Security Leadership and Management

Proud To Be Security: How Roles Changed After 9/11

September 1, 2011
Trans

On Sept. 11, 2001, Stephen Morrill spoke to the FBI, dealt with the media, executed a crisis management plan, comforted a grieving family and assisted company employees get safely home. And all that was before the end of the business day.

Morrill on that day was director of corporate security at Teradyne and is now executive director of corporate security at Charles River. He experienced 9/11 in a way that he believes has changed security’s role forever.

“The tragic events of 9/11 remain the single most important turning point in corporate security’s new role within business environments both home and abroad,” he says. “Prior to 9/11, the CEO’s corner office remained somewhat inaccessible, as most corporate security reported into corporate HR or corporate legal, and the exposure to the Executive Committee and CEO was limited to an occasional presentation on the status of security against our five-year plan.

“And then suddenly all things changed, at our company, Teradyne. We began monitoring shortly after the first airplane hit the Twin Towers. By the time the second airplane hit, we realized this was not a horrible accident, and most obviously an act of terror. I immediately grounded all Teradyne employee travel. Fortunately we had a good plan in place with our travel vendor, American Express.

“We quickly realized we had one of our employees on AA Flight 11, and we began our first conference call with the crisis management team and our CEO, who was on business in Chicago, at 10:00 am. We engaged the crisis management plan, opened our command post and occupied an executive conference room on the 10th floor adjacent to the CEO’s office. Within the first hours we received inquiries from the FBI relating to our employee on Flight 11, whose Middle Eastern surname needed to be checked out. Employees needed grief counseling, and the employee’s family needed explanations and assistance, plus we needed to get our CEO home from Chicago, and other employees in travel, with all domestic flights cancelled, needed answers.

“I recall during our first conference call a request to close our Boston offices, which would have sent 800 employees onto public transit. My immediate response was to remain open and allow employees to stay or go based on their own situations (there was no indication Teradyne was being attacked, but every indication transportation was under attack). There were many time-sensitive decisions that had to be made over the next 48 to 72 hours: what and when to inform our employees, the media, the authorities and more, all of which drew upon my 30 years of experience with the FBI. We did not get much sleep in those first few days, but we were always ready for the next conference call or meeting.”

Needless to say, Morrill’s CEO appreciated his efforts, and months later when he announced he was planning to leave the company for a new position at Charles River, his CEO spent nearly two hours in his office trying to convince him not to leave the company.

Morrill adds, “When I was a young FBI agent in New York City, a senior agent once told me we are like firefighters: ‘When the bell rings you must respond.’ He also told me that ‘It’s not what you do…it’s what you might have to do.’ I have always kept these statements in mind as I negotiate whatever storm and peril that needs to be managed.” 

As Morrill so eloquently states, since 9/11, corporate security has a seat at the table during all crisis management events, and there is no reason for not having been there before.

 

9/11 Financial Losses and Gains

Beyond the emotional toll that 9/11 took on the U.S., business took a hit as well. Insurance losses were more than one and a half times greater than what was previously the largest disaster (Hurricane Andrew) in terms of losses. The losses included business interruption ($11 billion), property ($9.6 billion), liability ($7.5 billion), workers’compensation ($1.8 billion) and other ($2.5 billion).

The 9/11 attacks compounded financial troubles that the airline industry already was experiencing before the attacks. Share prices of airlines and airplane manufacturers plummeted after the attacks. Airlines were threatened with bankruptcy, and tens of thousands of layoffs were announced in the week following the attacks. 

Tourism in New York City plummeted, causing massive losses in a sector that employed 280,000 people and generated $25 billion per year. In the week following the attack, hotel occupancy fell below 40 percent, and 3,000 employees were laid off.

Not every industry suffered, at least not long term. Since the 9/11 attacks, substantial resources have been put toward improving security, specifically in the areas of homeland security and national defense. That includes new companies, technologies and personnel (see “Security Initiatives Since 9/11/01”). The growth has been substantial and far reaching on a global basis.

