The New Centurions

New Concepts for Policing

 

When I first started to outline this article, I was thinking about big bold steps to be taken in order to re-direct police services.  I got the idea from a tweet by Sen Harris, in which she said, “We need to demilitarize the police”.  Well, I couldn’t disagree more.  The reason police departments have military equipment is so that they can deal with the most serious violent crimes and criminals.  Police departments need armored vehicles and high caliber weapons, so that they can deal with gangs and organized criminal enterprises which are using those tactics, but they don’t need to bring them every time they engage the public (we’ll talk about that as a separate issue next time).  Those enterprises have no regard for human life, if they did they wouldn’t be kidnapping kids or young adults and forcing them into slavery, they wouldn’t be selling drugs to the most vulnerable within our society, just so they can make money.  So, to fight in this war the police have to have military style weaponry and they should be using them with efficiency and effectiveness.  You wouldn’t throw rocks at someone with a bazooka, so why would we expect the police to fight without the right tools.

But for the purpose of this article I’ll leave the strategic planning up to those responsible for administration of police departments whether at the local, State or federal level. 

Great interview about the changes needed in policing here:

https://twitter.com/FareedZakaria/status/1272231871896850434

Instead I want to concentrate on a more tactical or operational approach with simple solutions that will most probably be unpopular, especially with the rank and file, but I believe will go a long way in changing the culture within departments, assist in avoiding corruption or unwanted police behaviors and change the way the public views and interacts with the police.  The good news is, these ideas for change don’t need the rule of law.  They just need to be implemented as a new way of thinking and conducting business.  This will take real leadership; change is driven from the top.  While the need for change may be driven from the masses, change actually comes about because those in-charge decide to make the changes being requested. 

In ancient Rome, the Centurions were the professional officers of the Roman Army.  They commanded the troops, which sometimes meant that from time to time they enforced Roman law outside of the military legions they commanded.  Unfortunately in those times they also administered punishment by cutting or burning people’s hand off for stealing or other petty crimes or used a vine staff, with which they disciplined even Roman citizens who were protected from other forms of beatings by the Porcian and Valerian Laws (what punishments Roman citizen could be subjected to; they were not allowed to be humiliated or demeaned with degrading or shameful forms of punishment; such as, whipping, scourging or crucifixion.  Non-citizens and slaves had a different set of rules).  Hopefully, we’re way beyond that.  

At least, I like to think we are, but we can create new Centurions by:

First, stop appointing police chiefs based on political affiliation.  Currently, for the most part chiefs are either appointed by the city/county board, mayor or other elected officials or are elected themselves. Both methods are political.  Since laws are apolitical and should be enforced apolitically, so should the appointment of the police charged with enforcing those laws equally and justly.

Second, first and second-line supervisors should take a test that includes police administration, social – emotional, non-escalating skillsets, leadership skills, human rights and the protection of personal dignity training.  Allot more time needs to be spent of developing social skills needed in conflict resolution, at least at the same level that they spend on equipment usage techniques.

Thirdly, patrolman should be assigned “beats” randomly but with purpose and clarity.  The most troublesome neighborhoods should be assigned to those officers with the most experience.  There should always be a senior and a junior officer together whenever possible.  We should get rid of the notion of “Partners”, whereby, the same two people are assigned a specific sector each and every shift, so that they always work together.  Sure, there is an advantage to having “partners” as the patrolmen become familiar with each other and the neighborhoods they serve.  But conversely, they also become “too friendly” with each other or the residents, and worse, by becoming either complacent or tolerant of bad behaviors.   Additionally, the argument will be made that the patrolman needs to be able to trust his/her partner with their life.  That’s true, but if you can’t do that with everyone in the department, then there’s a problem.  The public also demands the same expectation. 

Over the years we got away from two man patrols due to budget cuts and other factors.  I think we should go back to them.  No more single patrols.  I’m not saying just to double everyone up by consolidating patrol zones.  No, this will only lead to longer response times.  Instead, I’m saying double force sizes by bringing on new officers.  Many will say, “We don’t have the money”.  To me that’s just another way of saying, I’m too lazy to do the hard work to figure out how this can be done.  So, I don’t buy the argument that it will be too costly.  Think about this, we just spent several trillion dollars on corporate and public welfare for COVID relief and didn’t bat an eye.  Not to mention the 10’s of trillions we’ve spent and are spending on the bank bailout of 2008.  It’s not about money, it’s about deciding.

Fourth, everyone in an administrative position, who is physically capable, should work “the road” once a week or a couple days a month – maybe a weekend or night shift.  Even those will mobility issues could have a role.  This gives fresh eyes and reminds everyone why they are there – to serve and protect.

And finally, move personnel around within departments, within organizations.  The military does this with regularity and at tremendous costs.  But the benefits far outweigh the costs.  Each move brings “new life”.  Getting a fresh set of eyes on things is invaluable.  It brings with it; fresh and innovative ideas, opportunities for personal growth, problem solving, and deters complacency and stagnation.  It also roots out those who have a history of misconduct.  New supervisors usually don’t tolerate bad behaviors that old supervisors allowed to go unaddressed. 

