Category Archives: Natural Disasters

Wondering Which Security Controls Offer the Highest Protection for the Least Money?

Posted on by
Reply

Or, put another way – how to get the Best Bang for the Buck with security.

Security Controls can be incredibly cost effective or astronomically expensive.  And when you’re faced with a facility or a school campus, or a system that has to be secured, but you also have a budget to keep in mind – what do you do?

The simple answer is ROI – Return on Investment.  This simple calculation compares the Cost of the Proposed Control to the Protection is Provides and that creates the magic ROI Number.

Here’s an example:   A hospital near the New Jersey shore wants to create a new emergency ops center.  They have the space,
but it would cost about $250,000 to build it out.  Here’s what we look at – how often would they use an emergency ops center?

Threat data shows that they would need to use it about 3-6

Operations Center (OPS)
Operations Center (OPS)

times a year, including severe storms, thunderstorms and hurricanes.

(After Hurricane Sandy, the hospital was closed for two days because they were not able to resume service right away.  As a result, the hospital lost about $2,000,000 per day because it could not bill for any services, none could be provided.)

So we take that lost $2,000,000 per day and say that if we could keep the facility open because we had a better operational center, we could easily save 2 days of revenue which is $4,000,000 for the 2 days, and if it cost us only $ 250,000, and saves us $ 4,000,000, that’s a Return on Investment of SIXTEEN to ONE, 16:1.

Say it saved us 3 days of revenue a year - that’s a ROI of TWENTY-FOUR to ONE, 24:1!

You can get more info by writing to me directly at caroline@riskandsecurityllc.com and requesting a webinar invitation,
or a copy of the video.

 

How to Plan for a Rare Threat or Weather Event

Posted on by
1

Whether it’s a crime, a meteor shower, a dam breach or a major hack attack, how can
security directors, managers (and even individuals) plan for the extremely rare threat event?

Even with the challenges of global warmings and changing patterns in society, and, apparently, in space, it’s still possible to anticipate and prepare for the outlier events.

You start with the known elements, for example, lately, some residential developers have been building in established flood plains, because, hey , there hasn’t been a flood in over 50 years.  But there are 100-year flood plains, 50-year flood plains and 200-year flood plains.  If your home, or facility, is located in a 50-year flood plain, and it’s been 48 years since the last flood, you can correctly infer that the next five years, you have an increased flood risk!

How to find out about flood risk?  If you live in the USA, you can go to www.floodsmart.gov, put in your zip code, and find out whether or not you are located in a flood plain, or flood prone area.  If you find out that you are, then you can add some additional preparation to make sure this threat is not going to materialize, or if it does, you’re ready!

Another example,  if your house/facility is in a high risk flood area, that means that there is a 1 in 4 chance (25% chance) that the property will experience a flood during the next 30 years.

If we look at chance of being hit by a meteor shower, we might find that a meteor hits the earth, with an impact, once every hundred years.   And so we take that 1 in 100 number and factor in the global surface, say divide it into 50 regions.  So that reduces that 1 in 100 number down to a much lesser number, maybe one in 100,000.

While the rare events are shocking when they occur, you can plan for them, by analyzing your risk, and putting in the proper controls so that if or when it happens, you’re ready and can continue to operate with the minimal of disruption!

We’re analyzing and examining  over 65 threats in the next 12 months, so subscribe to the blog and collect all the latest threat information.

Chemical Weapons – the True December 21st Potential Disaster

Posted on by
Reply

Maybe the Mayan Calendar has forecast a deadly chemical attack that would poison the world, not a pole shift after all.

Know much about chemical weapons?  They are semi-easily dispersed. They can decimate a population in the time it takes a plane to fly overhead.  They are gruesome death.

The U.S. actually keeps track of all chemical weapons – and biologic weapons, too.  Did you know that inspectors all over the world fan out when a nation state fails (and sometime before) and can tell you exactly what it is and where it is kept.

My friends in this business have traveled all over the former Soviet Union, counting the anthrax vials in a deserted laboratory in the middle of a forest, for example, and making careful notes, not just on the location of the now-deserted laboratory, but also checking the state of security for those sites.

Is the facility secured? Is there a guard service?  Are there card access or cypher locks on the doors?  Are the windows locked and secured?  Is there access from the roof?

Is there a tree too close to the roof that could be used for access?

All these plans and assessments can be hauled out at times like these, helping to keep the world safe from chemical and biological weapons.  At least, that’s what we are all hoping, and counting on.

Happy Saturday!!

Get Ready for Severe Weather!

