Once again there has been another theatrical presentation to frighten the west - and the UK in particular. Although this time there appears to have been some competency problems with the actors. These terrorists were apparently unable to successfully detonate their explosives. Lucky break, possibly, for everyone.
The biggest break from this may be the intelligence that can be gathered if the actors can be captured or arrested. However, there may also be very little intelligence to be gained as well. How these cells operate is not so secret any more - which is what has been leading to the pre-emptive dismantling of other plots - and hopefully some future plots. We will have to wait and see what intel comes from this.
It was reported that the police in London had responded to over 250 suspicious packages in the two weeks after the first attack. Remember, of course, that it is not how many packages are dealt with, but how many of the right packages are dealt with.
Once again - our best defense against terrorism is to recognize their goal and thwart that. Continue about your daily activities and be aware of your environment.]
Friday, July 22, 2005
Tougher laws <> reduced losses
According to some recent media, the North Carolina legislature has sent a bill to the Governor that makes church burglary a more serious felony than before. Larger penalties, more time in jail, longer incarcerations, call it what you will it is all on the wrong end for security. While it can be said with some certainty that the intent of the bill is to reduce church burglaries and was developed in good faith, it can also be said with some authority that increased penalties only do so much for reducing crime.
Practically speaking, warehousing criminals for longer periods of time does prevent that criminal from committing further crime - at least on the public - during the incarceration, however let's consider the ultimate state sanction and its affect on crime and then we'll move to a better discussion. Murder is punishable by the death penalty in many states. This penalty has not significantly reduced the murder rate where ever it is applied. Yes, I know, there are many reasons for this and extensive circumstances that affect it, but let's admit that, by and large, increasing penalties beyond a specific point has little further deterrent effect.
So let's focus on the fact that increasing penalties do more for the politicians than for the victims - in this case churches. Once a facility, any facility, has been violated there is damage - physical and psychological - and that damage cannot always be fixed easily. There are losses - direct and indirect - that affect when or if a facility can be used again, or whether operations must be relocated, postponed, or ceased. We can discuss losses another time, but for now it is important to recognize the value of preventing losses. A proportionate investment in protective strategies is a budgeted occurrence, but dealing with a loss is crisis-spending. Unplanned, unbudgeted and generally the impact causes some other program to be reduced.
There were five burglaries in North Carolina that occurred just prior to the passing of this bill. Five organizations lost assets that affected their lives and how their operations were conducted, but far worse was the feeling that someone had invaded sacred space, stolen objects, and possibly, if not likely, desecrated the sanctity of the church. Could the burglaries have been prevented? Absolutely and without a doubt YES! But remember sometimes it is necessary to accept some risk rather than completely altering, impeding or destroying how operations are conducted. Too much prevention could make worship services impossible. But burglary is generally a preventable loss and at the very least it could have been possible to mitigate the actual loss that occurred. Sometimes it's technology that can help and other times it's processes, procedures and community involvement. Determining the proper mix is matter best completed after a Risk Assessment - which incidentally usually take one or two days to complete at most churches and maybe another week for analysis and reporting - and can mean the difference between losses and prevented losses (which is not exactly a 'gain' but much better than a loss).
What I'd really like to impress upon everyone here is that increased criminal penalties are a great gesture by the government but they do not necessarily help reduce losses. The bad guy is probably still going to commit the act - and then you're just stuck with the aftermath, the cleanup, and the personal impact felt by each member. Applaud the legislature for responding to the community - but role up your sleeves and start planning how to prevent the need for the law.
This first step an any Risk Assessment is to determine what assets exist within the organization. Consider this for your organization - you'll find that there is a lot more than you may have first realized. Have you considered what the impact might be if one, some or all of these were lost?
Practically speaking, warehousing criminals for longer periods of time does prevent that criminal from committing further crime - at least on the public - during the incarceration, however let's consider the ultimate state sanction and its affect on crime and then we'll move to a better discussion. Murder is punishable by the death penalty in many states. This penalty has not significantly reduced the murder rate where ever it is applied. Yes, I know, there are many reasons for this and extensive circumstances that affect it, but let's admit that, by and large, increasing penalties beyond a specific point has little further deterrent effect.
So let's focus on the fact that increasing penalties do more for the politicians than for the victims - in this case churches. Once a facility, any facility, has been violated there is damage - physical and psychological - and that damage cannot always be fixed easily. There are losses - direct and indirect - that affect when or if a facility can be used again, or whether operations must be relocated, postponed, or ceased. We can discuss losses another time, but for now it is important to recognize the value of preventing losses. A proportionate investment in protective strategies is a budgeted occurrence, but dealing with a loss is crisis-spending. Unplanned, unbudgeted and generally the impact causes some other program to be reduced.
