The United States spends $200 billion a year on homeland security. This includes physical barriers, guards, closed-circuit TV, explosives detection, body scanners, security software and other technology and services intended to keep the nation safe from terrorists and other non-military adversaries. Does it work? And how do we measure the results?
At a glance, those seem to be easy questions. The country has invested heavily in homeland security and is safer now. In terms of terrorist activity in the United States, the years since the September 11 attacks have been the most tranquil since the 1960s, when terrorism in its contemporary form first emerged as a threat.
People tend not to recall that during the 1970s, the United States experienced an average of 50-60 terrorist bombings a year. In the 12 years since the September 11 attacks, terrorists inspired by al Qaeda's ideology—the ones we worry most about—have been able to pull off just four attacks in the United States, two by lone gunmen, a failed bombing in New York's Times Square, and the 2013 bombing in Boston. In all, 18 people were killed.
If, however, we ask whether the visible security measures that have become so prevalent in the landscape prevented more terrorist attacks, what security measures are most effective against terrorists, or whether the difference can be measured in substantially reduced risk, then hard proof is much harder to come by. The field of medicine is based upon evidence-based practice grounded in empirical evidence obtained from sound, scientific research and analysis. Can we apply the same approach to security?
In the broadest sense, we know that security works. Criminals exploit the absence of security. Increasing security drives them away. Rising bank robberies in certain areas prompt increased security measures, such as anti-jump barriers that prevent robbers from jumping over the counter, resulting in a decline in robbery attempts where these are in place. This is proof that security works.
Shoplifting, a common crime, can be demonstrably reduced by signs warning that shoplifters will be prosecuted, pointing out the presence of security cameras, and by attaching radio identification tags to items in the store. Because shoplifting is a high-volume crime and inventories are now computerized, it is easy to track changes in inventory shrinkage as security measures are implemented.
But crime is an imperfect analog. Terrorist attacks differ from ordinary crimes in important ways.
Despite an increase in the volume of terrorism worldwide, terrorist attacks remain statistically rare events. Unlike bank robbers, who go where the money is, terrorists can attack anything, anywhere, any time. Statisticians treat terrorist attacks as random events.
Terrorists can avoid security by attacking soft targets, such as public places that are difficult to protect. That terrorists have moved toward softer targets can be interpreted as an indirect indicator that security works. However, it also may reflect the terrorists' growing determination to kill in quantity, which can be done most easily in crowded public places. Not all terrorist perpetrators worry about being caught in the act, or even about escaping. Even the terrorists' operational failures cause fear, which is the objective of terrorism.
The psychological effects of terrorism make it hard to apply an economic cost-benefit analysis. While terrorism ranks low as a source of risk, the people regard it as a major danger—public tolerance for terrorism is near zero.
Many criticize security as being “just for show.” However, illusion is an important component of security. The objective is to convince would-be attackers that they will fail. We tend to focus on detection and prevention. Judging by the evidence, the most important effect of security is deterrence. There are very few instances where terrorists are caught trying to smuggle weapons or bombs on board airliners. If deterrence is working, that means fewer attempts, but it is difficult to count things that don't occur.
Teams that test security measures by trying to get past those measures could add artificial events to the universe of terrorist attacks. However, those teams test only detection, not deterrence.
While quantifiable preventions of terrorist attacks by physical security measures are rare, we do have indirect indicators of their effects. Aviation security, the most ambitious security effort, offers several examples. Airline security measures have increased over the last four decades since 100 percent passenger screening was imposed in response to the increase in hijackings during the late 1960s and early 1970s.
Each decade since then has seen fewer attempts to hijack or sabotage commercial airliners, although it appears that terrorists remain obsessed with attacking aviation targets. This is not simply because the security measures chased away the less-determined non-terrorist adversaries, although that contributed to the overall decline. Even terrorist attempts declined.
This is not to say that security was the only reason for the decline. The destruction of certain terrorist groups and international pressure on states supporting them also contributed.
The evolution of terrorist attempts to sabotage airliners also shows that, whatever we may think of aviation security, terrorists attempting to smuggle bombs aboard airliners take security seriously. They attempt to build smaller, more concealable devices with undetectable ingredients that operatives will be able to smuggle through security checkpoints. Sometimes they have been successful in doing so. For example, we have the cases of the 2001 shoe bomber and the 2009 underwear bomber. But the devices malfunctioned, and it is not clear that the tiny quantities of explosives, even if detonated, would have brought down either airplane. In other words, the security measures did not prevent the attempts, but they persuaded the terrorists to trade reliability for concealment—an achievement nonetheless.
Seizing hostages at embassies and consulates was a popular terrorist tactic in the 1970s, but it declined by the end of the decade. Increased security at diplomatic posts was part of the explanation—embassies became virtual fortresses. Other contributing forces included declining willingness of nations to make concessions to terrorists holding hostages, along with the increased willingness to end such episodes with force, thereby increasing the terrorists' risk of death or capture.
Examination of recent terrorist plots on ground-based transportation showed that, in a number of cases, the plotters were aware of security measures, but they continued to plan their attacks. Still, most of these plots were interrupted in the early stages, long before they became operational, so we cannot say for sure how security might have influenced terrorists' plans. Interrupted plots underscore the importance of intelligence as a countermeasure.
Where there is a continuing terrorist campaign, long-term effects are discernible. For example, the 25-year bombing campaign by the Irish Republican Army (IRA) against London Transport also shows the effects of security. IRA bombers, who initially targeted rail and subway stations in the heart of London, were gradually pushed to the outskirts, and from busy stations to remote track facilities.
An active IRA cell in London was a precious commodity to be protected. The terrorists avoided capture. That is not the case with suicide attackers for whom even survival is irrelevant. Research shows that suicidal attackers attain higher levels of lethality—more deaths per attack—than non-suicide attacks. And security against suicidal attackers is more difficult. But this may itself be seen as an achievement of security because it pushes terrorist operatives to a much higher degree of commitment, thereby complicating recruitment. Very few of the terrorist plotters in the United States have been willing to carry out suicide attacks.
Databases that provide valuable details about attacks, such as the one developed by the Mineta Transportation Institute, where I now work, may yield further clues about security effectiveness. Meanwhile, they also provide insightful information that allows security planners to focus their efforts on the attack and concealment methods that cause the greatest number of casualties.
What we can see is that the effects of security measures ought not to be measured solely in terms of prevention. Different types of countermeasures produce different effects, from deterrence to making it more difficult to carry out an attack, and from making it easier for security to intervene during an attempted attack to providing visible security that reassures an apprehensive public. Each of these efforts would need to be scored differently.
The bottom line is that we can identify which security measures apply to which results, but finding hard numbers to measure their effectiveness remains an analytical challenge.
Brian Michael Jenkins is senior adviser to the RAND president and the director of the National Transportation Safety and Security Center at the Mineta Transportation Institute.
This commentary originally appeared on Inside Science on January 27, 2014. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.