How to Protect Yourslf Against Burglary or Housebreaking by Using Surveillance Systems and Safe-rooms

I was watching the news the other night and just like every night, they were showing criminals that had broken in to homes while the owners were away.  There was even footage of the family dog chasing the burglar away.  But one story caught my eye.  It was the story of a homeowner who had installed a doorbell system with a camera.  We’ve all seen the ad where the bad guy approaches the home and the owner say “Get off my lawn” or something to that effect.  Then the perps run away.  It was one of those types.

In this particular case, the homeowner was inside the house with her son.  When the would-be burglar approached the door she got an image of the burglar standing by her front door.  He knocked on the door and pulled a gun from his waist band.  The homeowner took her son and hid in a closet and called 911.

Can’t say I blame her.  After all this was more than a burglary this had all of the potential of being a kidnapping, sexual assault or worse.  I think she did the right thing in hiding.  That said, however, a closet offers very little protection from a dedicated intruder.  What she needed was a closet that had been converted into a safe-room.  A room that was impenetrable from the outside.  There are materials out there that can be used in new construction or retrofitted to an existing closet space for a few thousand dollars. It could even be a DIY project over a weekend.  Shouldn’t every home have one? 

But the real problem here is that the homeowner had bought the security system thinking that it would protect them.  I guess it did, sort of, because she was able to see the perps and take action.  The standard action is to tell the perps to go away.  She didn’t do that, so in essence she didn’t use the system the way it was designed to be used.  Fortunately, the perps weren’t able to force the door open and eventually gave up and left. 

There are two things to remember about having a home security system; 1) it must be used the way it was designed in order to be truly effective, and 2) unless, there is a police or guard force’s immediate response, it really only collects evidence.

More about turning a closet into a safe-room, here:  https://drive.google.com/a/amuletbb.com/file/d/0B_EElZXso5ZmdUVZYVlXNFRscEU/view?usp=drive_web

More about how thieves target homes, here: https://www.linkedin.com/feed/update/urn:li:activity:6466683287757733888/

More tips on what you can do so it doesn’t happen to you, here:  https://reader.mediawiremobile.com/NYREJ/issues/203922/viewer?page=57

A one-day class on safe-room and shelter design and construction will be conducted on 20 June 2019.  Sign-up by calling 805 509-8655 or sending an email to info@hainessecuritysolutions.com  

Architects Meet Security Halfway

Architects Meet Security Halfway

What Should They Do to Go All the Way? 

The normal process for building or inhabited space design goes something like this:  the client goes to the architect and describes his/her vision.  The architect interprets that vision using their creative juices.  That’s a good thing! Once the client approves the vision then project is handed over to an engineering firm to “build the guts”. Once the infrastructure is done and the project is finalized.  The client accepts the project.  At that point, it’s up to the client to coordinate the security features of the designed environment.

Sometimes, this process works.  But more often than not, it doesn’t for a very simple reason.  Everyone sees the project differently.  The first questions the architect asks the client is how many people, what type of space (open/shared/closed offices, how many floors, etc.?  During that conversation there should be questions asked that regard the Design Basis Threat; i.e, what types of threats are we trying to protect against? This particularly the case when it comes to man-made threats; such as, active shooter, hostile vehicle, insider threats.  Natural threats to buildings and people are usually governed by ordinances or codes; fire, earthquake, high winds, etc.  Man-made threats on the other hand are not usually governed by ordinance.

That said, when understanding man-made threats it is important to identify several keys elements of the threat:

1) Types of aggressors threats (covert or overt, group or individual, organized or not)

2) Aggressor motivations or objectives (inflict injury or death, damage or destroy property, steal equipment or materials, and create adverse publicity)

3) Aggressor tactics (both the modus operandi and the tools needed to be successful)

Unfortunately, these elements are usually left up to the security consultant towards the end of the project.  If they were considered during the initial 15% phase or 35% phase of the project, it could easily accommodate countermeasures that mitigate these identified threats purely by designing the space to do just that while still maintaining functionality and aesthetics.

The Department of Defense, Department of State and Veteran’s Administration mandate that a security representative be part of the design team from the very beginning.  The civilian world should follow suit, instead of the current halfway method.