Security manufacturers sprung up to market and with them a tremendous amount of new ideas and equipment. “In many ways 9/11 inspired many companies and individuals to innovate in this industry like never before,” says Guy Grace, manager of security and emergency planning, Littleton (Colo.) Public Schools. “Sure, it was capitalism at its finest, but I personally met many people in the industry who were doing it out of patriotism as well. I never felt more proud in my life.”

After 9/11, shares Thomas Collins, security manager for the City of Houston’s Public Works & Engineering Dept., came “security technologies changing so rapidly that the obsolete cycle on new technologies is shrinking to less than six months for certain technologies, especially in the fields of cyber security, video analytics, the wireless network grid and imaging.”

  

100 Years in 10

It’s as if the security industry developed 100 years of technology in 10 years.

“On the technology side, 10 years is like an eternity,” says Fredrik Nilsson, general manager, Axis Communications. “We all know that technology development moves very quickly. Who would have imagined iPhones, iPads and Androids 10 years ago? Today everyone has them. With security technology – specifically in the areas of IP-based systems and image quality – innovations have happened as quickly, which has increased the capabilities of our systems today to provide the security necessary in the society created post 9/11. Still, we must stay vigilant with tech innovations and training.”

Ten years ago security technology was dominated by analog and all the limitations that go along with it: grainy picture, no intelligence and disparate systems, Nilsson says. “That last limitation might be the most important, as it could take weeks for law enforcement and Homeland Security personnel to collect and string together footage of major security incidents, which can give perpetrators more of a head start on investigators.”

The rise of network cameras – specifically in city surveillance projects around the country – has not only drastically increased image quality with HDTV and megapixel cameras, but they provide redundancy with onboard storage, local intelligence both in-camera and on the servers, and the ability to integrate systems with tens of thousands of private and public cameras, Nilsson says. He adds that “the so-called Lower Manhattan Ring of Steel project is a great example of this increased sense of togetherness: public and private entities combining technology assets to protect and serve.

“As we move into the future, hosted video will play a role in risk management as the video that can be stored offsite via an Internet-based cloud service, which provides an extra layer of redundancy as well as video access during a natural disaster or security crisis,” he notes.

John Romanowich, president and CEO of SightLogix, believes that the shift from analog to IP has been the most significant change since 9/11. This is more than just a technological transition. It has enabled a whole new level of security by collecting, organizing and disseminating information in ways that were unforeseen prior to 9/11. “When you can couple the information management capabilities of a modern physical security information management system with increasingly accurate cameras and detection systems, you build a security solution that drives new levels of responsiveness and accountability and greatly lessen the impact of any security event,” he says.

“To be sure, it’s been a challenging environment for some security firms to move to this new generation of networked systems,” he says. “And just as any prior transition to IP, the early solutions need high levels of integration. The good news is that over time these systems become more capable and accountability can be scaled across large organizations.”

“No doubt,” adds Jeff Kessler, managing director at Imperial Capital, who has analyzed the security industry for many years. “Following 9/11 there was a surge of interest in investment in security companies and technologies and services, both from the public and private sector,” he says. “There had been several companies that were already involved in bomb detection and defense; however, the infrastructure from the government and private industry to put together an organized response to what was now an asymmetric threat as opposed to a symmetric threat was not up to where the stock market thought these things would go.”

With new companies and technologies came products being “sold more intelligently into more open systems that are increasingly being run by larger and smarter integrators,” says Kessler. “Past integrators were unable to deal with anything that was complicated; now we have companies like Diebold and Siemens who can deal with large government projects and help companies be preemptive, versus reactive.

“We are moving into a world where the security integrator and those few who are larger and have known expertise in both physical and IT capabilities can provide one-stop shop service to government and large enterprises,” Kessler says. “Companies like ADT, Stanley, Convergint and SimplexGrinnell all have developed high reputations for being able to install government and larger enterprise projects with a high IT component and a high level of service component into them. The reputation and brand of the guys putting in big security projects rely much more on their capability to design, consult and do post project advisory. Without these services you don’t get the brand, you are just an installer,” he says.

“Absolutely, today’s customers are much more educated and expect technology and the integrators that install and support it to partner in deterring or preventing events from happening altogether,” adds Tony Varco, vice president of security for Convergint Technologies. He notes that since 9/11, end users are recognizing the key role that ongoing proactive service plays in keeping their investment in physical security operating as originally designed, mostly because there’s so much more at stake.      

