The Impact of Time - a Back to Basics Approiach

• Content

15 July 2016 | Updated 01 January 1970

Security is a function of time. It is about detecting, recognising, identifying and causing time delay to an adversary to such an extent that something can be done to stop this person from causing harm.

At the most extreme, it is about delaying a gunman, an active shooter, suicide bomber or truck attacker from getting into a building or a public space where he intends to harm the occupants or innocent by-standers; delaying him sufficiently until an armed response can arrive and deal with the individual.

Fraud and cyber

At the other end of the spectrum, it is about delaying a fraudster from slipping away with a few thousand pounds each month by false accounting until a concrete case of evidence can be assembled against them. Most likely though today, it about detecting and defeating a cyber intrusion into your IT systems in time to prevent a major loss of data.

Layers

This time delay is dependent upon creating layers of security. A palisade fence is an obstacle to the advance of a burglar who is seeking to break into a building and steal some of our commercial secrets. The fence will slow him down for a number of minutes whilst he attempts to cut the wire or the mesh. Then he comes up against the next layer of defence: he meets a door which is armoured and alarmed. More minutes pass as he attempts to disable the alarm and penetrate the door locks. During these essential, golden minutes of delay, of course, the criminal will have been detected by the building’s visual surveillance system (VSS) and a security response will be mobilised and already be en route to detain the suspect.

All of these measures are predicated on the fundamental start point of any security system or programme – the threat analysis and risk assessment process. Unless this process is done thoroughly and correctly, at the very beginning, then much investment may be wasted and gaps in defences not covered. This basic risk management exercise consists of five simple elements:

• First, assess your assets – what is it that you are seeking to protect? What are the buildings, facilities, people, machines, warehouses and resources which are crucial to the continuity and outputs of your business? Focus on these first and ensure that they are properly protected. Then work through the remainder of the estate and grade the content accordingly.

• Second, assess the threats – what is the crime rate like in your area? Is there a possibility of an extremist group attacking your plant? Is there a danger of civil disruption on the approach routes? Are there any natural dangers nearby such as a river which may burst its banks during an extreme weather event? Do not dismiss the risk to overall resilience in your security planning – at the end of the day, you are far more likely to suffer a flood or a fire than to experience an visit from either Daesh, Al-Qaida or the New IRA.

• Third, assess your vulnerabilities. Ask where the weak spots are? Is there a dark corner not covered by the VSS cameras or LED lighting? Could a determined criminal ram raid the glass front of your headquarters with a heavy 4x4? If so, you may need some hostile vehicle mitigation systems.

• Forth, assess the risks. Some people often mix up ‘risk’ and ‘threat’. Threats are the things that could go wrong, for example, an electricity failure causes the HVAC breaks down and the servers to overheat. Risks are things that may go wrong but tempered by the chances of the event happening and the impact this would have on the organisation. You may have a backup generator to service the coolers and thus feel that the risk of the servers melting down is very low.

• Five, determine the countermeasures available. Start with the physical things like doors, safes, access controls and detectors. But remember the electronic and cyber measures which are now a key element of converged security strategies. Technology has come a long way in improving sensors, providing clear, evidential standard imagery and there is more to come when robotics and Artificial Intelligence come fully on line.

Finally, based upon the results of the above process, you will conduct a costs/benefit analysis and make your risk management investment decision based on the outcomes of that exercise. All resilience plans begin with this simple, basic process to inform their content.

The risk register and the plan do need updating ever more regularly as new threats emerge and as risks morph due to climate change or other natural phenomena. There is no point in security managers complaining about a lack of investment in security when the evidence and processes which will underpin and justify the funding required are not completed in detail and presented with clarity and conviction!

About SERIFM

SERIFM is spearheaded by TWinFM in conjunction with TriTectus Strategic Resilience Limited. SERIFM aims to create more resilient organisations and assist the FM community to share threat data and exploit new technology. It is the intention of SERIFM to help enable this sharing. Security and Resilience In Facilities Management will provide the ideal platform to help create a highly informed customer, to demand the highest quality imagery from visual surveillance systems, to inform the supply chain of the need for resilience and to highlight new technologies, procedures and tactics as they are deployed and as experience is gained from their use. SERIFM is a not-for-profit group dedicated to leading the fight back against crime and strengthening resilience at a time of reduced national resources.

SERIFM’S inaugural conference will set the UK’s strategic resilience picture as seen through the eyes of the Metropolitan Police, the Cabinet Office, academia and the security services.  The date and location to be advised.

Article written by Jeff Little, OBE | Published 15 July 2016

Share

Related Articles