There is no doubt that the shocking breach of physical security at the US Capitol Building, considered one of the most secure buildings in the world, will reverberate and cause discussions on multiple levels for some time to come. There are numerous news articles in which Law Enforcement and Security Experts are calling this event “a catastrophic failure to prepare”¹ and “one of the gravest security lapses in recent U.S. history”². This event is particularly puzzling when you take into account that there appears to have been advance indicators that should have caused security concerns, including a report by the online extremism watchdog group SITE on 29 December 2020 that quoted a right-wing activist saying, “I really don’t care if people break into Congress and drag these politicians out in the streets.” And another video that said agitators “encouraged each other to attend the event armed and prepare for violence.“³ Yet with all of the advance indicators and massing of protestors, the activists were still able to quite easily breach the security of the Capitol Building, gain access to the most secure areas, and cause extensive damage resulting in four deaths and multiple injuries. There will be plenty of reviews and pontification on why this happened and what could have been done to prevent it. This article is not one of them.
As often happens after stunning security events (consider the Parliament Hill Shootings of 22 December 2014) there will be an uptick in security reviews and related discussions and then everything will return to “normal operations”. There will also be those in positions to make important decisions who will say ‘this event has nothing to do with us, we are not a government facility’. Nothing can be further from the truth. It doesn’t matter if you are a “quasi-governmental” organization or a private corporation. This exact type of security event can easily occur to you. The question is what can we learn from these horrendous events and how can we prepare?
What is my Security Strategy?
The first step is designing a security strategy grounded in a true understanding of the threats facing your company and its operations. This should start with a general look at overall threats in your country and industry and then focus more specifically on trends in security incidents that have happened within or around your company. Threats are examined from the perspective of the likelihood of occurrence and the impact to your company should they occur. There are numerous components of an appropriate security strategy including: Governance, Policies/Procedures and Plans, Training and Response. Putting some thought into this question will enable you to make security decisions from a position of knowledge to ensure that security measures in your company lower your risk and enable your company’s operations.
Assessing and Tracking Threats
The recent events atin the US Capitol tragically illustrate what happens when threats materialize into actions. They serve as a stark reminder to businesses around the world of their responsibility to protect their employees in the spirit of “due diligence” and “due care and attention.” Rarely, if ever, do these violent situations manifest themselves without some sort of prior indicators. This underscores the importance of having proper procedures in place to track and assess threats to your employees. These procedures include: Clearly defining what a “threat” is and ensuring that you have the capability to identify and track these threats; Stipulating employee (most importantly security personnel) actions upon receiving a threat; Defining threat assessment procedures and ensuring that appropriate analysis and response to any threats are undertaken.
Security Intelligence Programs
In today’s digital world, there is an abundance of readily accessible information about any given topic or person. The immense growth of social networking in the last few years has added to a rich information bank that is readily accessible to anyone with an internet connection. The challenge today is sifting through immense quantities of information to uncover and piece together the information you require into an intelligence picture that supports your operations. There are several key components of an appropriate Security Intelligence Program, those being: Governance; Clearly Defined Intelligence Requirements; Develop a Collection Plan; Create and Maintain an Analysis Capability; and Dissemination of the assessed intelligence. A comprehensive Security Intelligence Program, one that is either “in-house” or “out-sourced,” should be considered your early warning of any potential direct threats against your organization.
Whether leading a small team or a large, complex organization, the value of good leadership cannot be overstated. This holds true for security organizations, as well. Good security leaders will not only positively influence their security team members to diligently protect their organization’s people, information and assets, but they will also positively influence their organization – and their organization’s leaders – to appreciate and understand the important role that security plays in mission success. A good security leader will display many leadership traits. Among the most important are: knowledge and skills; intelligence and vision; moral courage; interpersonal skills; honesty and integrity; and, institutional acumen. Security leaders are critical in ensuring that appropriate responses are taken to deter and defend against identified security threats, thereby protecting not only your key assets and personnel, but also your reputation.
While the attack on the US Capitol will be the focus of numerous reviews and much commentary, that is not the intended focus of this paper. That event, like many other security breaches, should serve as a reminder for organizations to have a fulsome review conducted of their security program to ensure that the organization is well prepared to identify and respond to any potential security events so that your company does not become a headline that includes the words “catastrophic security failure”.
The ADGA Converged Security Solutions Division, has extensive experience conducting organizational reviews, After-Action Reviews and Lessons Learned Reviews for large government departments and private businesses. We have established and managed Security Intelligence Programs, developed Security Plans and conducted Security Exercises. Our goal is to ensure your security posture. Should you require further information or assistance, we can be reached at firstname.lastname@example.org.