A recent study of police training revealed, that on average policeman in the US receive less than a thousand hours of training, whereas their European counterparts receive thousands of hours.  Most police chiefs in Europe are also lawyers or have law degrees, as do many mid-level supervisors.  I don’t believe this requirement exist within the US.  Maybe it should?  

Calls for defunding the police are just wrong.  Police departments need more resources not less.  That said, so do social programs that address the root causes of criminality and unwanted behaviors.  We need to add funding that teaches non-aggressive tactics and de-escalation techniques, social – emotional learning skills, and coping tools that deal with attitudes and behaviors.

I worked for ten years with the Carabinieri, the Italian National Police.  In those ten years I never once saw them man-handle anyone.  Sure they put people in handcuffs and took them to jail but I never witnessed any aggressive tactics on their behalf.  They always talked the guy into getting handcuffed. 

Great article about Carabinieri tactics, here:

https://foreignpolicy.com/2020/06/10/american-cops-could-learn-a-lesson-from-italys-carabinieri/

To illustrate my point, a few years ago, my son was travelling from Italy to the US.  He had been visiting his aunt and grandma.  At the airport in Rome, he placed his backpack on the conveyor belt at the x-ray machine.  After it was scanned, a Policeman approached him and asked my son to accompany him.  They went to a room, and the policeman pulled an apple, sandwich and serrated kitchen knife from his backpack.  The Policeman said, “Young man, we have one question, who packed your lunch your Mom or your Grandma?”  The Policeman knew, my son being in his thirties was old enough to know better than to bring a knife through the checkpoint.  He also knew that Moms being Moms in Italy meant, someone else had packed his lunch; Mom or Grandma had packed the knife so he could peel the apple, it was just logical. Clearly my son wasn’t a threat.  The Policeman kept the knife and my son boarded his plane.  I believe that had a similar incident occurred here in the States my son, would most probably have gotten arrested for possession of a deadly weapon, would subsequently have a criminal record, which could have an impact on his employment possibilities. 

We have a saying in the military that, “soldiers will be soldiers”.  In other words without supervision they will do stupid stuff.  Good behaviors AND bad behaviors are learned.  Shouldn’t we be doing everything we can to make sure good behaviors are nurtured, if so it’s about leadership?

Change comes from big and bold thinking.  Look at, putting a man on the moon.  Pretty big stuff there!  We didn’t know how we would do it but we decided we would.  Then it came down to many, and I mean many, small steps to get us there.  Well, if we are to truly reform the police, policing and the interactions they have with the public, we’ll need to take many small steps to get there.  NASA had many failures along the way, but eventually they figured it out.  I believe we can too, after all this is America – this is who we are.

Everything I know about security I learned in kindergarten and I've been updating ever since

I know many of you remember that in kindergarten we learned to play fair, share tools, put things back in “the cubbie” where they came from, put your name on your stuff, be quiet during nap time and in general to be good neighbors.  Well, I learned something else, too.  LESSON LEARNED: HE WHO HAS THE TOYS GETS TO CONTROL THE GAME AND IS THE BOSS OF THE OTHER KIDS.

Fast forward to the third grade, I learned that if someone was bullying me,  I had to fight them to get them to stop or get someone else who would do that for me.  I know, can you believe that this beautiful face was getting bullied in the third grade.  Well, it’s true and all because I kissed a girl who was a fifth grader.  So I did what every skinny, respectable guy would do – I got her to beat him up. LESSON LEARNED: GET SOMEONE ELSE TO DO YOUR DIRTY WORK!

When I was in the fifth or sixth grade, my criminal career started and ended in a span of a few minutes.  You see, there was a pack of rubber bands on the shelf at the Ben Franklin store and I really wanted them but I didn’t have the money.  I put some in my jacket pocket and left the store.  As soon, as I was walking out a county sheriff car pulled into the parking spot directly in from of the store.  The store had a revolving door, which allowed me to reenter the store without ever really exiting.  I put the rubber bands back on the shelf and waited for the sheriff to leave the store before I went home, scared to death.  I have to admit, every time I’d see a police car while growing up I always wondered if “they knew about that” incident. LESSON LEARNED: ONCE YOU’VE DONE IT YOU’VE DONE IT FOR LIFE.

And then upon entering the military, I became an Air Policeman.  God works in crazy ways.  Since I was mostly stationed in Europe from the time I was twenty until I retired in 1993, my biggest security lesson was tracking terrorist activities and fighting the “the Communist, the bastards”.  LESSON LEARNED: THERE ARE BAD PEOPLE OUT THERE WHO WISH ME (US) HARM.

Later in my career, I thought and was taught to think this way, that all you had to do was put a camera on it to watch or post a guard and crime would stop.  Your stuff would be protected. Neither a camera or a guard will prevent, they may deter, and unless the response force is within a reasonable distance to respond they probably won’t deter either.  I’ve always wondered why organizations spend thousands and still get “ripped off”.  Upon analysis it usually comes down to them using the wrong mitigation strategy for the wrong threat or the security is “so tight”  it becomes a burden or tax and people don’t want to pay the tax, even those who are authorized to do so.  They’ll find a way around it so that life is convenient. So, unless your security system is specifically designed to deter and prevent unwanted behaviors, it won’t do that. Sure there is always some deterrence but a dedicated aggressor will not be detoured.  They will bring the tools they need.  Also, if there isn’t a dedicated response force, all you’ll be doing with your fancy system is taking pictures of what happened. LESSON LEARNED: SECURITY IS SUPPOSED TO BE ABOUT DETERRENCE/PREVENTION AND INSTEAD IT’S ABOUT CONVENIENCE.

