Monday, December 05, 2005

So you want to be an investigator

Seen some old reruns of Magnum PI or VIP and suddenly being an investigator seems like a great career. Well it can be, but not for any reason that may be found in these TV shows. Investigations - private or public - tend to be a lot of legwork, thinking, talking, and most of all listening.

There are all kinds of investigations and investigators. On the public side are those in law enforcement, inspector generals, background investigators, and the like. Out in the world of private employment there are many different types of investigators; however each of these various jobs require nearly identical skills. So how does one become an investigator and how do they become an exceptional investigator?

For the most part, it really doesn't matter whether you are investigating a theft, an arson, or someone's background because the foundation skills are pretty much the same.

Think of it this way: An investigator is responsible for telling a story, as factually as possible. According to Sennewald there are two kinds of investigations. One attempts to reconstruct an event and explain it factually and the other attempts to uncover illegal activity. Clearly the first one is purely reactive; a homocide is committed and it is investigated. The second may be somewhat reactive but it may also be proactive; much like the efforts of Anti-crime police units or integrity shops in retail environments. So that's the big picture, but what kinds of skills does it take?

A good memory, notetaking skills, strong observation skills, and reasoning abilities (deductive and inductive). Inductive reasoning? Well it's the opposite of deductive reasoning. Deductive reasoning is often explained as the moving from the general to the specific. Inductive would be from the specific to the general. For a few examples to better describe this go here, here, here, and here.

How do you get these skills? There are many ways. Clearly the best known way is probably to work for the government and attend an academy - local or state police, FLETC, or the FBI Academy. However it is also possible to get there other ways, especially if you have no interest in being a police officer. Some companies offer training - formal or on-the-job - and some states require specific training before allowing licensing as a private investigator. But if you just want to drive yourself to being better - that is always striving to keep the edge sharp - there are training programs available.

Quite possibly the most important skill of an investigator is the interview, either the informational or the admission-seeking interview. The Reid technique is taught by Reid Associates and Wicklander-Zewlawski, and Wicklander is quite likely the standard for retail interviews. I am, however, biased since that's where I learned to interview (special thanks to Shane Sturman whose advice and guidance over those two days were invaluable). There are other methods and there are a large number of books available on the topic. Investing time in these books - and lots of practice - will pay off.

There are other helpful programs. You know I'll mention those by the IFPO. They offer the Certified Protection Officer, Security Supervision and Management, and a new program - Crime and Loss Investigations. There are other programs out there and it never hurts to do a little, dare I say, investigation to help you get what you need. There are also many books on the general topic of investigations such as Chuck Sennewald's The Process of Investigation and Dempsey's Introduction to Investigations.

You can also begin to build your skills by seeking employment (part-time can be as helpful as full-time) with private investigators, retail security departments, forensic accounting firms, or even investigative reporters.

The key to investigations is knowing what the "standards of evidence" are for whatever you are looking into at that time. The government has rules for what information is needed to "prove" a crime, and companies have rules as to what is acceptable for disciplinary actions. Know what information you need. Just keep these three questions in mind: What do we know? What don't we know? What do we need to know?

More later..

Tuesday, November 22, 2005

'tis the season... For evil holiday ELF's

This Washington Post article reminds of the radical environmentalists. Now that may not be a bad thing if you're a supporter of the movement, but the those who thought their house would be completed soon it's definitely a disappointment.

So there may be an active Earth Liberation Front (ELF) cell in the western Maryland area or maybe one that has migrated here. We'll just have to wait and see how the investigation progresses...

If you want a better idea why this sort of thing happens read this document, or at least the philosophy section at the beginning.

The Earth Liberation Front is the newest re-radicalization of the environmental movement. There's a nice little history piece here, and another piece here. I tend to lead folks back to my own paper on the topic because it's just not healthy to try and understand today's environmental movement separately from the animal liberation movement.

Back to this issue, though. The largest issue in dealing with the ELF, or Earth First! for that matter, is the anti-organization design of leaderless resistance. For those that don't know about it it works like this. Someone, or someones, write a set of guidelines, manifesto, rules, mission statement, or similar ideological document that spells out what is acceptable conduct. Sounds like any other organization right? Now it gets sticky. Then these someones say that anyone that does stuff (legal or otherwise) that forward the goals, while abiding their conditions on conduct, can claim to be members. That's it. No leader - just an ideology. Now there's quite a bit of discussion as to where this all started and some put the beginning with the white supremacists after the American Civil War. I don't know when it started but I know it is extremely popular now. Wanna know why? Consider this. The easier it is to track people and activities to establish criminal wrongdoing then the more likely a leader will be arrested, killed, or otherwise destroyed from a credibility standpoint. Once you take away the leader you eliminate two things. One, the "Cult of Personality" that tends to exist around this sort of movement. Once that personality is removed the movement crumbles - so no leader = no target - but an idea can live on and on and on. Especially, it seems, the bad ones. The second thing that is removed is a clear definition and understanding of the adversary. How big is it? Who is in it? Etcetera, etcetera... Poof! We now have the makings of an underground guerilla army, or at least a core cadre of high-energy folks that are able to present the image of a larger force.

You see this organizational model works well against a democracy (or a republic in our case) that prizes its freedom of speech, but despises criminal acts of property destruction. It works well because it allows the "aboveground activist" to talk the talk and make veiled threats while not committing any clear criminal act. The "underground activist" then carries out acts of destruction to follow-up on those threats. What makes this pretty neat is the real lack of direct communication between to the two elements. The abovegrounders tell us how morally reprehensible we are and the undergrounders attack us. Sound familiar? Anyone British here? Sounds far too much like the old Sein Fein - IRA (Irish Republican Army) model. Maybe it's time we called it what it is, the way it is.

Maybe we are all too afraid of sounding callous and insensitive. Are we? If so, we as a society will ultimately lose. We must be prepared to say that regardless of how much we might like to see the environment left the hell along, it is wrong to commit acts of property destruction. Period. End of story. If we were all so environmentally concerned then we would donate tons of money to groups to buy the land that we won't protected. Maybe PeTA would have been better off not spending nearly $50,000 dollars on the criminal defense of Rod Coronado (Earth First! and ALF operator) rather than on showing people better ways to care for animals. There I said it. I'm a security guy by trade and by belief. If you don't think homes should be built somewhere then get out there and generate support and take legal action. If an eighteen year-old can be elected Mayor by write-in vote then many well intentioned activists can stop a construction project.

I'll step off the soapbox now. It's important to understand how these groups work as well as what they really want from you. Americans like the rebel, but this is the wrong rebel to cheer.

Monday, November 14, 2005

Bad (domestic) Intelligence

Let me begin by saying that from this article we just can't know the whole story, but it certainly sounds bad for the FBI. For those of you that haven't been around this blog before I've posted on both (here, here, and here) and operations (here). I have also presented a background piece on Eco-terrorism in the U.S. that discusses the philosophy of the environmental and animal liberation movements and traces their development and tactics over the years. If you're more interested in Intelligence then I have a paper for you as well that discusses intelligence operations in the private sector.

Since these topics are near and dear to me let's discuss this a little. The FBI arrested the wrong person, released him, and will be paying for their mistake. There must be more to the argument, because it's generally rare that damages are paid when the wrong person is arrested. Why it sounds as though they may not have had probable cause. So how then did they decide that this was the right person to apprehend? I generally do not criticize law enforcement if I wasn't right there (I dislike those that tend to second-guess my efforts without realizing they weren't there); however this doesn't seem to be a decision that had to be made in the heat of the moment - so why the mistake?

It looks like the error was with bad intelligence or at least a poor interpretation of the available intelligence. Concerns from civil liberties groups over the Patriot Act and domestic intelligence gathering have been on-going for many years. These concerns predate the Patriot Act with the COINTEL (Counter-Intelligence) activities of the FBI from years past. We in the U.S. do not take too kindly to being spied on by our own government; however it is necessary whether we like it or not. Another recent episode in this matter deals with the Denver PD intelligence files which were found to have a couple of serious flaws. First they were never purged - that's right files were maintained for indefinite periods of time, and second they information on activities that are protected under the first amendment - things like legal protests.