Posted on by
Reply

Whether it is Spring tornados or spring-summer thunderstorms and hurricanes.  We officially enter the season of severe weather across the U.S.

A major focus at the beginning of each severe weather season, take a few minute to get ready and make sure you are prepared, and your kids are prepared, and your pets are prepared.

You can download a complete list of preparation details at www.ready.gov but here is a
short list to review:

1.  Keep enough food and water for at least two weeks.

2.  Have a family evacuation plan and practice it often, including a meeting place.

3.  Keep a ‘ready-kit’ in your car with extra food, water, change of clothes and don’t forget to include pet food, plastic bags, diapers and other essentials that could carry you for a few days.

4.  Make sure and keep large trees trimmed to decrease the chance they could fall on your house.

5.  Use the internet, like Twitter or National Weather Service, to get breaking alerts, and invest in a battery powered radio.

6.  Keep extra batteries available to keep the radio alerts going.

7.   Keep your car gassed up, instead of running out during an emergency and finding
it’s out of gas, and remember, if the power goes out, the gas pumps don’t work.

8.  Stay alert and try to keep a day ahead of the weather!

Severe Tornados and Why We Need to Stay Prepared

Posted on by
Reply

The damage and destruction from the path of a tornado is incredible – and only matched by the sad stories of the survivors, if they are lucky enough to survive.

If there’s one thing that social media has improved – it is the ability of an individual in an affected area to get detailed updated by the minute on a smartphone or over the internet.

The old early warning systems were set up for radio, that was in the days when everyone listened to radios.   I do listen to the radio for maybe 5 minutes a day, in the car, just long enough to put in the CD or connect my ipod.   So the Twitter accounts and iphone-smartphone apps from CNN, the National Weather Service, Weatherbug and dozens more really help to keep people informed.

I often hear news anchors lament the over-availability of information these days, but I think the more access we get to this kind of information and other kinds of info is absolutely a wonderful thing for society and for most people!

If you do live in a tornado-, hurricane- or other disaster-likely area, the Weatherbug app is one of the best because you can set it to actually chirp if severe weather threatens.

As far as risk reduction – being able to protect yourself against major weather events is one of the threats you can more easily eliminate or at least manage.

Are there mor

“Although the average number of April tornadoes steadily increased from 74 a year in the 1950s to 163 a year in the 2000s, nearly all of the increase is of the least powerful tornadoes that may touch down briefly without causing much damage. That suggests better reporting is largely responsible for the increase.

There are, on average, 1,300 tornadoes each year in the United States, which have caused an average of 65 deaths annually in recent years.

The number of tornadoes rated from EF1 to EF5 on the enhanced Fujita scale, used to measure tornado strength, has stayed relatively constant for the past half century at about 500 annually. But in that time the number of confirmed EF0 tornadoes has steadily increased to more than 800 a year from less than 100 a year, said Harold Brooks, a research meteorologist at the National Severe Storms Laboratory. ”

 

 

Threat Modeling is the Exciting, Sexy Part of Risk Assessment

Posted on by
Reply

As a risk assessment professional, when I get into a risk discussion, most security people want to talk about THREAT!  Threat is the most sexy and exciting part of doing a risk assessment.

Threats are exciting all by themselves.  Think about all the threats you can name:

All the natural disasters like Earthquakes, Tornadoes, Storms, Hurricanes, Tsunamis, Lightning, Floods

Crimes like Homicide, Assault, Rape, Burglary, Theft, Kidnapping, Blackmail, Extortion

Terrorism like Sabotage, Explosions, Mail Bombs, Suicide Bombs

All the IT Threats like Malicous Code, Disclosure, Data Breaches, Theft of Data

And about 50 more including Chem/Bio incidents, Magnetic waves, High Energy Bursts, Microbursts, Contamination and Reputation Damage.

Each of these threats could theoretically occur at any time, but we try to establish a pattern of how often they have occurred in the past, in this location, in this county, in this country, in the company, etc.   So NASA, for example, gets thousands of hacker attacks, but another company, like the local Salvation Army, gets 1 every 10 years.

Same model for natural disasters, although you might have to factor in climate change, it’s easy to get the threat incidents for hurricanes in Florida, snow storms in Cleveland, earthquakes in northern California, etc.

We also like to examine industry specific data to see if some threats are higher in a certain industry, like the high incidence of workplace violence incidents in hospitals and high risk retail establishments (like Wawa or 7-11).

