InfoSecs.com

Security theatre is when security countermeasures are put in to place to provide the feeling of security while actually providing little to no real security at all...

Security theatre is often used to give people the feeling of security where there isn’t any. The airport security is often talked about as a good example of this where billions is spent on countermeasures that do not address the real issues but make it look and feel safer than before the countermeasures were put into place.

A couple of weeks ago I read a post by Russ Garret, a Last.fm Systems Architect describing how thieves broke into one of their data centres bypassing a multi factor (token, PIN and biometric) security system by breaking down a fire door and using a crowbar. [full story here] I am sure the customers at this data center felt very safe as they walked in through the front door but the reality was, millions of pounds worth of equipment was a smash and grab away.

Even still, I do not think security theatre is a total waste of time, if I saw a “beware of the dog” sign on your garden gate I would be less likely to enter, if I saw a kennel the size of a garden shed I would defiantly think twice about it. This does not mean you have a huge dog or even a dog at all though, it is just for show. Many attackers would be put off by a system that looks like it was well defended and by a company that is willing to go the extra mile to detect and prosecute an attacker.

Although in some cases it can help both comfort customers and turn away unsure attackers, security theatre is in no way a good replacement for proven strong security practices.