Category Archives: Threat Assessment

The Active Shooter Threat – What’s the Right Response? Run Out or Lock Down?

Posted on by
Reply

I got to sit in on a security group discussion yesterday.  It includes both security directors and local law enforcement and It was interesting to see how both groups approached the active shooter scenario differently.   Which way is the best?  Is there a best?
For law enforcement officers at both the state, city and county level, they want all doors to be unlocked so that all the occupants of a facility, or a hospital, can get out and run for safety as quickly as possible.   They say that means more people will survive, not get shot, and it works with the natural human reaction to run away from danger.

Some of the active shooter experts in the room said that active shooter situations should be treated like fire drills, because people are used to fire drills, and they know what to do, because they practice fire drills more frequently than active shooter drills.

For the Security Directors, especially of hospitals, they wanted to be able to lock down if there was an active shooter call in their facility.  They felt that there were problems in evacuating quickly, and some were concerned about leaving bed-ridden patients behind while the clinical staff run out of the building.  So they advocated locking down all doors instantly.

While the heated discussion continued for almost three hours – at the end there was no
“BEST” solution.  Each Security Director or Manager will have to decide for themselves which approach is right for their organization.  The important thing is to think it through in advance, prepare people in advance, and take advantage of the great materials that are available to help organizations prepared.

Get more information including videos, training materials, on line courses and more at
http://www.dhs.gov/active-shooter-preparedness.

 

 

 

Lack of Security Risk Assessments cited as Contributing to Benghazi Embassy Attack

Posted on by
Reply

Just two weeks ago, we were talking about the lack of coordination between DHS agencies and known intelligence on the brothers responsible.

Now we have the Benghazi Senate hearings, and here is the same problem again – lack of coordination between different parts of the State Department, and with the Defense Department, AND with the CIA and the intelligence community.

Add to this, the appalling cuts in funding for diplomatic security, and a flawed process about what needs to be done about security and protection to our embassies around the world.

“In these tight budget times, the committee has had to make some tough choices to prioritize funding.”, said a GOP aide in The Hill article (GOP cuts to embassy security draw scrutiny), by Alexander Bolton on September 18, 2012.   In spite of the uncertainly of the Arab Spring, the demonstrations every Friday in streets from Bahrain to Tunesia, the embassies had their budgets cut.

Of course, security experts are used to this, security doesn’t directly generate revenue, and it is often one of the first functions on the chopping block.  However, to cut funding to the critical embassy functions in this volatile environment, is obviously a very bad decision on the part of the GOP.

For example, the security risk assessment which are routinely done on these embassies are not done on a systematic basis.  As a risk expert, these security risk assessments should be done WEEKLY, and they should be automated so they can instantly be compared to environments in other embassies, and comparisons made by month, by year, and trends can be tracked.

If we can’t afford to do these assessments and just as important, if we can’t afford to fix the problems that assessments reveal, then we should not have embassies in these places.

The security risk assessments that are done properly must also include complete threat assessments.  ”We need to develop a paradigm for managing risk“, said Gregory Hicks, a Foreign Service Officer who testified today on Capitol Hill.

These paradigms for managing risk already exist and they have been totally ignored by the State Department, which makes it almost impossible to get a clear, unfiltered view of the security situation at any embassy, at any point in time.

At least both sides of the political aisle agree, we do not want this to happen again!  Benghazi is not a political problem, it is a massive security failure problem!

 

3 Cleveland Women -The New Front Line of the War on Women

Posted on by
Reply

For the past 4 days, media attention has been focused on the three Cleveland girls who were abducted close to their homes and kept as prisoners in an old run-down house with neighbors on all sides.

NOW, neighbors tell how they broke down the door to free the women, the little 6-year old girl who came out with them, presumably the child of their abductor, and stories of screams coming from the house over the LAST TEN YEARS.

Besides the obvious curiosity about how they are, how this happened, how they were subdued for so long, and all the salient details, my question is WHY DID THIS HAPPEN, AND WHAT DO WE NEED TO CHANGE TO MAKE SURE IT NEVER HAPPENS AGAIN!

As a security analyst, I have to place some of the blame at the door of the Cleveland police, not that they are different from any other police department in the U.S.  Police are trained to catch criminals – that is their reason for being.   But it seems that, increasingly, in crimes where women go missing, even a 16-year-old, the search for them never really gets underway.  With no speeding car to chase, no easy suspicious person to detain, they stop looking.

Statistics say that about 2300 people go missing every day, over half are men, so that
leaves about 1000 females, and of these, about 70% are young women. so that easy math – about 700 A DAY! or 255,500 EVERY YEAR!

My point is just that the Cleveland Triple Abduction should be a wake up call for parents, citizens AND law enforcement to find a better way to search for these missing girls.

The world has changed – we have cameras, social media, facebook pages, and we need for all of these to be routinely used to find missing girls before we see another case exactly like this one.

 

 

Why DHS & FBI Need Google’s Help to Track Terrorists

Posted on by
Reply

The Boston Marathon bombings were bad enough.  The loss of life was terrible, but the runners and their families who lost legs and feet because they wanted to give their Dad a hug at the finish line were worse.

One week later, we all watch with trepidation as the first bomber is killed and the second captured bleeding in a boat in Watertown.

THE MOST TERRIBLE NEWS OF ALL IS THAT IT MIGHT HAVE BEEN PREVENTED!!  This is EXACTLY the situation that DHS was supposed to catch.  This is EXACTLY why the agencies were ORDERED to share information, and still these guys can tweet all they want, show violent Islamic videos on their web sites and call for Jihad and NOBODY NOTICES!!

This is made even more incomprehensible because the U.S. government was ALERTED BY THE RUSSIANSthat one of them was DANGEROUS.

What do we need to do to get these agencies to start paying attention to these potential terrorists? DO WE NEED TO MAKE THEM WEAR A RED SHIRT?

If the IRS can keep track of every American and in 2 minutes call up their entire history of taxes, and the Department of Labor can calculate your benefit rates in less than 1 minute, and Social Security keep track of all your information – why can’t DHS and the FBI  keep a contact database current?

Why can’t they have a person who scans these web sites and Facebook sites for Jihadist pages and then cross-references them with the site’s owner?   Why can’t a trip to a violent region of the world trigger a PING, as I heard one congressman call it.

Every company in the world has a simple Contact database on their own customers and suppliers that gives them years of data.   WHY CAN’T WE BE PROTECTED FROM THESE TERRORiSTS.

This one wasn’t hiding in the shadows – he was ON SOCIAL MEDIA!   He wasn’t locked up in a cabin – he was traveling internationally,   his brother was getting a scholarship.  And they did this FOR YEARS!!

This intelligence failure is just exactly like 9/11 all over again.  These agencies are so procedural that they cannot connect the dots.  Ok – they’re human. But we have super computers that CAN connect the dots and do profiles and create alerts…

Maybe we should call Google and get some help.  We obviously need it.

Why Gang Leader’s Girlfriends Want to Work in Your Physician Practice

Posted on by
Reply

In a very interesting article titled Why Gang Members Want Your Identity Fox Business News reporter Kate Rogers examines a disturbing trend of stealing electronic patient records and using them to commit crimes.  They want your social security number and address and then they can use them to submit phony tax returns!

My CPA told me that many of his long-time clients file their carefully prepared returns and IRS writes back to say they were already submitted!

Detective Craig Catlin of North Miami Beach Police called it an ‘epidemic’ among city gangs.  He said, “Every gang member is doing this, it’s a business to them – they’re doing burglaries and having other members commit the fraud”.

As a medical professional – why should you care? Because gang leaders are having their girlfriends get jobs at physician offices and hospitals, and they stay for one day or one week, just long enough to steal all the medical records.  Then they have a ‘Tax Party’ and file hundreds of false tax returns!  They can make $50,000 in one evening.  They just need the records.

How to prevent this from happening to you, which, of course, would also result in a HIPAA fine of up to $1,500,000 dollars, is to be very strict with background checks and be very wary of unsolicited job seekers.

Additionally, having active, and online monitoring in effect will send out a warning to new individuals that their every keystroke is tracked and watched.  Of course, banning zip drives and using encryption are also strong controls to add.

Walk through your office today – count the tattoos and draw your own conclusions.

 

The Effect of the Sequester on Security Budgets

Posted on by
Reply

Every time the TV is on, every anchor is crying about the dreaded Sequester.

Will it have an impact on security budgets?  I have seen security budgets, especially for the facilities security departments, swing from almost unlimited budgets after 2001, to bare bones in 2009 and 2010, and thought they were trending back up for 2013.

Now, with the uncertainty about what a Sequester  actually is, (please note my use of the capital “S”), how will it affect our security departments?

Obviously, the most obvious casualty are the government contractors who’s contracts may be arbitrarily cut, and civilian managers of federal programs will see lost days and furloughs.

The trickle-down effect will probably extend to state, county and municipal governments, too.   So that means it’s even more important to start budgeting new security controls so that the most important get the funding!

One of the themes we go over in our webinar programs is how important it is to create a COST JUSTIFICATION and Return on Investment information so that you can create a business case for every control you need to improve security.

And one more thought on the Sequester – we often see an increase in crime, white collar crime and fraud when things are unsettled and people aren’t sure what’s going to happen next.

Maybe it’s a good time to do another risk assessment?  Maybe the Sequester is the next new Threat!

 

Why Giving Oscar Pistorius Bail Today in a South African Court is another blow against Women

Posted on by
Reply

Violence, assault, battery, and homicide is always more of a problem for women than for men.

Statistics show that men are more likely to BE VIOLENT, and more apt to be aggressive toward women.  Because men are the world’s power brokers, and sometimes they try to use that power to dominate the women that they imagine they should be able to control.

The term War On Women is accurate, if you review the facts, and also the sensational details. The Scott Peterson’s murder of his 9-month pregnant wife carrying his unborn son, Connor, and just yesterday, Drew Peterson sentenced for murder of his 3rd wife, while wife number 4, Stacy, has been missing since 2007.

Remember  Josh and Susan Powell?   Josh, who killed both his young sons and himself, even though he was never convicted of Susan’s disappearance.  And the terrible thing about these high profile crimes is these women were attacked and killed at their most vulnerable, by someone who, at least, initially, loved them.

Even worse, in countries like South Africa, or India, rape is something that happens many times every day.  And the rich white guys aren’t the only perps.  It’s angry people — no matter how much money they have, where they live, or what their backgrounds are, or their education level.

Certain men seem to regard women as their possessions, like their dogs, or their household help, and so they feel free to abuse them, kick them, break their arms, intimidate them, control them, and if the woman tries to fight back, she is often killed.

No matter how rich Oscar Pistorius is, how great he is for overcoming such a profound handicap, how many medals he won, he, like OJ Simpson, will now be judged for losing his temper and murdering a beautiful young model – who loved him!

And obviously, the Magistrate didn’t agree, because if he did – he would never have granted him bail.

 

How to Plan for a Rare Threat or Weather Event

Posted on by
1

Whether it’s a crime, a meteor shower, a dam breach or a major hack attack, how can
security directors, managers (and even individuals) plan for the extremely rare threat event?

Even with the challenges of global warmings and changing patterns in society, and, apparently, in space, it’s still possible to anticipate and prepare for the outlier events.

You start with the known elements, for example, lately, some residential developers have been building in established flood plains, because, hey , there hasn’t been a flood in over 50 years.  But there are 100-year flood plains, 50-year flood plains and 200-year flood plains.  If your home, or facility, is located in a 50-year flood plain, and it’s been 48 years since the last flood, you can correctly infer that the next five years, you have an increased flood risk!

How to find out about flood risk?  If you live in the USA, you can go to www.floodsmart.gov, put in your zip code, and find out whether or not you are located in a flood plain, or flood prone area.  If you find out that you are, then you can add some additional preparation to make sure this threat is not going to materialize, or if it does, you’re ready!

Another example,  if your house/facility is in a high risk flood area, that means that there is a 1 in 4 chance (25% chance) that the property will experience a flood during the next 30 years.