In addition, the security guard became a profession, not just a job. “No longer can corporations employ uneducated, improperly trained security personnel,” says Sandi Davies, executive director of the International Foundation for Protection Officers. “Our enrollment  into our certification programs escalated immediately following the 9/11 terrorist event, and since then we have seen a continued growth pattern in the delivery of educational programs. Corporations recognize the need for educated and trained professionals, and therefore the salaries and working conditions reflect this and a higher caliber individual is filling these job vacancies. Where as 10 years ago there wasn't much of a future in private security, there certainly is a clear concise career path now.”

 

Security’s New Role

With all that, corporate security’s role was pushed center stage. It was a role that many security executives were more than ready to embrace, because prior to 9/11, many argue that corporate security’s mission was taken largely for granted. “Unless they (the C-suite) had been a victim of kidnapping or similar crime, their view of security was generally a necessary but silent component to appease the stockholders,” says Morrill. “Since 9/11, I believe the perception of a grey-haired former government bureaucrat sitting in a small office at the least desirable section of the corporate office has changed forever. Crisis Management is serious business. Preparation for worst case scenarios, gathering intelligence and building secure sites remain a keen interest of every stakeholder.”

“If anything, it certainly raised the awareness from both public and private sector, as to the importance and value of security functions within organizations,” shares Jeff Larner, CSO for Peabody Energy. “Specifically, from a crisis management and business continuity standpoint, it raised the bar in terms of preparedness and response. I believe there’s more of an emphasis on the proactive nature of our business in terms of planning, yet having an effective response mechanism to support the organization, depending on the crisis. There’s always a price to be paid and a series of compromises for increased and enhanced security measures that we all personally have seen and experienced, particularly as we travel.”

Security has become more of a partner and accepted as a profession at the C-suite level more so than prior to 9/11 and the necessity of a solid security program is now evident to many organizations.

“In pre 9/11 surveys the threat of terrorism didn't even make the top 10 list of important security issues, according to security directors,” says Michael Lynch, chief security officer for DTE Energy. “The post 9/11 focus on terrorism has given security directors access to executives and the board room. As a result, astute security professionals have leveraged that access to become more closely aligned with enterprise leaders and leverage that influence and access to help business leaders to achieve corporate goals. Security directors should reexamine their functional responsibilities to make sure they are in alignment with the enterprise goals and objectives.”

“Our focus before was on the easy stuff like robbery, burglary, internal crime and the occasional active shooter,” adds Darrell Clifton, director of security for Circus Circus Reno. “These were threats we could deal with on our level, and throw resources at, to prevent or mitigate. Risk was something we could calculate and manage in our heads. When the World Trade Center came down, I think every security professional had to come to the same conclusion: the rules have changed. Not only have the rules changed, but the game and its players changed. Now, instead of just adding another threat to our list, we have added another dimension to risk assessments which changes the way we design buildings, conduct business and even hire employees.”

With as much progress that has been made with corporate security’s role, some are surprised that the progress has not been greater. For example, justifying security spending continues to be a challenge, even in the wake of 9/11 and other recent terrorist threats. “We have seen the devastation caused by a terrorist attack and we have felt the impact across almost every aspect of our daily lives. But despite still being in a war on terrorism and encroaching violence from our southern border, we reduce security staff levels and limit training and education opportunities while also decreasing technology purchases from corporate budgets first before other departments,” says Dave Shepherd, CEO of the Readiness Resource Group. “Security cannot be the first department reduced in challenging economic times because companies do not understand the return on security investment (ROSI) and overall value security adds to a company now and well into the future.”

Shepherd says that companies are visionaries when it comes to marketing, but often forget providing the safest work environment and the most secure property for guests and exceptional mitigation skills “cannot be computed on the monthly ledger, but will resonate deep in the hearts and minds of those individuals who experience the true value of a professional security staff,” he says.