There were five burglaries in North Carolina that occurred just prior to the passing of this bill. Five organizations lost assets that affected their lives and how their operations were conducted, but far worse was the feeling that someone had invaded sacred space, stolen objects, and possibly, if not likely, desecrated the sanctity of the church. Could the burglaries have been prevented? Absolutely and without a doubt YES! But remember sometimes it is necessary to accept some risk rather than completely altering, impeding or destroying how operations are conducted. Too much prevention could make worship services impossible. But burglary is generally a preventable loss and at the very least it could have been possible to mitigate the actual loss that occurred. Sometimes it's technology that can help and other times it's processes, procedures and community involvement. Determining the proper mix is matter best completed after a Risk Assessment - which incidentally usually take one or two days to complete at most churches and maybe another week for analysis and reporting - and can mean the difference between losses and prevented losses (which is not exactly a 'gain' but much better than a loss).
What I'd really like to impress upon everyone here is that increased criminal penalties are a great gesture by the government but they do not necessarily help reduce losses. The bad guy is probably still going to commit the act - and then you're just stuck with the aftermath, the cleanup, and the personal impact felt by each member. Applaud the legislature for responding to the community - but role up your sleeves and start planning how to prevent the need for the law.
This first step an any Risk Assessment is to determine what assets exist within the organization. Consider this for your organization - you'll find that there is a lot more than you may have first realized. Have you considered what the impact might be if one, some or all of these were lost?
Friday, July 15, 2005
A little more on the Critical Detection Point
Alright, I mentioned this last post and I think it deserves a little more explanation. But I'll try to keep it brief. Check THIS out for additional information on the theory and application behind this.
Remember we discussed security efforts as deter, detect, delay, deny? And prevent, detect, respond? Well this is where the math meets the road. It goes something like this.
An attacker must complete certain tasks to successfully complete their objective, whatever that might be. You must devise a way, in advance, that thwarts their efforts. A significant part of the problem is that at some point all the prevention in the world fails to stop the attack. So there must be a response which naturally follows a successful detection of the threat. So assuming that an attack occurs at what point in the attack must the detection occur in order to insure that the response gets there in time. Garcia offers us a mathematical formula to describe this. Yes I know that we all thought that we left math theory behind a long time ago, but here it is:
CDP = TR > TG
TR is the minimum remaining delay on the adversary path, and
TG is the guard (police) response time
.
Alright so that wasn't any more simple. Look, you just have to make sure that the attack is detected with enough time that the response has enought time to stop it from being successful.
At that is the point. Where do you want to stop the attack? Before they gain access the property? Before they gain access to the building? Or, before they gain access to the safe? That's it.
Security, all security, is a function of time - I know we're back to math and I wasn't very strong in math either. But remember that although you are secure right now - most certainly because of carefully designed process but never by chance - you may not be secure in just a few minutes. Times change! New technology is introduced and diligence changes.
Here a few concepts playing on the time function of security:
- With unlimited time you can gain access to anything or anyplace
- There is never unlimited time - we get old, assets move, etc.
- With unlimited time it is possible to acquire any necessary resources
- With unlimited resources you can gain access to anything or anyplace
- But these are also limited - people, money, tools, etc.
- Resources are used to reduce the amount of time needed to be successful
- More people = overwhelming force
- More tools = technology being defeated quicker
- More money = more ability to acquire other resources
That's enough for now.
Wednesday, July 13, 2005
Burglaries - Internal countermeasures
Just yesterday we discussed a few ideas for dealing with burglars before they have gotten inside the building. So let's continue with the building and its interior... But for now let's just focus on detecting their intrusion.
The natural thought for keeping burglars out is an alarm system. However, alarms do not really prevent a person from entering. Consider again the concepts of deter, detect, delay, deny. An alarm system is generally meant only to detect an attack. Some integrated systems can initiate an automated response but strictly speaking an alarm only detects. Granted some aspects of it may deter an intruder and a determined intruder attempting to bypass an alarm system will certainly be delayed, but let's stick to its detection value.
Keeping bad guys out of the building falls to physical control devices - locks, doors, windows, walls and so on. Once a person has reached the building there are some considerations. Make sure foliage is trimmed (less than 18") and canopied (above 5-6') to enhance the detectability of a person near the building. Windows and doors should be locked! Bad guys are generally 'minimalists' and want ease and convenience. Now assuming that they do not have a key to an exterior door (and how many churches really implement a key control program - does yours) and that all other access points are secured, the bad guy will have to force access. That means a broken window, door frame, or padlock (in the case of sheds).
