Monday, 25 July 2011

The Battlefield has changed


War has changed, in Norway this past weekend the enemy came from within - a Norwegian citizen named Anders…

War was fought on the battlefields, in some far-off land to defend our countries and our principals.  The battlefield in our mind was an open field with soldier verses soldier, tank verses tank, the good guy verses the bad guy. We knew our enemy – they were the men in the other uniform. Our armies and soldiers trained for months, each unit specializing in various weapons and methods of attack. Some were snipers, some were tank drivers and others were explosive experts – today that has all changed, today the enemy is one of our own, born in our country, went to our schools, studied in our universities, worked in our industries and wearing “our” uniform. His training and expertise is from sitting in one place in the privacy of his home learning from the internet and he can choose the battlefield to be in our streets, our homes, our places of work or our public transport.

This change in the battlefield and the transformation of the enemy encourages us to look at how best to protect our civilians; we can no longer only determine the threat as an organization or group – but rather the weapons that they could use and the likelihood of the enemy choosing a specific weapon. The attacks in Norway on the 22 July 2011 were perpetrated by a Norwegian citizen with a Norwegian name – his weapons of choice were a car bomb of a few hundred kilograms made up of fertilizer and diesel fuel and an automatic rifle. With these two weapons he was able to murder more than 90 people and injure at least 100 more. In a country with a population of only five million; this was Norway’s “September 11th
The damage to the government buildings in Oslo was immense, business continuity was affected and the psyche of the Norwegian people was impacted.

The 2011 threat analysis written by the Norwegian Police Security Service (PST) based on Intelligence correctly reports that the threat of a terrorist attack is low, however we can no longer protect our citizens and communities by intelligence alone, we need to study the attack methods of this relatively new type of enemy and use physical security solutions and elements to mitigate the risks. We may not be able to prevent the attack but through the effective integration of protection into the designing of new buildings and upgrading the security of existing buildings, we will be able to mitigate the consequences. Sensitive installations like government buildings and complexes should have adequate physical protection methods which will not only lead to a more robust security but also create a deterrence which can prevent an attack.





The first step towards a safer society is to commission a threat and risk analysis. A threat and risk analysis quantifies and measures the actual threat and risk levels and thereby determines the vulnerability of an organization, building, community center, campsite and population. A threat and risk analysis should typically result in better understanding the challenges and protection requirements; the basis for the protection recommendations and the guide to planning and prioritizing protection measures.

There are many reasons to commission a threat and risk analysis study, but this should and must be the first step to understanding the level of the current protection and vulnerability. A threat and risk analysis will tell the following:
·         Which threats are relevant to the facility and how seriously they should be taken
·         For each of the threats, what are the risks to people and buildings and the continuity of business
·         The vulnerabilities in the current physical security (the building), technology or procedures
·         In which priorities the vulnerabilities should be addressed
·         Perfect vs. Practical protection – How one can improve protection within a budgetary framework.

The Norwegian Threat assessment by the Norwegian Police Security Service (PST) was written some time in 2011 prior to the attacks of 22 July 2011. The assessment refers to terrorism and although it focuses mainly on Islamic extremism, it also covers extreme right wing threats and national extremism which at the time of the writing of this article seems to be the motive for the alleged terrorist.
The analysis states the following:
 “As in previous years, the far right and far left extremist communities will not pose a serious threat to Norwegian society in 2011. However, we have seen an increase in the level of activity within some of these groups during 2010, and some factors may increase this further. If strong leaders emerge in the far right extremist community, this could contribute the strengthening of recruitments to such groups. A stronger bond between Norwegian and foreign far right extremists could also contribute to the radicalization of some groups within the community. Furthermore, the activities of anti Islamic groups could cause confrontations which could contribute to an increased use of violence within far left extremist groups”.



Having intelligence on an actual terror group or organization is not what will determine the protection solutions of the building; it is what means the terrorist chooses to carry out the attack e.g. a car bomb, a placed explosive, a suicide bomber, CBRN and many various other means. We all know they have the intentions – the questions however are which threats are relevant, what are the motivations for an attack, what are the chances of the terrorist succeeding, and what weapons will the terrorist choose to use? In order to evaluate how a terrorist decides on his weapon of choice (the threat) we need to assess various criteria. Suggested criteria could be how easy it is for the terrorist to obtain a weapon, the operational ease and utilization of his chosen weapon, how easy will it be for the terrorist to perform reconnaissance and gather information and how vulnerable and attractive is the target.

