Sunday, December 15, 2019

What Message Does Your Security Send – Fear or Trust?

In order to have proper physical security, mitigation strategist and those responsible must understand the types of aggressor groups, what motivates them and the tools they need in order to be successful.

Aggressors fall into four main categories: criminals (sophisticated/unsophisticated, organized/unorganized), protesters (organized/unorganized), terrorist (domestic/transnational/State sponsored) and subversives (intelligence agents [State/non-State sponsored]).

And, there are four main aggressor objectives; to inflict injury or death on people, to destroy or damage equipment, facilities or other resources, to steal equipment, material or information, and to create adverse publicity.

Tools on the other hand, don’t fall into any category and are virtually unlimited.

Unfortunately, the security industry has been approaching school security from the wrong angle.  We keep thinking, if one is good two must be better and we can harden our way to a perfect world.  We can’t.  School shootings and worse will continue, I’m sad to say, until we start eliminating the causes that promote this behavior. 

School systems have developed a variety of multi-disciplinary programs that address prevention and response to mental health issues if a student manifests behavior that might precipitate violence on a grand scale; i.e., bullying, addiction and interpersonal violence.  But this is still not enough.

Some security companies offer “social media behavioral monitoring” and are analyzing a person’s social media presence in “real time” and reporting actionable intelligence of patterns or suspicious behaviors to authorities, but this alone isn’t enough.  Using artificial intelligence, and deep learning are great but they’re just another tool.   And, just because a person manifests some type of anxiety or disruptive behavior it doesn’t necessarily mean they’ll act out and it doesn’t mean that that person will become a school shooter.

I believe we need to get to the cause of the angst.  Why does a “perfectly normal kid” decide to go to a school and shoot it up?  Does the “prison look” of many schools contribute to this phenomenon?  Is it possible, that the chain-linked fence surrounding the school yard, the metal detector that everyone passes through and the roaming armed guard all contribute in some way?  Now, just because that has become the “new normal” it doesn’t mean every kid will grow up and commit a criminal act, but there is no doubt that they will carry this angst with them into adulthood.

You don’t have to look very far to see examples of the “big dog” in your face approach and the subliminal message of something bad is expected to happen.  

We can address behavior in the built environment in a non-traditional way as a substitute to the confrontational in your face kind of way.  The approach must be more subtle, in fact, the more transparent it is the more effective it will be.  

Normally, to deter crime, we put up signs that say, “Cameras in Use” and some folks get creative saying, “Smile you’re on camera”.  For access control, we usually mark our territory by placing a chain-linked fence or some other type of “barrier” on our boundary-line.  It has a limited effect because a dedicated threat will bring the tools needed to circumvent it.  Build a big fence; they’ll bring a bigger ladder.  Make it even higher and they’ll bring an even bigger ladder or tunnel under it.  Sure, there is somewhat of a deterrent, but the reality is, a dedicated “bad actor” will bring the tools needed in order to be successful.   

In the early “90’s, Crime Prevention through Environmental Design was introduced to connect these two worlds – unwanted behavior and a physical deterrent.  Research shows that the concepts of natural surveillance, natural access control, territorial reinforcement and maintenance contribute to the deterrence and reduction of criminal activity.  CPTED is not the sole reason, but it helps.

The basic concept of CPTED is if we can design the space so that it is almost always under observation “bad actors” won’t act bad.  I believe it needs to go further than that.  Not only do we need to design the space using these concepts, but we also must design the space so that “bad acting” can’t occur.  Additionally, in the off chance it does the built environment should help to reduce its effects and not contribute to its severity.  

A couple of years ago researchers in the European Union conducted a survey.  They asked elementary school kids who had emigrated from a country where there was war to draw what they considered safety or security to be.  The kids drew pictures of fencing with razor-wire and “gunships” overhead.  Then the researchers asked the same question to kids from Europe who had not be exposed to hostile environments and those kids drew houses with trees, stick families, a dog and sunshine.  Shouldn’t we be striving for the “sunshine” scenario?

The harder we make it for the “bad guy” to do things the more of a deterrent there is.  There is some truth to that but on the other hand, if security is a tax your people won’t pay it and they will figure out a way to circumvent it.  This in turn defeats its purpose.