One may have thought that an important lesson was learned from the COINTEL days... Maintaining extensive dossiers is inefficient and often counter-productive. I know from a very limited experiment. These files are cumbersome, time-consuming, and just don't provide much predictive information. Sure you feel like you 'know' your target, but you really don't know them. Anyway, it appears that a decision may have been made based on a similar "belief of knowledge."

So the FBI screwed up. Is there a threat posed by the Eco and animal liberators? Absolutely. Read my paper on the movement. The important thing to remember is that each new generation builds their beliefs where the last generation left off. What this means is that the Sierra Club wanted to preserve park land, but today's Earth First! and Earth Liberation Front want to restore the world to how it looked before the industrial revolution. While I find it intriguing to consider a time when we lived in greater harmony with the environment, I recognize that without excess agricultural capacity and the ability to store and preserve this excess we would be living one year to the next - just like the real old days. Regardless of my own beliefs on environmental impact, I find the use of violence, or the threat of violence, to reach one's goals to be reprehensible, and worthy of our efforts to defeat it. Will mistakes be made? No doubt. Should remuneration be made? When it is appropriate. Why?

To answer that we need to consider the writings of Carlos Marighella's Mini-Manual of the Urban Guerilla." While avoiding a discussion on why his techniques ultimately fail, it is important to understand one very important concept. The insurgents act against the government only. The government, being unable to discern between guerilla and general population, cracks down on the general population. This in turn drives support to the insurgent movement. Rinse and repeat! Eventually the government's oppressive actions destroy their legitimacy with the population. So will mistakes be made? Yes. Should the government try to make those wrongfully caught up in the process whole again? Yes. We as a population must not forget that the target is, and must always be, those that use violence or the threat of violence to attempt to achieve their goals.

Thanks for persevering to the end.

Friday, November 11, 2005

Veteran's Day 2005

Please take a moment and consider the sacrafices over the years that have secured our blessings of liberty.

Here are a few interesting links in no particular order:

From the Department of Veteran's Affairs

From Wikipedia

Voice of America

Information from the Census Bureau

From the U.S. Army


Tuesday, November 08, 2005

Hurricanes, earthquakes, mudslides, flooding - Natural Disasters - and contingency planning

Mother Nature has a nasty, nasty temper as was clearly demonstrated by the last few months around the world. So what does all this mean for security? Business Continuity Planning? General preparedness? LOTS!!!

We, that is our industry (and probably most every business planner), learned a lot about how mass evacuations - or the lack thereof - affect BCP and Disaster Recovery (DR) plans. Your plan might have been great, right until it ran into everyone else's plan (and the odd hundred thousand without a plan).

Fundamentally speaking, it's no longer good enough to have a plan, rehearse the plan, improve the plan, and keep it current. Now you have to coordinate your plan with the plans of the local and state governments. Will you still try to shelter in place? Or, will you shift operations to another regional center and just pack up and go as early as possible. It's all about cost, right? Well consider the cost of if you tried to stay in New Orleans. It took quite some time before fuel and food arrived... How much do you plan to store? How will you deal with any looters and vandals that might remain behind?

It may just be better to contract the services of a remote hotsite provider such as Recovery Point Services. There are many others and there other options similar to this as well. In some instances, funds permitting, it may just be best to "get out of Dodge." Other times it may not be possible to do so - or to continue operations remotely. Then it may just be best to be sure your Business Interruption insurance is up to date and that you have coverage for natural disasters; not to mention how much coverage that actually is.

Plan carefully and make sure your plan blends with those around you.

Don't neglect to also develop a return to normal operations plan. How will you go about getting back to your old location, or when will you start looking for a new one? What has to moved first and when is the best time to do that? Etc. ad nausium.

Good luck.

Sunday, November 06, 2005

CRASH!!! - Auto accidents

Just a little deviation from the normal sorts of posts.

On Saturday night I, once again, witnesses a car accident. Not a bad one in terms of injuries, but an accident. My wife and I had just left a restaurant and were in the upper left section of a "T" intersection preparing to turn right - down the "T". The car in front of us turned right but the vertical section of the "T" had three lanes, two heading toward the intersection (up the T) and one heading away (down the T). The car in front of us turned into the middle lane, which is the left-hand turn lane, and hit a car coming toward the intersection head-on. I parked on the shoulder and got out to help. So here are a few thoughts on handling vehicle accidents...

First, it is important to follow your local laws and the direction of your insurance company's and/or attorney's direction and guidance. With that said remember that personal injury and health are the most important issue immediately after the accident. Make sure you are ok, and then worry about others. Keep yourself safe whenever you attempt to check-on or help others. It's the same way with professional rescuers - there's no point in getting yourself hurt and making yourself another casualty. So assess the situation quickly and determine if anyone is hurt and call for help. Try to get the contact information from not only the others involved parties but witnesses as well before they wander away - and no doubt they will.

Anyway, keep a few key things in your car like flares, a first aid kit, a disposable camera, pen/pencil and paper, insurance card, and any seasonal items that are appropriate - like a blanket in winter. As for the disposable camera, don't hold back; if you have 26 exposures then use 26 exposures. It's not like you want you vacation on that roll too.

If you're a witness - and you're civic-minded - make sure everyone is ok, get the tag numbers as quick as possible (and tag numbers of vehicles that have stopped briefly before leaving), call for help if no one else has, and then offer your assistance. Keep in mind that the involved parties probably have no idea what to do - take the lead. Offer to lay flares, get names and contact information, and take pictures.

Just a few thoughts on something off the beaten path.


Thursday, November 03, 2005

Expansile Significance - "The Tip of the Iceberg" and how solving large losses often means addressing the insignificant ones

What the hell is Expansile Significance you ask? So did I, though the problem wasn’t with the term but with the fact that our industry never bothered to create one for a time honored concept. To better explain it consider combining the idea of the “tip of the iceberg” and the “Broken Window” Theory (here, here, and here, with dissenting view here).

We’ve all seen it – in one way or another. In my retail days it was not uncommon to ‘interview’ a sales associate about a minor policy violation, say ringing their own transaction or giving their discount to a friend (aka employee discount abuse). And for those familiar with interview techniques (I started with Wicklander-Zulawski – which competes with Reid and LSI) you know you approach these interviews similarly to a known loss (theft) interview anyway. So there you are going through you doing your spiel with you realize that this person has done much more than you knew – on one occasion I went from one missing gift certificate to four felony theft cases.

In the world of law enforcement, former NYC Mayor Rudi Giuliani encapsulated it with through enhanced enforcement based on the “Broken Window” Theory. You know, by showing that minor violations won’t be accepted you decrease the appearance that more serious deviance is acceptable. I don’t intend to try and prove the efficacy of NYC’s efforts now. Instead keep in mind that if a violation is the time of enforcement then it’s worth the time to do it right.

Embezzlement – or any other form of stealing from an employer – is a great example of this. It is HIGHLY unlikely that you, or any other investigator, will catch someone on their first theft. Maybe their first theft using that method; however there have probably been other losses that they have caused. I recall from my W-Z training that a thief probably will not remember every individual theft, but will remember the first act and the most recent. Then you can work out some mathematical averages to estimate the total loss (which should then be used to help identify further evidence to corroborate or support this estimate). With this in mind it is important to explore all avenues of loss in an investigation – that is if you want to try and find the most accurate estimate and maybe get some hints for improving your internal controls.

Anyway take the time to conduct investigations properly. Be thorough and don’t arbitrarily assume you have the answers. I know that in the real-world time often is the biggest constraint so at least recognize what you may be missing – and work on ways to evaluate this more efficiently.


Tuesday, November 01, 2005

The Latest - Congress and the "SHAC" attack on the NYSE

For the best on the current high-profile happenings in the Animal Rights/Liberation head to Animal Crackers.

Here's the short version... Huntingdon Life Sciences has been trying to be listed on the NYSE. On the eve of this listing the President of the NYSE blocked the listing, after being targeted by SHAC and friends. As a result, the U.S. Senate has had more hearings on Eco-terrorism including a guest appearence from Dr. Jerry Vlasik. There's some great video from this. The saga continues...

Once again, for more background information on Eco-terrorism, including Animal Rights/Liberation and the Environmental Movement try this.