The risk (consequence) analysis measures the risk once the attack has been perpetrated, basic criteria relating to the consequences would be damage to the building and the potential of it collapsing, the amount of casualties, the recovery rate, the psychological impact on the citizens and the economic and political consequences.

The above criteria are then analyzed and graded. The grade will represent the level at which the specific threat scenario is considered a risk to the site and will in turn ensure cost effectiveness by defining protection recommendations through examining the expected outputs.

A threat and risk analysis will typically include:
1.      Meeting with local security services to determine the relevant threats for a facility
2.      Collecting data during site visits and interviews. In particular physical and budgetary constraints are identified and discussed
3.      The risks represent the consequences for the structure, people and business once the threat has been carried out, and will be determined as a result of the combined experience of the physical security/blast mitigation consultant and computer modeling and simulation of the threat
4.      Through a system of statistical analysis and weighting, and building on extensive knowledge of the consultant - the list of vulnerabilities in the current facility, systems and procedures will be identified and prioritized.
5.      A detailed report will be written and presented which will summarize these findings. This reports will be the basis for the development of a work plan and budget to implement security recommendations




One of the key advantages to a threat and risk analysis report is its ability to relate to a group of sites where the cost of fully protecting every individual building is prohibitive. By relating to the region as a whole, a threat and risk analysis project allows the highest risk areas to be identified and addressed.

The outcome or objective of the threat and risk analysis is to provide recommendations that maximize the protection of buildings, people, business continuity and integrity while still providing functionality and usability.


 We might not be able to stop the bomb from exploding, but we can certainly mitigate the results

Sunday, 26 June 2011

National Planning for Critical Infrastructure Protection


CRITICAL UTILITY INFRASTRUCTURE


Critical infrastructure may differ from country to country and state to state however they all have one issue in common, they all are obliged to ensure that in adverse conditions such as extreme weather and natural disasters or terror attacks, they can continue to function. Safeguarding critical infrastructure remains a challenging task and threats against critical infrastructure usually cannot be prevented, however damage and risk can be mitigated through cost effective and realistic countermeasures

Security solutions and design

Our security solutions and designs include the following: 
§
  • Blast mitigation 
  • Reinforcing and monitoring of pipe lines, pumping stations, cabling systems, antennas and all other critical elements  
  • Protection from land and air attacks 
  • High technology integrated security systems including long range CCTV cameras, radar, energy systems and communication 
  • Monitoring of perimeter and yard areas 
  • Trained and motivated security officers 
  • Fast deployment 

MIP Security personnel have undertaken surveys, threat and risk analyses, the security design and implementation for a wide range of infrastructure utilities across the world including gas pipe­lines and storage facilities, electricity stations, substations and pylons and other hazardous materials facilities.

Critical facility protection projects include:
·         Threat & Risk analysis reports for major HAZMAT farms.
·         Physical security study and detailed design for gas con­tainers, pipes and facilities
·         Managing live explosive testing of protection designs for gas pipes and other flammable fuels.
·         Physical protection systems design for electric power supply pylons, including detailed study, conceptual tests, and design and project implementation.

HOSPITALS
Hospitals have particular security concerns in addition to the general safety of the site. These concerns include the pro­tection of hospital property and assets including drugs, the protection of patients including incapacitated patients, the protection of staff, and the safe control of violent or unstable patients. Hospitals are usually vulnerability to damage from terrorism because of their proximity to sensitive targets, or because a hospital is a high profile building with an important role in the public health system.


CASE STUDIES
FUEL STORAGE FACILITY - USA
The MIP Security team was commissioned to perform a Threat and Risk analysis and to design protection for fuel storage facilities in the USA which supply jet fuel to one of the major airports and were subjected to terror threats after 9/11. The analysis took into account the characteristics of the protected facility, deriving a variety of pos­sibilities for an attack and estimating the vulnerability of the facility.

Aspects taken onto consideration included:
·         The terrain of the facilities
·         Security systems and security forces
·         Procedures and operations
·         Operational characteristics such as visitor flow, number of employees and vehicles
·         Possible methods of attack and lessons learned from past attacks


NATIONAL HOSPITAL SURVEY AND CONSULTATION - ISRAEL
Due to the very real threat of a missile attack on the civilian population, the Israeli Home Front command commis­sioned MIP Security personnel to undertake the task of survey­ing hospitals in the centre and south of the country and providing recommendations for the safety and security of each individual hospital during an attack.