Another factor we use in calculating threat likelihood is how the threat could actually affect different types of assets…. for example, would an earthquake damage a car?  Probably not. Would it cause damage to an old historical building – probably (unless it had been retrofitted).  Could it cause loss of life, or injuries (think Haiti).

So I use a multidimensional model that takes the threats list (I have a standard list of 75 threats that I use), and map it to each potential loss, based on the ‘asset’ that might be affected.

The more data you get, the better your model will be, and the more value it will have as a decision support tool!

 

How to Correctly Analyze 100-Year Threats for Risk Assessments

Posted on by
Reply

Starting a risk assessment in northern Virginia and going through the threat list they say, “You can take earthquakes out – we don’t have earthquakes here”!

Hey, Haiti didn’t have earthquakes!

Vermont didn’t have major floods!

Connecticut doesn’t have tornados!

Like Murphy’s Law, as soon as you discount a threat, and think, “it will never happen here”, it happens!   The earthquake in the mid-Atlantic in August was a wake-up call for those who that they would never have earthquake damage.

One of the reasons that security risk assessment is so highly valued as an analytical took, and why it’s required by so many governments is because it DOES take into account the 100-year flood, the 75-year drought, etc.

Natural disasters can be so overwhelming, and catastrophic, that they must be considered in any proper risk assessment.  This is why some areas are not suitable for building housing tracts, because they are in a 100-year flood plan.

Because human memories are short, just because YOU haven’t experience a flood
along a meandering creek, doesn’t mean it will never happen.  

Always check the long-term probabilities when you start a risk assessment and make the numbers work for you!

Does Being on TV Make Us Better World Citizens?

Posted on by
2

Does Being on TV Make Us Better World Citizens?

To quote the character in the 1995 movie, “To Die For” — “You’re not really anybody in America unless you’re on TV… ’cause what’s the point of doing anything worthwhile if there’s nobody watching?  So when people are watching, it makes you a better person.” So if everybody was on TV all the time, everybody would be better people.

A minor statistic – that the recent tsunami in #Japan got CNN its highest ratings since Obama’s inauguration!   What can beat the reality of earthquakes and rising water, followed almost immediately by nuclear power plants with seawater cannons blasting?   And then add the airstrikes over #Libya – all delivered in breathtaking color.

Does showing these images on TV make people more sympathetic to the plight of the rest of the world?   I think it probably does – and that it does make us better people for caring.

The social media has contributed greatly to this – working hand in glove with TV – expanding coverage to new audiences and flashing breaking news around the world.  The immediacy of Twitter and email make us seem empathetic because we are sending the news out to our social circles. 

The middle east uprisings are possible not because of just the media, but because people around the world weigh in and give political support to the protesters.  They know the world is watching and because they know they are not alone anymore, they are empowered to stick with their protests. 

And look at the payoff – the rebels in Libya make their case and the world comes to their aid.  Obviously there are other critical factors at play here, but the TV makes it all possible. 

Just five years ago, people were wondering when the One World concept would finally catch hold and we would collectively realize that we’re really all people on this tiny planet – Pax Humana, aka World Peace. 

It looks like that day has come – not because of highideals or harmonic convergence, or universal values, but because we can tweet pictures to our friends about other people on the other side of the world.  This is true reality TV and it’s going to be a game changer for businesses and governments everywhere.

Not with a Bang…. The Japanese Nuclear Disaster

Posted on by
Reply

Too late to run a formal risk assessment on the dismal situation at the Japanese nuclear plants.  Obviously, the switch has been turned to ‘survival mode’.  But risk decisions are still being made, individually and collectively.

The bravery of the nuclear plant workers who stayed to continue at their posts and try to avert a full catastrophe reflects 50 individual risk decisions  by people risking their own lives for the elusive greater good. 

One of the U.S. TV morning shows talked about the risk calculation being made about whether to continue to build nuclear plants when “stuff happens”, as this double play of earthquake-tsunami proves.  

The assets which are generated by nuclear energy are large amounts of relatively ‘clean’ energy.  The risks have been underwritten by governments which support the growth of these plants by sharing the risk with the electric companies to encourage them to build. 

The threats to these plants have been addressed dozens of times and right at the top of the list are both international and domestic terrorists; followed by natural disasters, including earthquakes, tsunamis (we added tsunamis into our threat matrix in 2002),  tornados and hurricanes; followed by sabotage by insiders who work in the plants themselves. 

Personnel working in these plants are heavily investigated and also undergo continuing scrutiny of their lifestyles, checking accounts, etc., because of the sensitivity of the work they do.    US National Public Radio (NPR) reported yesterday that U.S. nuke plants have a failure rate of 40% on security inspections – and that’s when they get TWO WEEKS ADVANCE NOTICE of the inspections.  What if they got no notice?  What kind of results would we see?