Tuesday, October 25, 2005

Eco-terrorism - in the news and in front of Congress - again

Brian Connor over at Animal Crackers has offered us information on the recent postponing of LSR (Life Sciences Research - otherwise known as Huntingdon Life Sciences) listing on the New York Stock Exchange (he draws from here, here and here). Further, it looks like there will be more hearings concerning the radical Animal Rights movement.

For clarification on the issue - because few others will bother - there are LOTS of people involved in the animal welfare/rights/liberation movement and they are not all the same. Think of a continuum with Animal Welfare on one end, Animal Liberation on the other and Animal Rights in the middle. If you think of Democrats and Republicans in the same way you get the picture of how different these groups are; both Dems and Reps want what's best for the country but differ on how to get there. Now you may understand the vast differences in the movement. There are two significant demarcations in the movement: whether an individual believes that animals are equal to humans in terms of the value of their lives and whether an individual feels it is acceptable to commit criminal acts that surpass the notion of civil disobedience - in other words property destruction and threats of violence. That's a very short description of the spectrum of the movement.

So why do I care and consider this a point to be discussed in security? Simple; if it's not Animal/Eco folks then it's some other type of militant that is willing to affect you business. Just give it time. Since the cultural revolution (and I apologize if I'm wrong but this is how it was taught to me) every idea is as valid as the next - meaning anyone is now justified in targeting you. Who knows, maybe the paint used for your establishment uses chemicals that affect groundwater (and shame on you not knowing this when your vendor used it), or maybe the paint was mixed by someone in an impoverished country, or maybe you like to fly the U.S. flag, your state flag, or for that matter the Jolly Roger; you could become a target. My personal experience has to do with the Animal Rights/Liberation movement targeting a client.

The broader issue here is understanding your threats. Is it local crime - burglaries and vandalism, or something more sinister? In the case of the AR/AL movement it is important to understand that they believe that every animal is as valuable as your life. Professor Steven Best at the University of Texas - El Paso stated in a speech that he would save his dog rather then an unknown human if they were both in a fire. See his dog means more to him than a unknown human. It's as simple as that. In Terrorists or Freedom Fighters (I'm not linking to it - because I'd rather you not buy it and fund more of his activities) Dr. Best argues that violence cannot be committed on property and therefore the ALF (Animal Liberation Front) is non-violent. This is also an underlying theme of supporters of the ALF; however it is important to keep in mind that property destruction carries with it an inherent threat.

This post could go on for a long time discussing this topic but I'll keep it short. The tactics used by the Eco/Animal Liberation movements are in fact terrorism [how the few affect the many by affecting the few with violence or the threat of violence] and it must be addressed as such. Collect data, know your threat, develop/implement effective countermeasures, and stay orientated toward your threat - it is an intelligent and adaptive threat.

For additional information concerning Eco-terrorism in the U.S. check out this document.


Friday, October 21, 2005

A special note to my new "friend" - Some people make crime easy

Hey Steve! I'm calling your name so that you know this is about you - I gave you my card at the bookstore.

For everyone else, here's how it went...

I'm sitting at the cafe in the bookstore, minding my own business, when I hear a gentleman behind me start speaking on the phone. Nothing odd there; everyone does it - it's not like it's a library, right?

Then the call gets interesting. Steve began speaking about a donation. Being someone that considers Social Engineering (see a pro here, more here, and here) one of the most, if not the most, under treated security risk, I naturally began to listen more closely. And yes, he began to read off his credit card number (it was a Visa), along with his address, and year of birth.

Ah the damage that can be done with that. So Steve I gave you my card with little hope that you'll read this and appreciate the free advice of a security consultant.

This, of course, isn't really social engineering but instead a form of "shoulder surfing" which can also be an excellent way of getting passwords, PINs, and other access data.

Look folks. If you going to have that sort of conversation, take it outside so that you're not sharing the data with a handful of people that are reading - or in other words, focusing on remembering information. This sort of thing hurts to witness when so many people want advice on firewalls, alarm systems, shredders, and so on.

This is an example of poor OPSEC and I'm not saying we need to develop detailed OPSEC policies for our daily life, but hey at least keep your personal information and access to any financial resources "close to the chest," please.

Thursday, October 20, 2005

Quick advert for a friend

My best friend has started a new blog.

The Political Yak is where he plans to discuss politics - mostly local - and he is political accumen is exceptional.

So go check it out, bookmark it, and then come back here.


Wednesday, October 12, 2005

Valuable lessons from the USS Cole attack

Let's all take a minute and remember the 17 dead and 42 wounded in the attack on the USS Cole five years ago today - that would October 12, 2000. See the Stars & stripes tribute many of the other news outlets.

Now take another few minutes and ask yourself what it is you, as a security professional (or just someone interested in security), can learn from this unfortunate event. For I'll start with the Cole Commission Report and work from that since we can all make unsubstantiated comments until the cows come home. Nothing beats information that can be sourced and, regardless of what you might think of commission reports, they generally do include some analysis of the facts surrounding the event.

I'll just take a few of the findings from the commission and equate them to the life of today's security manager or director. I'm sure there are other findings that can be used here, but these will suffice.

Disclaimer: All comments below are intended to relate the findings of the report to day-to-day security concerns - tending toward the commercial sector. In no way am I commenting on the performance of individuals involved or activities that affected the USS Cole.

Finding: Better force protection is achieved if forces in transit are trained to demonstrate preparedness to deter acts of terrorism

Deterrence works! Realistically it does not ALWAYS work, but then that's why a good security program goes beyond this one layer. Presenting a formidable (read: professional, well-trained, and prepared) image absolutely works in your favor. It discourages the casual nuisance and makes the committed plan more thoroughly - which means more time [the value of which we'll discuss further on], more tools and expertise (and probably money as well). Time, tools, expertise, and money are all commodities. To quote an old teacher, Dr. Kobetz, "Time is on no one's side. It is a commodity. You must decide how you will use it." I think we all familiar with the limitations on tools, expertise and money in preparing an attack.

Finding: Service AT/FP programs must be adequately manned and funded to support threat and physical vulnerability assessments of ports, airfields and inland movement routes that may be used by transiting forces

This goes right back to two recurring points - Know your environment and know what you are protecting. Sun Tzu said it like this (depending on the translation you read), "Know yourself and know your enemy; fight 100 battles have 100 victories. Know yourself and not your enemy; fight 100 battles have 50 victories. Know your enemy and not yourself; fight 100 battles have 50 victories." Get the point? The idea has been around for some time. So conduct Risk Assessments that include a view of the Assets, the Threats, and the Vulnerabilities - and keep them current over the years. A week old report is dated if it was conducted before an additional 100 employees are moved into your facility along with all their activities. So keep organizational plans in the mix as well.

Finding: The Geographic Commander in Chief should have the sole authority for assigning the threat level for a country within his area of responsibility

This applies in a couple of different ways here, but mostly a local security manager should be empowered (including being properly trained, mentored, guided, advised, and evaluated to be effective) to affect the protective posture of their site, location, facility, or area of responsibility. In an executive detail there is a fine line between the boss (principal/protectee) being in-charge and the protector. This is a very, very fine line that affects credibility when crossed one too many times. When the threat is identified then the principal's behavior must alter - this could mean many different things with the most extreme of which is being led by their security detail away to a safe location. In terms of a commercial facility it may simply be not allowing access through auxiliary doors and conducting a 100% ID check at the approved access point, or deploying counter surveillance folks into the parking lot/traveled way to observe those paying attention to the facility. This capability must reside at the lowest reasonable level to ensure timely preparation.

Finding: We need to shift transiting units from an entirely reactive posture to a posture that more effectively deters terrorist attacks

Here we are again with deterrence. Let the bad guys know that you mean business. In a retail setting this means signs, awareness programs, and making sure employees and customers know that security is involved. This does not mean that any shoplifter that is caught should be dragged by their hair through the store - don't forget the professional image. Roman soldiers were known for their discipline - they were feared because this discipline was unwavering - not so much because they were individually so ferocious. I once heard a quote from a friend that he claimed to have read (and I don't doubt him) concerning the Roman Army - "Ten disciplined soldiers are worth 100 warriors." Deterrence can be found in the effect of professional discipline and a willingness to act in concert. Consider the being the first barbarian commander to see the Romans employ the Greek technique of the tortoise formation with shields interlocked in front and overhead as they advanced - with each fallen soldier being immediately replaced by another. Now consider how your adversary may respond to a similar level of discipline and determination. Deterrence works at all levels from the initial appearance to the presentation of the response.