Well, after my heart attack a couple years ago, my cardiologist said I’d probably live another 30 years.  I’ve used three so far, so who knows what I’ll learn in the next 27?

4 Spring Cleaning Tips for Keeping Criminals from Acting Criminal

I’m sitting here in my office writing this Blog post, while wearing a surgical mask.  My wife says, “I don’t have to wear it because I’m not out in public”.  I answered, “Well, I’ve heard my computer can get a virus, and I don’t want it to come from me, lady”. Touché


Like every good spring cleaning job, you have to set some goals.  My wife’s  - windows.  Mine - not falling off the ladder.


When it comes to security spring cleaning though, our first goal needs to be keeping criminals from acting criminal around my property.  Here are 4 tips:


Understanding that your property has a number of layers that you can use to you advantage is essential.  Those layers, if you have them are: property line, internal fence-line (if present), building facade and special spaces within the house.  For instance, I don’t have a fence in the front of my house but I do on the sides and back of the property, so my property line and fence-line are one in the same.  So for that reason, I look at every layer I do have and determine if I can deter, delay, detect and defend against a would-be aggressor breaking in and stealing my stuff.


Deterrence is kind of hard to define.  Mainly, because if the deterrent is perceived to be too tough, then it will get circumvented by those who are actually authorized, and then what’s the purpose of having it in the first place.  Besides, a dedicated threat will not be deterred.  He/she will bring the tools necessary to defeat whatever the deterrence is designed to do. Now, don’t get me wrong I’m not a defeatist.  I do believe you have to do whatever it is you can and evaluate what you’ve done honestly.  If there is still pain, do it some more.


Secondly, my goal is to slow a person down if they have ill-intent enough so that I can detect them.  So instead of a straight sidewalk up to my door, I have a sidewalk that meanders or crosses my front lawn, so while standing inside my living room or office I can see them as they approach.  If someone doesn’t follow the path of the sidewalk and traipses across my lawn then that is an indicator to me that something’s not quite right.  Now, it could be that the person is just lazy or too tired or it could mean something far worse.


Next remove all possibilities of hiding.  So bushes and shrubs that are within 10 feet of windows and doors should be removed.  If you simply must have them for aesthetic purposes, then they should be located away from the building so that as a person approaches they can see around them.  Bushes should be trimmed to a height of three/four feet above ground level and trees down to seven/eight.  Anything higher or lower causes opportunities.


And finally, check windows and doors, to make sure they close properly.  And, while cleaning the windows and gutters, check the outside lights, especially those on a sensor.   

Another thing, stand at your property line at dusk and see if someone can see inside your house while the lights are on and can see that you’re at home.  If they can, then even if you leave lights on to give the appearance that someone’s home they can see that you’re not.  We draw our curtains at dusk so that you can’t see through.


When I said, defend above I didn’t mean confront the bad guy and whip out a gun.  Trust me your stuff is not worth someone’s life.  On the other hand, if they are physically harming or threating harm to my family I can guarantee you that they’d wish that I only had a gun. 


Send me an email and I’ll send you a 28 question checklist you can follow.  FREE.

I Became a Meth Head, Won an Award and Am Now Recruiting Others

“Mom, tell him to stop”, I would hear that all the time from my son as he would tell his Mom I was obsessing over work.  I don’t hear that nearly as often now-a-days, not because I’ve stopped but because he doesn’t live with us anymore.  He’s in New York and we’re in California.  The other evening, while I was drying dishes, my wife said to me.  “You know you’re obsessed.  It’s like a drug for you”.  Perplexed, I said, “What do you mean?”  

“I’m telling you that the cat used the litter box and you’re telling me about bollards in Las Vegas”. 

OMG, she was right!  I can’t get it out of my system.  My every thought is about physical security design – both good and bad.  I’m always analyzing and comparing and thinking; does that work, is it effective, could they have done it cheaper or better?  My mind is on overdrive,  I had become a METHodology addict. 

My addiction was simple - use a proven assessment method to look at criticality, threats, vulnerabilities and subsequent risks of high occupancy buildings and their supporting energy systems.  I guess, that’s why I’m so fond of the Asset Based Risk Analysis (ABRA) and Critical Asset and Infrastructure Risk Analysis (CAIRA) methodologies (both Platinum Award winners; ABRA a GOVIE in 2017 and CAIRA an ASTOR in 2018).  Not because they won awards after having been recognized by teams of experts but because they take allot of the thinking out of the analysis process.  It’s pretty basic math and not allot of calculating.  It’s all already done with macros.  But, the final result answers the questions cited before, will the implemented security measure be truly effective in reducing risk, is there an alternative that can be just as effective and will it bring costs down to a reasonable price.

