Saving money by cutting security?

This story out of Virginia could have some major implications for the security industry and the future of how we do security in the United States. Quite simply, we've got potential U.S. Congressmen arguing that the security being mandated for ferry service in their district is a waste of money and it should be cut or significantly scaled back in order to preserve the ferry service, which is important to the local economy. Check this quote out:
"Everybody who's ridden that ferry agrees that the security checks are not only not effective, but probably not needed," Clark said Thursday. "If we can save $1.6 million on the cost of providing security that isn't needed, we're most of the way to achieving the savings VDOT would achieve by cutting back on the ferry."
Stan Clark, an Isle of Wight County supervisor and a contender for the state House seat held by Del. William K. Barlow, is leading the effort. Barlow is a Democrat who represents the 64th District, which includes Isle of Wight and James City County.
Whoah! The security checks are not effective? Someone is running on a platform that the security is worthless? Has there been an incident on the ferries since they've begun? How do you know plans haven't been thwarted? That a potential terrorist passed up the target because it wasn't worth the attempt? Of course, there's no way of knowing those things. And after spending time in Israel, I'm actually pretty convinced that "random" inspections are worthless, as the guards can't actually perform random inspections - they naturally gravitate to certain situations and people and once you observe them for a while it's pretty easy to avoid the "random" inspection if you're a smart bad guy. But ought we to be politicizing the expense of security? Should this Clark guy be deciding what's worthless and what's necessary? Is he getting security briefings? Does he have any experience with security operations and risk management? These kinds of decisions need to be left to independent third-parties appointed by the government but operating relatively free from political restraint. The real problem, of course, is that this is an unfunded mandate from the federal government to the states. This is the nut graph:
Though security is mandated by the federal government, the cost falls on VDOT's shoulders. The $1.6 million covers a security detail of between 32 and 35 armed security guards provided by a private security firm, according to Hansen. The guards each are provided basic weather gear, a sidearm, a nonlethal weapon and a flashlight.
If security is seen as a burden, it's not going to be done right. If security is going to be mandated, there needs to be funding behind that mandate (this is the same kind of policy-making that has crippled public schools, by the way, and has set up resentment against kids who need special education - I've seen that firsthand as well). And people need to see the reason for the mandate, too. This bit, thrown in at the end of the story, is mindblowing:
VDOT does not keep a log of incidents handled by ferry security guards, but numerous arrests have been made involving "threats to the ferry, contraband and assistance in breaking up fights," Hansen said. "The biggest thing we have found is that having the security presence there has been a deterrent to people breaking the law," she said.
Um, maybe you want to keep a log of those things? Seems like a pretty easy thing to do, and it should fall under public right to know laws, anyway. If you can show the tangible benefit (the ROI, in today's speak), you can make a better case for getting the security funded. For some time, I've been hearing that transportation security and government-funded projects in general are a safe bet for an industry looking for new markets. But if security is suddenly seen as an unnecessary expense by any large portion of the the political population, that market could begin to dry up, especially on the state and local levels, where budgets are especially thin and they can't just go borrowing trillions of dollars, like the feds. I think this is a very interesting case to watch.


Hi Sam, Great topic.

Over the last few years, government buyers repeatedly said, "If we get the grant, we will buy the system." This was also common in the private sector for industries that could qualify for government money. Easy government funding has been a major driver in security spending over the last 8 years.

Now, we are starting to see the opposite effect.

You recommend: "these kinds of decisions ... be left to independent third-parties appointed by the government but operating relatively free from political restraint."

Decisions on funding in security are very difficult. Specifically, most homeland security spending cannot be justified on everyday benefits (like breaking up fights or finding pot). It requires risk analysis that it is very sensitive to assumptions on improbable but very costly events. For instance, what's the probability that a terrorist blows up the ferry. It's somewhere between 1 in 100,0000 and 1 in 100 Billion. I am not trying to be accurate, simply to make the point that even 'independent' people will have difficulty agreeing on the probability of incident. These probabilities are the basis of assessing ROI for security projects.

I don't think there is an easy or non-political way out of this problem. Such calls for reduced security will only increase unless someone else pays for it (like the federal government).



I had this conversation at ISC West a few times. People kept talking ROI, and I kept asking, what's a building blowing up and killing 500 people cost? What's one person dying cost? And how do you know if you've prevented those things?

I agree, it's an incredibly difficult task, but there's a science to it on some level and professional risk assessment needs to be employed whenever possible so that it's not just arbitrary declarations of "this is pointless" that carry the day.

Further, at some point, it actually should be political, as the general public has to at some point decide as a body what we're willing to risk - what level of risk is okay? If everyone using the ferry makes a conscious decision to accept the 1 in whatever risk that it will get blown up, then maybe the security spend shouldn't be made. Do we start to have ride at your own risk ferries? Drive over at your own risk bridges?

I think the industry needs to be proactive in its participation in these discussions.