Other trends in the built environment are discussed here:

Security Industry Association Technology Insight, Spring edition

https://www.securityindustry.org/2018/04/05/the-puppy-movement/

Security Industry Association Technology Insight, Fall edition

https://www.securityindustry.org/2018/09/14/creating-invisible-security-to-prevent-vehicular-attacks/ 

The 310 Year Gamble

The Federal Government’s 310 Year Gamble on Your Child’s School Safety

In the days following the Parkland High School shooting, my emotions were out of control; first, because of the lack of “adult” leadership by the Federal government officials and secondly, because when called out by the high school’s young adults they (politicians) attacked the teens.  Whenever asked about how they intended to keep another active shooter event from happening they hid behind thinly veiled comments about how it was someone else’s responsibility to address the causes and fix them.

Let’s be realistic, it’s about guns, it’s about mental help, it’s about a person’s desire for fame, it’s about lack of protection, it’s about lack of designed evacuation routes and the list goes on…  Some causes can be fixed in the short term and others, like mental health issues will take many years to devise systems that are effective in identifying “at risk behaviors” and getting the person the proper treatment.  We also need to address the way schools are designed not only should they be great environments for learning by they must also be safe.  One example is there should always be two ways to egress a space in an emergency.  Currently, many times there is only one and if there are two, they lead into the same hallway.

So, in the meantime, if students and faculty are going to be taught to “hide” in the back of the classroom then the space must provide ballistic protection.  If it doesn’t, the AR-15 bullet will travel through the hallway locker, drywall or classroom furniture.  I thought, if we don’t have specific ballistic protection in place couldn’t we design a system similar to have hotels create additional space by mobile walls.  I reached out to my friends at Amulet Ballistic Technologies and come up with a design for retrofitting existing classrooms or new construction.

In 2018, the Federal government allocated $100 million for security upgrades to schools.  The deadline for application to receive some of that money was 31 July 2018.  If your school district didn’t apply, it for sure won’t get any of the money, so you’ll have to wait until next year.  Fortunately, many State legislatures have been setting aside funding and the process seems to be continuous.

Another unfortunately circumstance when it comes to funding is that most of the money will go to hiring school resource officers (RSO) from the local sheriff or police department.  Placing an armed guard is not in of itself sufficient.  While it will help deter possibly, the truth is if a RSO is present he/she will become the first victim and/or will not be where the shooting starts when it starts.  Another key security feature will be electronic surveillance and access control.  Both are useful and effective but have their limits as well.  Cameras must be monitored in “real-time” AND a response must be immediate.  Access control is only effective if it doesn’t become a burden to day-to-day operations.  If it becomes “taxing” people will figure out how to get around it.  

Now, back to $100 million per year for the next 10 years ($1Billion total).  There are an estimated 50.2 – 58 million students in America’s schools.  The average class size in the US is somewhere between 17 and 26, so let’s just say 20-22 students.  If we divide the average size class occupancy into the lower number of total students that tells us we have about 2.5 million classrooms (give or take).  Now, if the average cost of constructing or retrofitting one classroom with ballistic protection is $15,000 (I suspect that once we get going the costs will be lower and more likely to be about $10-12k for a classroom of 20 using the Department of Homeland Security recommended square footage for safe-haven/shelter space occupancy.) then it will take $3,750,000,000,000 to retrofit all existing classrooms.  At one billion every ten years that will be 375[1] years to protect every classroom in the US.

Let me put that into context.  Most people think that during the 2008 financial crisis[2], the treasury department used $700M to save the banks.  This is not true.  The Special Inspector General for the Troubled Asset Relief Program (TARP) in their summary report says that the total commitment of the government is $16.8 trillion with about $4.6 trillion already paid out.

According to a team at Bloomberg News, at one point last year the U.S. had lent, spent or guaranteed as much as $12.8 trillion to rescue the economy.[3]

In either case, more than enough to protect America’s kids in less than 10 years instead of over 300. 

---

[1] I rounded down to 310 years just in case my numbers are off a little, at any rate you get the idea.

[2] https://www.forbes.com/sites/mikecollins/2015/07/14/the-big-bank-bailout/#1c0b5b752d83

[3] http://www.pbs.org/wnet/need-to-know/economy/the-true-cost-of-the-bank-bailout/3309/

Parents and School Administrators are Buying
Security Equipment That Won’t 

Protect Children – Why?

