Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

RiskAlert

Why the FBI and DHS Need Google’s Help to Track Potential Terrorists

The Boston Marathon bombings were bad enough.  The loss of life was terrible, but the runners and their families who lost legs and feet because they wanted to give their Dad a hug at the finish line were worse.

One week later, we all watch with trepidation as the first bomber is killed and the second captured bleeding in a boat in Watertown.

THE MOST TERRIBLE NEWS OF ALL IS THAT IT MIGHT HAVE BEEN PREVENTED!!  This is EXACTLY the situation that DHS was supposed to catch.  This is EXACTLY why the agencies were ORDERED to share information, and still these guys can tweet all they want, show violent Islamic videos on their web sites and call for Jihad and NOBODY NOTICES!!

This is made even more incomprehensible because the U.S. government was ALERTED BY THE RUSSIANS that one of them was DANGEROUS.

What do we need to do to get these agencies to start paying attention to these potential terrorists?  DO WE NEED TO MAKE THEM WEAR A RED SHIRT?

If the IRS can keep track of every American and in 2 minutes call up their entire history of taxes, and the Department of Labor can calculate your benefit rates in less than 1 minute, and Social Security keep track of all your information – why can’t DHS and the FBI  keep a contact database current?

Why can’t they have a person who scans these web sites and Facebook sites for Jihadist pages and then cross-references them with the site’s owner?   Why can’t a trip to a violent region of the world trigger a PING, as I heard one congressman call it.

Every company in the world has a simple Contact database on their own customers and suppliers that gives them years of data.   WHY CAN’T WE BE PROTECTED FROM THESE TERRORiSTS.

This one wasn’t hiding in the shadows – he was ON SOCIAL MEDIA!   He wasn’t locked up in a cabin – he was traveling internationally,   his brother was getting a scholarship.  And they did this FOR YEARS!!

This intelligence failure is just exactly like 9/11 all over again.  These agencies are so procedural that they cannot connect the dots.  Ok – they’re human. But we have super computers that CAN connect the dots and do profiles and create alerts…

Maybe we should call Google and get some help.  We obviously need it.

 

 



The Active Shooter Threat and Why We Need to Stay Situationally Aware

2012 will be remembered as the Year of the Active Shooter, where terrible tragedies across our country refocused people on issues surrounding gun control.  In many ways, it’s that old argument about whether the needs of the many outweigh the needs of the few.

In many schools and hospital, it could be argued that the needs of the many to be safe, and NOT TO GET SHOT,  outweigh the needs of the few – to possess assault rifles and high capacity magazines, which allow them to kill a large number of people with almost no effort.

No matter what side of the debate you fall on,  the debate has certainly brought the debate back from and center.

And along the way, it took the Active Shooter threat from a phrase that only a few security people knew about, into a phrase that was trending on the web and Twitter.

The Department of Homeland Security made a variety of resources available to deal with the Active Shooter Threat (many can be found at  http://www.dhs.gov/active-shooter-preparedness) with tools includes a video, and booklet.

Whether you are an elementary school, like Newtown, a movie theatre, like Aurora, a regional mall, mountain resort or anything else, the number one way to counter the Active Shooter threat is to increase security awareness of the staff.

I have had teachers tell me  “my job is only to teach, I shouldn’t have to be responsible for security, too”.

Unfortunately, everyone has to be responsible for good security, or we are all at risk.  And again, there’s the trade-off (aka, the risk calculation):

Measure the inconvenience of having to keep your eyes open and be willing to report any suspicious behavior VS. being a casualty of a mass shooting, or having someone you know killed.

Looks like a pretty easy calculation to me:

Small Amount of Effort (no cost) = Big Increase in Security !!

Make sure you friends, family and staff are aware of the Active Shooter Threat!



What Churches Need to Know About Security Risk Assessment!

the problems that churches face has changed since the 1950s.  Churches were considered “safe”, but the Sikh temple shootings in Wisconsin, shootings in Colorado Springs Churches, and the burning of black churches, have changed the security posture of churches.