Although recommendations included the upgrading of the physical security of each hospital, the main objective was to design safe areas for hospital patients and staff in case of an attack. This included surveying each hospital physically as well as the architectural drawings, meeting with hospital personnel and eventually providing each hospital with a detailed color coded floor plan highlight­ing the relative safety of all areas.


www.mipsecurity.com

Thursday, 19 May 2011

The protection of Synagogues, Jewish Schools and community Installations


Security and the protection of Jewish institutions has been a serious issue for the leadership of communities for many years. This is mainly due to the fact that the threat to a community touches every element in the community's existence i.e. education centers, synagogues,  private homes and even businesses owned by members of the Jewish community.   The fact that Osama Bin Laden has been assassinated by the USA increases the chances of a revenge attack on western targets worldwide with a strong possibility of community installations being a potential target.

The history of security issues in religious and community institutions goes back many decades, but, whereas in past the issues were more concerning the serving as a refuge or Safe Haven for the community when their neighbors or armies came passing by to carry out ethnic cleansing or racial discriminatory attacks; in the more modern era, the institutions have been targeted in a more "Terror" like scenario. This has been caused not only because of the "upgrading" of professionalism of the terror organizations (e.g. the Beslan school hostage crisis), but even more so because of the Jewish institutions becoming a legitimate target in the war against the western world and those that support the western world.  This can clearly be seen by the attacks on every continent of the globe against almost every religion, race and creed.
This has brought us to a situation where besides the 'usual' attacks, that in most cases range from graffiti through to stone throwing and arson. The communities now have to deal with the possibility of full scale terror attacks.

When dealing with attacks from the terrorist potential arsenal communities are facing a completely new problem and many are still struggling with how to deal with these serious concerns.  
Most communities have approached their local authorities for assistance but in most cases, even if willing, they don't have the knowledge or capability to provide adequate assistance. In other cases, certain measures of security have been implemented.
Communities around the world, have, throughout the years, focused on having either commercial security guards or volunteers from the community standing outside the institutions providing some level of security but those, although being a countermeasure for the earlier generation of attacks, are not sufficient for the new era attacks, this is especially true when it comes to large scale attacks such as car bombs. In several communities though few in numbers attention has been given to limited physical security measures like bullet proofing elements such as windows; and installing security systems, such as alarms and surveillance cameras.
In many of the cases, the feeling in the communities who have invested in physical security is that there is no assurance that the invested money was well spent.  The question that should be asked is: 'You have "security" but are you secure?'
Other Jewish communities, mainly in European cities, South Africa and Australia, have begun to take a more serious approach to dealing with security issues by using specialists to assist them in building communal security groups and protecting their installations. To date, there are a growing number of ongoing protection projects of schools, houses of worship and community centers. In these communities a new construction project of an installation will usually involve a Security and protection consultant, from the early stages of the project. These communities have come to an understanding that the cameras and commercial guards will probably not be enough to prevent or even mitigate the consequences of a serious attack.
In addition, in several projects an appropriate project plan, showing the seriousness with which the community takes the security threats has brought the local authorities to offer budget assistance or assistance in gaining approval for physical changes to the buildings. 

Why are communities not protecting themselves?
The main reasons that the majority of the communities have not invested in physical security seems to be budget constraints and also the lack of advice on what to focus on. Most communities are not aware of the fact that the budget issue becomes much less of a burden when constructing a new building. In recent projects in communities around the world it is clear that a good level of security can be achieved with limited additional cost if the security issues are addressed at an early stage. The earlier the security issues are addressed the higher the protection level that will be achieved and the lower the budget required.    
When it comes to protecting houses of worship, one of the problems is that many are centuries old, and even though the desire is to better protect the building and its occupants, it’s often unacceptable or even illegal to alter their structures with the addition of physical security elements. The requirement for a welcoming and open environment is often at odds with the levels of security that are required.
We recognize that it is necessary to provide innovative security solutions for protecting these facilities. The buildings are often empty for hours or days at a time, and then there is a sudden influx of hundreds of people for prayers or an event that is well known to a potential assailant. Many of the guests may be members or known to the community, whereas others will be friends of members or even complete strangers. It’s typical for the entrance and screening facilities to have to allow for the smooth entry of up to 2,000 people within half an hour.
Furthermore, where physical protection is necessary, places of worship often provide challenges to security planners due to their unique architectural features. The most common feature is often the extensive use of stained glass, which is highly susceptible to fragmentation (therefore causing severe injuries at the time of an attack), but does not lend itself to standard methods of blast protection. An example of the extent of the damage caused by this type of window was clearly seen in the Istanbul synagogue attack in 2003.
North America Jewish communities
The North American Jewish communities who are investing in some type of security are most of the time relying on CCTV and commercial guards which usually provides a secure feeling but does not provide the actual security required. The issue is even more serious when taking into account the fact that in the past few years, installations and individuals in the streets, community centers and education campuses (including students in universities) have been the target of attacks.
The fact that Osama Bin Laden has been assassinated by the USA and that the main terrorist organizations have declared the United States as one of their prime targets should raise concerns of linkages to community assets. This unfortunately may bring with it an increase not only of the possibility of an attack but in its level of severity as well.
This lack of action from the North America communities is highlighted especially when you see what is being done in other countries. In Australia, although there is less hatred and terror related incidents; various communities are putting in a lot of effort and funds to provide better protection to their members.
This certainly should be addressed by the leadership of communities in the USA


