Looking at the CNN footage of the Boston Marathon finish line yesterday, I was struck by the shock of the bystanders and the chaos that followed the blasts.
Having just giving two seminars on security controls, I pulled out my list to see what could possibly have been done differently to prevent this devastating outcome, and there was the first word on the list ACCESS CONTROL.
After thirty years as a security expert and risk-threat analyst, I am about 85% sure that this was a lone wolf attacker who made his crude bombs to address some personal perceived problem, whether it was fear of gun legislation, spillover from the Israeli-Palestinian conflict, the Neo Con torture initiative, or something else.
Putting the attacker aside for a moment, the tragedy happened because SOMEONE WAS ABLE TO WALK RIGHT UP TO THE FINISH LINE AND PUT AT LEAST 3 BOMBS right near the finish line! THiS IS NOT RIGHT.
There has to be SCREENING and ACCESS CONTROL PROCEDURES IN PLACE! You can’t have security if you have open access to a major event like the Boston Marathon. For year, security experts have cautioned that large crowds make a great target, and so events have paid lip service to this concept, without staying on the task, and making sure that SECURITY CONTROL NUMBER ONE – ACCESS CONTROL is ALWAYS in place.
But people don’t like access control, it’s too much trouble, they say. They don’t like metal detectors, too expensive, too much trouble, too intrusive. Well, it’s not as intrusive as having a major injury. There are ways to secure these high profile sites, but the security community has to lead on this.
Yes, it is very sad and depressing that the world has come to this — but it has. And it will happen again. As long as security is perceived as too much trouble, too expensive, too tough to do, and too intrusive, there will be more tragic events like this one.