UNBREAKABLE INC.

Apr 1, 2003 12:00 PM, by DONALD R. TURNAGE & WILLIAM F. BOOTH

While the United States government defends itself against terrorism by military means, American corporations employ terrorism defense measures that are more internally focused.

On a corporate level, terrorism is just another security problem, although clearly an attack can create catastrophic results.

In times of heightened alert, corporations should do many of the same things they have always done to keep the working environment safe and secure. The same security principles still apply, but the stakes are much higher.

Planning for a terrorist attack is analogous to a homeowner living in a hurricane zone. Understanding the scope of devastation a hurricane can bring, the homeowner plans ahead by adding safety measures that can decrease the odds of the home being totally destroyed. Likewise, corporations must plan and add security measures designed to lessen the odds of becoming a target; and to diminish the effects if and when they are targeted.

What American Corporations Can Do

Here are some ways American corporations can address terrorist threats and implement a plan to mitigate them in the course of their everyday work.

1. Examine Operational Measures

   Are fundamental security policies and principles written and in place? Are incident management plans up-to-date and functional? An incident management plan is absolutely essential for most corporations.

2. Craft a Good Security Plan

   If a security plan is already in place, it must be evaluated and re-evaluated on a continual basis to make sure it covers every security need that might arise. Security plans need to be updated every two to three years because of company growth, personnel changes, or electronic security changes. Some security devices or equipment may need to be replaced with newer technology. A security plan should follow the philosophy of the business and include well-defined short-term security goals along with intermediate and long-term security planning and goals. The plan should be written by a security manager or director who will be in charge of carrying it out.

3. Seek The Advice of a Security Consultant

   When trying to cover all aspects of security, something may be overlooked. Many companies hire security consultants who either devise the plan with the assistance of the security manager or give advice and guidance to the security manager on what the security plan should cover. Security consultants can also conduct security threat analyses or security surveys. An analysis will identify deficiencies in the present security configuration and offer recommendations for improvement.

4. Conduct Employee Background Checks and Know Who is in Your Building

   One of the most critical areas of vulnerability to corporations is in the area of employee background checks. Companies must know who is working for them and have confidence that their employees have been properly and adequately screened — especially among contract and temporary workers. Many corporations assume the agency furnishing contract or temporary employees is screening them before assigning them — this is a major mistake. Some of the lowest-paid contract employees — housekeeping for example — are usually allowed unescorted access to all areas of a facility. Adequate time and money must be spent on background checks to ensure a potential terrorist or saboteur does not slip through. Uncontrolled vendors cannot be allowed to roam a facility freely without raising suspicion. A visitor control policy is necessary to help deter this problem.

5. Maintain a Clear, Written Security Policy

   Written policies and procedures are very important in maintaining a secure and safe environment. Senior management must support security policy and procedure for it to be effective. In some cases strict enforcement of a policy may be necessary to ensure its effectiveness.

6. Awareness is Paramount

   It is important for employees to remain “security conscious,” and to have an opportunity to report suspicious observations to a company official. Employee security awareness training helps employees to buy into the security plan. There is no better security measure than having hundreds or even thousands of company eyes and ears looking for and reporting security breaches.

7. Increase Physical Security Measures

   While one of the most obvious steps is to protect personnel, property, and other assets, this step can still be difficult to implement. The perimeter of the facility should be marked and defined with “No Trespassing” signs, CCTV cameras, fences, natural barriers (water, etc.), and intrusion devices, depending on the specific threat level. The same theory must be applied within facilities.

8. Don't Forget the Parking Lots

   When addressing parking security, address the unconventional. General parking should not be allowed within 50 to 100 feet of a building to protect against truck and car bombs. Barriers or bollards may need to be erected to protect critical structures or specific departments within the facility. “No Parking” signs may need to be erected for protected areas and written policies on towing illegally-parked vehicles should be in place to expedite removal of a suspicious vehicle.

9. Turn Up The Lights

   One of the most effective ways to increase security is to improve lighting at pedestrian walkways, parking areas and building entrances. Studies have shown that criminal activity decreases when higher levels of lighting are installed. Proper exterior lighting also makes building reconnaissance a difficult task for potential terrorists.

10. Use CPTED Principles

    Crime Prevention Through Environmental Design (CPTED) principles should be applied to the building and grounds. Some of these principles include trimming trees and shrubbery and removing obstacles to allow an unrestricted view of the grounds by security officers and passers-by. Keeping shrubbery trimmed low eliminates hiding places and helps to keep available lighting unobstructed. The grounds, facility and landscaping should appear to be well cared for and free of clutter and debris. When the building and grounds are left untended, a message is conveyed that management does not care what happens to or at their facility.

11. Be Aware of Your Building's Surroundings

    Neighboring facilities and tenants can just as easily become a terrorist target as your building. Management should be aware of the surrounding facilities and have plans to react should those facilities become a proximate target. For example, if your neighboring facility is a large, well-known oil refinery, questions that need to be answered include whether the facility is upstream, uphill, or upwind from your building. Could bio-hazardous materials, poisonous gases, or other harmful substances escape from the neighboring facility that could potentially cause problems at yours?