They're in! How do you know? Well a well designed alarm system can be very useful with this, however most systems are not well designed or well installed - thus many false alarms. Frequent false alarms mean that the police response will cease, at some point, from being a serious effort. This can be mitigated with a CCTV (closed-circuit television) camera system that allows a monitoring service to verify the alarm before sending a response, but that can really cost money up front.. It is however an excellent solution. Sparta is an exceptional company providing remote video monitoring services and there are several others.
I strongly encourage alarm systems, but today's technology offers some low-cost options that can be very effective. Take for instance, integrated wireless sensors and control panel that also offer network notification methods - that's right - email or text messaging. So rather than paying for a monitoring service it is possible to have your (or several members of your congregation) cellphones messaged directly by the alarm system. What a great tool.
So without an alarm system how does one know that an intrusion has occurred? One method we've already discussed briefly are patrols. The issue here is how long will it take the burglar to accomplish their goal - what is the delay? Having someone 'patrol' the property several times over the course of a night could offer detection that is timely enough. But let's consider one additional piece of technology network accessible CCTV. Yes, rather than having someone actually expose themselves to danger by walking or driving to the property they can observe the area from the safety of their own home (laptop at a wireless access point). Just a thought..
The answer, without technology, is creativity... The key concept to remember here is the Critical Detection Point which is the point in an attacker's activity that affords the last possible detection in order for a response to disrupt their success. In other words, the time will the bad guy need to complete the task minus the time it takes a response to arrive and disrupt the activity and the amount of time it takes to initiate that response after the detection. These numbers are generally pretty sloppy but it does offer a way to consider just how much observation may be needed without an alarm system - and how fast response will be needed with an alarm system.
Rob
/
The natural thought for keeping burglars out is an alarm system. However, alarms do not really prevent a person from entering. Consider again the concepts of deter, detect, delay, deny. An alarm system is generally meant only to detect an attack. Some integrated systems can initiate an automated response but strictly speaking an alarm only detects. Granted some aspects of it may deter an intruder and a determined intruder attempting to bypass an alarm system will certainly be delayed, but let's stick to its detection value.
Keeping bad guys out of the building falls to physical control devices - locks, doors, windows, walls and so on. Once a person has reached the building there are some considerations. Make sure foliage is trimmed (less than 18") and canopied (above 5-6') to enhance the detectability of a person near the building. Windows and doors should be locked! Bad guys are generally 'minimalists' and want ease and convenience. Now assuming that they do not have a key to an exterior door (and how many churches really implement a key control program - does yours) and that all other access points are secured, the bad guy will have to force access. That means a broken window, door frame, or padlock (in the case of sheds).
They're in! How do you know? Well a well designed alarm system can be very useful with this, however most systems are not well designed or well installed - thus many false alarms. Frequent false alarms mean that the police response will cease, at some point, from being a serious effort. This can be mitigated with a CCTV (closed-circuit television) camera system that allows a monitoring service to verify the alarm before sending a response, but that can really cost money up front.. It is however an excellent solution. Sparta is an exceptional company providing remote video monitoring services and there are several others.
I strongly encourage alarm systems, but today's technology offers some low-cost options that can be very effective. Take for instance, integrated wireless sensors and control panel that also offer network notification methods - that's right - email or text messaging. So rather than paying for a monitoring service it is possible to have your (or several members of your congregation) cellphones messaged directly by the alarm system. What a great tool.
So without an alarm system how does one know that an intrusion has occurred? One method we've already discussed briefly are patrols. The issue here is how long will it take the burglar to accomplish their goal - what is the delay? Having someone 'patrol' the property several times over the course of a night could offer detection that is timely enough. But let's consider one additional piece of technology network accessible CCTV. Yes, rather than having someone actually expose themselves to danger by walking or driving to the property they can observe the area from the safety of their own home (laptop at a wireless access point). Just a thought..
The answer, without technology, is creativity... The key concept to remember here is the Critical Detection Point which is the point in an attacker's activity that affords the last possible detection in order for a response to disrupt their success. In other words, the time will the bad guy need to complete the task minus the time it takes a response to arrive and disrupt the activity and the amount of time it takes to initiate that response after the detection. These numbers are generally pretty sloppy but it does offer a way to consider just how much observation may be needed without an alarm system - and how fast response will be needed with an alarm system.
Rob
/
Monday, July 11, 2005
Burlgaries in the Southeast
Recently I have seen many articles on the burglaries of various churches. Ah burlaries - I promised. Now here's a topic that is relatively simple compared with Arson but no less devastating in many instances to the minds of the victims.