ABRA ARTICLE https://view.joomag.com/march-2019-ast-magazine-march-2019-ast-magazine/0952115001553308799/p4?short

CAIRA ARTICLE https://view.joomag.com/july-2019-ast-magazine-ast-july-2019-magazine/0612002001563068627/p60?short

Over the years, I’ve noticed that the best thing when it comes to thinking is not to start.  Once you get a thought, it seems to get out of control rather quickly.  “Kind of hard to put the genie back in the bottle”, as they say.  The thoughts just keep coming, no matter what I try to do.  So sorry, Honey, I can't turn it off.  

P.S.  I cleaned the litter box.

Security - It Really is a T or F Question

I know many of you when you read the title thought, “Yep, security is a true or false question.  You’ve either got it or you don’t.  Well, purposefully I didn’t spell out what the T and F stood for. It isn’t true or false.

As many of you know, for some time now I’ve been advocating for a softer approach to security, especially when it comes to the design and layout of high-occupancy spaces.  And during my years of advocacy I’m come across some, who will agree, and others that play lip service and say, “Oh yea, that’s what we should do.”  And when they have their next opportunity to make the change they go back to their olds ways with the bigger, better, faster, stronger, in your face approach.

Recently, while collaborating with a local school district we took a softer approach.  After an active shooter threat (fortunately stopped prior to being carried out due to social media monitoring), parents wanted the District to heighten security by adding guards and cameras, and constructing fences on the perimeter.  They wanted this because that’s what they’ve been seeing on TV.  After every school shooting, there’s a rush to install more cameras, higher fences, and to hire more guards.  I don’t blame the parents; I blame the security companies who are selling their products with the idea that if one is good, two must be better – the more products sold the better for the bottom-line.  Some may argue that adding visible, in your face, deterrence works.  I’ll admit, there is some benefit; however, a dedicated threat will not be deterred – they will bring the tools necessary to circumvent whatever is in place. That said, we can argue until the cows come home about the benefits.  From my point of view, it’s not about effectiveness.  It’s about the psychological impact it has on our youth.  Recently, a local school board approved a bond for security upgrades.  The newspaper ran a picture of a ten foot metal fence gate to allow campus entry and mentioned that everyone would go through a metal detector.  I showed the article to a Latino friend of mine and he said, “They’re always looking at us like we’re all criminals.  The guys are in gangs and the girls are ‘ho’s.”  Is this the intended message?

Additionally, research shows us that “hardening” causes anxiety and even affects performance.  

https://network.aia.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=110227d5-dde4-9c0d-fa52-a23257148cca

Our approach is to add security features that are “hidden in plain sight”.  For example, instead of a fence to keep out trespasser we suggest a buried co-axial cable sensor system.  It provides a warning that someone has breached the perimeter, yet is unseen.  Another example, to keep unauthorized folks off of the roof we suggest placing large flower pots with bougainvillea near drainage pipes or next to other features that a person could climb to get to the roof.   Again, a solution that is unseen.

My article published in American Security Today magazine January 2020 https://view.joomag.com/2019-champions-edition-2019-champions-edition/0683429001578075665/p148?short

So which message do we want to send?  The message that we don’t trust you and we think there will be an incident or the message that we trust you, we expect you to act trustworthy and you can expect the same of others?

My book, The Solutions Matrix: a  Practical Guide to Soft Security Engineering for Architects, Engineers, Facility Managers, Planner and Security Professionals has a Quick Glance Checklist that will allow you to list your current security solutions and then list your ideas on how to take a softer approach.  Order your copy today via the CONTACT US link at https://hainessecuritysolutions.com

What Message Does Your Security Send – Fear or Trust?

In order to have proper physical security, mitigation strategist and those responsible must understand the types of aggressor groups, what motivates them and the tools they need in order to be successful.
  

Aggressors fall into four main categories: criminals (sophisticated/unsophisticated, organized/unorganized), protesters (organized/unorganized), terrorist (domestic/transnational/State sponsored) and subversives (intelligence agents [State/non-State sponsored]).


And, there are four main aggressor objectives; to inflict injury or death on people, to destroy or damage equipment, facilities or other resources, to steal equipment, material or information, and to create adverse publicity.


Tools on the other hand, don’t fall into any category and are virtually unlimited.


Unfortunately, the security industry has been approaching school security from the wrong angle.  We keep thinking, if one is good two must be better and we can harden our way to a perfect world.  We can’t.  School shootings and worse will continue, I’m sad to say, until we start eliminating the causes that promote this behavior. 


School systems have developed a variety of multi-disciplinary programs that address prevention and response to mental health issues if a student manifests behavior that might precipitate violence on a grand scale; i.e., bullying, addiction and interpersonal violence.  But this is still not enough.

Some security companies offer “social media behavioral monitoring” and are analyzing a person’s social media presence in “real time” and reporting actionable intelligence of patterns or suspicious behaviors to authorities, but this alone isn’t enough.  Using artificial intelligence, and deep learning are great but they’re just another tool.   And, just because a person manifests some type of anxiety or disruptive behavior it doesn’t necessarily mean they’ll act out and it doesn’t mean that that person will become a school shooter.


