Evolv Technology recently surveyed security professionals at Evolv’s customers’ organizations on the topic of transparency and sensitive security information and reports that 96% of the two dozen respondents believe that such information should not be made available to the general public.
The need to provide transparency without helping potential attackers is a fundamental paradox of the security industry. While aviation security has clear specifications classified by the Transportation Security Administration in the US and European Civil Aviation Conference in the EU, other venues for which advanced security screening is being used have not yet formalized set standards around transparency.
Evolv is working to set that standard. The company discloses sensitive information only to trusted security partners to prevent the exposure of potential vulnerabilities and compromising customers’ security plans. The Company recently underwent NCS⁴’s operational exercise with its Express® system and earned an overall composite score of 2.84 out of 3 and chose not to make the full report public as part of the Evolv transparency statement. It is a position agreed to by leading security experts as methods of advanced screening continue to be used in more venues around the world.
“The less that is shared with the general public the better chance we all have at someone not finding a weak point in any security posture,” said one of the survey respondents.
“People who say that absolute transparency is best simply don’t understand the security business,” said John Pistole, former administrator of the United States TSA and a former deputy director of the Federal Bureau of Investigation. “They apparently don’t have an informed perspective or insight into just how determined bad actors are in their efforts to harm individuals, countries, and companies.”
“Security professionals do not want anyone to release information that helps attackers defeat their systems,” said Randy Smith, western region director, Security Detection. “Fans, students, concertgoers, and healthcare workers have a right to their safety. To release sensitive security information is irresponsible and potentially life threatening.”
“Similar to cybersecurity and counterterrorism, protecting the methods and means, and sharing them only with trusted security partners is critical to preventing the exposure of potential vulnerabilities. All systems have weaknesses. In aviation, it’s illegal for the people who know all the details to share them publicly,” said Mike Ellenbogen, cofounder and chief innovation officer at Evolv. “Established security experts understand the basic requirement to keep detailed sensitive information away from anybody who might use the information to exploit or attempt to penetrate a physical security system, and that includes the general public. Those who are saying otherwise truly do not understand the industry and are putting the public at risk. Evolv’s mission is to make everywhere safer. Public disclosure of sensitive security information objectively makes people less safe.”
Evolv is committed to working with customers, partners, and other trusted security professionals to develop best practices on sharing sensitive security information to the general public. Keeping the public safe requires an important balance of sharing sensitive information with trusted security partners while also keeping it out of the hands of adversaries in an ever-changing threat landscape.