Finding: In-transit units require intelligence support tailored to the terrorist threat in their immediate area of operations. This support must be dedicated from a higher echelon (tailored production and analysis)

Intelligence - one of my favorites. Know your environment and how your adversary operates - but remember that this changes with very subtle geographic (and cultural) differences. Focus your intel efforts. What? You say you're a company and can't conduct collections. Hogwash! Get out and talk to people, but more importantly LISTEN to them and anyone around you. Search online; what you find may not be local but it also may provide context or a new mode, method, or technique you were unaware of - and it takes a professional to take this extra step. In retail this means going out into the mall or local community and watching, listening and talking with your peers. Stay within the law but collect.

Finding: Service counterintelligence programs are integral to force protection and must be adequately manned and funded to meet the dynamic demands of supporting in-transit forces

This is back to knowing your adversary or more accurately what they know or are trying to learn about you. Know your own "covert channels" (try here, or here for information). Who's watching you, your people, and so on. Again, at the very least, just listen to those around you, other employees, your industry peers, the news; just listen.

Finding: Service Level II AT/FP Training must produce a force protection officer capable of supervising unit training and acting as the subject matter expert for the commander in transit

This says so much. What do you know about security officer, security supervisor, or security manager training? Training is essential. If you are not taking every opportunity to train, improve, train, improve, train, and improve your protection team then shame on you. The military is generally really great for this mindset. Once again we should revisit Patton's thoughts on this, "A gallon of sweat in training is better than a pint of blood in battle." Or as presented in one of Marcinko's books, "Train hard, fight easy!" Although enough may be said about training - enough is rarely done about training.

Just a few comments on what every security professional/practitioner can learn from a tragic event.

Wednesday, October 05, 2005

Home care providers and workplace violence

Here's an interesting topic that came up today: Security in home service industries. You know house cleaning services, home healthcare, and all the other services that involve someone being sent to a home to assist the homeowner.

Here are a couple of quick resources on the topic: book, article, article, article, article, government publication, another government publication, and there are more available on the web.

As far as security goes on these topics it's just a tad more complicated than usual. Not only is it important to vet your own employees so that they (hopefully) will not victimize your clients, but it's also important to vet your clients. Oh yah, that's right - the client should be checked. Why? Well it's like this. You are sending an employee to a "work site" and if that site is not safe then you have sent your employee into an unsafe environment... Potentially this could be construed to mean that - assuming the employer made no effort to determine the site's level of danger - the employer is responsible for placing the employee in harm's way. And what a costly oversight it could be and not just in dollars. Employee mistrust of management, lowered morale, uncertainty, and all those emotions that come when one feels that they have been betrayed by a superior. Enough doom and gloom!

What are some steps that can get in front of this potential problem? First, make sure your employees know that a site could include danger. Now we all know that danger could be around the next corner, but simply reminding someone that it could be there does two things. One, it means that you, the employer, has acknowledged the problem and want your employee to be safe, and two it puts the employee on guard - even just a little - which actually makes them better able to avoid the danger. Hand-in-hand with that is to develop organizational procedures for dealing with the issue. What does an employee have to do to refuse service? If the client has immediate medical needs then how will these be met so as not to endanger them, and possibly breach the contract. This might be referring the issue to emergency services personnel (calling an ambulance), sending an extra employee, maintaining phone contact throughout the visit, or whatever is most appropriate. Having a range of choices or escalating options is very appropriate for managing risks - it also lends itself better to profitability than a one-size fits all system.

It should be a given that an interview is conducted to determine the needs of the client, but consider including questions that answer to the needs of the caregiver. Who else has a key to the residence? Who else might be present when care is provided? Are there firearms or hazardous materials in the residence? Sound silly or unnecessary? Heck these are the types of questions asked by Executive Protection (see this, and this) details when they conduct an advance. Why? To manage risks simple as that. Now you have better idea of the physical environment the caregiver will be in, and you've only added what, a warning, a set of procedures and a couple of questions to your client interview.

Next consider the human factor. Determine whether a sex offender is registered to the client site or a nearby residence (available on state and often county/city register websites). Should this preclude service? No, but it should move the risk level up a notch. Follow this with other research, like a criminal background or maybe a civil record search for battery lawsuits. How far should you go? Only so far as a crime is foreseeable. foreseeability is one factor used during civil litigation to determine and employer's liability (please discuss this more closely with your counsel). On another note, you did this to your employee so that the client would feel safe; doesn't your employee deserve the same consideration? (See this on background research)

A couple of quick notes on background research. First it's always best to get consent up front; however public records are public so consent is not needed - credit reports are a different issue. Beware of databases - that would be the extremely cheap searches that are generally advertised online (something like this; however I have no direct experience with this example). If you find the right vendor they will send a researcher into the courthouse to look for records - the right vendor does such bulk that it's still pretty inexpensive. Databases can be outdated or simply not updated frequently enough. Enough said there.

Monday, October 03, 2005

New Training Program!!!

The International Foundation for Protection Officers has just released a new training program: Crime and Loss Investigations. This isn't just for security officers either! It can be of great use to anyone responsible for managing losses.

In addition to a textbook this program also uses a few online papers as a supplement. Take a look.

I was lucky enough to have been able to get an article on intelligence operations into the training program.

But here's a really great article by a friend of mine on background investigations - he gives away practically all the secrets.

And another one on Interviewing - the lifeblood of retail loss prevention investigations.

It's a great program and something I'm proud to be part of so take a peek and see how it can be useful for you.

Thursday, September 29, 2005

ASIS - benefit, cash drain, vanity show, or all three?

Here's another request, and one that hits close to home. What are the benefits of belonging to ASIS? Are there any opportunities for students?

I know I'm not the best person to answer this, but here are my thoughts none-the-less...

ASIS International - formerly the American Society for Industrial Security - is the granddaddy of all security associations (as far as I know). They are and organization that has changed a lot since their beginnings and they are destined to change far more in the next decade.

Once upon a time when I first found my way into security I did not think too much of ASIS - why? Well my experiences were of rather pompous people that believed they knew everything; however they did not seem open to changes (so I figured ASIS were fitting initials). After some time I found that not being part of it could be a little dangerous to a career - at least from the networking and industry update side. I joined other organizations like the International Foundation for Protection Officers, the Academy of Security Educators and Trainers, and was inducted into The Nine Lives Associates, but I eventually realized that ASIS was where these pretty much all came from anyway. I'm still part of all of these as well as being involved in ASIS.

Is ASIS a good ol' boys group? Maybe once upon a time it was - and it certainly was in my perception - but I've noticed in just the last eight years a subtle change away from such an image. Now it could very well be that my perception has changed due to my involvement and interaction with a wider group of members. Either way, I now see ASIS as something very important to our industry and something worth being part of - if nothing else but to affect change for the better.

So what do I get from ASIS? I like training, news, interaction, argument - dissent, disagreement, and conflict - for the sake of getting better. I like to think and ask others to challenge my thoughts - and many are all too willing to do so in an almost unfriendly way. ASIS gives me access to many others within my own industry - saints and jerks alike. We can learn something from anyone, and with that in mind and something like 20,000 members there's a lot I can learn from ASIS.

ASIS also provides the most well known certifications. Why are these important? Consider this... Who do you want to do your taxes? A Certified Public Accountant or an Accountant? Why is that? To me a CPA represents someone that is willing to put their knowledge and skills to greater scrutiny - once for an examination - and continually by meeting the expectations of those that choose a CPA. They also have a Code of Conduct that is spelled out clearly for everyone to see. This means there are disciplinary actions that can be taken outside of the usual criminal and civil paths. Why is this important? It means that a CPA is willing to perform to a standard or be punished professionally. Now take that into the world of security. Who do you look for when you need an answer? A Security Manager or the CPP? Which would you prefer protecting your organization on a day-to-day basis? A security officer or a CPO? Do you expect a certain level of performance? Absolutely. When a standard is not met then 'professional' disciplinary action can be taken. ASIS, IFPO, ACFE, and ISC2 all have expected standards of performance. So the certifications are important by imparting an agreement by the designee, to perform in an acceptable way, the organization, to enforce their rules of conduct to maintain the quality of the certification in the public domain, and the public (or consumers), who expect that level of performance. It is a commitment to professionalism.