Wednesday, 18 May 2011

Why Hire a physical security consultant?


In order to answer the title to my article, I firstly need to define exactly what physical security is… according to Wikipedia – “physical security describes measures that are designed to deny access to unauthorized personnel (including attackers) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts”.

Physical security is NOT a large burly man growling at people as they try to enter an installation, although once the full picture of security is analyzed, the actual security guard is an important factor as well.

Now that it is clear as to what physical security is, the question remains, why hire a physical security consultant? – There are many methods today to protect ones business, assets, home and oneself. There are many solutions such as various building methods and materials, forced entry resistance, blast mitigation, CCTV and motion detection and security guards. The amount of companies selling all these “products” are endless and each company promotes their products and services promising the most advanced systems and technologies.  Many of these companies are fly-by-nights, and many are top organizations selling high end security solutions and elements. However, their main objective is to sell as many of their products as possible. For the end user the choices are endless – The salesman will arrive at your premises, he will do a brief walk around and advise as to which is the best system to use, however he is a salesman and his goal is to sell his product. This is not to say he is dishonest, it is just that his “closing the deal” is more important than your budget and your protection.

You now have all your security elements in place; you have CCTV in every corner of the building, all doors and windows can be locked, the perimeter of the premises has all the best products and your guard at the entrance is controlling who enters/exits the premises. However you have to ask yourself the following questions:

·         What am I protecting myself against, what are the threats?
·         Are the threats realistic?
·         Have I purchased the correct products?
·         Are the security elements installed correctly and will they work?
·         Is there a correct balance between the physical, technological and human domains?
·         Have I used my budget correctly?
·         Could I have been better protected and spent less money?
·         Do my premises now look like a fortress?
·         Is my business, staff, clients, building secure?






MIP Security’s aim is to provide our clientele with holistic security that is efficient, cost effective and yet does not interfere with the aesthetics of the premises and the individual objectives of each one of our customers businesses.  Whether in the public or the private sector, there are never sufficient funds to cover all the security requirements. This means that the main obstacle preventing the increased protection level of businesses, institutions and buildings is the financing. 

The only way of determining priorities and allocating the funds is an empirical method of analyzing the threats, the sites and the consequences of any decisions made.
The question that must be asked is whether the security measures in place provide relevant security for relevant threats. In too many cases, those responsible for security budgets or operations can demonstrate all the elements and procedures that have been put in place.  They are unable, however, to describe the specific threat scenarios that the security is supposed to address, why those threat scenarios were chosen and in what way the security mitigates or prevents the threats.

Stages in our methodology include:

Data collection
·         Determine the relevant threats and their likelihood of occurrence
·         Determine priorities within the site
·         Collect demographics of the site

Site Survey
·         Human resources and procedures
·         Technology
·         Construction and physical elements

Analysis
·         Determine vulnerabilities
·         Risk assessment

Reports
·         Recommended countermeasures
·         Prioritized budget
·         Comparative costs for counter measures

Implementation
·         Technical specifications and design drawings
·         Manage and oversee implementation of accepted recommendations

Training
·         Training management, staff and security personnel in all aspects of security including procedures, case studies and scenarios (red teaming)

In conclusion

MIP Security has developed a methodology to support the decision-making process for security enhancement projects.  Use of this methodology has resulted in quantifiable benefits for our clients through the avoidance of unnecessary investments and by ensuring that funds are allocated in the most appropriate and cost-effective ways.


www.mipsecurity.com