As I mentioned in the first post ACCESS is everything. A burglar must have access, right. So let's consider some of the key points in the attack tree for a typical burglary.
1. The subject (A1 - attacker one) must defeat the perimeter of the property
2. A1 must defeat the perimeter of the structure (building, shed, rectory, chapel, etc.)
3. A1 must select, gather and prepare asset(s) for removal
4. A1 must transport the selected asset(s) out of the structure and off the property.
Now we can't dictate whether A1 arrives on a bike or with a tractor-trailer so we can't control how much he/she is able to transport away. We can probably also assume that defeating the perimeter and moving to the building are given events - I haven't seen many houses of worship with effective permiter fences. That brings us to the building.
We should want to deter their efforts to gain access and this can be done at many levels, but for now we'll consider signage, illumination, irrigation, and patrols. That's all pretty straightforward. Signs that indicate that an alarm system is in use - I really dislike offering this advice if there is no alarm system because any thief worth his weight will have determined this ahead of time - but it can't hurt all the same. Lighting that makes the intruder more visible to passersby - thereby increasing the perceived risk of detection. This has only a psychological impact if the property is already well concealed from passing traffic. It is also possible to have sprinkler systems set to be activated by motion sensors. This may sound silly, but have sprinklers and lights activate together will likely spark the response of running away prior to any decision to continue. It may also cause the intruder to make some noise out of complete annoyance. The options for enhancing this are nearly endless depending on the intention. Heck it even result in a some amusing video. On an incidental note - a well soaked intruder may be easier for the police to identify while escaping.
Now the topic of patrols. This may be police, a security service, or passersby (such as congregation members) that have agreed to communicate or document findings. Again, creativity here can save some money, but sometimes it's just worth paying some to check in periodically. This option should also be considered in advance as a contingency. If a series of buglaries - or vandalism for that matter - occur to other houses of worship in your area it might be time to activate that pre-agreed upon contract with a security provider to begin periodic patraols. This may be just enough to move the micreants to another location and the service could be ended whenever they may be caught by the authorities.
So there are few thoughts on preventing burglaries outside the building. There are many more but want to try and keep this as short as possible. Feel free to comment with your own thoughts. Next we'll look at methods useful from within the building. Remember water is relatively harmless, cheap and can create the opportunity for footprints or identifying the burglar. Oh yea, there is the amusement factor as well.
Rob
/
As I mentioned in the first post ACCESS is everything. A burglar must have access, right. So let's consider some of the key points in the attack tree for a typical burglary.
1. The subject (A1 - attacker one) must defeat the perimeter of the property
2. A1 must defeat the perimeter of the structure (building, shed, rectory, chapel, etc.)
3. A1 must select, gather and prepare asset(s) for removal
4. A1 must transport the selected asset(s) out of the structure and off the property.
Now we can't dictate whether A1 arrives on a bike or with a tractor-trailer so we can't control how much he/she is able to transport away. We can probably also assume that defeating the perimeter and moving to the building are given events - I haven't seen many houses of worship with effective permiter fences. That brings us to the building.
We should want to deter their efforts to gain access and this can be done at many levels, but for now we'll consider signage, illumination, irrigation, and patrols. That's all pretty straightforward. Signs that indicate that an alarm system is in use - I really dislike offering this advice if there is no alarm system because any thief worth his weight will have determined this ahead of time - but it can't hurt all the same. Lighting that makes the intruder more visible to passersby - thereby increasing the perceived risk of detection. This has only a psychological impact if the property is already well concealed from passing traffic. It is also possible to have sprinkler systems set to be activated by motion sensors. This may sound silly, but have sprinklers and lights activate together will likely spark the response of running away prior to any decision to continue. It may also cause the intruder to make some noise out of complete annoyance. The options for enhancing this are nearly endless depending on the intention. Heck it even result in a some amusing video. On an incidental note - a well soaked intruder may be easier for the police to identify while escaping.
Now the topic of patrols. This may be police, a security service, or passersby (such as congregation members) that have agreed to communicate or document findings. Again, creativity here can save some money, but sometimes it's just worth paying some to check in periodically. This option should also be considered in advance as a contingency. If a series of buglaries - or vandalism for that matter - occur to other houses of worship in your area it might be time to activate that pre-agreed upon contract with a security provider to begin periodic patraols. This may be just enough to move the micreants to another location and the service could be ended whenever they may be caught by the authorities.