If we look at chance of being hit by a meteor shower, we might find that a meteor hits the earth, with an impact, once every hundred years.   And so we take that 1 in 100 number and factor in the global surface, say divide it into 50 regions.  So that reduces that 1 in 100 number down to a much lesser number, maybe one in 100,000.

While the rare events are shocking when they occur, you can plan for them, by analyzing your risk, and putting in the proper controls so that if or when it happens, you’re ready and can continue to operate with the minimal of disruption!

We’re analyzing and examining  over 65 threats in the next 12 months, so subscribe to the blog and collect all the latest threat information.

Adding a New and Real Threat – Meteor Shower Damage

Posted on by
Reply

After the meteor showers over Siberia this week, Russia put together a Financial analysis of the damage from

1200 injured by flying glass
$33,000,000 in damage
4,000 building damaged
50 Acres of windows shattered

In the last twenty-five years, as the rate of climate change has increase, we have added new threats like Tsunami and ash pollution (from Subic Bay in the Phillipines).

Now meteor showers have actually come to cause damage to companies so they are another factor to be included in risk assessments.

In evaluating threats for a risk assessment, many in the northeast would always tell me,“take out earthquakes”, we don’t have earthquakes in Virginia, Maryland, and Ohio.  That changed in 2011 when the Mineral, Virginia earthquake hit during a mid-week business day.

RICHMOND, VA (WWBT) – Aug. 24, 2011.  There was an earthquake in Central Virginia that measured 5.8 on the Richter scale centered about 5 miles south of Mineral in Louisa, depth 3.7 miles at about 1:51 p.m. The quake was centered at 38°N, 78°W.

The U.S. Geological Survey said the earthquake was centered about 38 miles northwest of Richmond, Va., about 84 miles southwest of Washington, D.C., and was felt as far north as Rhode Island and New York City. See a map of the quake from Chuck Bailey, professor of geology at the College of William and Mary.

Hospitals, government offices, dams and power generating plants,  including nuclear plants, were forced to suddenly reevaluate the long held idea that earthquakes just didn’t happen in the NorthEast.

The threat from meteor damage is the same idea.  It never happened before, but now it has happened again, if you count Tunguska as the first time.

Damage from meteor showers will now add a new category into the Threat index, even though this was the first event in my lifetime, if analyst factor in the previously known instances, such as the Tunguska Meteor Event, which did not occur thousands of years ago, like the meteor event in the Yucatan peninsula that killed off the dinosaurs, but
Tunguska occurred in 1908!   Almost in this century.

Over the next month, we’ll be looking at each different threat every week.  Sign up for my blog or access by following me on twitter at www.twitter.com/riskalert.

 

Assessing School Security Takes on New Dimensions after Sandy Hook Tragedy

Posted on by
3

After 30 years of security risk assessment experience and working with hundreds of schools, hospitals, facilities, I have to say that schools have not taken school security seriously.

Obviously there are the social pressures including mental health screening, proposed assault weapons bans, gun owner screening, etc., but these are the thing that won’t change overnight.  EVEN IF THEY ARE LEGISLATED, it takes time to implement, and
implementation may not be perfect.

TODAY IS THE DAY TO DO A SCHOOL VIOLENCE ASSESSMENT – not tomorrow, not after new gun laws, not after the holidays — TODAY.

There are indicators you can look for to see if your school is at risk of an active shooter incident.  And ways to be prepared if the unthinkable happens and an active shooter comes to your school.

Strong, simple access control is the most effective solution, and yes, this may mean that
a plain glass front door or window is not enough.  Glass is easily broken, and yes, it means that all staff must be a little more accountable, and it probably means a red phone or connection to the local police.

There is a simple school risk assessment program that will give guidance on what you need to do TODAY, what controls you need to implement, what threats are most likely to occur.  These can be accessed on the www.riskandsecurityllc.com website.

Some things are preventable, some aren’t.  But lockdown drills, alarm systems, and active monitoring of cameras are just a few of the 60 controls every school should have in place to protect our precious children.

And this comes from the grandmother who’s 3-year old twins turned 3 yesterday!