The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Sunday, 22 September

The Impact of Time - a Back to Basics Approiach

Security is a function of time. It is about detecting, recognising, identifying and causing time delay to an adversary to such an extent that something can be done to stop this person from causing harm.

At the most extreme, it is about delaying a gunman, an active shooter, suicide bomber or truck attacker from getting into a building or a public space where he intends to harm the occupants or innocent by-standers; delaying him sufficiently until an armed response can arrive and deal with the individual.

 

Fraud and cyber

At the other end of the spectrum, it is about delaying a fraudster from slipping away with a few thousand pounds each month by false accounting until a concrete case of evidence can be assembled against them. Most likely though today, it about detecting and defeating a cyber intrusion into your IT systems in time to prevent a major loss of data.

 

Layers

This time delay is dependent upon creating layers of security. A palisade fence is an obstacle to the advance of a burglar who is seeking to break into a building and steal some of our commercial secrets. The fence will slow him down for a number of minutes whilst he attempts to cut the wire or the mesh. Then he comes up against the next layer of defence: he meets a door which is armoured and alarmed. More minutes pass as he attempts to disable the alarm and penetrate the door locks. During these essential, golden minutes of delay, of course, the criminal will have been detected by the building’s visual surveillance system (VSS) and a security response will be mobilised and already be en route to detain the suspect.

All of these measures are predicated on the fundamental start point of any security system or programme – the threat analysis and risk assessment process. Unless this process is done thoroughly and correctly, at the very beginning, then much investment may be wasted and gaps in defences not covered. This basic risk management exercise consists of five simple elements:

  • First, assess your assets – what is it that you are seeking to protect? What are the buildings, facilities, people, machines, warehouses and resources which are crucial to the continuity and outputs of your business? Focus on these first and ensure that they are properly protected. Then work through the remainder of the estate and grade the content accordingly.

  • Second, assess the threats – what is the crime rate like in your area? Is there a possibility of an extremist group attacking your plant? Is there a danger of civil disruption on the approach routes? Are there any natural dangers nearby such as a river which may burst its banks during an extreme weather event? Do not dismiss the risk to overall resilience in your security planning – at the end of the day, you are far more likely to suffer a flood or a fire than to experience an visit from either Daesh, Al-Qaida or the New IRA.

  • Third, assess your vulnerabilities. Ask where the weak spots are? Is there a dark corner not covered by the VSS cameras or LED lighting? Could a determined criminal ram raid the glass front of your headquarters with a heavy 4x4? If so, you may need some hostile vehicle mitigation systems.

  • Forth, assess the risks. Some people often mix up ‘risk’ and ‘threat’. Threats are the things that could go wrong, for example, an electricity failure causes the HVAC breaks down and the servers to overheat. Risks are things that may go wrong but tempered by the chances of the event happening and the impact this would have on the organisation. You may have a backup generator to service the coolers and thus feel that the risk of the servers melting down is very low.

  • Five, determine the countermeasures available. Start with the physical things like doors, safes, access controls and detectors. But remember the electronic and cyber measures which are now a key element of converged security strategies. Technology has come a long way in improving sensors, providing clear, evidential standard imagery and there is more to come when robotics and Artificial Intelligence come fully on line.

Finally, based upon the results of the above process, you will conduct a costs/benefit analysis and make your risk management investment decision based on the outcomes of that exercise. All resilience plans begin with this simple, basic process to inform their content.

The risk register and the plan do need updating ever more regularly as new threats emerge and as risks morph due to climate change or other natural phenomena. There is no point in security managers complaining about a lack of investment in security when the evidence and processes which will underpin and justify the funding required are not completed in detail and presented with clarity and conviction!

 

About SERIFM

SERIFM is spearheaded by TWinFM in conjunction with TriTectus Strategic Resilience Limited. SERIFM aims to create more resilient organisations and assist the FM community to share threat data and exploit new technology. It is the intention of SERIFM to help enable this sharing. Security and Resilience In Facilities Management will provide the ideal platform to help create a highly informed customer, to demand the highest quality imagery from visual surveillance systems, to inform the supply chain of the need for resilience and to highlight new technologies, procedures and tactics as they are deployed and as experience is gained from their use. SERIFM is a not-for-profit group dedicated to leading the fight back against crime and strengthening resilience at a time of reduced national resources.

SERIFM’S inaugural conference will set the UK’s strategic resilience picture as seen through the eyes of the Metropolitan Police, the Cabinet Office, academia and the security services.  The date and location to be advised.

 

 

Article written by Jeff Little, OBE

Share



Related Articles

The End of Innocence

The attack in the French city of Nice has brought a new dimension to Euro-terrorism. There are three characteristics of this contemptible deed which are worthy of...

 Read Full Article
The Magic of Resilience

Since the BREXIT option was selected democratically by a majority of the UK population, the word ‘resilience’ has been used widely and frequently by both...

 Read Full Article
Istanbul Attacks - Another Lesson to be Learned

In light of the dreadful attack on Instanbul's Ataturk airport, SERIFM's Jeff Little says we need to stop with the referendum blues and party squabbling and start...

 Read Full Article
A Lack of Situational Awareness in the Information Age?

We live in the so called information age. Numerous communication means are now open to us. And yet still, when things do go horribly wrong, organisations are utterly...

 Read Full Article
Cyber Security Awareness Training a MUST for All

Each and every security magazine or website I read further lowers my morale with regard to the risks associated with cyber crime. Every single employee or manager who...

 Read Full Article
Stormy Weather Ahead for UK Resilience Resources?

There can be few who can continue to deny the existence of climate change. Higher sea levels, regular flooding, the frequency of extreme weather events and sea...

 Read Full Article
Uprising - Stretched Services Can't Cope

Wednesday’s announcement that the threat level on the UK mainland from Northern Ireland related terrorism has been raised from ‘moderate’ to...

 Read Full Article
Stop Letting the Guard Down

The government is urging UK businesses to protect themselves from cyber criminals following government research showing two-thirds of them suffer from cyber breaches or...

 Read Full Article
WannaCry - Don't...Just Learn the Lessons

Earlier this year, ransomware took centre stage in one of the largest outbreaks ever, hitting a huge number of companies across the globe, writes Ravid Circus. There...

 Read Full Article
Ransomware - the Protection Racket

ThisWeekinFM has been making a racket about Cyber Security because vulnerabilities are exploited at a personnel and personal level - where FM's should have some...

 Read Full Article