So there are few thoughts on preventing burglaries outside the building. There are many more but want to try and keep this as short as possible. Feel free to comment with your own thoughts. Next we'll look at methods useful from within the building. Remember water is relatively harmless, cheap and can create the opportunity for footprints or identifying the burglar. Oh yea, there is the amusement factor as well.
Rob
/
Terrorism and criticism of intelligence
Before starting this blog I put a couple of posts concerning the recent events in London.
But it's stil in the news and will be for some time. The story changes in the news periodically. First the devices were detonated at varing times and now the devices on the trains all are believed to have gone off at the same time.... This is an excellent illustration of the problems with intelligence operations. Here we have events that occured in an environment that is public and it still took nearly an entire day to refine the collected data into accurate information... Although this example is actually more of discussion on the exercises of historians it does illustrate a point.
Imagine trying to determine events that will occur in the future with such inaccurate, intentionally misleading, and incomplete data. This is world of intelligence operations. It is the process of trying describe the image presented in a puzzle as far before it is completed as possible. Doesn't sound too hard does it. Now make it more interesting and will the puzzle is being put together start pouring in pieces to other puzzles, mix them up, and now you have an inkling of the difficulties. How many pictures must be assembled? What if some pieces fit into multiple puzzles - how would you know.
My experiences with intelligence dealt with the Eco/Animal Rights movement with decidedly different consequences for failure but just as difficult. We criticize those analysts that were unable to read the signs, predict the future, and know the adversary's intention like God himself (or insert the appropriate term here for your beliefs).
I must say that I honestly hate very few things, but I absolutely hate quoting television and movies. It just seems a little less worthy than quoting some great written work. This, of course, is just a personal prejudice and I digress only because I must now quote a television show - and a Brit one at that.
There is a show in the UK called Spooks ( but here in the U.S. it is called MI-5). For those unaware, MI-5 is a U.K. intelligence agency with some similarities to the FBI - but not don't try to draw a clean connection. The U.K. is a different country with different rights and governmental structure. Anyway my point is that there is a line in an episode whena police officer is killed as a result of an MI-5 operation when the widow (and there's always a grieving widow on TV) challenges the patriotism of an MI-5 operative. And so a section leader made a statement to this effect, "You may question our methods, we certainly do it constantly, but never question our motive."
With that said let's just keep one thought in mind when we hear (or engage in) criticism of our intelligence efforts. No one, least of all those charged with identifying it ahead of time, likes to lose or look foolish. Nearly everyone gets a bloody nose from a sucker punch at least once in their life so in answer to some of the comments belittling the intel community I leave this posting. We can all "do our part" in the war on terror and still keep getting bloody noses because it's hard to figure out who in the crowd is going to punch next.
Damn this got long real quick. Sorry about that. If you persevered this far I offer one book that has some interesting reading on the topic - Cracking a Terror Network - is written as fictional account with a CD with supplemental information. If you curious what sorts of Eco inspired threats we have check out these: Terrorist or Freedom Fighters and The Logic of Political Violence.
Enough said. I'll try and keep them shorter in the future.
But it's stil in the news and will be for some time. The story changes in the news periodically. First the devices were detonated at varing times and now the devices on the trains all are believed to have gone off at the same time.... This is an excellent illustration of the problems with intelligence operations. Here we have events that occured in an environment that is public and it still took nearly an entire day to refine the collected data into accurate information... Although this example is actually more of discussion on the exercises of historians it does illustrate a point.
Imagine trying to determine events that will occur in the future with such inaccurate, intentionally misleading, and incomplete data. This is world of intelligence operations. It is the process of trying describe the image presented in a puzzle as far before it is completed as possible. Doesn't sound too hard does it. Now make it more interesting and will the puzzle is being put together start pouring in pieces to other puzzles, mix them up, and now you have an inkling of the difficulties. How many pictures must be assembled? What if some pieces fit into multiple puzzles - how would you know.
My experiences with intelligence dealt with the Eco/Animal Rights movement with decidedly different consequences for failure but just as difficult. We criticize those analysts that were unable to read the signs, predict the future, and know the adversary's intention like God himself (or insert the appropriate term here for your beliefs).
I must say that I honestly hate very few things, but I absolutely hate quoting television and movies. It just seems a little less worthy than quoting some great written work. This, of course, is just a personal prejudice and I digress only because I must now quote a television show - and a Brit one at that.
There is a show in the UK called Spooks ( but here in the U.S. it is called MI-5). For those unaware, MI-5 is a U.K. intelligence agency with some similarities to the FBI - but not don't try to draw a clean connection. The U.K. is a different country with different rights and governmental structure. Anyway my point is that there is a line in an episode whena police officer is killed as a result of an MI-5 operation when the widow (and there's always a grieving widow on TV) challenges the patriotism of an MI-5 operative. And so a section leader made a statement to this effect, "You may question our methods, we certainly do it constantly, but never question our motive."
