says the government is much better comparing risk at the tactical level-one nuclear plant versus another-than at the strategic level. Is there more risk associated with air travel or mass transit, for instance?

Before leaving DHS in September, Beardsworth was leading a working group to develop a strategic risk tool for Chertoff. The tool would allow him to compare the risk reduction impact of different programs. In one case, DHS could spend millions more dollars and still not lower the risk appreciably. In another case, a small additional investment would reduce risk substantially. In short, the DHS secretary could articulate clear and understandable reasons for making investments. "The cynics will say it's all politics," Beardsworth says. "But as a career guy, I really don't care. This is the right way to look at how to spend money in the homeland security world."

Beardsworth says work on the tool stalled after he left. It seems to have been picked up by the new Risk Management and Analysis Office in the Directorate for National Protection and Programs created last year. That office began functioning in April, the first time a single entity has collected risk information departmentwide. Its first tasks are cataloging the risk management methodologies DHS component agencies use and developing a single set of common principles.

"It'd be a nice, neat area to say there's only one [risk] formula," says Tina Gabbrielli, acting director of the Risk Management and Analysis Office. "If that were the case, I'd have a pretty easy job. What I learned quickly is that when it comes to risk and risk analysis methodologies, one size does not fit all." The long-term goal is to allow the DHS secretary to know, for instance, how the department can best reduce risk over the next five years. But Gabbrielli admits that capability is a long way off.

The level of difficulty becomes clear when considering actual applications-transportation systems, for example. Does an improvement in an airport's weapons screening technology really buy down any risk? Or does it simply shift risk, pushing the terrorist to find a way around checkpoints, such as an employee entrance. Does outfitting commercial jets with systems to defend against shoulder-fired missiles-which could cost as much as $1 million per plane-reduce the risk of attack or simply motivate the terrorist to aim his missile at another target?

This is where a new risk management analysis tool comes in. TSA issued a solicitation in late June for a computer simulator that would measure the effectiveness, in terms of risk reduction, of various aviation countermeasures. The simulator would use terrorist teams and government teams and would test multiple defense systems to find the most effective sequence of countermeasures.

The problem, de Rugy points out, is that even though DHS is making progress implementing risk management, more terrorist attacks likely will occur. And when they do, the alarm bells will ring, making it nearly impossible to honestly debate security priorities. "Even if it's, like, 50 people being killed, which is horrible, it's very likely it's something not worth investing billions of dollars," she says. "And who's going to be saying that?"