Salesmanship and fear are the two main reasons.  Fear because active shooter events are more commonplace than a few years ago.  The recent discovery in New Mexico of abducted children being trained to carry out armed attacks at schools is frightening.  Since the federal government won’t address some of the underlying issues of gun violence by creating sensible legislation maybe they can concentrate instead on finding the horrifying number of missing kids that occur every year in America[1].  Just saying.

In the meantime, parents and school administrator know that something has to be done and have taken matters into their own hands.  

I applaud many States and school districts that have taken steps for comprehensive security improvements.  Unfortunately, there are an equal number of school districts that have only made superficial changes that really don’t offer protection from the active shooter threat or errant vehicle threats.  

Right after the February 14^th event in Parkland, everyone wanted to put more resource officers on campuses, more cameras and more access control.  While on the surface these may be good ideas, just getting more is not enough.  There must be processes in place that make them effective.  For example, if a school increases the number of CCTV cameras, then who monitors them in real time becomes essential.  Unless monitored in real-time, they only have evidentiary value.  The real value of CCTV is that it allows investigators to go back in time and figure out what happened.  We don’t need after-the-fact protection. 

Students and staff need to rely on protection that will actually protect them[2].

Bulletproof - C'mon really?

I saw a news report a couple days ago about a company offering “bullet proof” backpacks.  My antennae went up – way up.  There is no such thing as “bullet proof”!  The correct term is “ballistic resistant” or “bullet resistant”.  It may stop some types of bullets but it won’t stop all.  Therefore it is bullet resistant and not bullet proof.  Shady salesmen will play on your fear and lack of knowledge in knowing the difference.  Anyway, the news reporter had a marksman fire two types of handguns, which the backpack manufacturer said would be stopped, and they were, but when rounds from an AR15 (the most common type of weapon used in school mass shootings) were fired and the rounds went straight through the backpack and into the dirt berm behind.  The reporter asked why, and a guy whom I believe to be a company spokesman, said something to the effect, “well, it was shot at without books and binders being inside. That would change everything”.  To suggest that books and binders offer ballistic protection is just ludicrous.  Backpack manufacturers if I’m wrong AND you have the data to prove it!  Then do so and I will publically admit I was wrong.  

I’m amazed that Walmart and Costco are selling these backpacks for upwards of $100 and apparently do not make this distinction.  

Even if the backpack will stop a .9mm or .45mm, a person would have to be wearing it and be shot from the back.

Use Whatever You Can  

Police Departments and some companies have made a very profitable business out of teaching Run-Hide-Fight.  A defense strategy that teaches: run if you can, hide if you can’t and fight if you have to.  At first, this concept makes sense but the reality is the instructions being given during the R-H-F training actually teaches people to hide and use whatever they can for protection, or in worse case scenarios, use whatever they can to fight.  With this in mind, the idea that a student could hold a backpack in front of them and hide behind it, to me seems a little unreasonable.  I have a hard time imagining a ten year old reducing herself down to the size of a book-bag.  

Instead we should be teaching, to get out - Run-Run-Run - no matter what. Throw a chair through the window, punch thru the dry-wall - but do something that allows you to escape.  The idea of waiting for the "cavalry" to arrive and save the day is just crazy.  We could start designing all occupied spaces with, at least, two avenues of escape.  

This will take a considerable amount of time because first, we have to change our mindset about how we think about high occupancy spaces and how to design them to our advantage, and second, we have to actually implement these concepts into retrofitting classrooms or building new ones.

Don't D-I-Y This

A couple weeks ago, I was sitting next to a second grade teacher on a flight to Houston.  Of course, the conversation got around to school safety.  She said, “I don’t think about it.  I mean, I know what the security measures are for sheltering-in-place and fire drills and such but I really don’t give it much thought, and especially the “big stuff”.  I assumed she meant events like active shooters or terrorist attacks.  She’s right – she shouldn’t be worrying about security.  She should concentrate on teaching.  Educators should not try to D-I-Y this.  Instead, they should contact security professionals that are agnostic to products and are concerned solely with providing effective security solutions.  

That way, educators will get honest protection options that address issues on multiple levels and not just be sold more products.