So what can students do in ASIS? LEARN! Take notes, train, NETWORK, and drive yourself to a higher standard than your own mentor. Oh yah, find a mentor (or mentors) and grow from their experience - but always think for yourself.

Attending training - when you can afford it - is essential to reaching that next level. Any training is good - even bad training. Bad training (and I've paid for my fair share of absolute crap disguised under the reputation of a "security pro") helps you to know who is full of crap in the industry and what they sound like when they talk. They will be your competition for good jobs. There's a lot to be said for these folks, but they're in every industry so just go out and meet them. Bad training can also get you hurt - think about everything that you are taught - so that the skills you learn do not govern your performance. Ask yourself, "How would I get around this?" or "How could this be defeated?" Sometimes it's worth asking someone who really knows. When I used to catch shoplifters I often asked them about previous fights with law enforcement or security. They'll talk - everyone who wins a fight talks - and this can be beneficial to you. Develop a "Discipline of Training" and stick with it. A little here, a little there. When you can't afford training (and I know how that feels making $5.90 catching thieves) get a book, conduct a free survey, plan a security system, engineer a breakin, and use your imagination to train yourself - it's free. Offer to work with someone on your off-hours; informal internships can be very useful. AND go where the knowledge is - just like salespersons go where the money is - spend time in the circles that your potential mentors will be and be involved. This is where ASIS can be a great help because you can go where the best are - monthly meetings, committees and so on. When you drink beer or otherwise socialize with these folks take some time to get advice on your career direction, opportunities, tricks and tips, and then make sure you don't monopolize the time. DON'T be afraid to offer your opinion on any discussion concerning security. If you're wrong you'll learn, and if you're right then you're contributing. If those with you blow you off and act like you should be a child - seen and not heard - then it's time to find a new group of pro's because there's little reason to waste your time with pompous fools unwilling to drive someone else's success. Your time is valuable - DO NOT waste it. Build your network - nurture your network - expand your network - improve yourself so others want to network with you - and focus on quality and not size. 200 business cards are just a stack of paper - 2 good contacts that you can reach out to and not be a stranger can change your life.

Those are my thoughts on ASIS - for me it is a facilitator for all of this.


Wednesday, September 28, 2005

Walk - don't run... No wait, run for your lives!!!

We have a special request for a very interesting, and I daresay relevant, topic. Oh, and a polite out-of-bandwidth comment on being lazy and not blogging.

How does one establish accountability when evacuating college dormitories and long term care facilities? Well, having never been responsible for either I'll take a stab at it and I may even hunt around to find someone with direct experience in this area. Here goes...

When I was in Korea (ah, the old days) we had a system on our camp (Camp Garry Owen - the old one near Yon Gi Gol) whereby we each possessed a "Garry Owen Card." A similar system was later introduced division-wide called a "Liberty Pass." How is this relevant? Well to get OFF camp we had to turn in out card with the gate guards. Top (and that's a First Sergeant) or the Bear (that'd be the Squadron Command Sergeant Major) could take your GO Card arbitrarily to keep you on the camp. Now maybe some folks deserved this - though not the countless hours of filling sandbags - but anyway you get the gist of this. It established accountability in a very quick sort of way. Who is not in the camp right now! This was a very important concept when it came to alerts (that would be something like a fire drill but it involved loading your life onto a vehicle and driving away from your home - possibly for the last time before someone blew it up). During an alert everyone would sprint back to the camp and grab the GO Card on the way in. At some point Top would contact the gate and find out who he was missing. Simple, neat and effective. So simple no dumb grunt can screw it up, right? Actually, we did have ways to get around it, but that's another story.

Anyway, any accountability system that will be used during a crisis, such as an evacuation, should be very simple to avoid a complete breakdown with no way to recover. Tokens - like the GO Card or Liberty Pass - provide this sort of simplistic accountability. Granted this system may be easier for the extended care facility rather than a college dorm since the amount of rapid access/egress activities are substantially lower. All you need is a control point where the tokens can be dropped off or picked up and a someone to manage this process CONSISTENTLY. Once such a system fails - it is likely to fail for good. Don't worry there'll be a new one - after the next event that costs someone their life.

How else might we do this? We could try the "Battle Buddy" system which makes everyone responsible for someone else - your "Battle Buddy" (or Ranger Buddy for those folks). Then hall wardens/monitors can then be responsible for a segment of the larger group and so on in a very hierarchical organization. This requires a specific level of responsibility which may not be present with students. Not to bust on students in dorms - I was one once (although I was out of the Army and much older than everyone else) - but they are generally young and there are few consequences for poor performance. That is except for maybe losing a friend, but that won't be thought of during the crisis. No matter what Resident Assistants and Resident Directors should be responsible for accounting for those under their charge. This, of course, requires training in whatever procedures are decided on, and exercises to test those procedures.

So we now have a token system and a buddy/leader accountability system. We can apply technology to the problem as well. We can make those student ID's proximity cards so that those entering and leaving are identified on an occupation roster. Guests would still need to be admitted by some means, which could include guest prox cards as well. This is still a token system but it could allow for greater throughput at the access points. And anyone responsible for planning access control systems knows that the throughput rate is everything to your client. Otherwise it just won't be used CONSISTENTLY.

Whether you are using manual or automated rosters it is essential - it is fundamental - and it is the deciding factor as to whether your system functions or breaks to ensure that it is used CONSISTENTLY. Test it - even use focus groups of true delinquents - to learn how it will be bypassed, subverted, and ignored. Then figure out if the system is worth making changes to or a new approach is warranted. As Richard Marchinko wrote in one of his books (or something to the effect anyway), "Do not get married to your plan." Be prepared to change - sometimes on a moments notice - to satisfy the needs of the threat environment, operating environment, and client opinions/preferences. Be absolutely sure that the method you choose fits with the organization's culture: No fit = No use = Disaster.

Is that enough? It certainly is not, but there's just a little too much to try and discuss here all at once. Send some more questions and you might get some more answers. I might even through up an example or two for fun... But keep it simple so that it works in a crisis.

Always be absolutely ruthless with your own plans - is sure beats the embarrassment of someone else doing it to you in front of your peers. OR, I can do it here for you. Send your plan in a comment and I'll gladly look for a way around it.

One other important saying applies here as well: "No battle plan survives contact with the enemy." So build in some features to account for this necessary flexibility!

Think fast...

Tuesday, September 20, 2005

Suicide bombers and public transportation

An image recently came to mind dating back to the London bombings... Searches at U.S. subway entrances. On television they appeared to be done professionally - and I'm discussing the issue of racial profiling just the searching methodology and not the selection.

I saw long lines of people snaking back just as they do at the airport as individuals were searched. Hello!!! Did anyone else see a problem here? We are dealing with individuals intent on injuring as many people as possible - remember the few affecting the many by affecting the few - and the crowd can just as easily be at the entrance as it can be in the tunnel. Granted the tunnel makes for greater problems, but for those that may be killed the issue is the same.

So now that I've griped about what was done - here's an alternative. Granted this is more costly but it defeats the attacker's goals and limits their potential success to a mere handful rather than everyone in line. Defense in depth is something we in the security field spout on about. Here is a prime example of its use.

Somewhere in the parking lot a considerable distance from the entrance is the first line of officers. They select those that they feel should be searched and accost those individuals - search their bags - and either place a seal on it or hand a tag on it. Then somewhat farther back towards the entrance but within eyeshot of the first line is the second line who repeat the same steps but select different individuals to search. One or two officers, and the line supervisor, would then monitor the approaching commuters to see if items are being passed back and forth to those who have been searched. There may be a third line and a fourth line if there is enough distance and need.

Why is this concept worthwhile? The number of persons nearby to the one being searched are at greatest risk. Reducing the number of persons that cluster together reduces the value of the target. Also, over distance a person or persons trying to avoid being searched will stand out much more so than simply evading one checkpoint. There are other benefits but we'll leave it at these.