“In general I think we have made great strides in security across the U.S., especially in the private sector,” says Tony Byerly, president, North America and United Kingdom director for Stanley Convergent Security Solutions. “Unfortunately, however, I am probably most surprised that some of the immediate concern and consideration for security has started to wane somewhat the past few years as time elapses since 9/11. This naturally manifests itself in challenges to security budgets and funding across businesses as well as government agencies. Immediately after 9/11 we saw the creation of chief security officer (CSO) positions and direct line reporting for security moving to the C level in many companies.”

Essentially, it’s critical to avoid falling back into a pre 9/11 environment where safety and security become a second-tier business priority, Byerly says. 

Going forward, security should be positioned within one’s organization as a “solutions” organization, suggests Bob Messemer, chief security officer, The Nielsen Company. “As security professionals, we excel when we call out risk, (especially unforeseen risks) and provide our business leaders with cost-effective options for resolution,” he says. “Many of my colleagues and fellow chief security officers become frustrated when business leaders ignore their advice. However, it isn’t enough to merely call out the risks. We as security professionals need to find cost-effective alternatives that mitigate the risks to acceptable levels, as well as allow for the business to move forward in order to capture new business opportunities. In this mode, security moves from merely being a part of ‘financial overhead’ to becoming viewed by leadership as a competitive advantage.”

Looking forward to the next 10 years, Messemer suggests that security professionals must demonstrate the ability to:

•  Serve as the CEO/CFO/CXO’s single point of contact for risk management insights and solutions.

•  Excel in crisis management and communications.

•  Engage prospective joint venture partners in forging feasible risk mitigation strategies.

•  Offer assurances to clients that their data and intellectual property will be adequately protected.

•  Serve as a trusted advisor to the firm’s audit committee.

 

Risk Management Grows

While risk management was part of an enterprise’s security plan prior to 9/11, it also evolved that day from a perfunctory exercise to a recognized platform for driving business value. Smart business leaders and external board directors are demanding highly cost-effective risk management practices that identify and mitigate risks, says Messemer, and 9/11 propelled that thinking further. Effective risk management is now fully integrated into the decision-making functions in an organization’s financial and operational planning as well as in asset allocation and performance appraisals.  “Recently, we conducted a risk assessment of the off-shoring of data processing work previously performed in North America and Europe,” Messemer shares. “Before, the tasks were performed across multiple, complex legal and regulatory frameworks. The tasks were consolidated into fewer facilities that shared a universal standard for business continuity and disaster recovery plans. Insurance underwriters audited the changes and lowered our insurance premiums, resulting in substantial savings over a three-year period.”

“Risk mitigation and management has always been a part of every security organization’s function in recognizing, identifying and mitigating threats,” says Larner. “I believe companies and organizations are [now] taking a harder look at myriad issues such as travel security, crisis planning/business continuity, protecting critical infrastructure and executive protection measures.”

Risk management is now accepted by many organizations for the value that it adds through the identification, avoidance, mitigation, or sharing of the events that might occur affecting a company. “Enterprise risk management, for example, is not a new concept; but many organizations are just beginning to realize the savings potential of this philosophy by having everyone in the organization play a role in preventing issues before they occur or at the very least make certain that all employees know their role should an event unfold,” says Bryan Warren, director, Carolinas HealthCare System Corporate Security.

“Risk management can take many forms, be it an annual hazard or threat vulnerability assessment, a training program designed to educate personnel on the roles and responsibilities in the event of an incident, or a more extensive program that aligns the organizations risk thresholds and approaches based upon pre-defined levels of risks,” Warren says. “Regardless of how it is approached, a good risk management program can enhance risk response decisions and mitigation strategies, reduce the likelihood of unexpected losses and setbacks, identify and manage cross-departmental risks more efficiently and improve the use of capital funds and other finite resources. Years ago, this would have been a byproduct of a high-quality security program, but risk management has certainly become its own vocation and rightfully so.”

  

A Work in Progress

Today we have security cameras, access controls systems, gates, ID cards, a heightened level of awareness, security has a permanent seat in the C-suite and risk management is part of a company’s business plan.

Yet there’s still work to be done. The Transportation Security Administration continues to receive backlash over airport security. Funding remains an issue. And standards are a work in progress. 

