What is the most important thing we have learned in the last 20 years of study and practice of security?

I think the most important thing we have learned is how little we actually know. I really do not think the discipline of security has matured yet. We are still very much in the infancy stage of development. When asked, I often refer to the evolution of the criminal justice system and educational programmes that evolved out of that growth as a way of comparing the plight of security. If we remember in 1965, then President Johnson formed the President's Commission on Law Enforcement and Administration of Justice. This commission published a number of influential documents, including an executive summary entitled The Challenge of Crime in a Free Society. One very critical part of this report was the well-publicized model or graphic representations of the criminal justice system that covered all aspects of law, police, courts and corrections. The model represented all facets of the criminal justice system from the commission of a crime to the final punishment of the offender.

One year after this publication, Congress passed the Omnibus Crime Control and Safe Streets Act of 1968. This act created the Law Enforcement Assistance Administration (LEAA), which at the time was one of the largest federal bureaucracies. In total, during its 14-year run, the LEAA granted over $7 billion for research, policy analysis and police hardware. In addition, the LEAA provided monies for the development of two- and four-year Law Enforcement Education Programmes (LEEP). In fact, many of the existing criminal justice and criminology programmes in this country owe their existence to the LEAA.

For those of us old enough to remember, and I am just barely old enough, the strides we have made since the early 1960s is nothing short of phenomenal. The academic disciplines of Criminology and Criminal Justice were born and began to establish themselves in colleges and universities around the world. Research dealing with best practices and the possible causes of crimes became commonplace. Public policies were developed from many of these landmark studies. The fact that the model has been left largely untouched is testament to those who designed it and their foresight.

The security profession, on the other hand, has not had this influx of federal funds. Most security programmes in existence today are offshoots of these very criminal justice programmes. They have not become disciplines in their own rights. This plight is not unusual as we saw the same thing happen in the criminal justice system, as many such programmes grew out of sociology programmes. This is not to criticize these programmes; rather it is a stark reminder that security, as a profession, has yet to evolve into a true academic programme in its own right. In my opinion, for security to truly become a recognized academic discipline and, as such, a recognized profession, there is still much that needs to be done.

When we look back at the development of criminal justice as an academic discipline, some very interesting events helped chart that course. One significant event was the "model" developed for the criminal justice system by the President's Commission on Law Enforcement and Administration of Justice. One has to look no further than the front cover of just about any criminal justice textbook to see a copy of this model. This model or system provided the body of knowledge that was used to form the disciplines of criminal justice and criminology. The security profession has yet to adopt such a model.

Work has been undertaken to present differing models in the security profession; the problem seems to be a lack of commitment to adopt such models. Security, as a discipline, is suffering from one of the problems that faced the early criminal justice profession. In the early years such programmes, often called police science or police studies, were developed by retiring police officers. They provided students with, at best, a set of best practices from their years of experience. At worst, they provided a forum for the retired police officer to tell war stories. This resulted in such programmes being seen as something less than true academic programmes within the university community. It has taken years (and some might claim that we have not reached that point yet) for these programmes to live down this reputation.

In the security profession today, we suffer from this same problem. Often the research conducted is not undertaken with the scientific rigour necessary to have reliable and valid findings. Rather, the research is conducted by vendors who are trying to sell their wares. We do not yet have a Ph.D. in Security and, as such, our programmes are staffed by individuals who, at best, have advanced degrees in other fields or who have retired from private security. This is not to criticize these individuals because they are blazing the course we will take. It just points to the need for our discipline to advance forward with research and best practices driven not by the bottom line, but by true scientific inquiry. Unfortunately, we do not have the luxury of the federal government pumping billions of dollars into this cause. As such, it will take longer and be a much more difficult journey.

This is not to say that strides have not already been made. There are many who have applied the systems approach to security in an effort to bring credibility to the discipline. Specifically, a number of education programmes around the country have adopted the methodology developed by Sandia National Laboratories for the protection of physical assets. This model provides a framework for the design and evaluation of physical protection systems, but can also be applied to other forms of security. The value or key is the systems approach to the problem. This model provides a way for the designer to test the performance of the designed system against postulated threats. In a sense, it turns the discipline of security or, in this case, physical protection into a science. For security to mature, we must continue on this path.

What are the most important trends or innovations that are influencing, have influenced, or will influence the future of the study and practice of security?

I would refer to the last question in addressing this issue. As our field continues to evolve, we must embrace scientific principles in our study of the problem. Often we shy away from such complex solutions to problems but, in reality, it is the only direction we can take. To paraphrase a quote from Mary Lynn Garcia's book on the Design and Evaluation of Physical Protection Systems, security is the integration of people, procedures and equipment to meet the protection objectives. Each of the three is important, none less or more than the others.

We have to be honest. The security professional must have a social science understanding of human nature, a business like sense of how organizations and the people who work in them operate, and the understanding of an electrical engineer in how the latest sensors perform under adverse circumstances. This does not sound like many of the existing educational programmes in place today. This is the challenge our profession must face and, more importantly, the challenge we, as educators, must face when looking to develop educational programmes. Maybe for the first time we are truly merging the hard and soft sciences into one academic programme.

If you were setting the research agenda for the next 10 years, what would be your priority and why?

Our goal in the research arena has to be independent empirical testing of each component in our system. If we look at the criminal justice system, that is exactly what was done in the past four and half decades. Researchers have studied each aspect of this system and helped shape public policy in the process. If one were to look at the methodology developed by Sandia National Laboratories and were to begin carving out research projects, I think we would find a very ambitious research agenda.

Let me give an example. One very important step in the model developed by Sandia is the "Threat Definition". The goal at this stage of the model or system is to develop a "design basis threat". The design basis threat is that "threat" that you will design your system against. This obvious step is often overlooked or just not undertaken. Often vulnerability assessments are undertaken with little or no thought given to the actual threat. We look at the existing systems and offer suggestions or provide lists of possible additional features that might be added to strengthen the security system. The million-dollar question becomes, "How can we improve the existing system if we do not know the capabilities of our adversary?" It is the equivalent of starting a journey with no idea of where we are ultimately going. You must always begin with the end in mind. We must develop a sound process for the development of a design basis threat, so we know the performance criteria that we can test our system against. It is that straight forward. But for the question at hand, look at all the research possibilities to address how this is done. What are the best or most appropriate methodologies to establish a design basis threat? How can we best determine the number and capabilities of our adversary?

Other obvious examples of possible research projects lie in the realm of human factors. The study of how humans interact with equipment is of critical importance to the field of security. How best to integrate those three elements: people, procedures and equipment to meet our security system objectives. Often the human element is the weakest link and, as such, we must empirically study human actions and their role in the overall system.

When we realize that we have a rather complex system, the number of possible research projects becomes obvious. There will be no shortage of research problems as the discipline of security continues to evolve. In fact, it is a challenging and exciting time in our field, one that holds much promise.