Is it full-proof? Heck no! And I'm not arrogant enough to believe that any plan is, but I do believe in saving what you can while you can and spreading out the targets means a whole lot fewer people that will need saving after the fact. Manpower now, means less manpower during the response. Oh yah, private security folks can do this as well. That's right. Well trained security folks can do this job; especially if they are backed by a law enforcement team. So we can do it for less and we don't need to hire more and more LEO's to reach the short-term goal.

I'd be interested in hearing your thoughts on this...


Friday, September 16, 2005

Windows v. Linux: A Security Perspective...

Today I bumped into an individual at Borders Books and who asked which was more secure Windows or Linux. Well what do you think? I think it really depends more on the individuals using it and those administering it. Threats ultimately come from people and so do the defenses. So any poorly managed operating system is more vulnerable than a well managed operating system - with a few caveats... As for Windows and Linux. Windows is more widely used - so it is targeted more often; Linux is not. If you are designing malicious code to affect the widest population of users you must make have it target operating systems and applications that are most widely deployed. It makes not sense to create a virus - or other malware - that targets an operating system that works on only one machine. That is, of course, unless it is a very targeted attack like you might see in the movies.

Even though Windows will be targeted more often - due to its wider deployment - it is also worked on by more people on a daily basis. That means that there will more likely be a patch forthcoming in a timely manner - and the attack will also likely be detected more quickly since more systems will be affected in any given period of time.

So which is more secure? I think it is the OS deployment that suffers for poor or inept management.


Thursday, September 15, 2005

ASIS Orlando

I know I had planned to blog from Orlando but events overtook me and I'm back now. Needless to say that it was a huge event with tons of informational seminars and somewhere like 300 vendors showing their goods. One of those vendors also happens to be another organization that I am very involved with and it focuses on training for line security officers, supervisors and managers. These are folks that have to make the security happen everyday. I was once one of them and "it ain't easy." They are typically underpaid, undertrained, and treated like an incapable moron - who does everyone call when something happens? That's right - security! It has got to be one of the oddest paradoxes in our society. Oh, the organization is The International Foundation for Protection Officers based in Florida. They offer great training programs - of which I am a proud certificate holder - and an outlet for learning that really doesn't exist anywhere else in the industry.

I know this isn't about ASIS in Orlando - but that's it.

Friday, September 09, 2005


I guess I should make some comments about Katrina - just like everyone else, right? I offer this.

Have a plan. Test your plan. Revise your plan. Keep your plan current.

But fight your enemy.

No plan survives contact with the enemy - stay flexible and stay effective.

Those are my thoughts. I don't care who screwed up at this point - the guillotine didn't get washed away so heads can roll when we're damn good and ready - but I do care about being effective. Special thanks to the U.S. Coast Guard for setting the example from the start.

ASIS International's annual conference

Next week is ASIS International's annual conference in Orlando, Florida. ASIS was formerly known as the American Society for Industrial Security but the name was changed to better reflect its worldwide involvement.

It is quite the show - new technologies along with some old ones - and several thousand security professionals. I'm guessing but I'd assume that nearly every other security organization, in the U.S. as least, can trace some aspect of its heritage to ASIS and so there are many additional meetings that occur at the same time. There are training seminars, in addition to the exhibits, and some are really worthwhile. Some are dull and some just don't live up to what they promise, but then again they are presented by volunteers to their peers (read competitors).

Assuming the hurricane doesn't cause problems for the event yours truly will be present, and I may even offer some updates from there as well. New technologies or new techniques, who knows. See you there.


Sunday, September 04, 2005

Disaster and Continuity Planning

We have all seen the devastation that was brought by Katrina. Amazing isn't it? The sheer capability of the event to destroy and area roughly the size of England! How does one prepare and what exactly do you prepare to do anyway. There is constant discussion, argument and annoying debate concerning Continuity and Disaster Planning; however these are not the same. Continuity planning is the process of being able to continue operations while a serious event is occuring - essentially operating without being affected - and Disaster Recovery is the process of fixing everything after it has been broken.

Organizations, and individuals, in New Orleans have had to experience both aspects of the response to disruptivec events, to say the least. I mean let's face it, there is so much that can be discussed (and no doubt will by every talking head that can be found) concerning the many failures discovered by the hurrican, but here let's just touch a little on Business Continuity Planning (BCP) and Disaster Recovery (DR). Each term has found a relatively secure home through the IT industry due to everyone's dependence on connectivity (and other related needs).

BCP, of course, requires some advance preparation (hence the term planning in business continuity planning) in advance of an event. How does one do this and what do they prepare for? Thanks for asking that's a great question. First, whoever is doing the planning - and it preferably should include persons from all parts of an organization - should know what the priorities are in terms of preserving operations. What is critical and what isn't. In comparison with the human body we tend to use Maslow's Heirarchy of Needs so the most critical things would be an environment that the organism (in this case a human) can survive in - so air, appropriate temperature and so on - followed by water (anyone that has been really dehydrated knows how painful a lack of water is), then food, then shelter and so on. Medication would most likely fit nicely between water and food. Anyway and organization - or person - must plan on protecting supplies and utilities to support critical operations. OR, to move operations someplace - permanently or temporarily - to someplace more hospitable. For the human this exercise can be called survival - and, well, it can for the organization as well. The other end of BCP, in short, is how to restore operations to normal after the event has passed. Using a person again - how do you get to a place where the stress returns to what you understand and can manage, and how do you begin to repair the damage done. Disaster Recovery isn't too far off - possibly more focused - but how, after the event ends, do you return to normal. Get back to servicing customers and conducting business.

Now there is clearly much much more to this, but it's a start at least. Remember the old adage: Proper Planning Prevents Piss Poor Performance. So plan, prepare and be brutal about it. Take nothing for granted. Assume the worst. And then start over and make it worse. I think it was Richard Marcinko that said: Training should be real as to make the real thing seem fake - or something like that. There is no reason for you, or your organization, to be experiencing the chaos that has marked the past week down south. Plan, prepare, implement your plan, revise it as it make it work, and when it's over you MUST critique your performance - benchmark peers - and fix whatever didn't work for next time.

One other thing. If, after seeing what has happened, you are not looking at your organization's capabilities and preparations then shame on you. This is your opportunity to learn from others. When the disaster is so great as to break the entire civil system of controls it will only be your prior efforts that guarantee continued survival.

Saturday, August 27, 2005

Eco-terrorism - Just what is it?

There has been some recent discussion concerning Eco-terrorism including Congressional hearings with testimony by the FBI and The Center for Consumer Freedom, along with attention by the Southern Poverty Law Center. So is there Eco-terrorism, is it a real threat, and what is the motivation of those engaging in it. Wow, that's an awful lot to look at so I'll just hit the high points.

Is there Eco-terrorism? The government, the private sector (at least the portion involved with animals) and the Environmental/Animal Rights movements certainly think so, but the question is in how it is defined. According to Paul Watson, founder of The Sea Shepards Conservation Society, explains in Terrorists or Freedom Fighters that the actions of the companies and governments that damage the environment are acts of terrorism; however the FBI (and likely all federal law enforcement) and those companies in the private sector that have been targeted see Eco-terrorism in a different light - as terrorism. Why the difference? Well, simply put, no one calls themselves a terrorist - at least not seriously. They are always something else because they have a cause, and they generally also have interpretation of morality that justifies their actions. In this case the Enviro-Animal Rights movement works around a couple of justifications that are essentially synonymous.

First is 'Biocentrism,' or the belief that all life is equally valuable. Second is Speciesism, which is similar to racism or sexism in that humans wrongfully mistreat other species rather than treating them as equals. What? You say this doesn't jive with your sense of morality? Well it doesn't have to at this point. There are, however, those that feel you need to change, and they are willing to use violence to affect that change. This, of course, depends on your definition of violence. The Animal Rights/Liberation folks argue that violence can only be committed against animals and not property, so they do not describe their actions as violent - because they only destroy property. Destruction in the form of arson, denial of service attacks, intimidation and open threats.