Getting away from hardening schools after every incident by using “big dog” philosophies will take time, nonetheless, we can begin immediately.  I submit that beginning this school year, administrators should use the checklist provided by the Partner Alliance for School Safety (PASSK-12) to conduct a physical security risk assessment of their campus and whenever possible replace traditional mitigation solutions they would normally opt for with a hardscaping, landscaping or art strategy.  Creativity and student, staff and community involvement are essential.

Success in security is sloppy.  It’s entangled.  It’s very hard to distinguish where detection, assessment, policy and procedures, response and engagement begin and end.  Addressing behavior must be coupled with addressing the physical environment.  They require a different amount of time, effort and commitment to produce positive results but nonetheless are equally important.  In order for students, and later as adults, to thrive we must create environments, internal and external, that address the need for “well-being” in both the social and physical ecosystems, and if we can do that in a more aesthetically pleasing way, then why not?

More about a softer approach to security:

My Book The Solutions Matrix: A Practical Approach to Security Engineering for Architects, Engineers, Facility Managers, Planners and Security Professionals is on sale at  

Haines Security Solutions is a contributor to the Security Industry Association’s education platform, “Center of Excellence” at

Sunday, November 17, 2019

Known knowns and unknown unknowns

"There are known knowns" is a phrase from a response United States Secretary of Defense Donald Rumsfeld gave to a question at a U.S. Department of Defense (DoD) news briefing on February 12, 2002 about the lack of evidence linking the government of Iraq with the supply of weapons of mass destruction to terrorist groups[1]

This quote tells us something about risk management.  Basically there are threats we know about and there are threats we don’t know about and there are threats that we don’t know we don’t know about.

From a risk management standpoint, that’s pretty disconcerting. 

In order to understand the unknowns you have to look at things from the “bad guys” perspective.  In other words, see what the "bad guy" sees.  And to do that you must understand that there are four aggressor types of criminal/man-made threat groups; criminal (sophisticated/unsophisticated, organized/unorganized), protestors (organized/unorganized), terrorist (domestic/transnational/state-sponsored), subversives (saboteurs/intelligence agents [state/non-state sponsored]).  In an effort to design better mitigation strategies planners must understand the “bad guys” motives or the reason(s) behind why they do what they do.  There are also four primary aggressor objectives; inflict injury or death to people, destroy or damage facilities, property, equipment or resources, steal equipment, material or information and create adverse publicity.

So how can I plan to reduce their effects let alone mitigate them?  The answer is really easier than you think.   Traditionally in risk management, we look at things from a probability standpoint.  We ask the question. “Will it happen here, and if so, what will the impact be”?  I believe, likelihood has little influence on risk.  I believe likelihood comes into play when talking about funding.  Our risk management methodologies assume the threat will be successful 100 percent of the time.  We calculate likelihood when it comes to cost benefit.

Our Asset Based Risk Analysis (ABRA) and Critical Asset and Infrastructure Risk Analysis (CAIRA) methodologies combine the aggressors motives and objectives with what the asset owner sees; thereby, giving a complete picture of risk.  

More about ABRA (Platinum GOVIES Award 2017 for Best Government Security Risk Methodology)

More about CAIRA (Platinum 2018 ASTOR Award for Best Risk Analysis Methodology in Homeland Security)

More about risk management and developing mitigation strategies can be found in my new book, The solutions Matrix: A Practical Guide to Soft Security Engineering for Architects, Engineers, Facility Managers, Planners and Security ProfessionalsOrder here

[1] Full quote: Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones.

Sunday, October 20, 2019

Go Where there is No Path. But, I Can't, I'm Afraid of Snakes

A few months ago, my wife and I were shopping and came across this saying on a night shirt, “Go where there is no path”.  When I showed it to her, her reaction caught me a little off guard.  She said, “I can’t I’m afraid of snakes”. And, of course, being the person I am, I immediately translated that into a language I can understand – security-ish.  My first thought was, that explains why people don’t conduct risk analysis or even more importantly why they don’t even start the process.  They don’t tread into uncharted territory because there are snakes hiding in all that tall grass, so they stay where they’re comfortable – on the path.  Doing what is comfortable causes two problems.  

First, as Defense Secretary Don Rumsfeld, said, “We don’t know what we don’t know”, which translates into, we’re only protecting ourselves against what we can see, expect and believe is likely to occur.  Since, we don’t know what we don’t know, we’re not planning on dealing with its affects either.  This can be extremely more sinister because a lack of action could result in someone getting seriously injured or worse.  

