I have absolutely no special knowledge of the situation, and I share your puzzlement and frustration.
But my simple (though completely speculative) theory (and I fully expect it to be the correct one) is that security is simply not something which integrates well into our economy right now.
Our economy is based on maximizing profit and efficiency, like safety, security is extremely difficult to quantify and even harder to accurately value. Therefore companies and individuals looking to minimize their bottom line are finding it naturally difficult to justify sane implementations such as your suggestions.
The simple reality, in other words, is that our current economic system does not adequately value security until disaster happens. It would not be hard to do as you suggest, but consider this thought experiment: would you spend $150 more for plane tickets if they would reduce your chance of crashing by 0.05%?
This is a similar scenario to that which faces these infrastructure companies. Until the 0.05% contingency actually materializes, the economy (unless the risk is demonstrated as serious and imminent) rewards the -$150 option as being "the better option".
I agree with your assessment. There was a New Yorker article last week on an unrelated topic (Slow Ideas) that came to a similar conclusion about inherent inefficiencies in our market system:
"This has been the pattern of many important but stalled ideas. They attack problems that are big but, to most people, invisible; and making them work can be tedious, if not outright painful. The global destruction wrought by a warming climate, the health damage from our over-sugared modern diet, the economic and social disaster of our trillion dollars in unpaid student debt—these things worsen imperceptibly every day. Meanwhile, the carbolic-acid remedies to them, all requiring individual sacrifice of one kind or another, struggle to get anywhere."
The article continues in a health-care context to discuss the importance of doing-things-that-don't-scale efforts to educate and change behavior. I anticipate the connection here would be some utility-by-utility effort to subscribe to best practice. I worry the opposite will occur.
But my simple (though completely speculative) theory (and I fully expect it to be the correct one) is that security is simply not something which integrates well into our economy right now.
Our economy is based on maximizing profit and efficiency, like safety, security is extremely difficult to quantify and even harder to accurately value. Therefore companies and individuals looking to minimize their bottom line are finding it naturally difficult to justify sane implementations such as your suggestions.
The simple reality, in other words, is that our current economic system does not adequately value security until disaster happens. It would not be hard to do as you suggest, but consider this thought experiment: would you spend $150 more for plane tickets if they would reduce your chance of crashing by 0.05%?
This is a similar scenario to that which faces these infrastructure companies. Until the 0.05% contingency actually materializes, the economy (unless the risk is demonstrated as serious and imminent) rewards the -$150 option as being "the better option".