---

[1] National Center for Missing & Exploited Children   http://www.missingkids.com/KeyFacts

[2] One More Town – One More Family – One More Angel – One More Funeral February 22^nd 2018 on-line edition of American Security Today.  https://americansecuritytoday.com/one-town-one-family-one-angel-one-funeral/

Using Landscaping to Control Access

I want to tell you about two incidents that required a security solution and how the first attempt at providing an adequate solution failed miserably.

First case – illegal dumping

The issue was that people were driving up to the banks of a stream and dumping trash; i.e., tires, mattresses, rubbish, etc.  The first solution provided added a camera to the site so that “things” could be monitored.  The camera fed back to the superintendent’s desk.  Of course, when he wasn’t there (weekends, evening/late at night, attending meetings, lunch, naps) the dumping occurred and continued.  The superintendent was scratching his head on what to do.  After all, he just spent several thousands of dollars on the latest technologies and they didn’t seem to work.

Our solution was not electronic.  Instead, we suggested that they build a raised berm/curb using natural landscaping (trees/boulders/bushes, even park benches) so that the vehicle couldn’t drive up to the water’s edge in the first place.  We suggested landscaping due to the ability to prevent the vehicle from reaching the stream.  We imagined the culprits wouldn’t want to carry the heavy objects from the roadway, across a bicycle/walking path and then into the wood clearing to reach the stream.  Our second reason was to ensure the aesthetics of the area were kept intact.  Sure, we could have suggested a fence along the embankment to deny access and achieve the same effect, but who wants to walk along a fence with barbed wire when they’re taking the dog out or jogging or cycling.

Second case – unwanted access to school property

The issue in this case was that community members were cutting across school grounds in order to shorten the distance to retail shops located near the school campus.  The first security company suggested erecting a chain-link-fence with 3-strand barbed wire outrigger around the entire campus perimeter with a gate for buses and parents/administrators.  When not in use the gate would be kept locked.  The administrators weren’t buying it.  What if a student climbed the fence and was injured?  And where were they going to get the manpower to manage the gate? 

Our solution was to construct on three sides a wooden split-rail fence approximately 4 feet high (similar to those used in the Atlantic Piedmont region) and then to place flower beds in front of the fence and thorny shrubbery and trees behind it so that it would be difficult to cut through.  The front of the campus was left open.  We also suggested installing "speed cushions" to allow just buses to enter the "drive up/drop off" area.  And to have a separate loading/unloading zone for the parent's cars, that would be controlled by school staff.  These solutions provided the aesthetic qualities the administrators were looking for.  We also suggested changing procedures but I don't want to give too much away here.  Needless to say a comprehensive change was needed to address the concerns of the school.

These are just two examples of how not all security solutions need to be electronic.  Unfortunately, surveillance companies will tell you that CCTV is the solution to everything.  The reality is it isn’t.  In both cases we used “natural access control” (Crime Prevention through Environmental Design [CPTED]) as a fundamental principle in our approach to reducing crime.

Additional CPTED ideas and other principles on deterring crime and the effects of terrorist attack will be discuss during a 3-day workshop, Designing Secure Buildings: Integrating Security Technologies being held in New York City, 11-13 Sep 18.

Our ROI Toolkit is available.  The Toolkit will help you justify to your boss why you need to attend this training.

Contact us at info@hainesssecuritysolution.com or call +1 805 509-8655 to register.

Visit us at https://hainessecuritysolutions.com/Training to find out about other classes we offer or to host a workshop. 

Prediction: An Active Shooter Event Will Occur at Your Child's School Unless Fundamental Security Changes are Made

One more active shooter incident, just a different town, different families but we’ve seen this show far too many times before.  I’m disgusted that everyone is blaming everyone else, the gun lobby oh it’s a mental health issue, the gun control tribe, oh we need gun control, everyone attacking the FBI and the mental health system.  The reality is WE, the collective We, failed.  No single agency or group or person or law is solely responsible.  Non-sensible gun control, non-sensible mental health laws, non-sensible law enforcement and non-sensible governing by public officials who haven’t display even the slightest bit of leadership.  Leaders stand up, admit their failures and take actions to correct course.  I know it’s only been a few days, so maybe just maybe someone will step up but based on previous track records, I kind of doubt it.

ELECTED OFFICIALS

If you’re an elected official, we’re calling you out.  There is nothing and I mean, NOTHING that is more important than protecting our kids, no … America’s kids.  If you think of them as someone else’s kids, then you’re sorely mistaken.  These are American’s kids, they belong to all of us.  It just so happens that they weren’t my blood relatives – at least, not this time. 

If you’re a public official you serve us – not your own or your party’s agenda – OUR agenda, and right now our agenda is – SAVE OUR KIDS! 

I had written a two-hundred-word rant but I think Emma Gonzalez said it much more eloquently that I.

This is not about anything other than will power.  We, after Presidential leadership, decided to put a man on the moon.  Not because we knew how but because that’s who we are.  We did it because of our willpower to do it. 

SAME OLD SOLUTIONS

I fear that in the aftermath of this tragic event those faced with finding solutions; i.e., security companies, elected officials, and school administrators will rush to add security guards and electronic security systems to their schools.  Unfortunately, these products will not solve the problem.  The school in Parkland had both.  Sadly, the guards will be somewhere else when the shooting starts or will become the first victim.  More cameras will only allow us to capture what happened, because there is no one monitoring and responding in “real time”.  Allowing teachers to carry guns, will not stop the carnage.  In fact, the idea of allowing “responsible” people to carry weapons, whether open or concealed, only puts more people at risk.  We could add fences and gates and metal detectors but all of those can and will be circumvented by a dedicated threat.  Besides, fences and gates and access control add to the issue of aggressiveness[1].  And, I certainly don’t advocate that we turn our schools into prison like compounds. It’s going to take a multi-layered approach.  We need to address the possession and use of guns, especially assault type weapons that are designed to kill as many people as possible in the shortest amount of time possible. Since they’re not for protecting a person and or his/her loved ones I don’t get why you need to have one.  I understand the argument that you have the right to protect yourself and your loved ones in your home, but do you really need an AR-15 to do that?  I’m not writing this to get in an argument over guns.  I’m writing this to voice my concern that if we don’t address the use of these type weapons in a logical way, we’re in for more trouble. 

Regrettably, someone will say, “Hey here’s how we fix this, so it doesn’t happen again”.  And then everyone will run after that solution for a while or until the next shooting happens.  Then we’ll figure out what “fell through the cracks”, plug that hole and wait for the next killings to occur.  Unless we have a comprehensive approach bringing a variety of disciplines to the table the “plug a hole” approach will cost lives.

Just like tackling the root causes of what happened in their totality so is the necessity to take a layered approach to implement security at the detection, assessment, command and control (school administration), response and engagement levels.  Without a holistic approach we will not have comprehensive solutions.

CRY FOR HELP – MENTAL HEALTH

I have to say, that while I detest what the Parkland shooter did, I also can see that this was a desperate cry for help.  The system failed this young man and now we have hundreds of victims to show for it.  So mental health professionals need to be consulted so they can express how they can have a greater impact on the actions of those who are troubled before they act out. Note: After the Isla Vista shooting in Santa Barbara a few years ago, the city formed a coalition of mental health professionals, police and others to respond to “welfare check” requests, instead of leaving it solely up to the police.

If we don’t address associated mental health issues and the laws surrounding when a physician can report his or her suspicions and concerns that a person may act out, then we’ll miss the boat again.  I think we all can agree, if a mental health professional says this person may resort to violence, then our first course of action should be to take away their ability to access firearms.  At least, until a risk assessment is done by a professional panel.

LAW ENFORCEMENT’S FAILURE

Now that the FBI is under scrutiny for its failure to follow up on what seems to be a credible tip, everyone wants to blame them.  In this instance, an investigation needs to be conducted (Director Wray has already announced a probe will be conducted) and if someone needs to be held accountable, at whatever level, then so be it.  But to place the blame solely on the FBI is wrong.  I have high confidence that the FBI will get to the bottom of what happened and correct it.