Fortunately, there are methodologies out there that can get rid of the snakes.  I’m consulting on security matters with a local school district.  During our initial meeting, the District Superintendent, said, “Okay, where do we start? With an assessment to see where we are?”  Absolutely! 

Risk management is about managing risks.  In order to do that, you have to accept five factors:
1) You can’t prevent or deter everything
2) Protection from one threat may allow for some protection against another unrelated threat
3) Protection options must be in place before the event occurs
4) Risk Management must address the following pillars; detection, assessment, plans and procedures, response and engagement
5) Risk management and the assessment process is continual and is just part of what we do.

For ways to tame the snakes, read related articles here:

Sunday, September 15, 2019

How Preventing the Wrong Threat Will Cost You

My nephew used to work for an IT company.  Upon returning to work after Christmas holiday, they noticed that the rear windows of the building had been broken and all of the computer equipment had been stolen.  The owner of the company did what anyone would do.  He called a security consultant. 

The consultant recommended fixing the windows, adding motion sensors in the hallway and an access management system at the main entrance.  

When the company employees returned after the Easter weekend, they noticed the rear windows had been broken out – again, and all of the computer equipment had been stolen – again. 

Why did this occur?  The security company had misanalysed the Design Basis Threat or DBT.  

Everything of value has a threat that goes with it.  If it has value then someone wants it - either the owner or someone else.  It is also possible that a treat can be naturally occurring, like a earthquake or tornado. Usually, protection from these types of threats are governed by ordinances or laws; i.e., earthquake or tornado protection in construction standards.  For man-made threats, on the other hand, there really isn't any legislation that governs prevention or protection, so it's up to us to focus on man-made threats.  There are four general categories of aggressor types; 1) criminals (sophisticated/unsophisticated and organized/unorganized), 2) protestors (both organized/unorganized), 3) terrorist (domestic/trans-national/state-sponsored, and 4) subversives (saboteurs/foreign intelligence agents).  Each type of threat has an Modus Operandi or tactic and tool it uses to execute its objective.  If you make a list of what those may be you can actually design the space so that it provides protection to the things of value inside.  It is also important to understand the objective of man-made threats, too.  They fall into one or more of these categories; 1) inflict injury or death to people,2) destroy or damage property, equipment or resources, 3) steal equipment, material or information, or create adverse publicity. Understanding the motives, the tactics and tools they use will go a long way in prevention and protection.

The solution the security company had provided failed because, they didn't address the correct DBT; which was, breaking and entering and not unauthorized access.  Although, entering through the window is a form of unauthorized entry.  They had recommended the solutions they normally would suggest to deter or reduce the effects of theft, and focused on electronics, but they hadn’t addressed the DBT of the windows being breakable in the first place and didn’t add non-electronic solutions to the mix.  Had the windows been replaced with laminated glass they would not have been able to be broken and then the other countermeasures would have been effective.  Another solution would have been to prevent access to the parking lot behind the building.  I don't prefer this method because it would be more aggressive and unsightly to use a gate or fence with gate.  Just replacing the windows would not have changed the aesthetics of the space, so that is my preferred solution.

More about non-aggressive/aesthetically pleasing security measures can be found here:

Sunday, August 18, 2019

The Need to Push Down Silos

A few years ago, a friend of mine, trying to generate additional students for the classes I teach, asked his cousin who works for a very large architecture and engineering firm in the new World Trade Center in New York City, if they would be interested in attending training on integrating security technologies into building design.  His cousin answered something to the effect, “No, we leave that up to the client after we turn the building over to them”.  While his cousin’s answer is not surprising it is disappointing and confusing to me. 

Not surprising because I’ve heard that so many times before.  In essence, everyone stays in their silo and the connection between the disciplines usually only involves answering questions about the project and clarifying requirements; architects architect – engineers engineer – and security securities, if you will.