It's a People Problem

Corporate management and corporate security should remember that like other security problems, terrorism is a people problem, but the people are different. Terrorists are likely to be highly-trained, well-financed and ruthless. However, they are not superhuman, metaphysical, or supernatural. Remember that the terrorist is looking for maximum chance for success and that no attack will take place without first screening a target.

If proper security measures are in place when this screening occurs, there is a good chance the terrorist will seek another target.

SAFEGUARDING BUILDINGS AGAINST CHEMICAL OR BIOLOGICAL ATTACK

The Lawrence Berkeley National Laboratory at the University of California-Berkeley has released the following advice for building security professionals and first responders to protect and defend facilities from chemical and biological attacks.

Immediate Steps

• Prevent unauthorized access to air intakes and exhausts. The easiest way for a terrorist to quickly contaminate a building with chemical or biological agents is to introduce the agents into the building's ventilation system.

• Secure mechanical (HVAC) room doors to prevent unauthorized access. A terrorist with access to a building's HVAC (heating, ventilation and air conditioning) equipment can quickly contaminate the entire building.

• Secure building plans and HVAC plans from unauthorized access. A terrorist can maximize the casualties from an indoor chemical or biological attack if they have knowledge of the building's ventilation system.

• Develop an emergency response team. Any emergency requires rapid response in a number of areas: evacuation assistance, communication with authorities, etc.

• Plan and practice separate emergency response procedures for indoor and outdoor releases of chemical or biological agents. The first response to an outdoor release should include shutting down the building's ventilation system and closing all doors and windows. In contrast, the response to an indoor release should include evacuation.

Long-Term Suggestions

• Ensure building operators can quickly manipulate HVAC systems to respond to different types of attack. Manipulating the HVAC system can help slow the spread of a chemical agent or can rapidly clear it out of a building. Rapid response can save lives.

• Upgrade HVAC filters and seal gaps to prevent air bypass. Particle filters can remove biological agents from the air handling system. However, the tighter the filter, the more air will try to leak around it.

• Establish internal and external safe zones for people to use during a toxic release. By manipulating (and perhaps modifying) the building's HVAC system, safe areas can be created inside the building when there is an outdoor hazardous release. Also, some external areas near a building will be safer than others during an indoor release.

• Provide separate air exhaust systems for mail rooms and other high-risk locations. Some areas are likely targets for introducing a chemical agent into a building. Isolating the air handling systems from these areas can prevent the agent from spreading throughout the building.

• “Weatherize” the building by sealing cracks around doors and windows. Gaps around windows and doors, and holes in the building shell, allow conditioned air to escape the building, and outdoor air to enter.

For more information from the Lawrence Berkeley National Laboratory, visit http://www.lbl.gov/

THINK LIKE A TERRORIST

Terrorists seek a target that will give them maximum impact. A goal of the terrorist is to incite fear in order to disrupt the sense of stability among large numbers of people. Terrorist attacks may be aimed at destroying property, killing individuals or both.

Terrorist attacks in and against the United States can be placed into four categories.

1. Government and Military Targets. More visible facilities such as the White House and The Pentagon are desirable targets due to their governmental importance. A smaller government facility, while less desirable as a target, might be easier to attack and could accomplish the terrorists' goals.

2. Large groups of American citizens. Large gatherings or large population centers like New York City are enticing terrorist targets. Sporting events, concerts, malls or busy crowded streets can become targets. The terrorists' primary goal is to kill as many people as possible to strike fear into the hearts of the people.

3. Targeted Ethnic Groups. Ethnic hate crimes, abortion clinic bombings, or crimes committed by animal rights advocates fit into this category of terrorist attacks. Certain mail bombings and package tampering may also be grouped under this category.

4. Symbols of American Capitalism or American Icons. The World Trade Center was symbolic of American success, as is San Francisco's Golden Gate Bridge, the Statue of Liberty in New York, and well-known tall buildings like Chicago's Sears Tower. Many American corporations represent the economic success our country has enjoyed and have become American icons of success. These companies may also become targets because of their value to the U.S. economy.

For the Record

ABOUT THE AUTHORS

William F. Booth, CPP, CFE, is president of Risk Management Associates Inc., Raleigh, N.C. One of his responsibilities is supervising the activities of security consultants who perform security threat analyses, conduct training, and criminal investigations.

Donald R. Turnage, CPP, CFE, is a senior consultant with Risk Management Associates, with 34 years of law enforcement and security experience. He specializes in security threat analysis for corporate and governmental clients and has participated in over 100 security threat analyses.

ABOUT THE COMPANY

Risk Management Associates Inc. is a full-service security consulting firm that covers electronic security design, security threat analyses, corporate liability, contract security, and corporate asset protection.

For information, circle the Reader Service number (listed below) or visit securitysolutions.com

Risk Management Associates

13

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue