Attacks on the general public across the globe continue to mount, but they are not solely terrorist based. Low-tech improvised assaults and attacks are increasingly carried out by individuals or small groups. The risks have changed, and, as such, technology isn’t the only component of a successful security plan and specification.
For integrated systems technology contractors, the way to become most valuable to customers is to understand the changing landscape, know how to evaluate and assess risks and threats, and work in partnership with all stakeholders to implement a comprehensive plan that piggybacks off deterrence methodology and integrated security detection technologies.
“Traditionally, contractors might start their design process at the perimeter of a property,” said Bob Hayes, managing director, Security Executive Council (SEC), Atlanta.
“With the [June 2017] London Bridge incident, for example, you need to look at the approaches to the facility and adjacent properties, especially if those buildings bring higher risk. If the user is next to a hardware store, they don’t pick up much additional risk. If they are located next to an abortion clinic or an animal testing laboratory, that’s a different situation because of potential activists or extremists,” he said.
Hayes said one part of the risk assessment establishes the nature of adjacent properties risk. Another facet is crime prevention through environmental design (CPTED).
“Before any system’s design or use, clients need to conduct their own risk-threat assessment,” he said.
The SEC, a research and advisory firm focused on corporate security risk-mitigation solutions, provides thought leadership and expert resources and serves chief security officers, chief information security officers, C-suite functions and other key stakeholders.
Risk assessment defines threats and aligns security with the business objectives of the user, going beyond physical threats. According to Hayes, a client who has not performed this analysis can’t define what a system ultimately should do.
“Business continuity and security plans have changed dramatically since 9/11,” he said. “Prior, you didn’t think as much about public spaces, such as the inside of an airport or theaters, hotels and even restaurants and bars with an outdoor seating environment. As threats change, planning has to change as well.”
Jarod Stockdale, security project consultant for NV5 Technical Engineering and Consulting Solutions, Las Vegas, said the security assessment is paramount and an area where the industry has fallen short.
“We look at the entire scope of the project, including where threats may arise,” Stockdale said. “It’s not only technology, but CPTED and also working with outside agencies, such as police and fire responders, to devise a successful plan. It takes a full security profile and analysis, bringing in all stakeholders. It’s then that the real planning can take place, and the results are far better.”
Perimeter security may focus on prevention, and while that’s a great goal and outcome, it isn’t realistic, Stockdale said.
“The best-case scenario is that we are going to deter, detect and delay,” he said. “The bad guys have the advantage of time. They’ve probably already done an assessment of the likelihood of committing a crime and know what the premises look like. We are trying to delay to prevent an attack. If I put a fence up, it keeps the guy out until he climbs it, or we use bollards to keep him away until he uses a motorcycle, for example.
“If an attack is likely through a front gate, we install Z-shaped driveways so the perpetrator can’t reach high speeds to ram through the building or use bollards. Now, those particular elements won’t delay a person on foot, but stairs will. So we use the outside perimeter to delay and give the user the opportunity to sound an alarm, lockdown, evacuate or provide shelter in place. We need to recognize all those things to take steps to delay an attack. In the end of the day, all we have is our reaction time.”
Changing roles and opportunities for installing companies
Security contractors are taking on a different role than in the past.
“This is a marvelous opportunity, but it’s fraught with risk if they don’t lay the proper groundwork,” Hayes said. “They have to transform their company to meet the new needs of the client and start thinking about security that shows a deep understanding of the customer, employees and others who use those companies. There are 26.8 million corporations in the U.S. alone. A Fortune 100 company typically can use the services of up to 30,000, so the security of their supply chain is equally important. You need to partner with information technology and corporate security and know their language, as they are your biggest ally for success. The whole landscape of security we are currently operating in is providing the greatest opportunity, the greatest risk and undergoing the greatest transformation ever witnessed.”
Many new technologies improve detection, but they may not be applicable if the risks haven’t been clearly defined.
“Focusing on hardware and technology only is not the solution. Ask these questions: What’s the desired outcome with the equipment? Do we want to detect, intervene or do something else? What are we worried about, what are we going to address and how are we going to change the outcome? Are you happy with your existing role in just pulling cable or are you the kind of company that CSOs are looking for to be part of their solution design? If they want to be part of the solution design they need to know this theory and practice,” Hayes said.
Technology can improve an outcome if deployed properly with advance planning, but it’s not the end all and be all.
“Technology is a force multiplier to improve response, but it’s also an obstacle,” Stockdale said. “People are walking into poles because they are focused on their smartphones. The biggest thing is to look up and be aware of your surroundings—situational awareness. Implementation of technology combines more successfully with better information. CCTV and video analytics can alert of a vehicle heading in the wrong direction and then an alert can be sent out, even combined with a public address system. And these alerts need to be expanded more easily to that 5-inch-screen we are focused on. In London, where they have many cameras, maybe if the vehicle approaching the bridge was detected at a high rate of speed with analytics, an alert could have been pushed out to everyone in the area via their smartphones.”
Stockdale encourages people to look up and be aware.
“We are so dependent on the technology in our pocket,” he said. “As you walk down the street, be aware of what’s going on around you.”
The SEC has written extensively on this theory and practice. Find this material for free at www.securityexecutivecouncil.com/knowledge.