It’s confusing on two levels.  First, at the beginning of every project the architect gets the client’s desires list; i.e., the building should be blah, blah, blah. Right from the start the architects develop a mental picture of what the building should look like.  Next he or she begins to include all of the regulatory requirements or “best practices” for design.  Best practices are nothing more than this is how it’s normally done.  In New York City, for multi-story buildings in Manhattan the façade default material is glass in the Mid-West it is reinforced concrete or masonry units.  Meeting regulatory requirements deal with disability act, fire and safety codes, such as, hallway width, stairs, doors and windows, and elevator placement, etc. and depending on the region some weather related events.  And second, very seldom are man-made threats considered.  This contributes to the fact that man-made threats continue to occur despite large amounts of money being spent on security measures. I guess the argument could be made, that “well, we’re not required to consider them like we are for natural threats so we don’t need to; besides it will drive up costs”.  On the surface this makes sense but if you dig just under the surface your next thought should be, why don’t “best practices” apply?

The Department of Defense, and some other federal government agencies to a limited degree, requires that integration mitigation strategies be included in their building design review process regardless of where or what type of threat is involved.  In fact, it’s mandated that all threats, including man-made threats be addressed by a group of stakeholders at the onset of any new building construction project and for renovation projects that meet certain thresholds or “triggers”.   The stakeholder group determines the “design basis threat” to the building and its occupants and the level of protection required based on the number of people occupying the space.   These two factors ensure that the appropriate amount of money is spent on protection options and in the unlikely event a catastrophe does occur; injury and death will be kept to a minimum.

By bringing all stakeholders together from a variety of disciplines, everyone 1) has a chance to air their requirements and needs, 2) buys-in to the group’s decision on which threats will be addressed and support the “DBT” and the level of protection required, and costs are kept down.  Adding electronics in the form of surveillance or other technologies lies with the owner after the project is completed.  So in the short term, the cost of this equipment and its installation is currently absorbed by the owner/client and is not part of the building costs.  This “trick” helps keep the building design costs down but doesn’t adequately protect people or the facilities they use.  But more importantly, the real costs to the client come after the installation from the long term requirement for equipment maintenance and manpower. 

Since buildings are currently designed with everyone, remaining in their silos, with  limited exception, the process is treated as if it were a vertical process, when in reality it’s a horizontal one.  The “silo effect” and the isolation it causes make security an “add-on” and limits its efficiency and effectiveness.  

Sunday, July 21, 2019

Planning Now for the Terrorist Attack that Won’t Come or Will it?

While radical Islamic-extremist inspire large scale attacks have not occurred in the United States in some time, low scale attacks are more common place than you’d think and not necessarily exclusive to radical-Islamist.  “Bad actor” attacks using terrorist tactics occur all the time.  To prevent, deter and reduce the effects of a terrorist style attack, business owners, facility managers or anyone else charged with the security of those they service must determine if they are an attractive target to, not only terrorist attack, but also criminal activity.

In that regard, two questions come up, 1) “Do I deal with the public?” and 2) “Does the public (or a “bad actor”) have access to my facility?”  If the answer to both questions is “Yes”, then you are at risk.  Even if you answer “No” to the second question, you must remember that a dedicated threat will not be deterred and will bring the tools necessary to carry out the attack.  Answering these questions will be an indicator of threat likelihood.  Additionally, if you ask, “What is the public’s opinion of that service/product?”   The operative word here being “the public’s opinion” and not what you think, you will get an even better understand of your risk.  If there is the slightest likelihood that you could be attacked by a criminal or a terrorist, then you should reconsider if  the procedures you follow and the physical security countermeasures you already have in place are adequate.

Usually, criminal activity doesn’t result in injury to people or death.  Terrorist activity, regardless of motivation intends to inflict violence on another person in order to hurt them.  That said, most criminal acts involve the theft of or damage to property.  Consideration must be given to common criminal activities, such as; theft, burglary, damage to property, assault and work place violence, just to name a few.  Criminal activity using terrorist tactics on the other hand are directed toward people and try to cause as much injury or death as possible.  Common tactics still include; improvised explosive devices (Yes Virginia, sick people are still building bombs), using a vehicle or automatic weapon to inflict injury or death.  While school and workplace shootings have become the norm they are not necessarily terrorist attacks, although the results may be the same – they produce mass casualties. 

Mitigation strategies for any type of criminal activity, including terrorism, must be in place before the event occurs.  So, we want to deter the activity from occurring in the first place and then delay it so that it can be noticed and responded to by trained forces.  And finally, in the unlikely event it does occur we want to reduce it effects as much as possible.

In the case of IEDs, we want to move vehicle parking away for places where large numbers of people gather and prevent the placement of unidentified objects near buildings. 

