how to spot security theater (2010)

Bruce Schneier coined the term “Security Theater” to describe the situation where phony security measures provide a feeling of improved security, but in reality provide little or no actual security.[1,2] Another name for Security Theater is “Ceremonial Security”.

As a vulnerability assessor, I frequently find Security Theater across a wide range of different physical security devices, systems, and programs, as well as in domestic and international nuclear safeguards. It’s important to realize, however, that Security Theater is not automatically a bad thing. It can present the appearance (false though it may be) of a hardened target to potential adversaries, thus potentially discouraging an attack (at least for a while). Security Theater can reassure the public while more effective measures are under development, and help encourage employees and the public to take security seriously.