7 minute read
Technology In Security A Solution or Misused?
Technology as a Security Solution or Misused? By: Ivor Terret As a preamble to this mini-essay, I’d like to let the audience into a bit of my tech background. In my past I’ve worked at a hightech start-up, which was later acquired by one of the largest multinational tech companies at the time.
I then opened Multi Tier Solutions, a company providing unique tech solutions for the security world. Yes, I used to code, and absolutely, I am a proud geek and ardent fan of technology and still occupy an advisory role to some very exciting tech companies. Technology is not only fun, it’s sexy! And it can be extremely powerful. It’s “power” however, that can also be its biggest weakness, when not used correctly by us as the most important factor: the human factor. To recap, my philosophy of effective and practical security is based on the principle of four pillars. All of the pillars work together to support the goal or the “umbrella/ceiling” of security over the protected assets, whether the asset is people, property, or information. The pillars are: • Physical means • Technological means • Security and non- security personnel • Procedures These pillars are designed to function as a cohesive whole meaning that individually they are not all equal or even. Each one serves a unique function that has an undulating impact to prevent a crisis, to respond and manage a crisis, and to recover and to return to prevention after the crisis. The defined and desired impact of each is the result of understanding the risk or which hostile act or crisis event is of higher probability and criticality. Then mapping that threat event or risk to existing measures and vulnerabilities. In this way, each pillar plugs in gaps left open by weaknesses in other pillars.
CCTV Effect
In our modern age, as technology develops at warp speed, security leadership often places a higher importance on using expensive technology without considering the operational cost. The “CCTV effect” is ever present when security solutions begin with “we’ll put a camera there” but without robust tactics to respond to what is being witnessed on the camera; i.e. no tactics to use the camera to monitor a crisis. And perhaps, the most prevalent culprit: monitoring multiple cameras in search of an anomaly.
Then What?
Shortly after the shooting at the YouTube HQ in CA,
I was invited to multiple corporate campuses in multiple continents and came across very similar, and worrying phenomena: weapons detection systems. Some of these are very effective at what they’re designed to do, but were implemented as stand alone solutions. What I saw was great detection technology, with absolutely no thought given to what happens if indeed a weapon is detected. No robust physical barriers, no effective security personnel at key checkpoints, and no procedures to guide the incident management process. So, the system has detected a weapon, now what? What policies, procedures, and protocols are in place for security to categorize the person with the weapon as either innocent or dangerous? And, if deemed dangerous, then what? I get it the tendency is to have a knee jerk reaction to “do something” and appease the C-Suite. And it goes without saying that “Call 911/999” is not an effective incident management plan. Because an unbalanced and not thought through solution will not prevent, limit, or stop an attack by a determined attacker. Recently there was a hazmat scare at a large campus and the entire campus was evacuated. There was clearly a skilled operator and quality equipment in place to identify contraband within mail. But was there a robust plan in place to identify what actions to take once an issue is identified? Perhaps there were… I was not there, but it’s something to consider – if there is a system in place to identify a threat, there must be a system in place to manage the threat right through the lifecycle until end of incident.
Texting Syndrome
Now, to the catalyst for me writing this essay-- the “texting syndrome.” I’m getting on in age. I’ve been doing this for a long time and shortly after I was appointed to my first management position back in 1993, I was issued a Motorola “brick” complete with leather shoulder bag. I look at how far communications technology has come since then and how powerful and useful our smartphones are. Yet, conversely, how they are making our field protection professionals significantly over reliant on communications by text, and therefore, less effective than they should be. This manifests itself in various ways and is a result of a combination of a lack of streamlined communications
There must be a system in place to manage the threat right through the lifecycle until end of incident. Call 911/999” is not an incident management plan.
and a lack of self-confidence. And simply not knowing different.
• Lack of Streamlined Communications o Not knowing what to communicate results in a flood of information being transmitted by text. o On the ground security needs to know what to communicate and to whom. ▪ If a protectee is arriving at a venue, really the only people that need to know real time are the advance team waiting to receive; and even then, absolutely no text communications should take place at the time of arrival. o More details/ teams than not, are busy texting when their eyes should be looking for hindrances, threats and potential issues and much of this is driven by a need to “log” these comms. Logging is a tool, not an objective. o Have confidence in your teams and team members or change them.
that crosses all cultures, that when we’re uncertain, or not confident, we look to peers and strangers (social media is built on this) for reassurance and positive feedback. o There’s usually no reason to communicate your every move, your every position and everything that the protectee is doing. o If you’re on it, it’s under control, not everyone needs to know and if they need to know, do they need to know real time (Ask yourself what will happen if you don’t communicate that message)? ▪ If yes, why not make a call or use a radio?
The Crutch
Outside the purview of hostile acts, examining the majority of all other operational mishaps, the reasoning by the team will most often be the same and will somehow blame communications or other technology. “We didn’t have the information, we didn’t get the text, there were too many texts, so we ignore them” and “the scanner didn’t pick up on it” are all too common. If everyone does what they need to do and worries about doing their own job/task, they
will be less concerned with everyone else and there’ll be less communicationrelated mishaps. Human factor is the most important.
Old School vs. Modern Marvels
Cell phones have greatly replaced radios during protective operations. This is a gross tactical error. Yes, there are apps to “simulate” a handheld radio, but these don’t work well during routine operations and will certainly fail you during an emergency. Therefore, my advice boils down to these key takeaways: • use actual radios to communicate real time information; • only communicate what you need and when you need to; • keep your eyes up and keep your cell phone down within arm’s reach for phone calls, when and if needed.
Conclusion
Colleagues, clients, and friends, please remember: the human factor is most important. Humans make decisions. Humans respond to issues. And robust with procedures, humans are most effective at using technology. Technology as a solution is not a solution. Sometimes if improperly used and deployed, it gives a false sense of security. However, if correctly implemented and combined with physical resources, people/manpower, and the right procedures, technology is an effective, and often important part, of a holistic robust solution that will perform when put to the test.
Think of pillars holding up a roof during a storm. If one is weak, the roof will come off or it will collapse on the people inside. But either way, it won’t weather the storm. In the same vein, take a similar approach to develop and maintain a security strategy that is inclusive of all the pillars, takes into account all security functions, and avoid the pitfall of “silo-ing.”
This article was written by Ivor Terret from Enablement Advisors a boutique risk management business providing services to UHNW family offices, multinational corporations and governments. (www.enablement.biz)