To thwart the hostile vehicle threat, we need to place rated barriers between vehicle traffic and people, especially where large numbers of people gather; i.e., street fairs, sidewalks or pedestrian zones.

Since police departments and some security companies are teaching people to “Run-Hide-Fight, which actually means hide, we need to create spaces that actually offer protection.  Two protective options are, 1) retrofitting walls with rated ballistic materials; so that when people do hide they are actually protected and 2) limit movement of the person with the gun. 

Note, there will always be some level of risk no matter how much you plan and implement countermeasures.  The goal is to reduce the risk to a level you can accept and to continually analyze and make changes when warranted.  When you hear or see something in the news, you should ask yourself, “Can that happen here?”  If the answer is “Yes”, then you should take actions to change that to a “No”.

Chances are you are not going to become a victim of a terrorist attack; however, there is a greater likelihood that you will become a victim of a criminal act that resembles a terrorist act.  

Sunday, June 16, 2019

Case Study: Unimpeded Access Allows Illegal Dumping

The issue was that people were driving up to the banks of a stream and dumping trash; i.e., tires, mattresses, rubbish, etc.  The city called a security consultant.  And as expected, he recommended adding a camera to the site so that “things” could be monitored.  The camera fed back to the superintendent’s desk.  Of course, when the supervisor wasn’t there (weekends, evening/late at night, attending meetings, lunch, naps, etc.), all the time when someone would dump trash the dumping occurred and continued.  The superintendent was scratching his head on what to do.  After all, he just spent several thousands of dollars on the latest technologies and they didn’t seem to work.
Our solution was not electronic.  Instead, we suggested that they build a raised berm/curb using natural landscaping (trees/boulders/bushes, even park benches) so that the vehicle couldn’t drive up to the water’s edge in the first place.  We suggested specific landscaping strategies due to low cost and ability to prevent vehicles from reaching the stream.   We imagined that since the culprits couldn’t physically access the stream embankment without using a vehicle they would be  less likely to want to carry heavy objects from the roadway, across a bicycle/walking path and then into the wood clearing to reach the stream.  Our second reason was to ensure the aesthetics of the area were kept intact.  Sure, we could have suggested a fence along the embankment to deny access and achieve the same effect, but who wants to walk along a fence with barbed wire when they’re taking the dog out or jogging or cycling.
Related articles: 

Sunday, May 19, 2019

Getting Everyone to Speak a Common Language

A couple weeks ago, I was teaching a class about using building design to deter criminal activity, including terrorist attack, and when it fails reduce its effects and prevent mass casualties.  After the obligatory introductions, I said something to the effect, that building design is a matter of reducing risk whenever and wherever possible.  But in order to do that you have to the know your “DBT”.

Based on the blank stares, I got back, I knew something was wrong.  So, I said it again.  Still the deer in the headlights looks.  So, I said, “Everyone knows what DBT stands for, right”?  Still nothing.  Not one person raised their hand.  I was taken aback.  After all the class was made up of seasoned architects, engineers, planners and security folks.  I would have thought, at least, one or two would have known what I was talking about.

So, we spent the new few minutes talking about Design Basis Threat or DBT, if you will.  DBT is identifying your threats, their tactics, the tools they may use and then designing your building to deter or prevent them from happening, in the first place, and understanding that if they do happen you can reduce their effects if you’ve included reduction strategies into the design.

The very first thing to do is to assemble “the planning team”.  The idea that “it takes a village” needs to be used here.  The team should include architects, engineers, facility manager, security, end users and others.  It’s important to bring these folks together, so that they can discuss the parameters of what they are trying to accomplish and “buy in” to the project.  If done correctly at the beginning of a project, security costs can be kept to a minimum, usually somewhere around five percent of the total project costs.  If security comes in at the end of the project this cost may skyrocket to thirty-forty percent, because of the long term cost of equipment maintenance and especially, personnel costs.

Once the team is assembled, the first step is to identify the threat or threats.  Threats can be divided into two categories; natural and man-made.  Fortunately, laws and ordinances exist that address natural threats in building design; i.e., earthquake, flooding, fire, tornado, etc.  Man-made threats on the other hand – not so much.  Although, that is changing slowly.  Last year, federal legislation was signed into law that addresses the use of hostile vehicles as a method of attack in public spaces.  We’re still waiting for the DHS report the law requires and its subsequent findings and recommendations.  I’m particularly concerned that our government hasn’t the courage to attack hostile shooter legislation, when it is so needed.  But that’s another Blog topic for another time.