With that said let's just keep one thought in mind when we hear (or engage in) criticism of our intelligence efforts. No one, least of all those charged with identifying it ahead of time, likes to lose or look foolish. Nearly everyone gets a bloody nose from a sucker punch at least once in their life so in answer to some of the comments belittling the intel community I leave this posting. We can all "do our part" in the war on terror and still keep getting bloody noses because it's hard to figure out who in the crowd is going to punch next.
Damn this got long real quick. Sorry about that. If you persevered this far I offer one book that has some interesting reading on the topic - Cracking a Terror Network - is written as fictional account with a CD with supplemental information. If you curious what sorts of Eco inspired threats we have check out these: Terrorist or Freedom Fighters and The Logic of Political Violence.
Enough said. I'll try and keep them shorter in the future.
Friday, July 8, 2005
Starting now..
Since starting the the House of Worship security blog it dawned on me that it might be better to also put together a blog on general security issues. Then the attack in London yesterday made the point a little more clear.
Here we will look at more general security concerns - businesses, schools, transportation, secure storage, networks, and so on... Not the same old technical rehash that hits ever other site, but instead a steady effort of addresses the concepts, foundations and thought-process to make the technical stuff work.
Yes, there is theory behind security. Not many realize it but it's there. Blame it on an industry that grew up under strange circumstances, with lots of different (and often competing) egos, and little thought to ethical goals or metaphysical concern.
So here goes... The foundation for today's organizational security efforts are grounded in the ancient concept of 'self-defense.' This can be traced back to the concept of 'self-preservation' however self-preservation may be used as a justification for aggressive violence which is not the point here - or within a society governed by the rule of law. Self-defense implies that another entity is the aggressor and the 'self' is taking action to thwart that aggression. So an individual is permitted to take action in self-defense. Since organizations within our society are granted many of the rights and obligations of an individual then they two are permitted to use this doctrine of self-defense. There we now have a foundation for our security efforts.
Why is this important you ask? Well, over time we will see some security activities and ideas that are pretty murky in terms of their 'rightness' and having some sort of a foundation provides the ruler to measure it.
But more importantly... It's the foundation for the effort and so a good place to start this blog.
Rob
/
Here we will look at more general security concerns - businesses, schools, transportation, secure storage, networks, and so on... Not the same old technical rehash that hits ever other site, but instead a steady effort of addresses the concepts, foundations and thought-process to make the technical stuff work.
Yes, there is theory behind security. Not many realize it but it's there. Blame it on an industry that grew up under strange circumstances, with lots of different (and often competing) egos, and little thought to ethical goals or metaphysical concern.
So here goes... The foundation for today's organizational security efforts are grounded in the ancient concept of 'self-defense.' This can be traced back to the concept of 'self-preservation' however self-preservation may be used as a justification for aggressive violence which is not the point here - or within a society governed by the rule of law. Self-defense implies that another entity is the aggressor and the 'self' is taking action to thwart that aggression. So an individual is permitted to take action in self-defense. Since organizations within our society are granted many of the rights and obligations of an individual then they two are permitted to use this doctrine of self-defense. There we now have a foundation for our security efforts.
Why is this important you ask? Well, over time we will see some security activities and ideas that are pretty murky in terms of their 'rightness' and having some sort of a foundation provides the ruler to measure it.
But more importantly... It's the foundation for the effort and so a good place to start this blog.
Rob
/
Thursday, July 7, 2005
Terrorism - thoughts on preparing and coping
As I mentioned earlier, terrorism is not a noble cause of some kind, it is the deliberate threat or use of violence by the few to affect the many by affecting the few. It's a theatrical event designed to affect YOUR emotions. And it generally works; now doesn't it?
So how do we prevail? Well that has a lot more to do with the government than individual actions. We'll leave that alone for now except to say that by not living our lives our way is a sign of defeat. We, as a community, must stick together - avoid using stereotypes as a reason to mistreat your neighbor. Mistrusting your neighbor because he is an Arab or a Muslim weakens our position. It denies all that we value in America. The form of Islam that is used to justify such attacks should not be used as a measuring stick for the religion. No more so than violent Christian fundamentalists should necessarily be used to describe the Christian faith. So keep in mind what it means to live in, come to, and thrive in the U.S. before getting too paranoid, and remember we craete our own violent activists pretty well too - since the Oklahoma City bombing was the second worst terrorist act on our soil. Enough said...