Take a look at violence in churches today.  In 2008, the FBI recorded 23,547 crimes attributed to location code for “Church/ Synagogue/Temple”.  Deaths from church attacks rose 36% in 2012 according to the January 30, 2013 edition of Christianity Today.  Guns were used in nearly 60 percent of all “deadly force incidents” at churches since 1999 according to Carl Chinn who has been tracking these incidents.

Arson incidents are so widespread that the Dept. of Justice has a National Church Arson Task Force, and “Arson at churches has been a problem for a long time,” said Patrick Moreland, an executive with the Wisconsin-based Church Mutual Insurance Co., which insures 63,000 houses of worship.

No church leader, or church member wants their place of worship to become a crime scene, as the country watches it unfold on CNN.  And there’s a pro-active way to analyze a church’s security profile

And determine:

  • How Likely the Church is to have a Violence Incident
  • What Other Churches in the area are experiencing
  • What the Threat Level is in your Geographic Area
  • Exactly What Controls You Need to Add to Stay Safe

A Security Risk Assessment is a quick, easy to use model that can take streams of data and information and use these actual events to produce a simple report that can track the threat levels, and match these to potential and existing controls to see how existing controls can be implemented, what new controls need to be added, and how to do it all in a cost-effective way.

One of the key points of a security risk assessment is that it measures solutions in terms of COST-EFFECTIVENESS.  No one wants to over-spend on something and not have enough money left for a critical security element.

Out in the field, we often find that controls are not effectively implemented, or they are not 100% implemented, and if there’s even a 10% gap, it’s just like the control never existed at all.

And you don’t need to be an expert to perform a security risk assessment on your church, school, temple or summer camp.  There are new automated software applications, like Church Facilities Risk-Pro, similar to the app on your iphone, that will do the assessment for you, showing you the data you need, and even writing and formatting the reports for you.

The Control Reports become a blueprint for improving security and can become part of a 3-year plan that will protect the physical facility, the congregation, and the entire community.



A New Threat Appears – Meteor Strikes

After the meteor showers over Siberia this week, Russia put together a

Financial analysis of the damage from the meteors:

1200 injured by flying glass

             $33,000,000 in damage

4,000 building damaged

50 Acres of windows shattered

In the last twenty-five years, as the rate of climate change has increase, we have occasionally added new threats like Tsunami and ash pollution.

Now meteor showers have actually come to cause damage to companies so they are another factor to be included in risk assessments.

In evaluating threats for a risk assessment, many in the northeast would always tell me, “take out earthquakes”, we don’t have earthquakes in Virginia, Maryland, and Ohio. That changed in 2011 when the Mineral, Virginia earthquake hit during a mid-week business day.

RICHMOND, VA (WWBT) – Aug. 24, 2011. 

There was an earthquake in Central Virginia that measured 5.8 on the Richter scale centered about 5 miles south of Mineral in Louisa, depth 3.7 miles at about 1:51 p.m. The quake was centered at 38°N, 78°W.

The U.S. Geological Survey said the earthquake was centered about 38 miles northwest of Richmond, Va., about 84 miles southwest of Washington, D.C., and was felt as far north as Rhode Island and New York City. See a map of the quake from Chuck Bailey, professor of geology at the College of William and Mary.

Hospitals, government offices, dams and power generating plants,  including nuclear plants, were forced to suddenly reevaluate the long held idea that earthquakes just didn’t happen in the NorthEast.

The threat from meteor damage is the same idea.  It never happened before, but now it has happened again, if you count Tunguska as the first time.

Damage from meteor showers will now add a new category into the Threat index, even though this was the first event in my lifetime, if analyst factor in the previously known instances, such as the Tunguska Meteor Event, which did not occur thousands of years ago, like the meteor event in the Yucatan peninsula that killed off the dinosaurs, but
Tunguska occurred in 1908!   Almost in this century.

Over the next month, we’ll be looking at each different threat every week.  Sign up for my blog or access by following me on twitter at www.twitter.com/riskalert.