The second step is to identify the motives of the man-made threat,; i.e., causing injury or death, theft or unlawful removal of property or equipment, damage to property or facilities and causing adverse publicity.  Then we need to figure out what type of groups commit these acts; criminals (sophisticated/non-sophisticated, organized/unorganized), protesters (organized/non-organized), terrorist (domestic/trans-national/state-sponsored) and subversives.  

Then we look at the tactics they use; stationary or moving vehicle, different types of weapon usage, forced entry, etc.  Each tactic uses a different set of tools. That said, each type of tool use has a countermeasure available to reduce its effectiveness.

If we understand their motives, tactics and tools, we can design countermeasures into inhabited space that reduces the possibility that they will occur and when that falls short reduces their effects. 

My book, The Solutions Matrix: A Practical Guide to Soft Security Engineering for Architects, Engineer, Planners and Security Professionals, will be available in September.  It will outline the processes used to determine DBT, have a quick reference chart that outlines how to counter each type of man-made threat and provide examples of practical real-world solutions.  

Sunday, April 21, 2019

Street Market, Outdoor Café, and Pedestrian Zone Security is Lacking

Street Markets

I’m probably stating the obvious here.  But most street markets are temporary in nature (farmer’s, or harvest markets) and only occur on a certain day or two of the week or for a short period (Christmas Markets).  Local police department’s put up metal stanchions and post a traffic cop more for crowd and traffic control, than anything else.  They are not a deterrent to a dedicated threat using a vehicle as a weapon or an errant driver.  Now before you go and tell the mayor or the police commissioner his cops are ineffective let me explain.

It’s a matter of physics and not “goodwill or attentiveness” on the part of the policeman.  A vehicle traveling at just 10 mph covers a distance of approximately 73 to 102 feet in the 5-7 seconds it takes a trained officer to view, identify and react to an errant vehicle – intentional or otherwise.   Unless the speed of the vehicle is severely reduced to below that speed the vehicle will travel significantly further before it is recognized as a potential threat.  Cops are doing a great job everyday but they can’t beat physics – no matter their super hero powers, unfortunately.

Shameless plug here:  My friends at Marshalls Landscaping Protection USA have developed a super-shallow mount bollard that can be easily installed/removed because of the depth of the footing (3.9 inches or about the width of two girl scout cookies laid end-to-end).

Outdoor Cafes

And then there are outdoor cafes.  By nature they are more permanent.  I have to admit, I enjoy sitting in the piazza sipping an espresso just like any other caffeine addicted tourist.  Whole sections of city centers have rows of restaurants and outdoor cafes where you can sit and “take in life” as it passes by.  In response to the current “ramming vehicle threat” some cities are now placing very ugly “jersey” barriers[1] made from reinforced concrete) around these areas. 

A solid planter filled with dirt weighs several thousands of pounds and is an effective barrier, especially if struck by a vehicle at a high rate of speed.  A large vehicle could nudge it out of the way if it is not somehow anchored, but hopefully someone would notice that and sound the alarm.  Fortunately there is “street furniture” in the form of benches, planters, way signs, lighted bollards that are shallow mounted. These devices are permanently affixed, so they can’t be nudged, and can absorb the kinetic energy of a moving vehicle threat as described above.

What about large pedestrian zones?

My concern comes from the idea that besides establishing a perimeter and depending on which city you are in will determine how porous that perimeter is, is there really a separation of the different types of traffic that frequent the space; i.e., delivery vehicles, bicycle, pedestrians.  Each category of traffic poses a threat to the others.  Of course, a vehicle crashing into someone is much more likely to cause injury to.

Many cities are creating large “pedestrians zones” in city centers that cover many city blocks.  This is great but traffic is still mixed within these spaces in some places.  Unless the entire zone is vehicle traffic free, a pedestrian or cyclist must cross the street at some point.  These crosswalks are particularly vulnerable and offer great target selection. 