ARMING TEACHERS AND SCHOOL ADMINISTRATORS

Many people will want to have officials pass legislation so that teachers and school administrators can carry weapons at school.  Bringing more wood to a burning building only makes the fire grow.  While on the surface, armed teacher/administrators may seem like a good idea but when you think it through it’s not.  These active shooter incidents most often start outside the classroom, somewhere on the periphery.  This means, that in order to be effective armed school officials would need to be outside of the classroom to engage and neutralize the threat.  Second, if everyone has a gun then what is the triggering mechanism for suspicious behavior or “See Something, Say Something”.  The tip that came in to the FBI was initiated because the behavior of the shooter was out of the ordinary.  If everyone is walking around with a loaded weapon, then how do we distinguish the good guys from the bad guys?  Besides, when the shooting starts who’s to say it won’t become the “wild west”?  I fear there would be many more casualties.  We’ve become accustomed to armed security officers or policeman because they’re uniformed, which identifies them as a good guy, and because they receive regular firearms safety training.  Yet accidents do happen.  I doubt teachers and administrators would receive the same degree of rigorous and routine situational training.

Curious note here: A Presidential Pool reporter was stopped this morning because he had a gun in his bag and was attempting to travel with the President.  If gun advocates think everyone should be allowed to “conceal carry” a weapon wherever they go, then why not let the reporter carry his legally registered firearm while accompanying the President to his golf game?  Just saying.

CHANGE IN ARCHITECTURAL DESIGN

Additionally, schools are not designed for protection, they’re designed for education.  Now, that said, some newer schools have been designed with security in mind but most of the effort has been on creating a perimeter that is impenetrable.  The reality is, what happens if a person gets past the perimeter[2], then what?  No places to hide that offer ballistic protection.  Especially in the newer facilities with open floor plans that foster the interaction of students.  The idea of stacking desks and chairs behind a door and expecting the dry-wall to offer protection from a high caliber bullet is just insane. 

We need a change in the way we design inhabited space, especially when the occupancy is higher than 20 people or so.  There should always be two possibilities for escape[3]. 

And we should be teaching to run at all costs; hiding and fighting is not an option.  Throw a chair through the window, kick or punch a hole in the wall (after all it’s just dry-wall) and get out no matter what, the only time a person should stay behind is if they don’t have time to escape.  With that in mind, we need to start creating ballistically protected spaces throughout that provide sanctuary and keep people safe when it’s too late for them to run.

There are off-the-shelf ballistic materials available that can be used to create safe-havens, in new construction or existing facilities and can be embedded in white boards, desks and chairs. 

THE COST OF CHANGE

Now, don’t get me wrong, I think space exploration and figuring out a way that’s economical to get to Mars is a great and necessary thing.  I’m using this as only one of many examples that I could use.  I’m just saying, if we can find the money to this, then why can’t we find the money and willpower to protect our schools.

The fiscal conservatives will say that it will drive the budget up.  So!  I can’t think of a better return on investment.

The cost to launch the Falcon Heavy was somewhere close to $90,000,000.  Not to mention the costs of the R&D that came before hand.  There’s not allot of information about how much money is has been allocated to this program so I’m going to make some guesses here.  Let’s say there were 10 launches (ground tests and orbital) at $50M each.  So that’s $500,000,000. 

So, let’s just say, that to make a space that’s approximately 100 square feet, that can accommodate a classroom full of students and teacher, we use the occupied floorspace guidance provided by DHS for saferooms/shelter (spaces where a person can seek shelter for up to two hours) costs, $20,000.  If, you divide half a billion by $20k that’s 25,000 classrooms that could be built or retrofitted.  And let’s say on average a classroom has 20 students then that’s roughly 500,000 students and teachers that would have been afforded protection in the same period.  Using the same formula and using just the latest launch cost of $90M, equates to protecting 90,000 lives. 

This doesn’t look like rocket science to me.

REAL CHANGE

For real change to occur two actions are required;

First, we need to stop thinking about this as a singular issue to resolve.  This is a multi-layered issue and can only be resolved with a multi-dimensional approach.  No topic or option, no matter how painful, needs to be off the table[4].  Folks need to check their emotions at the door and get to work.

And second, and much more importantly, we need to change our way of thinking.  We need to think that although it didn’t happen in my town or to my family it did happen to me personally – these are not someone else’s kids and teachers, they are OUR kids and teachers – they belong to America!

We claim to be the greatest nation in the history of the earth yet we sure aren’t acting like it.