So how does one prepare? Just be aware of your surroundings and THINK. Henry Ford used to day that thinking was the hardest work and that's why so few people ever did it. So think and be aware. If you generally make sound decisions then be a leader if an event occurs. Panic - or terror - is the goal of the attack. Deny them that and the attack loses value. The bird that leads the flock is the bird that flew out in front in the first place. Being a leader during crisis will provide structure to others efforts and thoughts. I know this all sounds great sitting in a cafe and drinking hot chocolate without a real care in the world. I have been a security professional for most of my life and when I was in High School I used to monitor the terrorism of that day. I have always been an observant person - it's just been in my nature I guess - but it's not hard. And it can be fun. When you walk into a room, train, subway, or bus glance around quickly. Then think of a number... Eventually you will walk into a room and glance around naturally - without an actaul conscious thought - and that number that pops to mind will be the number of people present. Test yourself periodically. Next try doing the same thing but later in the day write down what was on one of the walls in that room. Now you're finding exits and restrooms automatically - this can be quite useful when you just have to go and don't have time to ask. Relax and let that amazing computer on your shoulders do the work. Think and be aware. Oh, by the way there are 15 people in the cafe with me now - actually it's sixteen, I didn't see a small child behind a table. I did this count without raising my head from the computer. Have fun with it... It can be quite soothing to know - really know - your surroundings.
Coping with terrorism is a whole different ballgame and I don't think I'm the right kind of professional to offer the best advice. I cope with it by living and enjoying - and I can relax because I stay aware of my surroundings. It's sort of like playing "Where's Waldo" for me. Once you start paying attention to your surroundings you start to immediately recognize what doesn't belong. So think and be aware.
I think that's enough of this topic. I want to move on to something more uplifting - like burglary.
Rob
/
So how do we prevail? Well that has a lot more to do with the government than individual actions. We'll leave that alone for now except to say that by not living our lives our way is a sign of defeat. We, as a community, must stick together - avoid using stereotypes as a reason to mistreat your neighbor. Mistrusting your neighbor because he is an Arab or a Muslim weakens our position. It denies all that we value in America. The form of Islam that is used to justify such attacks should not be used as a measuring stick for the religion. No more so than violent Christian fundamentalists should necessarily be used to describe the Christian faith. So keep in mind what it means to live in, come to, and thrive in the U.S. before getting too paranoid, and remember we craete our own violent activists pretty well too - since the Oklahoma City bombing was the second worst terrorist act on our soil. Enough said...
So how does one prepare? Just be aware of your surroundings and THINK. Henry Ford used to day that thinking was the hardest work and that's why so few people ever did it. So think and be aware. If you generally make sound decisions then be a leader if an event occurs. Panic - or terror - is the goal of the attack. Deny them that and the attack loses value. The bird that leads the flock is the bird that flew out in front in the first place. Being a leader during crisis will provide structure to others efforts and thoughts. I know this all sounds great sitting in a cafe and drinking hot chocolate without a real care in the world. I have been a security professional for most of my life and when I was in High School I used to monitor the terrorism of that day. I have always been an observant person - it's just been in my nature I guess - but it's not hard. And it can be fun. When you walk into a room, train, subway, or bus glance around quickly. Then think of a number... Eventually you will walk into a room and glance around naturally - without an actaul conscious thought - and that number that pops to mind will be the number of people present. Test yourself periodically. Next try doing the same thing but later in the day write down what was on one of the walls in that room. Now you're finding exits and restrooms automatically - this can be quite useful when you just have to go and don't have time to ask. Relax and let that amazing computer on your shoulders do the work. Think and be aware. Oh, by the way there are 15 people in the cafe with me now - actually it's sixteen, I didn't see a small child behind a table. I did this count without raising my head from the computer. Have fun with it... It can be quite soothing to know - really know - your surroundings.
Coping with terrorism is a whole different ballgame and I don't think I'm the right kind of professional to offer the best advice. I cope with it by living and enjoying - and I can relax because I stay aware of my surroundings. It's sort of like playing "Where's Waldo" for me. Once you start paying attention to your surroundings you start to immediately recognize what doesn't belong. So think and be aware.
I think that's enough of this topic. I want to move on to something more uplifting - like burglary.