We need to further separate the traffic within these zones, so that only the traffic we want within a particular zone is allowed[2]; vehicles with vehicle with vehicles, cyclist with cyclist and pedestrian within their assigned zone.  We can design the space so that only the type of travel that we want will be in its particular zone because the unwanted traffic types can’t enter.   To separate vehicles from the rest, we could easily designed higher-than-normal-curbs and reduce speeds by creating a serpentine effect.  We could use the same idea for cyclist either permanently designed as part of the bicycle path or by using planters with trees.  And for the pedestrian only zone, we can design the space so that bicycles and vehicles cannot enter while pedestrians are present.   Again, we can borrow our idea from the outdoor café and place street furniture throughout.  Thereby, allowing pedestrians to duck for cover if something goes wrong.

[1] Security Industry Association Technology Insight 2018 Spring edition,

Sunday, March 17, 2019


Despite the advances in electronic security technologies one fact remains, we (“the good guys”)still need to occupy the ground.

As many of you know, I’m a former Air Force Security Policeman – a blue grunt, if you will.  So consequently am a little partial to “zoomies” when it comes to the defense of the country.  Our strike capabilities are so sophisticated that we really don’t need the other services (now, don’t get your knickers in a twist and let me explain).  We could just bomb the hell out of the bad guys until they surrender.  But bombing the hell out of them doesn’t do anything for us, because in the end we still have to occupy the ground.  And that’s why the Air Force is just not enough.

The same holds true in the security business.  Everyone is moving towards electronic technologies and the advances in predictive behavioral analyses and other artificial intelligence (AI) technologies is “mind blowing”.  
In the ‘80’s we posted guards, in the ‘90’s we put cameras because guards became expensive and since that time we’ve been using analytics to understand better what we are observing.  With the technologies that are currently “off the shelf” we can do allot more than we used to be able to do.  We can have one guard monitor several cameras and with analytics s/he uses can monitor even more as the software interprets what it’s seeing and notifies those responsible when something is amiss.

This is all well and good, but electronics can’t do it alone.  We still need to “occupy ground”.  By that I mean we need to design the built environment so that it complements the technology we use.   The use of non-electronic technologies will become even more important in the future, and especially in the urban environment.

The city of New York employs thousands of cameras around the city but they also deploy thousands of beat officers.  Both rely on each other to enhance the other‘s effectiveness.  If a patrolman sees something, she/he can have a colleague at the central station bring the field of view into focus and zoom in.  And by looking at adjourning screens or from different angles maybe get a clearer picture of what is happening.  Likewise, if the monitor sees something suspicious, he/she can dispatch a patrol to investigate further and cover those areas that the camera can’t see.

So with the utmost respect, we still need the grunts.

Sunday, February 17, 2019

What the LA Ram Superbowl Game Plan Teaches Us about Home Security

What the LA Rams Superbowl Game Plan 
Teaches Us about Home Security

First, I have to admit I had hoped the Rams would win the Superbowl.  It would have made my blog sound allot better.  I could have boosted about how Sean’s crew had analyzed their adversaries and implemented the perfect countermeasures and protected the home front (after all they were the home team).

Then secondly, I admit I’m not a football buff and understand everything about the do’s and don’ts of the game.   But I can with confidence make some comparisons and analogies that I believe most of us can understand.

So, anyway, congratulations to the New England Patriots on their win.

The more I think about it the more I realized that the Rams loss actually teaches us more about sizing up the threats than I first thought.  It teaches us, that not only do we have to look at the attacking forces from our perspective but we also must consider how they see themselves and will adjust.

In security design, we call this the design basis threat or DBT.  In other words, what you’re trying to protect your asset (thing of value) from – whether it’s a natural threat; such as, wind, fire,  rain or a man-made threat; like, graffiti, burglary or theft of property.

The Rams coaching staff had to analyze what the Patriots were capable of (their modus operandi [MO] and then figure out how thwart it.  They also needed to formulate a plan that covered the entire field.  In essence, defense in depth – the front line, the linebackers, the safeties.  We’ve all heard, “The best defense is offense”.  How true.  Ask the Patriots.

Unless, you have a comprehensive plan for the protection of your home, the attacker, be it a burglar, tagger, etc. will circumvent your security by finding the weak spot and exploiting it.  Remember, just having a security camera or system is not enough.  You have to have security built in to every facet of your daily routine. 

