The title to this brief article is a quote from one of the comments in Bruce Schneier's blog entry for 3rd June 2009: Why is Terrorism so Hard? The blog essentially comments on why the 9/11 terrorist attack was even allowed to happen. There are many parallels between the physical and the logical security arena and if we are able to think more laterally we could find many reasons why some organisations are worse hit than others for example via internal threat.

One of the interesting lessons that can be learned from Schneier's blog post was that 9/11 occurred due to a lack of co-operation within politics, where some government  (The Greek’s) intelligences warnings were ignored and the refusal of the new US government to listen to the warnings of the outgoing government.

Many of us have seen similar parallels within our own, or organisations we’ve been a part of where politics through lack of collaboration, lack of sharing of information, or dismissal of information from some areas has caused serious organisational breaches whether they be from the internal threat or a malware attack or losses due to a lack of business continuity from an orgnaisational disaster.

When security is so broad and involves such diverse areas and disciplines as business continuity, risk management, physical security disciplines, auditing, forensics, business enablement, compliance and so on – it requires a more collaborative mindset rather than a vying for positional one-upmanship. However this is hard in organisations where a decision to subsume your own department’s position within other departments can make you appear to be ‘too nice and easily taken advantage of’ rather than having a mindset of working for the greater good.

All of which returns us back to the title of this piece Why is Civilisation so Hard? Or put another way Why is Internal Collaboration so Hard?

References
Bruce Schneiers June 3rd Blog: Why is Terrorism so Hard
Wikipedia:Synopsis of the Pulitzer book:Guns, Germs, and Steel (or Why is Civilisation so Hard)