Hindsight is always the proverbial 20/20, and everyone (especially after such a major security incident as orchestrated at OR Tambo recently) is a critic – and in this simple truth lies one of the most effective corrective / preventative methods; re-assess, re-strategise, re-design, and re-enforce.
The cynic in every like minded security professional / concerned party begs the answer to the question; seeing that it is not the airport’s first exposure to such a security disaster (and major international embarrassment) why have they not done more to prevent a re-occurrence?
I’m not jumping to their defense in any which way, but from a professional perspective I do not think that is the case; I would imagine that after the prequel to the latest security breach they have thrown every imaginable resource at closing all the loopholes, and made an attempt in fixing all the issues, was that enough though? Evidently, and quite clearly not. So where did it go wrong?
Whilst the investigation is still underway, and seeing that all the details are not public knowledge I would tender a speculation, an educated guess as to one of their most evident failures; systems, policies & procedures, physical -, and electronic security measures etc. are quickly established following such an event, and all seems good-and-well for a while because the requirement has now been satisfied but; was the time, and continuous (and contentiousness) effort taken to re-test and re-assess those systems, policies & procedures etc. on an ongoing / repetitive basis?
The IT industry has developed such a diligent discipline (and coined a very appropriate catchphrase); ”penetration testing” for just the type of reversed solution e.g. the transfer of cyber -, to physical solution required. Defining penetration test; ”an authorised simulated attack on a computer system, that looks for security weaknesses, potentially gaining access to the system’s failures…”.
Our adversaries e.g. criminal element tactics change on a continuous basis – the design and make-up, and hence tactics of your criminal enterprises are multi-tierred, innovative, and fast moving, and in order to keep up there is no alternative than to scrutinise your security measures on an ongoing basis, and to adapt as well.
Intelligence is often acquired through an experience that has such a huge impact, with the shock waves being far reaching, and altering. To every business owner / person tasked with your organisation’s safety and security; adopt this unfortunate incident as a shared experience, make it your own and invest the time, money and other resources to not only strengthen, but continuously build on your organisation’s secure state.