flyinRyan's response was excellent and I refer to it out of agreement.
I'll add on top of his points:
- Online security presents a different threat model, in that your front door is immediately accessible to the entire world. Meatspace targets are inherently limited by geography and local access. Theoretical attacks on Internet infrastructure are far more likely to become actual attacks, once recognized, and automated patrolling for vulnerabilities is commonplace.
- By contrast, a massed, armed assault on any given piece of infrastructure requires planning, materiel, and forces. Outside of active combat / conflict regions (Iraq, Afghanistan, areas of the Middle East, Pakistan, India, and disrupted regions in Africa), the ability to effectively organize and marshal even a very small force (2-12 persons) has had a very low success rate. 9/11 was carried out by 20 persons, one of whom was intercepted (and several of whom were subject to surveillance and really should have been caught, see the Minnesota FBI offices investigations of Moussaoui). London's July 7, 2005 bombings were carried out by 4 individuals against a very soft target (52 deaths, ~700 casualties). The Madrid March 11, 2004 bombings, also against a soft target, (191 dead, 2050 injured) resulted in 29 arrests.
In the US an UK, since 9/11 (and excepting the 7/7 London attacks), there have been a smattering of incidents labeled "terrorist", of which most in the US were letter or pipe bomb, or single gunman mass shootings. Several plots (most consisting of 1-2 persons) were discovered and thwarted in early planning stages, presumably through communications surveillance. Several (the underwear bomber, two New York City car bombing attempts) reached execution but failed to succeed. And a few odd one-offs (small plane flown into a Texas office building).
In the UK, the bulk of incidents were domestic terrorism related to IRA splinter groups.
What you're proposing is a vast expenditure to address a potential, but in all evidence low-likelihood security hole, by a means that's much less effective than broader preemptive measures (comms intercepts, infiltration) or mitigating responses, while a target-rich environment full of far softer targets (other transport systems, schools, movie theaters, religious centers) which are being actively exploited remain.
It's a very, very poor resource allocation strategy.
It's also one that pits billions of dollars of response to thousands of terrorist planning, for no effective change in outcome.
I'll add on top of his points:
- Online security presents a different threat model, in that your front door is immediately accessible to the entire world. Meatspace targets are inherently limited by geography and local access. Theoretical attacks on Internet infrastructure are far more likely to become actual attacks, once recognized, and automated patrolling for vulnerabilities is commonplace.
- By contrast, a massed, armed assault on any given piece of infrastructure requires planning, materiel, and forces. Outside of active combat / conflict regions (Iraq, Afghanistan, areas of the Middle East, Pakistan, India, and disrupted regions in Africa), the ability to effectively organize and marshal even a very small force (2-12 persons) has had a very low success rate. 9/11 was carried out by 20 persons, one of whom was intercepted (and several of whom were subject to surveillance and really should have been caught, see the Minnesota FBI offices investigations of Moussaoui). London's July 7, 2005 bombings were carried out by 4 individuals against a very soft target (52 deaths, ~700 casualties). The Madrid March 11, 2004 bombings, also against a soft target, (191 dead, 2050 injured) resulted in 29 arrests.
In the US an UK, since 9/11 (and excepting the 7/7 London attacks), there have been a smattering of incidents labeled "terrorist", of which most in the US were letter or pipe bomb, or single gunman mass shootings. Several plots (most consisting of 1-2 persons) were discovered and thwarted in early planning stages, presumably through communications surveillance. Several (the underwear bomber, two New York City car bombing attempts) reached execution but failed to succeed. And a few odd one-offs (small plane flown into a Texas office building).
In the UK, the bulk of incidents were domestic terrorism related to IRA splinter groups.
What you're proposing is a vast expenditure to address a potential, but in all evidence low-likelihood security hole, by a means that's much less effective than broader preemptive measures (comms intercepts, infiltration) or mitigating responses, while a target-rich environment full of far softer targets (other transport systems, schools, movie theaters, religious centers) which are being actively exploited remain.
It's a very, very poor resource allocation strategy.
It's also one that pits billions of dollars of response to thousands of terrorist planning, for no effective change in outcome.
They win.