 



Another School Shooting Means We Learned Nothing from Newtown

Almost one month and two days since the tragic school shootings at Sandy Hook Elementary, where 20 young first-graders were shot by a crazy person with an assault rifle.

That day was one of those moments that you never forget, it’s seared in your brain and you probably know EXACTLY where you were when you heard the news start to trickle out.  I was at Toys R Us with my son and we were buying presents for his young twins.  I was checking Twitter and I saw a brief mention of another shooting.  At first it said, 3 individuals and possibly children, then 5 individuals,  then 12 children and by the time our shopping trip was over, so were the lives of 26 people, mostly innocent little first-graders. And it was only a week before Christmas.

As a security person who’s done lots of security assessments, you can’t help thinking, “What went wrong?”  “What could have prevented this atrocity?”  And there are dozens of potential solutions and who knows what might have made a difference.

Then there’s the day that President Obama signed 23 Executive Orders to tighten up background checks on potential gun owners,  keep track of who purchases guns, requiring federal agencies to make more background-check data available, requiring federal law enforcement to trace guns recovered in criminal investigations, and providing more training for police, first responders and school officials.  During his announcement, he said, “Let’s do the right thing!”.

We all want to do the right thing, but what IS the right thing, the one thing that will make a difference and significantly reduce gun violence in America?

These Executive Orders are a great start, but we all know the push-back that will come from Congress and the gun lobby, who still want to sell guns, even after they see a photo of a little girl shot, not once, but eleven times.

This was also a big wake up call for schools.  The public schools, colleges and universities seem to wake up every ten years and worry about security, and then they quickly forget and back into worry about academics instead of security and gun violence. Teachers want to TEACH.  Teachers often say, “Security is not my job, my job is to teach and I shouldn’t have to do anything else”.

But SCHOOL SECURITY has to be a process, not just a quick fix.  All security has to be a process.  The process starts with a clear policy.  There has to be an approved policy, whether that policy is a federal guidelines, like FEMA 428, “Primer to Design Safe Schools”, or whether it’s a security policy that mets a schools specific needs.  Without a policy, you have no place to start.

There have to be procedures written up, announced, handed out in 3-ring binders, and accompanied with education and training including drills.

There has to be training and education so people know what to do in an emergency, where to do, who to call, and how to respond.

There have to be annual security risk assessments to gauge the current threats, and measure the effective controls, and make the security program a process of continual improvement.

Without the foundation of policy, procedures, training, education and security assessments, it’s not a security program, it becomes just a grab bag of solutions that may or may not work.

For example – here are just a few of the point solutions we heard about today, endorsed by their own lobby groups:

  • Arming teachers with more guns.
  • Banning all guns on campuses.
  • Securing the school perimeter with chain link fences.
  • Doing more and better background checks.
  • Adding cameras which are constantly monitored.
  • Have an armed School Resource Officer on every campus.
  • Security Awareness courses for teachers.
  • Security awareness training for parents.
  • Giving teachers panic alarms.
  • Improving mental health services.
  • An assault weapons ban.
  • Banning high capacity gun clips.

If it was your children’s school or college, which of these elements would you choose?

Schools are a great leveler of our culture.  Everyone has personal experience with schools.  Everyone went to school once, and many have children in schools, or friends in schools, or know staff and teachers who work in schools, so schools are like a touchstone.  But you could also say “Hospital”, or “Train Station”, or “County Offices” or “Movie Theatre” and to protect these things, there has to be a security program in place.

We, as the security community, are the guardians of society.  We protect things of value.  And nothing has more value than our children.  Security has many other names like safety and emergency planning, and disaster recovery and loss prevention and risk management and violence prevention and information protection, just to name a few.

As a global security community, we should make our voices heard in this great debate, because we have the experience to know what works and what doesn’t and your voices are needed now, more than ever.

This is also a time where the public discussion of security breaks through the chatter and focuses attention on something that is critically important to everyone.   Security professionals have always networked and learned from each other’s experience.

Let’s talk to each other more about what works and share this with the rest of the country.

They need us.

