When you hear the term counter-terrorism, it brings to mind images of law enforcement, military and the CIA.Today many western countries have special units, designated to handle terrorist threats.But few people would put corporations on that list of organizations counter-terrorism brings to mind.This article by homeland security columnist Kevin Coleman discusses the state-of-the-art in corporate counter-terrorism.
But few people would put corporations on that list of organizations counter-terrorism brings to mind.It is hard to believe that behind red mahogany desks, professionals are now deeply involved in security measures to protect their organization, employees and customers against terrorist attacks.This article will examine how corporations are involved in the fight against terrorism.
What is counter-terrorism? It is defined as the practices, tactics and strategies that governments, militaries and other groups adopt to fight terrorism.Counter-terrorism is not specific to any one field or organization; rather, it involves entities from all levels of society.
There are a number of aspects to corporate counter-terrorism.This multi-part series will examine each of those aspects.(Other subjects addressed in the series will include compliance, sharing information in the private sector and government, and testing crisis management plans.) Two ways corporations are involved in counter-terrorism is in their development of security plans and engineering and retrofitting facility designs so that security is built in rather than bolted on.Let's take a closer look at physical security and business continuity planning in more detail.
Scanning briefcases, handbags, backpacks, boxes and packages that are hand carried in and out of a corporate environment has become one component of physical security measures now in place at corporations around the world.By scanning individuals with walk-through body scanners and handheld metal detectors, a corporation can significantly reduce the risk of a terrorist attack.Some have even installed bomb detection equipment.But now engineering firms have joined the fight to protect the organizations premises against terrorist attacks.These engineered means of protection include offsetting drive ways from direct alignment with entrances.This is coupled with the use of crash barriers.
The picture below shows the entrance to a popular shopping mall.As you can see there are no barriers in front of the aluminum and glass entrance doors which are all that stands in the way of a vehicle crashing through the perimeter and entering into the main level of the shopping mall.This specific mall was named as a possible terrorist target about 18 months ago.The plot was foiled by the FBI, and several individuals were arrested.But it leads to the questions as to why no protective measures have been taken to prevent such an attack. Repainting parking lots and adding decorative planters that serve as crash barriers are two economic measure that serve to protect the physical security of the facility.
After the anthrax attacks on corporate and governmental facilities a few years ago, multiple organizations have examined protective measures to guard against anthrax and other biological attacks.One such measure was the isolation of the HVAC (heating, ventilation and air conditioning) systems in the mail room from all other areas of the building.This isolation serves to limit the spread of any biological agents into other areas of the facility.
Another method of terrorism focuses on the corporation's customer. Customer intimidation is a popular form of terrorism with eco-terrorists and other special interest groups.It is designed to deter customers from supporting a specific product or corporation.Past acts of terrorists include poisoning food, and tampering with drugs and other products in an attempt to spoil a company's reputation.Another terrorist tactic is arson.Setting fire to corporate facilities and disrupting the normal flow of business hits them in the wallet. Sabotage is yet another tactic employed by terrorists.Terrorists have shut down oil drilling platforms and have attacked factories. Occasionally, terrorists attack the customer directly in order to scare them away.
The federal government is heavily involved in research and development of engineering techniques needed to safeguard facilities against terrorist attacks.The government's efforts are centered at the U.S. Army Corps of Engineers, Omaha District.The district's Protective Design Center (PDC) is the Center of Expertise for anti-terrorism and protection engineering support.
The PDC works in two mission areas - security engineering and hardened structures.The first deals with criminal and terrorist threats, the second with military weapons.The district's sister office in Huntsville, Alabama, handles electronic security systems.These efforts, plus advances in hybrid nano-materials, are producing innovative techniques and materials to make facilities more resilient to terrorist attacks.
So what are the hot areas in the race to build in security and resistibility to terror attacks? That question is difficult to answer due to the pace of change and advancements that are taking place in this area of engineering.We conducted a one-on-one telephone survey of companies $1 billion and above.The chart below is taken from those results. Currently the list below identifies the top five areas of applied research.
