Monday, December 28, 2009

It wasn't an "Intelligence" or "Security" failure

All weekend long, there's been a ton of stuff in print, on TV, and all through the Blogosphere about the terror attack on the Northwest flight from Amsterdam to Detroit. In many of these, it's being labeled an "Intelligence failure", or a "Failure of airline security". All this misses the point.

Which is Intelligence and airline security are bound to fail. Intelligence is - and will always be - imperfect in collection, and subject to poisoning by the adversary. Air travel is a porous target - repeated "penetration tests" show a 100% success rate in compromising the system. Look, any system that has to move several hundred million passengers a year is by necessity going to have all sorts of failure points.

Could the international Intel agencies have done better? Sure. Could TSA improve security and lessen hassles? Sure. Can either move the failure rate down significantly? I don't think so.

As long as you play defense, you're going to lose. If your adversary is clever, and patient, and well funded, he'll get you. He can study your defenses, pick a vulnerable target, and plan an attack to bypass your counter measures. In the long run, he'll win.

It will be a long, long time before the Intel archives of the last decade are declassified. In the cold light of day, it will be clear that a lot of the "thwarted" terror attacks were nothing of the sort. What will be clear is that Bush's decision to go on the attack - to take the battle to the Arab heartland where Al Qaeda had to respond, or lose relevancy to its intended supporters - was the decisive moment. Bush didn't "take his eye off the ball" by going to Iraq, he forced Al Qaeda to fight our battle, rather than them forcing us to fight theirs. Their resources went to operations other than attacking airliners.

It remains to be seen whether the Democrat's desire to withdraw from Bush's aggressive overseas engagements will put us on the defensive; certainly they want us on the defensive. I fear that Al Qaeda has been hurt, but not fatally.

Defense always loses in the long run. If we play defense, it's not a question of "if" - only "when" and "how".

UPDATE 28 December 2009 11:07: Unbeknownst to most people, there exists a set of immutable Laws of Security. Marcus Ranum described the first - and greatest - of these. Sometimes it's easier to not do something stupid than it is to do something smart. The TSA is fixin' to destroy that village air travel market in order to save it.


David aka True Blue Sam said...

You nailed it!

TOTWTYTR said...

"Attack rapidly, ruthlessly, viciously, without rest, however tired and hungry you may be, the enemy will be more tire, more hungry. Keep punching."

Gen. George S. Patton Jr.

Eagle said...

Nobody ever won a [insert competition here] by playing defense.

Just as the Maginot line was useless as a defense against Germany's advances in WWII, any defensive "protections" against terrorism that we put into practice will be useless and ineffective. Those who are at war with the US will find other ways to sneak weaponry onboard aircraft or across our borders. Count on it.

We need to stop profiling weaponry - and start profiling PEOPLE and COUNTRIES. I don't expect this to happen, however. Those in the highest offices of our government no longer profess to be in a "war on terror". They can't. It would be an admission that Bush was right to call it a "war on terror" - and they would NEVER admit to Bush being right on ANYTHING.

The people who profess that "if you control guns you control crime" are the same people who would search for powders and liquids while ignoring WHO is carrying those powders and liquids.

NotClauswitz said...

I don't believe the TSA is allowed to improve things, they're union employees and certain specific limitations are vested - and I'm not kidding. See Chris' article about working security with them.
It really seems they are Actors in a play about security.

In our tests, we made our simulated weapons and explosives devices look just like what they were intended to simulate, but NOT like the objects screeners were trained and tested on.

All but one of them passed through security.

Do you know what happened?

The union protested and had the results quashed, because an unannounced test was against the rules, and because the objects we tested with did not match the 7 objects in the official training materials.

George said...

I was in NY for 9/11 and in the towers the day before. I've often said that the smartest thing that TSA could do is shut down the checkpoints, skip the baggage checking and post a note that says "We can't protect you. You are on your own. Good luck."

Ironically, given Janet's statement that "The system worked," she seems to agree with me.

Borepatch said...

Bingo, George.

Security guru Bruce Schneier, when asked what he'd do with DHS's budget, said "I'd give it back."

Anonymous said...

The trick is to be absolute bastards to the people who plan these things and those who support them. Sure, a JDAM through the front window is good in one specific case, but it is like kicking one of those fuzzy white weeds: You destroy the one and spawn a hundred others.

I guess you can either make peace, or make attacking your things such a bad idea that no-one is willing to do it.