Related article https://view.joomag.com/ast-digital-magazine-august-2017-digital-aug/0415224001503451917?short

---

[1] Security Update Opinion: Little empirical evidence #security measures can really stop school shootings ow.ly/kRah30irCS0

[2] Security guidelines for safer schools can be downloaded from the PASSK12 website http://passk12.org/

[3] “Active Shooter Threat:  Why Run-Hide-Fight is Wrong and Two Ways to Fix It” appeared in the 16 May 17 edition of the New York Real Estate Journal

[4] Toolkits on how to change the safety culture at your school are available here  https://www.safeandsoundschools.org/

THE EVOLUTION OF RISK MANAGEMENT,

WAS DARWIN RIGHT?

In the Theory of Evolution, Darwin suggests that evolution is about survival of the fittest.  Was he right?  While he was talking about the natural world, his theory also applies to the security business.

In order to survive in today’s world businesses must adapt to their environments.  The threats that were around twenty years ago have changed.  They’ve become more sophisticated and must be adapted to.  What worked before won’t necessarily work in today’s world.  Not only have threats scenarios evolved but with the increase in technologies so have a new variety of threats come about. 

It used to be that a person who wanted to commit a breach of security had to be physically present in the space in order to carry out the attack.  That is no longer the case.  Since just about everything that has a moving part to it is somehow connected to the Internet of Things (IoT), a hacker does not have to be present in the physical sense in order to disable a closed circuit television (CCTV) camera, for example.  This means, a new way of thinking about threats, vulnerabilities and risk is necessary.

Threats used to be pretty much two-dimensional.  That no longer is true.  Those involved in the risk management business must think in three-dimensional terms.  In fact, they need to think about security as if it were a cube or box.  It’s six-dimensional and the approach to risk management must be carried-out that way.  This will require, pardon the pun, “outside of the box” thinking.

Additionally, without the “it’s part of the culture” way of doing business threat scenarios will continue to be played out with varying degrees of impact – and, some will be catastrophic.  Since we cannot prevent threats from occurring one hundred percent of the time we have to get the results down to a level that we can accept and handle with available resources.  This requires us to include scenario that are improbable but the results will overwhelm resources.  I call this “impact centric planning”.   I know most of us will not encounter an active shooter situation within our lifetime but active shooter threats must be planned for wherever high concentrations of people gather.  The adage, it won’t happen here cannot be the flavor of the day.  You’re right it probably won’t happen here, BUT if it does?  What will be the impact?

Not only must we deal with threats that are likely but we also must deal with threats that would be catastrophic even though very unlikely.   An excellent example of a highly unlikely event is the Las Vegas shooting incident.  That event was so improbable that if I would have brought it up during a planning session those in the room would have thrown their coffee at me. 

In order to survive, we must ensure we are the fittest.  So, Darwin was absolutely right.

If Data is the New Currency of the Modern World Then Why

Is My Account Overdrawn?

According to a recent report in Security Megatrends: The 2018 Vision for the Security Industry published by the Security Industry Association 99.5 percent of all data collected via electronic devices goes unused.  Let that sink in for a second.  99.5% is wasted.  Less than .5 percent is accessed, analyzed and used in some type of constructive way.  I can’t imagine any other industry or area of life where less than one-half of one percent is good return on investment (ROI).

Here’s some data provided in the article "Accessing and Analyzing Smart and Big Data, Moving into Artificial Intelligence and Augmented Reality", using 60 seconds as the baseline, on just the social media platforms that I use:

·         Google – more than 3.8 million searches

·         Twitter – more than 350,000 tweets

·         Facebook – more than 243,000 photos uploaded and 70,000 hours of video content viewed

·         Linked-In – 120 new accounts created

So, why does this occur.  Well, it has to do with automation and the progressive nature of technology.  We’ve all heard the standard cliché that your phone has more data processing capability than the spaceships that went to the moon.  There have been surprising advancements in just about every sector of society.

I read an article some time back, that said your bank account could be hacked through your toaster.  At the time, I thought it a bit far-fetched,  But now the home improvement stores are selling refrigerators that can order food for you, if programed properly.  While, I think that was a little exaggerated but the point the author was making was, if your toaster has a microchip in it and that sensor report data somewhere, there is the potential that a person with malicious intent could through that sensor get to my bank account.