- Blast mitigation
- Immune building systems (Chem/bio agent containment)
- Building intelligence
- Invisible security and monitoring
- Self-sustaining facility infrastructure
These features do not come without significant expense.Therefore a risk based approach is used to determine what counter-terrorism functions and features will be incorporated in the design.The approach first assesses how likely a target the facility represents as well as facilities location in the close vicinity to the site.After the risk factor is calculated, an attack scenario vulnerability analysis is conducted.This analysis examines multiple types of attacks and evaluates the degree of impact each attack would have based on multiple design parameters.
Once the building is designed and erected, the counter-terrorism efforts are not over.Now an organization must determine how it will operate if an attack does occur.Now we will turn our attention to resuming operations after an incident.
Business Continuity Planning
Most executive believe it is not a question of "if" but "when" another terrorist attack will occur.In light of this heightened state of threat awareness, decision-makers are faced with a new reality: proactive counter-terrorism planning.Business continuity planning is now an essential part of enterprise risk management.These plans may determine operational continuity and corporate survival following a terrorist attack.In the recent past, continuity planning was typically limited to the IT department.Today, corporations have significantly expanded continuity planning in areas of facilities, staff, production capabilities and other resources.In January of 2006, one of the Fortune 250 is conducting an executive training program on counter-terrorism for the corporation.This training will examine cyber-terrorism and bio-terrorism, and will include a table-top exercise based on the bird flu pandemic.This is one of, if not the first, corporate program of its kind.Assessing and the devising a business continuity plan that will lessen the impact of a terrorist attack requires scenario planning.
Scenario planning is a critical technique for intelligence analysis and continuity planning.Most business continuity planners deal with traditional threats.Threats like power or computer outages, natural disasters, labor unrest and network failures were all common scenarios. But today, with the threat of biological attacks, weapons of mass destruction, car bombs, suicide bombers and other terrorist acts, corporate planners are finding themselves in unfamiliar territory.The complexity of these new events, challenge even the most senior planners.
As you can see by the cover of the International Association of Counter-terrorism Professionals (IACSP) below, scenario-based intelligence analysis is critical for counter-terrorism planning.Scenario planning involves identifying trends and characteristics, and exploring the implications of a given event.The logical scenario planning process described below is designed to stimulate creative thought, collect and analyze information and generate a series of scenarios.Scenario planning is not about predicting the future.It is about exploring the future.If you are aware of what could happen, you are more likely to be able to deal with it.As different trends are chosen and different combinations of forecast levels are combined, a whole new spectrum of possibilities can be identified.
Organizations are developing scenarios related to terrorist attacks and, as mentioned above, even a bird flu pandemic.They use transdisciplinary intelligence engineering (TIE) techniques.TIE was pioneered by a company named Intelomics. So why are businesses so concerned about the bird flu pandemic? While the bird flu is not a terrorist attack, it constitutes a significant threat to the security and well-being of the country.In addition, the bird flu could be considered a dress rehearsal to a bioterrorism attack.The financial implications of business disruption associated with a flu pandemic are extremely high.Recently released figures from a government study (the GAO's study on the economic impact of the bird flu) show the impact a pandemic could have.
If a pandemic were to occur in the U.S., the following could result.
- Up to 40% of the workforce could become ill.
- An estimated 92 million people will become ill.
- An estimated 2% of the workforce could die.
- Isolation could span weeks into months not days.
- Total economic impact could exceed $600 billion.
While governments around the world have expended significant effort to guard against terrorist attacks, corporations, indeed the whole private sector, faces significant challenges.It is no longer just about guns, guards and gates.Information, intelligence and integration are equally as important.In the U.S., over 80% of our infrastructure is owned by corporations.These corporations must take significant measures to protect the building, systems and resources and shoulder the financial burden.
Corporations in general are also under threat of attack by terrorist organizations.Many corporations have become the bane of many terrorist organizations and are key terrorist targets.High ranking corporate officials are often assassinated, corporate offices are blown up and company assets sabotaged.
Security is extremely costly when you bolt it on.Estimates of the cost to protect the private infrastructure approach $200 billion annually. When security is engineered and designed in, it becomes much more affordable with a significant degree of increased protection.So the question remaining is - do you have the time to make these changes before you experience an incident?