I believe we need to get to the cause of the angst.  Why does a “perfectly normal kid” decide to go to a school and shoot it up?  Does the “prison look” of many schools contribute to this phenomenon?  Is it possible, that the chain-linked fence surrounding the school yard, the metal detector that everyone passes through and the roaming armed guard all contribute in some way?  Now, just because that has become the “new normal” it doesn’t mean every kid will grow up and commit a criminal act, but there is no doubt that they will carry this angst with them into adulthood.


You don’t have to look very far to see examples of the “big dog” in your face approach and the subliminal message of something bad is expected to happen.  

We can address behavior in the built environment in a non-traditional way as a substitute to the confrontational in your face kind of way.  The approach must be more subtle, in fact, the more transparent it is the more effective it will be.  

Normally, to deter crime, we put up signs that say, “Cameras in Use” and some folks get creative saying, “Smile you’re on camera”.  For access control, we usually mark our territory by placing a chain-linked fence or some other type of “barrier” on our boundary-line.  It has a limited effect because a dedicated threat will bring the tools needed to circumvent it.  Build a big fence; they’ll bring a bigger ladder.  Make it even higher and they’ll bring an even bigger ladder or tunnel under it.  Sure, there is somewhat of a deterrent, but the reality is, a dedicated “bad actor” will bring the tools needed in order to be successful.   


In the early “90’s, Crime Prevention through Environmental Design was introduced to connect these two worlds – unwanted behavior and a physical deterrent.  Research shows that the concepts of natural surveillance, natural access control, territorial reinforcement and maintenance contribute to the deterrence and reduction of criminal activity.  CPTED is not the sole reason, but it helps. https://www.cptedtraining.net/


The basic concept of CPTED is if we can design the space so that it is almost always under observation “bad actors” won’t act bad.  I believe it needs to go further than that.  Not only do we need to design the space using these concepts, but we also must design the space so that “bad acting” can’t occur.  Additionally, in the off chance it does the built environment should help to reduce its effects and not contribute to its severity.  


A couple of years ago researchers in the European Union conducted a survey.  They asked elementary school kids who had emigrated from a country where there was war to draw what they considered safety or security to be.  The kids drew pictures of fencing with razor-wire and “gunships” overhead.  Then the researchers asked the same question to kids from Europe who had not be exposed to hostile environments and those kids drew houses with trees, stick families, a dog and sunshine.  Shouldn’t we be striving for the “sunshine” scenario?


The harder we make it for the “bad guy” to do things the more of a deterrent there is.  There is some truth to that but on the other hand, if security is a tax your people won’t pay it and they will figure out a way to circumvent it.  This in turn defeats its purpose.


Getting away from hardening schools after every incident by using “big dog” philosophies will take time, nonetheless, we can begin immediately.  I submit that beginning this school year, administrators should use the checklist provided by the Partner Alliance for School Safety (PASSK-12) www.PASSK12.org to conduct a physical security risk assessment of their campus and whenever possible replace traditional mitigation solutions they would normally opt for with a hardscaping, landscaping or art strategy.  Creativity and student, staff and community involvement are essential.


Success in security is sloppy.  It’s entangled.  It’s very hard to distinguish where detection, assessment, policy and procedures, response and engagement begin and end.  Addressing behavior must be coupled with addressing the physical environment.  They require a different amount of time, effort and commitment to produce positive results but nonetheless are equally important.  In order for students, and later as adults, to thrive we must create environments, internal and external, that address the need for “well-being” in both the social and physical ecosystems, and if we can do that in a more aesthetically pleasing way, then why not?

More about a softer approach to security: https://www.securityindustry.org/2018/04/05/the-puppy-movement/

My Book The Solutions Matrix: A Practical Approach to Security Engineering for Architects, Engineers, Facility Managers, Planners and Security Professionals is on sale at https://www.hainessecuritysolutions.com  

Haines Security Solutions is a contributor to the Security Industry Association’s education platform, “Center of Excellence” at https://www.securityindustry.org/center-of-excellence/

Known knowns and unknown unknowns

"There are known knowns" is a phrase from a response United States Secretary of Defense Donald Rumsfeld gave to a question at a U.S. Department of Defense (DoD) news briefing on February 12, 2002 about the lack of evidence linking the government of Iraq with the supply of weapons of mass destruction to terrorist groups[1]



This quote tells us something about risk management.  Basically there are threats we know about and there are threats we don’t know about and there are threats that we don’t know we don’t know about.



From a risk management standpoint, that’s pretty disconcerting. 



In order to understand the unknowns you have to look at things from the “bad guys” perspective.  In other words, see what the "bad guy" sees.  And to do that you must understand that there are four aggressor types of criminal/man-made threat groups; criminal (sophisticated/unsophisticated, organized/unorganized), protestors (organized/unorganized), terrorist (domestic/transnational/state-sponsored), subversives (saboteurs/intelligence agents [state/non-state sponsored]).  In an effort to design better mitigation strategies planners must understand the “bad guys” motives or the reason(s) behind why they do what they do.  There are also four primary aggressor objectives; inflict injury or death to people, destroy or damage facilities, property, equipment or resources, steal equipment, material or information and create adverse publicity.



