26 Nov 2012

Securing Your Facility, What Works?

Comments Off on Securing Your Facility, What Works? Campus Security, Facility Management, Featured Articles

The field of facility security is a vast, constantly changing challenge for professionals tasked with ensuring that physical structures, the content of those structures and personnel working at facilities are protected. Technological advances in cameras, sensors, ID badges, computer security, both hardware and software and even training for security professionals evolve so quickly that by the time I finish this sentence, some of it will be obsolete. As creative and innovative as tech pros and security pros are, criminals are just as creative and determined to defeat those advances. So the challenge of securing your facility is an ever changing challenge although some common themes, which I will discuss below, remain constant no matter what the environment.

Securing Your Facility

Factors That Influence Your Decisions

In these uncertain economic times, administrators and security personnel must look at the bottom line and determine how much money can be budgeted for security. They must look at the potential threats the facility faces and determine an acceptable level of risk or loss the facility can withstand to determine the priorities the security personnel should manage. For example, a small retail shop will have vastly different budgeting and security priorities than a highly competitive biotech firm would. Another consideration is the type of criminal or attacker that is likely to target the facility. The criminal element varies from those who take advantage of an unlocked door to disgruntled employees using their access to exact revenge for their perceived injustices to highly organized groups who spend months conducting surveillance and meticulously planning how to defeat security protocols, no matter how sophisticated.

Securing your facility also includes natural and accidental disasters that threaten the viability of a structure, its contents and personnel. We can look at recent events, such as Hurricane Sandy, to gain understanding of how these disasters affect even the best security planning and implementation. More than one New York and New Jersey business has not just suffered damage to physical security, they have also suffered losses due to loss of utilities, diminished capabilities of police due to higher priority of rescue and recovery efforts, as well as criminals taking advantage of the chaos to loot at will. While Hurricane Sandy is most likely a once in a lifetime catastrophe, smaller disasters, such as an older driver mistaking the gas pedal for the brakes or a train derailment miles away that are far more frequent can still cause as much damage to an individual facility as a freak super storm. An effective security plan is not complete without these considerations.

Planning for the Human Element is Essential

Arguably, one of the most important considerations in a facilities security plan involves the human element. No matter how much effort and expense is put into sophisticated technology, hardware, appropriate planning and policies, none of it will be effective without careful selection, training and mitigation of the human element of the security package. Careful selection and training of security personnel are just the beginning of handling the human element in security. Maintaining diligence, vigilance and motivation of security personnel is just as important, as is eliciting the cooperation and coordination from non- security personnel within the facility. Just as critical is the coordination and cooperation between administrators and security personnel.

The unfolding tragedy of the attack on the U.S. consulate in Benghazi, Libya is a stark reminder of the importance of the human element in securing a facility. Political rhetoric and finger-pointing aside, the facts that emerge paint an ugly picture. Poor selection and preparation of the facility, poor coordination and cooperation between administrators and security personnel, failures of administrators to effectively comprehend, prioritize or respond to threats observed by security professionals on scene and an absolute failure to adapt to changing conditions, being prepared to respond effectively to a catastrophic event in progress led to the tragic, unnecessary and preventable deaths of four Americans. The fallout in terms of loss of life, loss of intelligence and damage to national security is still unfolding and will for years to come.

The subsequent discovery of the scandalous affair of CIA Director Petraeus, which under the right circumstances could have led to a devastating national security breach, lends further weight to understanding the necessity of planning for the human element. Even without a national security breach, this personal affair has led to the end of Petraeus’ career. Imagine the effectiveness of this technique of exploiting human weaknesses to destroy the reputation, therefore effectiveness, of key personnel in a highly competitive, reputation dependent business and one begins to understand that securing a facility is not just about keeping criminals from physically breaking in to steal something tangible.

My Field Experience

As a patrol deputy, I responded to everything from purse snatchings to bank robberies. If there is such a thing, the “average” criminal follows the human tendency to look for the easiest, quickest, most painless method of achieving a goal. Unlocked doors, forgetting keys and failing to follow through with tedious security protocols, such as verifying identification, were the most common factors in being successfully targeted by a criminal. Poor lighting, poor layout of the facility which obscured vision for security and law enforcement personnel and employee inattention were also factors in shoplifting, burglaries and robberies of businesses. Retail businesses were particularly concerned about organized groups of shoplifters who would coordinate their activities to distract and overwhelm employees, while the rest of the group would shoplift large amounts of merchandise, completely overwhelming their loss margins. Additionally, stolen checks, credit cards and counterfeit money also caused great concern and were often committed by repeat offenders with lengthy criminal histories. In response, many businesses began alerting other businesses, which often resulted in catching repeat offenders and successfully prosecuting them.

Over the years, I found the most effective security involved multiple layers of security measures, overlapping physical, technological and human elements of the security plan. Some excellent resources to utilize in developing a security plan are Lt. Col. Grossman’s outstanding book “On Combat” while primarily for military and law enforcement, provides excellent insight into the security failures of denial, complacency and effective planning for threats. Christopher Hadnagy’s book on “Social Engineering, The Art of Human Hacking” is an excellent treatise on the sophisticated methods humans utilizes to manipulate the behavior of others from a security point of view. Finally, the CRISP reports, by ASIS Foundation is well worth studying to obtain the latest in research from world- wide sources on effective security planning.

http://www.asisonline.org/foundation/noframe/research/crisp.html

What have you found to be most effective in facility security? Can technology or hardware be developed to reduce the shortcomings of the human element in security? I welcome your thoughts and comments below.

Comments are closed.