It was on the 16th anniversary of the 9-11 terrorist attack, as it happens, that the Government Accountability Office posted its reply to a request by six members of Congress to review the Transportation Security Commission’s aviation security measures.

The GAO was none too happy with what it found. In particular, it faulted the TSA for failing to set up a coherent system to analyze the cost and effectiveness of its various counterterrorism measures—many of them quite expensive. And it was specifically critical of TSA’s inability to evaluate the degree to which its layers of security deter attacks.

The following day, Elsevier published a book Mark Stewart and I have written, titled Are We Safe Enough? Measuring and Assessing Aviation Security. Among other things, the book tries (successfully, we think) to do exactly what the GAO asked for. A free Google preview of portions of the book is available at the publisher’s website, and further information about the book is posted here.

The TSA, says GAO, has put together a (secret) tool called RTSPA (you don’t want to know what that stands for) to analyze the effectiveness of its security layers. However, the tool only applies to a subset of the layers and is, according to GAO, “resource intensive.”

Ours, by contrast, has a full model of the security system mainly constructed by my co-author, a civil engineer and risk analyst at the University of Newcastle in Australia. It describes the effectiveness, risk reduction, and cost of each layer of security (including a few the TSA doesn’t include), from policing and intelligence, to checkpoint passenger screening, to armed pilots on the flight deck. It is also fully transparent and can be varied and sized-up with just a hand calculator.

Put into action, the model concludes that it is entirely possible to attain the same degree of safety at far lower cost by shifting expenditures from measures that provide little security at high cost to ones that provide more security at lower cost. One modest proposal, for example, would increase security while saving both the taxpayers and the airlines hundreds of millions of dollars every year.

In addition, the model strongly suggests that the PreCheck program not only generates a hundred million dollars a year in efficiency improvement, but billions of dollars of value in passenger satisfaction—all this while actually increasing security slightly.

And the model proves to be extremely robust: you can change the assumptions that make it up substantially without materially altering the conclusions it comes up with.

The book also tackles the deterrence issue—indeed, it is central to the model.

In general, the model is biased to favor the terrorist chances of success. For example, we do not include terrorist amateurishness and incompetence as a security layer—though we do discuss that issue extensively both in this book and in our previous one, Chasing Ghosts: The Policing of Terrorism. But even with that bias in place, a terrorist group’s chance of pulling off a successful on-board bombing is one in 50, while its chances of a successful hijacking are around one in 150.

That is likely to be an effective deterrent—pretty much taking airlines off the terrorists’ target list.

However, it is also important to consider whether there are actually many terrorists out there to deter. As both the GAO and the TSA recognize, terrorists deterred from attacking a hard target like an airliner can only too readily transfer their attention to any one of a nearly infinite number of other potential targets that are anything but secure—congregations of people in restaurants, in offices, at sporting events, or standing in security lines at the airport.

Yet terrorism, however tragic and newsworthy, remains a remarkably rare phenomenon in the United States and in the rest of the developed world—Islamist terrorists have killed a total of six people a year since 9/11 in the United States. If security measures were deterring large numbers of people from attacking airliners we would expect far more mayhem in other places.

Perhaps we are already safe enough.