About the Author, “Caroline Ramsey-Hamilton is a leading expert in assessing risk facilities security, workplace violence and security for hospitals, cybersecurity, nuclear security,  and also measuring compliance with security standards like FEMA 426-428, Joint Commission, HIPAA and OSHA. She has developed security programs with the National Security Agency, the U.S. Department of Defense and the National Institute of Justice, the Department of Homeland Security and many other agencies, and has developed a school security risk program with Eastern Kentucky University.

Caroline is a member of the ASIS Physical Security Council,  the ASIS Information Security Security Council, and on the Board of the South Florida chapter of  IAHSS (International Association for Hospital Safety & Security) She received the Distinguished Service award from the Maritime Security Council, and the Anti-Terrorism Accreditation Board’s  Distinguished Service award in 2011. You can reach Caroline at caroline@riskandsecurity or thru her web site at www.riskandsecurityllc.com.  She posts breaking security & risk alerts at www.twitter.com/riskalert.



Holding Hurricane Sandy Survivors Hostage to House In-Fighting

Many, including Chris Christie, and Peter King,  are shocked and dismayed when the relief vote for New York and New Jersey was postponed until the new Congress assembles later this week.

The U.S. has historically had a great reputation for jumping in AS A WHOLE COUNTRY to help the victims and survivors whose lives and businesses have been ravaged and, in some cases, destroyed.  Many world leaders have commented on how the USA always pulls together in these emergencies.

According to the House, that’s no longer true.

The decision to take a budget fight to this level is NOT good politics.   These people, most of them property owners AND registered voters, are going into winter without the basic necessities, with houses that have not been repaired, with streets not repaired.  Sixty-eight days AFTER the disaster, these people cannot wait two more days, they can’t wait one more day.

A big country like the United States of America cannot hold its head up in the world, if we can’t help our own brothers and sisters who suffer these terrible events.

If this happened in New Orleans, I think you can imagine what the talking points would be.

As a group concerned about safety and security, we should be writing our congressmen and senators and tell them to stop playing games with federal disaster relief.



Preventing Active Shooters – Schools Struggling to Find Solutions After Sandy Hook Shootings

We can control regular access to our facilities, schools and hospitals. We can have visitors sign into a visitors log.  We can take photos and ask for identification and lock the doors, but the Active Shooter doesn’t comply with any of these protocols and we have no control about when and where the Active Shooter may show up.

Here are some additional controls to consider if you need to improve your school or facility security.

1.  Put in Cameras that are actively MONITORED.  

For security experts, you already know this, but others might not know that cameras that just sit on the wall or ceiling only have 2 purposes:  (1)  To scare people into NOT doing something.  (2) To review after an incident happens and use to arrest someone.

Cameras can also be used to monitor what goes in – ACTIVE monitoring. This can be done in a facility, like a hospital, or company, and there are staff members looking at the camera visuals and watching for certain kinds of behavior.  This is also offered as a service.   Monitored cameras can alert police, check to see who’s entering the halls and actually respond and prevent Active Shooter incidents.

2.  Conduct regular training and drills for ALL STAFF and for all STUDENTS

People give lip service to training, but there’s nothing as effective as practicing for an active shooter.  It’s one thing to know where to go, or what to do, but it’s so much better to rehearse with a drill, have someone come in, unannounced and practice
moving to a safe area, practice locking down a school, hospital or facility.  This will expose all the weak areas, and make people more confident that they can deal with a bad situation and protect everyone.

3.   Have a clear NO WEAPONS – NO VIOLENCE Policy in place.

Policies are important because they say, “It’s a mandate, it’s a requirement” and that means most staff will comply with it.
No Weapons signs should be posted at all entrances.  Any violence should be reported and punished immediately.  This has a deterrent effect, as well as giving you the legal ground to stand on if an incident does occur.  It also makes staff and students feel safer.

4.   Know EXACTLY what the response time from the police department, in case an incident occurs.  

You can time your drills, you can have a conference with local law enforcement to trim down their response times.  You can pro-actively provide law enforcement and first responders with the building floor plans, or a digital map of the building.  These preparations shave crucial minutes off the actual response time in case an incident does occur.