Yah, but they're only freeing animals from labs, you say? Take a reality check, now! I'm not talking about those that engage in legal protests or "relatively harmless" efforts to rescue animals. No I'm talking about the arson in San Diego costing over $50 million in damage - that's right $50,000,000. I'm talking about posting the names, addresses, and family information (children's schools, etc.) of executives for companies that have been targeted on the web for all to see. This may not seem so bad to you, but imagine if you were hated by a group of people - a group large enough to provide individual anonymity - and your information was posted at a website frequented by these members. Members that read such material as "Eco-defense: A Field Guide to Monkeywrenching" and other materials that discuss methods for intimidating individuals - threatening letters, phone calls and the like. Wouldn't you be just a bit concerned? I think so.

The goal with these movements are similar but not identical. The Environmental movement comes in several varieties that can be seen as a continuum. On one end are those that are focused on conservation, or protecting current wild lands, and leading to those that want to reintroduce wildlife - particularly predators - into these wildlands, which lead to others that want to reclaim wildlands - including displacing humans now in residence - and still others at the far, far extreme that want to reverse the technology clock altogether. So the goal is to protect the environment from human damage - often seen to be caused by technology and overpopulation - and to improve the environment. Some radicals argue against vaccines as inappropriate meddling with nature while she is trying to balance the ecology by reducing the populations. The Animal Rights movement, as it is generically called, can also be seen on a continuum. On one end is Animal Welfare, followed by Animal Rights, followed by Animal Liberation. Animal welfarists tend to argue specifically against cruelty to animals but may not elevate them to the same status as humans. Animal Rights folks argue that animals are equals and will work to rescue them with their fringe element, Animal Liberationists, being those willing to commit serious crimes to "liberate" animals and damage enterprises that are considered exploitative.

So is it a real threat? Sure. As much as any other movement can be when they are willing to break the law, destroy property, and threaten human lives. How far will their efforts go? Well that really depends on many things, but it's unreasonable to believe they will simply change their beliefs and go home - expect to see these folks around for some time now.

For some more information search such topics as: Stop Huntingdon Animal Cruelty, Animal Liberation Front, Earth Liberation Front, Earth First!, Animal Rights, and so on....

Tuesday, August 23, 2005

Shoplifting - boosting, lifting - The five-fingered discount

In a recent article concerning a study on retail theft, Dr. Richard Hollinger of the University of Florida makes points that are no doubt interesting; however if you've ever worked in retail security it shouldn't be news.

Roughly 8% of people that enter a store will steal something. Sounds alarming, but there has long been an accepted honesty continuum in the retail loss prevention (LP). It's commonly called the 80/20 rule but it does not resemble Pareto's law very much. It goes something like this: 10% of your employees will steal, 80% may steal, and 10% will never steal. It is generally applied to any population. The purpose of the concept is to reinforce the need for internal controls. The consequence for a lack of internal controls can be found by searching news sources for 'embezzlement.' Controls provide an opportunity to encourage the fenceriders (the 80% that may steal) not to take assets without permission.

Getting back to shoplifters... They come in all shapes and sizes and profiling them is best done based on behavior rather than some cultural feature. From my own experience as an LP Officer over just three years I apprehended persons as young as 10 years old and as old as, yes I'm serious, 74 years old. What did they steal? Whatever they wanted from clothes to linen to pillows to lingerie to the silliest little knickknacks you can imagine (like refrigerator magnets). Some fought (and fought hard) but most just come back to the store when asked. Why do they steal? Now that is a question that draws much debate, but it's not generally because they lack the funds. By far the vast majority of those I apprehended had enough money on their person to pay for the items they had stolen. "They just forgot," you say? Some may have, but those I did not apprehend. Why? Because we had a policy of following those that had not concealed the merchandise (indicating their knowledge that they possessed the merchandise) until they did conceal it. Did some realize their mistake and go back to pay, yes, and they probably never knew we were behind them all the way back. Why apprehend when you can make a sale? The fact they returned without encouragement would indicate to me that they were sufficiently embarrassed by their own conscience.

As I said, all shapes and sizes - and so were the amounts of their thefts. Some take only one item and are quite difficult to catch, while others take considerable amounts for resale. Consider another continuum with amateur on one side and professional on the other. The pro's live off their thefts and the amateurs do not. Everyone in the middle supplement their lifestyles to differing degrees with stolen items.

What do shoplifters do? Well, first this is not to be construed as legal advice to go out and start putting your hands on people or accusing anyone of wrongdoing, but here are a few thoughts. Most SL's get nervous before their actual theft. The theft technically occurs (in many states within the U.S.) at the time of concealment. The SL must look around to ensure they are not being watched, or head to a very concealed place (like a fitting room or bathroom). Other times their nervousness causes them to act somewhat erratically - going from lingerie to tools, or women's dresses to men's jeans - as they try to determine if they are being followed. So the eyes give it away and the hands make the move. Those that are part of an organized theft team will typically steal in large quantities using bags, boxes or other "tools." What do they want - the good stuff - of course. They may be selling them to a fence (pawn shop or other illegal buyer) or they may be delivering them to re-pack houses for shipment to legitimate customers that are unknowingly buying stolen goods.

I can go on forever about shoplifters... Call it a perennial thorn in my side since my earliest days in security. Heck, we didn't mention refund-artists or credit fraud at all. One day we'll get to those as well.


Friday, August 19, 2005

Are you safe with the new TSA guidelines????

From this Washington Post Article it might appear that the government has lost its mind. Just a few years ago we were led to believe that everyone was to be a suspect and that small bladed knifes were as dangerous as guns. What are we to do now? I don't know if I'll feel safe flying now!!! Will you???

If you are easily scared by reality, or if you are a constantly worry about what if, what if, or what if, then read no further. Remain ignorant - and as unsafe as you ever were.

Look folks this change is a good thing! Let me say this again: "We are only safe when we choose to be safe!" We are never safe when we relinquish our moral obligation to self-defense to a third-party. (This takes nothing away from those who - everyday - go to work and attempt to provide security for others... Military, law enforcement, correctional officers, and, well yes, security professionals.)

First of all, finding small blades can be very difficult, at best, during a screening process such as one finds at airports. Ask any security professional responsible for building security. Throughput is king! With that said... I remember shortly after September 11, 2001 (yes I was flying on the first day flights were permitted) a flight attendant asked me to move to the front of the plane near the cockpit door and then asked, "If anything happens will you help me?" What a disturbing question. If anything happens. What is supposed to happen? We've been carefully stripped of all tools that human development has provided us to make us able to defend ourselves better. What was really disturbing is that someone may have said 'no'. After answering in the affirmative, all I could think was what all those years of telling citizens to submit to crime, criminals, and miscreants had done to us. We lost our will to resist. Why do I say this now? Because if you think that a pocket knife is that big of a threat on a plane then you lack a certain amount of the survival drive (I deeply apologize if this offends anyone, but keep reading).

A pocket knife is of little use, if you understand how resilient the human body is, against a determined defender. A human an bleed a considerable amount before experiences a serious degradation in their capabilities. Some say that bleeding is the most over-treated injury. So a little slice here or there might be disturbing but not seriously damaging. Now a thrust could be deadly. A thrust of just about two inches into the torso will hit an organ - not good. So how do you fight back on a plane? Think man, think! (Woman too). Be creative - MacGyver creative - what is around you in the passenger cabin? Seat cushions, magazines, headphones (with wire), air sick bags, the armrest, seatback trays, soda cans, plastic utensils, plastic cups, and anything in your carry on bags - like hard plastic bookmarks and so on. Roll up a magazine and strike yourself (not your little brother or best friend - belated sorry Russ) and see how much that hurts. Striking major muscles can cause them to malfunction - also called fluid shock techniques - or use it a means to keep that little toy knife at bay. Throw water in someone's face (cocktails are better) to distract them. A soda can weighs roughly one pound. It can really hurt when used as a rock - thrown or striking. If it's empty, tear the top and bottom off and fold the long strip of metal into a very sharp edge. So I ask again, "What do you defend yourself with?" And the answer is the same as it has been for centuries - Your Mind! Do not panic - react. Do not submit - overcome. Oh, by the way, a pocket knife is very likely to fold onto your own figures if you try to use it as a thrusting weapon - a bad experience I do not recommend.

That all sounds great, I know. I've been spouting if for years, but practically speaking the bad guys to have advantages at the of attack - mainly coordinated action. So how then are these changes to security policies worthwhile?