So how can I plan to reduce their effects let alone mitigate them?  The answer is really easier than you think.   Traditionally in risk management, we look at things from a probability standpoint.  We ask the question. “Will it happen here, and if so, what will the impact be”?  I believe, likelihood has little influence on risk.  I believe likelihood comes into play when talking about funding.  Our risk management methodologies assume the threat will be successful 100 percent of the time.  We calculate likelihood when it comes to cost benefit.



Our Asset Based Risk Analysis (ABRA) and Critical Asset and Infrastructure Risk Analysis (CAIRA) methodologies combine the aggressors motives and objectives with what the asset owner sees; thereby, giving a complete picture of risk.  



More about ABRA (Platinum GOVIES Award 2017 for Best Government Security Risk Methodology) https://view.joomag.com/march-2019-ast-magazine-march-2019-ast-magazine/0952115001553308799/p4?short



More about CAIRA (Platinum 2018 ASTOR Award for Best Risk Analysis Methodology in Homeland Security) https://view.joomag.com/july-2019-ast-magazine-ast-july-2019-magazine/0612002001563068627/p60?short



More about risk management and developing mitigation strategies can be found in my new book, The solutions Matrix: A Practical Guide to Soft Security Engineering for Architects, Engineers, Facility Managers, Planners and Security Professionals.  Order here  https://americansecuritytoday.com/dont-surrender-to-fear-new-book-the-solutions-matrix-by-doug-haines/

---

[1] Full quote: Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones.

Go Where there is No Path. But, I Can't, I'm Afraid of Snakes

A few months ago, my wife and I were shopping and came across this saying on a night shirt, “Go where there is no path”.  When I showed it to her, her reaction caught me a little off guard.  She said, “I can’t I’m afraid of snakes”. And, of course, being the person I am, I immediately translated that into a language I can understand – security-ish.  My first thought was, that explains why people don’t conduct risk analysis or even more importantly why they don’t even start the process.  They don’t tread into uncharted territory because there are snakes hiding in all that tall grass, so they stay where they’re comfortable – on the path.  Doing what is comfortable causes two problems.  

First, as Defense Secretary Don Rumsfeld, said, “We don’t know what we don’t know”, which translates into, we’re only protecting ourselves against what we can see, expect and believe is likely to occur.  Since, we don’t know what we don’t know, we’re not planning on dealing with its affects either.  This can be extremely more sinister because a lack of action could result in someone getting seriously injured or worse.  

Fortunately, there are methodologies out there that can get rid of the snakes.  I’m consulting on security matters with a local school district.  During our initial meeting, the District Superintendent, said, “Okay, where do we start? With an assessment to see where we are?”  Absolutely! 

Risk management is about managing risks.  In order to do that, you have to accept five factors:

1) You can’t prevent or deter everything

2) Protection from one threat may allow for some protection against another unrelated threat

3) Protection options must be in place before the event occurs

4) Risk Management must address the following pillars; detection, assessment, plans and procedures, response and engagement

5) Risk management and the assessment process is continual and is just part of what we do.

For ways to tame the snakes, read related articles here:

https://view.joomag.com/march-2019-ast-magazine-march-2019-ast-magazine/0952115001553308799/p4?short https://view.joomag.com/july-2019-ast-magazine-ast-july-2019-magazine/0612002001563068627/p60?short

How Preventing the Wrong Threat Will Cost You

My nephew used to work for an IT company.  Upon returning to work after Christmas holiday, they noticed that the rear windows of the building had been broken and all of the computer equipment had been stolen.  The owner of the company did what anyone would do.  He called a security consultant. 

The consultant recommended fixing the windows, adding motion sensors in the hallway and an access management system at the main entrance.  


When the company employees returned after the Easter weekend, they noticed the rear windows had been broken out – again, and all of the computer equipment had been stolen – again. 


Why did this occur?  The security company had misanalysed the Design Basis Threat or DBT.  

Everything of value has a threat that goes with it.  If it has value then someone wants it - either the owner or someone else.  It is also possible that a treat can be naturally occurring, like a earthquake or tornado. Usually, protection from these types of threats are governed by ordinances or laws; i.e., earthquake or tornado protection in construction standards.  For man-made threats, on the other hand, there really isn't any legislation that governs prevention or protection, so it's up to us to focus on man-made threats.  There are four general categories of aggressor types; 1) criminals (sophisticated/unsophisticated and organized/unorganized), 2) protestors (both organized/unorganized), 3) terrorist (domestic/trans-national/state-sponsored, and 4) subversives (saboteurs/foreign intelligence agents).  Each type of threat has an Modus Operandi or tactic and tool it uses to execute its objective.  If you make a list of what those may be you can actually design the space so that it provides protection to the things of value inside.  It is also important to understand the objective of man-made threats, too.  They fall into one or more of these categories; 1) inflict injury or death to people,2) destroy or damage property, equipment or resources, 3) steal equipment, material or information, or create adverse publicity. Understanding the motives, the tactics and tools they use will go a long way in prevention and protection.