One of the major risk correlations in formal risk assessment is the Threat-Asset ratio, which means, for example,  don’t build a nuclear plant on an earthquake fault line.  If the threat is too high, it increases the probability that the asset (the plant) will be compromised and could experience a loss, based on a threat occurring.

The standard list of controls are also analyzed and these can range from specific security controls to having multiple backup power sources (that DO NOT DEPEND on electricity).    Obviously, when this control was no longer viable due to the natural disasters, that’s when things started to go rapidly downhill.

Without electricity to keep the cooling activities running, you have to start to look at the possible losses that could result from the event.   The nuclear power equation is especially worrisome because radioactivity is not only instantly fatal, but it can be blown around, and it is FOREVER.  It doesn’t burn itself out in a few days like a fire, or dry up like a flood when the sun comes out.

The risks/potential losses can include:

Loss of life of plant employees
Loss of life of the surrounding population – to 5 miles, 50 miles, 100 miles, farther?
Loss of the electricity that cannot be generated and what that means to a country.
Loss of the plant itself – as a replacement cost of billions of dollars.

The problem with the nuclear power risk equation is that the biggest potential loss is the contamination of one, two or multiple countries, possible permanent radioactive contamination of the ocean, or, in a very worst case, loss of the planet.

As this latest disaster proves, the potential loss is so high, that even twenty years of extra electricity don’t seem worth the risk, especially if the calculation includes plants built-in areas susceptible to the list of potential threats exactly like earthquakes.

We’re running a set of scenarios that will continue to evolve as the situation stabilizes or possibly gets even worse. It seems that Mother Nature is controlling events now.

Avatar, the Field and the BP Oil Spill

Posted on by
Reply

As the old drill-baby-drill cry loses its appeal, the coastal communities in the Gulf of Mexico are beginning to understand that they will feel the devastating consequences of the BP oil spill. 

The U.S. is a bicoastal country – 50% of the entire population of the United States lives within 50 miles of a coast.  And pays extra in housing prices to live there.  Ignore for a moment all the businesses that will be impacted – and think about buying a $4 million dollar house on the water – and have the water turn into an oil slick. 

I watched Avatar last night and noticed how the movie depicted the planet, Pandora, as an interconnection of elements that you could SEE how they supported  and depended on each other. 

That illustrates our relationship with our own Earth and how if one thing changes, it effects everything along the food chain (literally, in this case).  So the oil gets the birds and the blue crab larvae and the shrimp and now they are saying it may wipe out a generation of sea life.

As a species, we generally do not recognize that our connection with the earth is every bit as interconnected and tangible as the network on Pandora.  We need the earth to give us water, provide us with food (whether you are a vegetarian or not), provide water and shelter, medicine – everything – even manufacturing of plastic comes from the earth through our use of petroleum.

 That is also why ideas about animals are often so ‘un-evolved’, meaning they are thought of a things, not spiritual beings.  Time magazine ran an article on animal intelligence several years ago and said, at the conclusion of the article, “if we recognized and were aware of how sensitive and intelligent animals actually were, we would have to change everything we do as humans.”

News flash – we ARE going to have to change everything we do – we have to find our connection to the earth and the animals and plants who share it, or we will continue to have these devastating environmental disasters and wake up one day to a wasteland that can no longer support us. 

If you’ve watched “What The Bleep”, which is a movie that explains new developments in quantum physics – and I highly recommend that you watch it…  you will reach the same conclusion – that the electric Field exists on our planet and connects you and me to every dog, every blue crab, every tree, every blade of grass.  There is no artificial separation.  We are them and they are us and we are the same thing – just a different sector of the same energy field. We are Pandora. 

Oil spills and other disasters make this living network more apparent by watching, hour by hour on CNN, how one event affects everything, first in the Gulf, then in the entire coastal area touching the Gulf, then probably the Caribbean – who knows how wide the damage will be from this one oil platform. 

Do you feel the connection?  A few years ago, I got a great book about ‘curing the incurable’ and it was a collection of Russian folk remedies – from a former doctor to the Russian Olympics.  One of the remedies was how to use trees for healing – complete with details about which trees were most responsive – how to tap into the energy of the trees and use them by standing eighteen inches from the tree and putting your hands on the trunk…

This oil spill may dissolve political differences and even national differences and show us, one more time, how interconnected we are with the earth – and I’m hoping that we will find a positive way to use that information.