The threat has changed significantly. I would venture to say that, unlike the 1970's, if someone were to yell this is a hijacking they would be picking their teeth up off the floor pretty fast. The bad guys thrive on control, and they get it by instilling fear (terror). The few affecting the many by affecting the few. They threaten one person to hold everyone at bay and so. Anyway, these policies reflect the fact that times have changed. It's time to focus on the next threat, whatever that may be.


Thursday, August 18, 2005

On to other matters

Congratulations to the U.K. on their efforts on dealing with the terrorists among them, and now let's move on to other topics. That is, of course, until some other incident occurs that causes near 24-hour coverage.

Anyone ever hear of Eco-terrorism before? It is not new - although the most destructive efforts seem to appear in the 1970's (Animal Rights) and 1980's (Environmental) - but it is not often addressed. Why? Who knows exactly. Just ask a few people and the wide variety of answers says it all. We just don't seem to take the problem seriously as a nation. I sincerely hope no one feels that I don't think other domestic extremists are as serious a problem, or even more so. I don't tend to find too many individuals that are sympathetic to such causes as racial supremacy, racial separatists, religious militants - and that would be any that espouse violence as an acceptable means to convert or cleanse anyone else - or any other groups that can fall into categories that are often referred to in the media as hate groups. Oh by the way, there are quite a few good resources on the topic of hate (groups, violence, crime, etc.) but my favority is the Southern Poverty Law Center. They really do an excellent job of tracking activities and groups. Their Hatewatch newsletter is a free service that delivers convenient links to via email on hate activities in the news. Anyway the reason I brought them up specifically is a recent report concerning the current (and real threat) of "right-wing" domestic terrorism. So extremism of all kinds can be a threat, but back to the Eco stuff.

Although we can treat them separately, the Environmental Movement and the Animal Rights movement have drifted ever closer together in their efforts. So here's a snapshot at understanding their beliefs and motivations. Why is this important? Well, quite frankly, no one ever seems to call themselves a 'terrorist.' Instead this is a label that is applied externally. There are Jihadists (not Muslim terrorists), Animal Liberators rather than terrorists - you get the point. Understanding motivation goes a long way to understanding the "randomness" of any attack. This is not to say that it becomes any easier to predict the next target, but it does become possible to identify a class of targets. So off we go, first with two key terms for comprehending this are Biocentrism and Speciesism. In short, these terms state that humans are just one life form among many; standing no higher or lower than any other, and treating other species as other than equals is ethically wrong. This is a very simplistic way to look at this but the origins of this can, arguably, be traced back to Darwin and his writings on the Decent of Man. Peter Singer's book, Animal Liberation offers philosophical discussion on the topic, but for quite possibly the most interesting writing on the justifications for Animal Liberation by violent means there is Terrorists or Freedom Fighters and The Logic of Political Violence. To make a long argument short - Those that destroy property, threaten people and "liberate" animals are not terrorists because the animals our not ours to subjugate, and therefore it is morally correct to take action to free them in the face of illegal laws. These folks liken their efforts to the Nazi Resistance and the Underground Railroad. So there is their justification. Believe what you wish.

We can discuss this at some length - and you are probably getting bored with the topic as well - so we will come back a later time and look at the Animal Liberation and Environmental activities separtely. But if in the meantime take a look at just how many "direct actions" take place around the world.


Friday, July 22, 2005

A second round in London yesterday

Once again there has been another theatrical presentation to frighten the west - and the UK in particular. Although this time there appears to have been some competency problems with the actors. These terrorists were apparently unable to successfully detonate their explosives. Lucky break, possibly, for everyone.

The biggest break from this may be the intelligence that can be gathered if the actors can be captured or arrested. However, there may also be very little intelligence to be gained as well. How these cells operate is not so secret any more - which is what has been leading to the pre-emptive dismantling of other plots - and hopefully some future plots. We will have to wait and see what intel comes from this.

It was reported that the police in London had responded to over 250 suspicious packages in the two weeks after the first attack. Remember, of course, that it is not how many packages are dealt with, but how many of the right packages are dealt with.

Once again - our best defense against terrorism is to recognize their goal and thwart that. Continue about your daily activities and be aware of your environment.]

Monday, July 11, 2005

Terrorism and criticism of intelligence

Before starting this blog I put a couple of posts concerning the recent events in London.

But it's stil in the news and will be for some time. The story changes in the news periodically. First the devices were detonated at varing times and now the devices on the trains all are believed to have gone off at the same time.... This is an excellent illustration of the problems with intelligence operations. Here we have events that occured in an environment that is public and it still took nearly an entire day to refine the collected data into accurate information... Although this example is actually more of discussion on the exercises of historians it does illustrate a point.

Imagine trying to determine events that will occur in the future with such inaccurate, intentionally misleading, and incomplete data. This is world of intelligence operations. It is the process of trying describe the image presented in a puzzle as far before it is completed as possible. Doesn't sound too hard does it. Now make it more interesting and will the puzzle is being put together start pouring in pieces to other puzzles, mix them up, and now you have an inkling of the difficulties. How many pictures must be assembled? What if some pieces fit into multiple puzzles - how would you know.

My experiences with intelligence dealt with the Eco/Animal Rights movement with decidedly different consequences for failure but just as difficult. We criticize those analysts that were unable to read the signs, predict the future, and know the adversary's intention like God himself (or insert the appropriate term here for your beliefs).

I must say that I honestly hate very few things, but I absolutely hate quoting television and movies. It just seems a little less worthy than quoting some great written work. This, of course, is just a personal prejudice and I digress only because I must now quote a television show - and a Brit one at that.

There is a show in the UK called Spooks ( but here in the U.S. it is called MI-5). For those unaware, MI-5 is a U.K. intelligence agency with some similarities to the FBI - but not don't try to draw a clean connection. The U.K. is a different country with different rights and governmental structure. Anyway my point is that there is a line in an episode whena police officer is killed as a result of an MI-5 operation when the widow (and there's always a grieving widow on TV) challenges the patriotism of an MI-5 operative. And so a section leader made a statement to this effect, "You may question our methods, we certainly do it constantly, but never question our motive."

With that said let's just keep one thought in mind when we hear (or engage in) criticism of our intelligence efforts. No one, least of all those charged with identifying it ahead of time, likes to lose or look foolish. Nearly everyone gets a bloody nose from a sucker punch at least once in their life so in answer to some of the comments belittling the intel community I leave this posting. We can all "do our part" in the war on terror and still keep getting bloody noses because it's hard to figure out who in the crowd is going to punch next.

Damn this got long real quick. Sorry about that. If you persevered this far I offer one book that has some interesting reading on the topic - Cracking a Terror Network - is written as fictional account with a CD with supplemental information. If you curious what sorts of Eco inspired threats we have check out these: Terrorist or Freedom Fighters and The Logic of Political Violence.

Enough said. I'll try and keep them shorter in the future.

Friday, July 08, 2005

Starting now..

Since starting the the House of Worship security blog it dawned on me that it might be better to also put together a blog on general security issues. Then the attack in London yesterday made the point a little more clear.

Here we will look at more general security concerns - businesses, schools, transportation, secure storage, networks, and so on... Not the same old technical rehash that hits ever other site, but instead a steady effort of addresses the concepts, foundations and thought-process to make the technical stuff work.

Yes, there is theory behind security. Not many realize it but it's there. Blame it on an industry that grew up under strange circumstances, with lots of different (and often competing) egos, and little thought to ethical goals or metaphysical concern.

So here goes... The foundation for today's organizational security efforts are grounded in the ancient concept of 'self-defense.' This can be traced back to the concept of 'self-preservation' however self-preservation may be used as a justification for aggressive violence which is not the point here - or within a society governed by the rule of law. Self-defense implies that another entity is the aggressor and the 'self' is taking action to thwart that aggression. So an individual is permitted to take action in self-defense. Since organizations within our society are granted many of the rights and obligations of an individual then they two are permitted to use this doctrine of self-defense. There we now have a foundation for our security efforts.

Why is this important you ask? Well, over time we will see some security activities and ideas that are pretty murky in terms of their 'rightness' and having some sort of a foundation provides the ruler to measure it.

But more importantly... It's the foundation for the effort and so a good place to start this blog.