For home security that starts with your on-line social media presence.  Don’t give too much information away.  I laugh when I think that someone couldn’t believe she was robbed while in Paris.  Like duh, if you brag about how expensive the stuff is that you have there’s a very strong likelihood that someone also sees the value and will try to take it from you.  There was a case this week in Los Angeles were a rapper was flashing a big wad of cash and posted it on social media.  Well, guess what, he got robbed. 

Next, are you doing other things that tip off those with bad intention?  Do you put boxes out on the curb the night before the trash truck comes by?  Do you put papers in the trash that someone could take out under the cover of darkness and open-up credit card accounts in your name?  When you got that big screen to watch the Superbowl on, did you mount it on the wall so that someone walking on the sidewalk in front of your house could see it through the window?

Your plan has to be comprehensive.  It covers not only what you do but also where you do it.  Start from the roadway and work your way inward, assessing what the bad guy is able to see.  Make sure all lights work and all gates, windows and doors lock.  We lock our car even when it’s parked in the garage and the door from the garage into the house.  These little things delay the perpetrators actions and may possibly give us enough time to call 911.

I few years ago, I posted that the best home security system is actually a plate of cookies.  I still believe that, if you take some freshly baked chocolate chip cookies to the neighbors.  They’ll thank you for them and inadvertently watch out for your stuff because now they think they owe you.  

Maybe if the Rams would have taken some cookies to the Patriot’s locker room before the game things would have turned out differently.

Sunday, January 20, 2019

The Truth About Walls (Fencing)

A few years ago, I was asked by the editors of Security Middle East magazine[1] to write an article about perimeter security.  During the conversations with the editor that lead to the eventual article, she asked me to summarize what the article would be about.  I told her that in order to understand perimeter security you first needed to accept the fact that if you have a ten-foot fence the bad guy will bring an eleven-foot ladder. 

The idea that you can build a fence or wall and keep the bad guys out faded out sometime after the medieval ages when new technologies and new ways of conducting warfare came about.  Well, the same holds true today.

If you look up on Google the difference between a wall and a fence you’ll get the following explanation: “A fence is usually a wooden or metal structure that encloses a yard, pasture or other area…The difference between a fence and a wall is that you can almost always see through a fence, at least to some degree, while a wall is solid”.

If you look up fence purposes, you’ll get the following explanation; “A fence is a structure that encloses an area, typically outdoors, and is usually constructed from posts that are connected by boards, wire, rails or netting.  Alternatives to fencing include a ditch (sometimes filled with water, forming a moat)”.

Both definitions suggest that a boundary is formed between property that is not controlled and property that is controlled. 

Whether using a wall or fence, the purpose is to delineate a boundary; usually at a property boundary.  This is the true meaning of fencing or "walling", if you will.  To delineate property boundaries, in other words, you’re over there and I don’t care what you do but it you come over here you need to go down to the access point so I can check you out.  With that in mind, you could paint a line on the ground and put up a sign that says, “stay out or go over there for access”.  Both would achieve the same effect as a wall of fence.  So, why not just paint a line.  Because the value in constructing a fence or wall, is 1) to identify the boundaries of the controlled space, 2) to cause a delay in unauthorized access, and 3) to identify unwanted behavior.  An authorized person will not climb over a fence or wall, tunnel under it or cut through it.  An unauthorized person will, especially if they have nefarious intentions.  So, with that in mind, the fence serves an early warning system.  It tells us when someone breaches it that they have  “bad intentions”.  If they didn’t, they would not breach the fence/wall and would proceed to an access control point to display the proper credentials to gain entry.  Hopefully, the fence will be constructed in such a way as to delay their unauthorized access.  Sadly, even without tools a eight foot chain link fence with three strand barbed wire outrigger can be scaled or climbed over in about four seconds.  With tools, like a ladder or a truck to stand on it takes even less time.

Which brings us to the next truth, unless there is a guard or technology monitoring the fence-line in real time, we have no way of knowing if the boundary has been breached.  We must monitor for unauthorized access, respond to it, and engage the aggressor in real time.  The operative word here is “real time”.  If we don’t what’s the use?

Another thing to remember, no matter how solid, sturdy, high or how many bells and whistles are added, there will always be a way to circumvent whatever is put in place.  The key is, making sure there is enough time to delay the “bad guy or gal” so that his or her behavior can be identified and the “good guys/gals” have time to respond and engage.

[1] Security Middle East magazine article More Power to the Perimeter link