The solution the security company had provided failed because, they didn't address the correct DBT; which was, breaking and entering and not unauthorized access.  Although, entering through the window is a form of unauthorized entry.  They had recommended the solutions they normally would suggest to deter or reduce the effects of theft, and focused on electronics, but they hadn’t addressed the DBT of the windows being breakable in the first place and didn’t add non-electronic solutions to the mix.  Had the windows been replaced with laminated glass they would not have been able to be broken and then the other countermeasures would have been effective.  Another solution would have been to prevent access to the parking lot behind the building.  I don't prefer this method because it would be more aggressive and unsightly to use a gate or fence with gate.  Just replacing the windows would not have changed the aesthetics of the space, so that is my preferred solution.

More about non-aggressive/aesthetically pleasing security measures can be found here: https://www.securityindustry.org/2018/04/05/the-puppy-movement/

The Need to Push Down Silos

A few years ago, a friend of mine, trying to generate additional students for the classes I teach, asked his cousin who works for a very large architecture and engineering firm in the new World Trade Center in New York City, if they would be interested in attending training on integrating security technologies into building design.  His cousin answered something to the effect, “No, we leave that up to the client after we turn the building over to them”.  While his cousin’s answer is not surprising it is disappointing and confusing to me. 

Not surprising because I’ve heard that so many times before.  In essence, everyone stays in their silo and the connection between the disciplines usually only involves answering questions about the project and clarifying requirements; architects architect – engineers engineer – and security securities, if you will.

It’s confusing on two levels.  First, at the beginning of every project the architect gets the client’s desires list; i.e., the building should be blah, blah, blah. Right from the start the architects develop a mental picture of what the building should look like.  Next he or she begins to include all of the regulatory requirements or “best practices” for design.  Best practices are nothing more than this is how it’s normally done.  In New York City, for multi-story buildings in Manhattan the façade default material is glass in the Mid-West it is reinforced concrete or masonry units.  Meeting regulatory requirements deal with disability act, fire and safety codes, such as, hallway width, stairs, doors and windows, and elevator placement, etc. and depending on the region some weather related events.  And second, very seldom are man-made threats considered.  This contributes to the fact that man-made threats continue to occur despite large amounts of money being spent on security measures. I guess the argument could be made, that “well, we’re not required to consider them like we are for natural threats so we don’t need to; besides it will drive up costs”.  On the surface this makes sense but if you dig just under the surface your next thought should be, why don’t “best practices” apply?

The Department of Defense, and some other federal government agencies to a limited degree, requires that integration mitigation strategies be included in their building design review process regardless of where or what type of threat is involved.  In fact, it’s mandated that all threats, including man-made threats be addressed by a group of stakeholders at the onset of any new building construction project and for renovation projects that meet certain thresholds or “triggers”.   The stakeholder group determines the “design basis threat” to the building and its occupants and the level of protection required based on the number of people occupying the space.   These two factors ensure that the appropriate amount of money is spent on protection options and in the unlikely event a catastrophe does occur; injury and death will be kept to a minimum.

By bringing all stakeholders together from a variety of disciplines, everyone 1) has a chance to air their requirements and needs, 2) buys-in to the group’s decision on which threats will be addressed and support the “DBT” and the level of protection required, and costs are kept down.  Adding electronics in the form of surveillance or other technologies lies with the owner after the project is completed.  So in the short term, the cost of this equipment and its installation is currently absorbed by the owner/client and is not part of the building costs.  This “trick” helps keep the building design costs down but doesn’t adequately protect people or the facilities they use.  But more importantly, the real costs to the client come after the installation from the long term requirement for equipment maintenance and manpower. 

Since buildings are currently designed with everyone, remaining in their silos, with  limited exception, the process is treated as if it were a vertical process, when in reality it’s a horizontal one.  The “silo effect” and the isolation it causes make security an “add-on” and limits its efficiency and effectiveness.  

Planning Now for the Terrorist Attack that Won’t Come or Will it?

While radical Islamic-extremist inspire large scale attacks have not occurred in the United States in some time, low scale attacks are more common place than you’d think and not necessarily exclusive to radical-Islamist.  “Bad actor” attacks using terrorist tactics occur all the time.  To prevent, deter and reduce the effects of a terrorist style attack, business owners, facility managers or anyone else charged with the security of those they service must determine if they are an attractive target to, not only terrorist attack, but also criminal activity.

In that regard, two questions come up, 1) “Do I deal with the public?” and 2) “Does the public (or a “bad actor”) have access to my facility?”  If the answer to both questions is “Yes”, then you are at risk.  Even if you answer “No” to the second question, you must remember that a dedicated threat will not be deterred and will bring the tools necessary to carry out the attack.  Answering these questions will be an indicator of threat likelihood.  Additionally, if you ask, “What is the public’s opinion of that service/product?”   The operative word here being “the public’s opinion” and not what you think, you will get an even better understand of your risk.  If there is the slightest likelihood that you could be attacked by a criminal or a terrorist, then you should reconsider if  the procedures you follow and the physical security countermeasures you already have in place are adequate.