Rob
/
London today - terrorism - understanding it
I know I wasn't planning to take on big issues just yet, but in light of the events today it only makes sense to put a few comments down now. First, everyone's thoughts and prayers should go out to those that have been directly impacted by the attack in London today. For anyone who got stuck under a rock and missed the ongoing coverage - Four explosive devices were detonated in London today during the morning rush hour. Three of the devices were set off on the subway (tube) and the fourth was on a double decker bus. There are more than 35 confirmed deaths and about 700 injuries. That's right - four coordinated detonations all occuring in about 30 minutes. But that's enough of recaping news. For more information try the BBC (and excellent source of world news) and let's get on with understanding the event.
First of all terrorism is not a noble cause and it is not the work of noble freedom fighters. Deliberately targeting civilians is not a just way of waging war. Terrorism is a theatrical event, using violence or the threat of violence, that is staged with the intent of affecting political, economic or social change. If you want an official definition try the FBI's website. To put it in the most elementary terms - it is the threat or use of violence by the few to affect the many by affecting the few. We are all meant to become scared for our lives because of the event. It is not random - typically - but is carefully planned and executed to have the greatest impact on YOUR emotions. McVeigh is said to have admitted (American Terrorist) that one of the reasons he selected the Murrah building was because of the potential camera angles that would allow the public to clearly see the extent of destruction. Yes this is factor in the planning of a terrorist attack. You cannot maximize the impact on the 'many' without media coverage. It is these images that we see - and remember - that affect us from that moment forward. One of the best descriptions of terrorism I have ever read went something like this...
We have the right of free speech but we do not have a right to force anyone to listen, and that is what terrorism does. It forces us to listen, to see, to wonder, and to fear. Terrorism is terrorism is terrorism. It does not matter what the cause is. It does not matter what the goal is. It is meant to instill fear - fear that will ultimately change your view, or your vote, or your willingness to live and enjoy your life. -- Because you are afraid. How many people were unwilling to fly on an a commercial flight after 9/11? How many will be fearful of trains, subways and buses now? Was it effective today? We'll know that when we look at how it may change the behavior of the 'many.'
Next let's look at what we can do to prepare, cope and prevail.
First of all terrorism is not a noble cause and it is not the work of noble freedom fighters. Deliberately targeting civilians is not a just way of waging war. Terrorism is a theatrical event, using violence or the threat of violence, that is staged with the intent of affecting political, economic or social change. If you want an official definition try the FBI's website. To put it in the most elementary terms - it is the threat or use of violence by the few to affect the many by affecting the few. We are all meant to become scared for our lives because of the event. It is not random - typically - but is carefully planned and executed to have the greatest impact on YOUR emotions. McVeigh is said to have admitted (American Terrorist) that one of the reasons he selected the Murrah building was because of the potential camera angles that would allow the public to clearly see the extent of destruction. Yes this is factor in the planning of a terrorist attack. You cannot maximize the impact on the 'many' without media coverage. It is these images that we see - and remember - that affect us from that moment forward. One of the best descriptions of terrorism I have ever read went something like this...
We have the right of free speech but we do not have a right to force anyone to listen, and that is what terrorism does. It forces us to listen, to see, to wonder, and to fear. Terrorism is terrorism is terrorism. It does not matter what the cause is. It does not matter what the goal is. It is meant to instill fear - fear that will ultimately change your view, or your vote, or your willingness to live and enjoy your life. -- Because you are afraid. How many people were unwilling to fly on an a commercial flight after 9/11? How many will be fearful of trains, subways and buses now? Was it effective today? We'll know that when we look at how it may change the behavior of the 'many.'
Next let's look at what we can do to prepare, cope and prevail.
Wednesday, July 6, 2005
Back to the basics
I started a post recently concerning some burglaries that had occurred in the Southeast, but as I looked back on my previous post- which was way out of hand – I decided it might be best to take step back. Why? Well given that many working in the security industry lack a strong grasp of the basics, I figured it might be a good idea to put a few of the fundamentals down before I try and tackle another huge topic – like arson. What a mess that was. I’ll work to keep a sort of “staccato” tempo to this since it can get boring quick… I know I sat through classes on in for years.
Security, as a profession, is an odd duck. Not many people – at least none that I have met – grow up wanting to work in security. Many had original aspirations for careers in law enforcement, others from the military, and others fell into it by happenstance (especially in the early days of computer networking). Further, the security industry, as we know it, is widely believed to have grown out of WW II. The specifics are not important right now, but security ‘in general’ goes back to the earliest days of commerce with merchant guards - and so on… What is important is the fact that many of the early practitioners came from government agencies – such as police, intelligence or military. Keep this in the back of you mind. With these individuals coming from such varied places, the methods were and are anything but standard. Although we are getting better, there are far too many that do not understand the basics.
Rob
/
Subscribe to:
Posts (Atom)