Let's all take a minute and remember the 17 dead and 42 wounded in the attack on the USS Cole five years ago today - that would October 12, 2000. See the Stars & stripes tribute
many of the other news outlets.
Now take another few minutes and ask yourself what it is you, as a security professional (or just someone interested in security), can learn from this unfortunate event. For I'll start with the Cole Commission Report
and work from that since we can all make unsubstantiated comments until the cows come home. Nothing beats information that can be sourced and, regardless of what you might think of commission reports, they generally do include some analysis of the facts surrounding the event.
I'll just take a few of the findings from the commission and equate them to the life of today's security manager or director. I'm sure there are other findings that can be used here, but these will suffice.
Disclaimer: All comments below are intended to relate the findings of the report to day-to-day security concerns - tending toward the commercial sector. In no way am I commenting on the performance of individuals involved or activities that affected the USS Cole.
Finding: Better force protection is achieved if forces in transit are trained to demonstrate preparedness to deter acts of terrorism
Deterrence works! Realistically it does not ALWAYS work, but then that's why a good security program goes beyond this one layer. Presenting a formidable (read: professional, well-trained, and prepared) image absolutely works in your favor. It discourages the casual nuisance and makes the committed plan more thoroughly - which means more time [the value of which we'll discuss further on], more tools and expertise (and probably money as well). Time, tools, expertise, and money are all commodities. To quote an old teacher, Dr. Kobetz, "Time is on no one's side. It is a commodity. You must decide how you will use it." I think we all familiar with the limitations on tools, expertise and money in preparing an attack.
Finding: Service AT/FP programs must be adequately manned and funded to support threat and physical vulnerability assessments of ports, airfields and inland movement routes that may be used by transiting forces
This goes right back to two recurring points - Know your environment and know what you are protecting. Sun Tzu said it like this (depending on the translation you read), "Know yourself and know your enemy; fight 100 battles have 100 victories. Know yourself and not your enemy; fight 100 battles have 50 victories. Know your enemy and not yourself; fight 100 battles have 50 victories." Get the point? The idea has been around for some time. So conduct Risk Assessments that include a view of the Assets, the Threats, and the Vulnerabilities - and keep them current over the years. A week old report is dated if it was conducted before an additional 100 employees are moved into your facility along with all their activities. So keep organizational plans in the mix as well.
Finding: The Geographic Commander in Chief should have the sole authority for assigning the threat level for a country within his area of responsibility
This applies in a couple of different ways here, but mostly a local security manager should be empowered (including being properly trained, mentored, guided, advised, and evaluated to be effective) to affect the protective posture of their site, location, facility, or area of responsibility. In an executive detail there is a fine line between the boss (principal/protectee) being in-charge and the protector. This is a very, very fine line that affects credibility when crossed one too many times. When the threat is identified then the principal's behavior must alter - this could mean many different things with the most extreme of which is being led by their security detail away to a safe location. In terms of a commercial facility it may simply be not allowing access through auxiliary doors and conducting a 100% ID check at the approved access point, or deploying counter surveillance folks into the parking lot/traveled way to observe those paying attention to the facility. This capability must reside at the lowest reasonable level to ensure timely preparation.
Finding: We need to shift transiting units from an entirely reactive posture to a posture that more effectively deters terrorist attacks
Here we are again with deterrence. Let the bad guys know that you mean business. In a retail setting this means signs, awareness programs, and making sure employees and customers know that security is involved. This does not mean that any shoplifter that is caught should be dragged by their hair through the store - don't forget the professional image. Roman soldiers were known for their discipline - they were feared because this discipline was unwavering - not so much because they were individually so ferocious. I once heard a quote from a friend that he claimed to have read (and I don't doubt him) concerning the Roman Army - "Ten disciplined soldiers are worth 100 warriors." Deterrence can be found in the effect of professional discipline and a willingness to act in concert. Consider the being the first barbarian commander to see the Romans employ the Greek technique of the tortoise formation with shields interlocked in front and overhead as they advanced - with each fallen soldier being immediately replaced by another. Now consider how your adversary may respond to a similar level of discipline and determination. Deterrence works at all levels from the initial appearance to the presentation of the response.
Finding: In-transit units require intelligence support tailored to the terrorist threat in their immediate area of operations. This support must be dedicated from a higher echelon (tailored production and analysis)
Intelligence - one of my favorites. Know your environment and how your adversary operates - but remember that this changes with very subtle geographic (and cultural) differences. Focus your intel efforts. What? You say you're a company and can't conduct collections. Hogwash! Get out and talk to people, but more importantly LISTEN to them and anyone around you. Search online; what you find may not be local but it also may provide context or a new mode, method, or technique you were unaware of - and it takes a professional to take this extra step. In retail this means going out into the mall or local community and watching, listening and talking with your peers. Stay within the law but collect.
Finding: Service counterintelligence programs are integral to force protection and must be adequately manned and funded to meet the dynamic demands of supporting in-transit forces
This is back to knowing your adversary or more accurately what they know or are trying to learn about you. Know your own "covert channels" (try here, or here for information). Who's watching you, your people, and so on. Again, at the very least, just listen to those around you, other employees, your industry peers, the news; just listen.
Finding: Service Level II AT/FP Training must produce a force protection officer capable of supervising unit training and acting as the subject matter expert for the commander in transit
This says so much. What do you know about security officer, security supervisor, or security manager training? Training is essential. If you are not taking every opportunity to train, improve, train, improve, train, and improve your protection team then shame on you. The military is generally really great for this mindset. Once again we should revisit Patton's thoughts on this, "A gallon of sweat in training is better than a pint of blood in battle." Or as presented in one of Marcinko's books, "Train hard, fight easy!" Although enough may be said about training - enough is rarely done about training.
Just a few comments on what every security professional/practitioner can learn from a tragic event.
See the entire post