Usually, criminal activity doesn’t result in injury to people or death.  Terrorist activity, regardless of motivation intends to inflict violence on another person in order to hurt them.  That said, most criminal acts involve the theft of or damage to property.  Consideration must be given to common criminal activities, such as; theft, burglary, damage to property, assault and work place violence, just to name a few.  Criminal activity using terrorist tactics on the other hand are directed toward people and try to cause as much injury or death as possible.  Common tactics still include; improvised explosive devices (Yes Virginia, sick people are still building bombs), using a vehicle or automatic weapon to inflict injury or death.  While school and workplace shootings have become the norm they are not necessarily terrorist attacks, although the results may be the same – they produce mass casualties. 

Mitigation strategies for any type of criminal activity, including terrorism, must be in place before the event occurs.  So, we want to deter the activity from occurring in the first place and then delay it so that it can be noticed and responded to by trained forces.  And finally, in the unlikely event it does occur we want to reduce it effects as much as possible.

In the case of IEDs, we want to move vehicle parking away for places where large numbers of people gather and prevent the placement of unidentified objects near buildings. 

To thwart the hostile vehicle threat, we need to place rated barriers between vehicle traffic and people, especially where large numbers of people gather; i.e., street fairs, sidewalks or pedestrian zones.

Since police departments and some security companies are teaching people to “Run-Hide-Fight, which actually means hide, we need to create spaces that actually offer protection.  Two protective options are, 1) retrofitting walls with rated ballistic materials; so that when people do hide they are actually protected and 2) limit movement of the person with the gun. 

Note, there will always be some level of risk no matter how much you plan and implement countermeasures.  The goal is to reduce the risk to a level you can accept and to continually analyze and make changes when warranted.  When you hear or see something in the news, you should ask yourself, “Can that happen here?”  If the answer is “Yes”, then you should take actions to change that to a “No”.

Chances are you are not going to become a victim of a terrorist attack; however, there is a greater likelihood that you will become a victim of a criminal act that resembles a terrorist act.  

Getting Everyone to Speak a Common Language

A couple weeks ago, I was teaching a class about using building design to deter criminal activity, including terrorist attack, and when it fails reduce its effects and prevent mass casualties.  After the obligatory introductions, I said something to the effect, that building design is a matter of reducing risk whenever and wherever possible.  But in order to do that you have to the know your “DBT”.

Based on the blank stares, I got back, I knew something was wrong.  So, I said it again.  Still the deer in the headlights looks.  So, I said, “Everyone knows what DBT stands for, right”?  Still nothing.  Not one person raised their hand.  I was taken aback.  After all the class was made up of seasoned architects, engineers, planners and security folks.  I would have thought, at least, one or two would have known what I was talking about.

So, we spent the new few minutes talking about Design Basis Threat or DBT, if you will.  DBT is identifying your threats, their tactics, the tools they may use and then designing your building to deter or prevent them from happening, in the first place, and understanding that if they do happen you can reduce their effects if you’ve included reduction strategies into the design.

The very first thing to do is to assemble “the planning team”.  The idea that “it takes a village” needs to be used here.  The team should include architects, engineers, facility manager, security, end users and others.  It’s important to bring these folks together, so that they can discuss the parameters of what they are trying to accomplish and “buy in” to the project.  If done correctly at the beginning of a project, security costs can be kept to a minimum, usually somewhere around five percent of the total project costs.  If security comes in at the end of the project this cost may skyrocket to thirty-forty percent, because of the long term cost of equipment maintenance and especially, personnel costs.

Once the team is assembled, the first step is to identify the threat or threats.  Threats can be divided into two categories; natural and man-made.  Fortunately, laws and ordinances exist that address natural threats in building design; i.e., earthquake, flooding, fire, tornado, etc.  Man-made threats on the other hand – not so much.  Although, that is changing slowly.  Last year, federal legislation was signed into law that addresses the use of hostile vehicles as a method of attack in public spaces.  We’re still waiting for the DHS report the law requires and its subsequent findings and recommendations.  I’m particularly concerned that our government hasn’t the courage to attack hostile shooter legislation, when it is so needed.  But that’s another Blog topic for another time.

The second step is to identify the motives of the man-made threat,; i.e., causing injury or death, theft or unlawful removal of property or equipment, damage to property or facilities and causing adverse publicity.  Then we need to figure out what type of groups commit these acts; criminals (sophisticated/non-sophisticated, organized/unorganized), protesters (organized/non-organized), terrorist (domestic/trans-national/state-sponsored) and subversives.  

Then we look at the tactics they use; stationary or moving vehicle, different types of weapon usage, forced entry, etc.  Each tactic uses a different set of tools. That said, each type of tool use has a countermeasure available to reduce its effectiveness.

If we understand their motives, tactics and tools, we can design countermeasures into inhabited space that reduces the possibility that they will occur and when that falls short reduces their effects. 

My book, The Solutions Matrix: A Practical Guide to Soft Security Engineering for Architects, Engineer, Planners and Security Professionals, will be available in September.  It will outline the processes used to determine DBT, have a quick reference chart that outlines how to counter each type of man-made threat and provide examples of practical real-world solutions.