But is this a good thing?  For the most part yes.  I mean, think about it, only a few decades ago, if you were diagnosed with the big “C”, you started counting your days.  Now, more people survive and overcome the disease than don’t.  But on the other hand, let’s not get too carried away.  Technology is a tool and should be used as such; a tool that allows us to make better decisions about life choices.  Let’s remember that technology is not the solutions but it can be used to find the solution.

One of the areas where there is promise, within the security industry, is the area of “augmented reality” or AR.  We’ve all heard of “virtual reality” where the user is immersed in a fictional environment.  With AR the data augments the natural environment.  A simple example would be the ability to super-imposed a data screen on the visor of a motorcycle policeman that presents him or her with information about traffic up ahead, including accidents or breakdowns.  Or data information relayed to first responders during active shooter events.  This ability will undoubtedly save lives.

Estimates are that the Internet of Things (IoT) will mushroom in the coming years to between 34 Billion and 58 Billion devices connected to the data grid in some way by 2020.   Even if the world population doubles in the next two years (which is highly unlikely) that’s more than two devices per person.  

The hard part, in all of this is, will be figuring out what data to analyze, what to keep for the future and when to give it to someone to use now.    

The Marriage of Cyber and Physical Security is Not a

Match Made in Heaven

Megatrend #2 from Security Megatrends, The 2018 Vision for the Security Industry, produced and published by the Security Industry Association (SIA) is, “Cyber Meets Physical Security, Threats Magnify with Digital Innovation[1]”  hits the proverbial nail on the head.   With the connectivity of electronic devices to the internet, more and more of the different technologies we use in our daily lives are susceptible to compromise.  I read an article about a year back that talked about how in theory your new toaster could get hacked by someone with nefarious intentions and through that connectivity could steal your personal identifying information (PII).  While I believe that scenario to be a little far-fetched, I do believe the point was made.  The point being, that my smart phone, smart TV and even my smart refrigerator, especially if I had it set up to automatically order milk or bread for me directly with the store, is highly susceptible since I would most certainly have payment information in my stored profile.

The connectivity to the IoT is inherently vulnerable.  Since there’s an electronic connection, eventually given enough time, a “bad guy” will figure out a way to breach whatever security systems are in place.  Just ask Equifax, Sony Pictures, Target, etc.

The only absolute way to keep a breach from happening is not to connect to the IoT.  Unfortunately in today’s world that is just not possible.  We cannot function without being connected.  Now even my wife’s Jeep’s telling her she need servicing, before it was, “Hey, Honey, there’s a red light on on  the dashboard.  What’s that mean? “  Now, she gets a message on her phone that tells her  the tire pressure’s too low.

This convergence of cyber and physical means that physical security must be much tighter than it’s been in the past.  We can’t rely on the good guys to build a strong enough firewall, while vitally important, equally important is the physical security piece.  We need to teach our folks and ourselves how to spot vulnerabilities and how to protect those vulnerabilities from being exploited in a language they can understand.  I know a software engineer and whenever I talk with him, I have no idea what he’s talking about.   Listen if it’s a burden – I can’t understand it – I won’t do or use it. 

The vetting process, to ensure the right folks are working on our systems has to be comprehensive and continual.  Just because a person gets the job, it doesn’t mean the vetting process stops.  The vetting process must be continuing.  Physical security measures must also make sure that only people that have been cleared can physically access systems that they’ve been cleared for and not have a general run of the place.   I believe the DIY days are over.  Sure, there are some things any person should be able to do, like follow the tutorial on setting up a TV but other things that are in the Settings should probably be left up to an expert to change.  There is a tremendous assumption that just because I can read I can also understand the code being spoken.

Cyber security focuses on cyber-threats and the ability to detect and mitigate ransom ware attacks, especially as they’ve become a popular mechanism to extort businesses, will become more and more important.  I’m beginning to understand less and less about computers, how they work and what they can do to make my life simpler, because I have to do more and more of what use to be done by that weird guy down the hall.

I’m not sure I’m ready to have a micro-chip make all of the decisions of my daily life for me.  I have a feeling, it’s going to be a “rocky” marriage because I can't divorce her.

Next month:  If Data is the New Currency of the Modern World Then Why Is My Account Overdrawn?

---

[1] Security Megatrends 2018 edition is available here https://www.securityindustry.org/report/security-megatrends-2018-vision-security-industry/