Think about how many people a shooter can kill in ten minutes, more than 2 children a minute.  Every second counts so step up and add these four controls into your security control plans.

 

 

 

 



Why the State Department Needs Better Threat-Risk Assessments

Obviously, the tragedy in Libya this week focused the world’s attention, not just on the bodies of our countrymen returning home, but made me wonder about the risk assessments and threat assessments that are routinely done in these extremely sensitive locations.

Unfortunately, the threat assessments tend to be more political forecasting and less about the reality of the situation on the ground.  One problem with these simple manual threat/risk assessments is that they take too long to complete.  Maybe they spend a few days looking at the physical controls, and then a week writing up a report, and much of it may rely on anecdotal incidents or reports of questionable value.

That’s why I am a believer in automating these threat/risk assessments, and in a potentially dangerous area like the whole country of Libya, they should be at least weekly, or bi-weekly, or even daily when tensions are running high.  It allows you to get a quick assessment in less than 30 minutes, and allows for quick updating, which is critical in situations like this week.

And no, I don’t believe a threat/risk assessment would necessarily PREVENT a terrible tragedy like the death of an American Ambassador, but I do think that having these updated assessments allows for safeguards to be continuously checked, measured and improved, and also may expose weaknesses that can be exploited by a terrorist group when the opportunity presents itself.

The practice of running continual assessments is not used very often, but when it is, it’s very effective because when the situation goes south, you already the blueprint of what to do right in front of you, and it allows better decision support under such stressful conditions.

The information-sharing done by different groups can be wrapped up in the risk assessment and combined, so that maybe a higher threat condition can be identified, in time to relocate, leave the country, or whatever else it takes to protect the lives of our diplomatic staff.

 



A Terrible Day in Colorado – Terrorism by Twenty-Something

Just saw that now 71 people were shot at the Aurora, Colorado theatre, and 12 have died, including children.

This is exactly the kind of incident that I used to think would wake everyone up to the dangers of NOT doing annual security reviews, and  NOT allowing everyone on the planet to stock their attic with automatic assault rifles, and instead, we are at an intersection in the national dialogue where talking about assault rifles, OR security controls, is something people would rather ignore.

Whether it’s the hospital security administrator who thinks posting a simple “NO WEAPONS” sign is too much security, to the facilities who deny the security officers any weapons bigger than a purse-size pepper spray, they are actually ENABLING security incidents of this type.

I heard these officials in CNN saying, “It’s not terrorism”!   It certainly IS terrorism.  It’s just domestic terrorism, but it shows you how easy it would be for a terrorist to walk into the US, buy some AK-47s and walk into a regional mall, a batting cage, a mega-church, a hospital, a sports arena, and proceed to kill dozens of innocent people in just a few minutes.

With 71 shot, and 12 dead, it is more deadly than your typical IED in Afghanistan!  It’s more deadly because their is human ‘intelligence’ (and I use the word loosely) behind the attack.  Instead of a simple detenation event, the shooter can choose victims, look them in the eyes and then kill them.

This is an intentional event by someone so lost that he didn’t even put up any resistance to police.  Why should he, he’s already made his statement and now has his 15 minutes of fame.   That is 5.5 people killed or injured for each 1 minute of fame.

If you are reading this today, you should do a quick risk assessment of your organization and make sure your staff are developing situational awareness, watching and evaluating what is going on around them.  It may make the difference between life and death someday.



Man Wants to Commit Suicide at Hospital to Donate his Organs!

Suicidal Man Triggers an Evacuation in Denton, Texas.

The emergency department at Texas Health Presbyterian Hospital was evacuated after an armed man threatened to shoot himself in the hospital’s parking lot, as reported in a newspaper article. The man had sent suicidal messages to his ex-wife. She contacted police, who in turn began tracking the man’s cell phone. He was found in his vehicle, which was parked in front of the hospital’s ED. Police cleared the ED while they negotiated with him for about 45 minutes. The man told police he chose the hospital because he wanted to donate his organs after he killed himsel




top