“One of the things we learned in the aftermath of 9/11 is that interoperable communication and full situational awareness are key to properly dealing with any incident or emergency from start to finish,” says Rob Hile, director, Integrated Security Solutions for Siemens Industry, Inc. “Without interoperable standards, it’s a huge challenge and sometimes impossible to ensure that everything communicates in a cohesive manor when we need it most. While this integration challenge may be a great thing for the integrators out there, it’s certainly not the best solution for the industry, end user or market. Unfortunately, this is not going to change anytime soon unless the end users and first responders start demanding open standards and true interoperability. On a positive side of things, the increased level of synergy among security professionals and other key stakeholders like IT, risk management and first responders has brought the standards issue to the front line of the challenges that need to be addressed going forward.”

Education in security as a profession needs help, as well. Chris Hertig is a member of the Behavioral Sciences Department at York College of Pennsylvania, where he teaches courses in security management. He suggests that security needs a greater tie in with academia. “This is the major missing link in the development of the security profession,” Hertig says. “After an initial explosion of Homeland Security programs and increased student interest in security management courses, the growth has slowed. Some of the Homeland Security programs are research oriented. Over time this will transform the industry into being more scientific.”

While some professional associations such as ASIS International, the Association of Certified Fraud Examiners and the Loss Prevention Foundation have launched successful initiatives to educate students and faculty, courses in security and risk management as a future profession need to be prevalent on college campuses.

“Hopeful signs are that lower-level academic programs are growing, such as Job Corps and trade and vocational schools,” Hertig says. “There seems to be a ‘bottom up’ movement. The ‘top down’ movement of increased professional certifications and graduate programs may someday meet the ‘bottom up’ – somewhere in the middle.”

There’s also concern by many that Americans are becoming complacent and cannot sustain a high level of awareness to be safe, all of which makes security’s job more difficult. “There is still a level of false security that I find surprising all these years after 9/11,” says Gadi Piran, president of OnSSI. “For example, what is the point of asking for ID when someone enters a building? Does this tell you anything about the person, whether they have a criminal background or if they’re a danger to the building and its residents? There is also still a lack of proactive security as far as cameras go. We often deploy cameras that are doing nothing in regard to detection and prevention of crime and terrorism.”  

There is much intelligent technology out there, including smart cameras, but much of it is not being used the way it could be, Piran says. “We also need better trained security agents, at airports and other public places. Probably the most qualified Americans to be with TSA and other security operations are those who have spent a couple of years in Iraq. Such veterans typically have developed an innate sense of danger, and who is dangerous, the same as a cop who walks a beat for 20 years. These are the sort of people we need handling security, who can look in someone’s eyes and know right away if they are a danger or not.” 

“I believe that while progress has been made since 9/11, Hurricane Katrina and the shootings at Columbine these events continued to prove we needed to do more when it came to mass communication,” shares Sandy Jones, principal of Sandra Jones and Company, and a founder of Securing New Ground. “Changes and mandates are having a positive impact that have proven effective and new business opportunities have been created in the mass evacuation market with leaders like Notifier, Cooper Notification, Bosch and Code Blue, to name a few.”

We can’t grow complacent in terms of securing “soft targets,” adds Carlos Barbosa, senior director, Strategic Accounts for G4S. “As seen time and time again, a small group (even an individual) who is motivated, focused, trained and disciplined can do a country great harm where it hurts the most.”

Active shooters, workplace violence episodes and countless other tragic occurrences continue to happen at an alarming rate. Instead of 9/11 being a wake up call to the populace, many are still under the spell of denial that they need to do nothing to prepare for an emergency situation, adds Warren. He admits that there are the exceptions on the polar opposite of the spectrum, but “the vast majority of Americans seem to be under the belief that someone will simply take care of them when an event happens. Hurricane Katrina and its aftermath, the Virginia Tech shootings and so many other incidents that should give a reasonable person pause and consider ‘what if’ and make some type of preparation just have not had the effect that one would think. I don’t feel that everyone should be paranoid about security issues, but the casual attitude and a ‘sense of entitlement’ mentality still surprises me to this day,” he says.

Unfortunately, even after 10 years we have really not figured it out, adds Clifton. “Our government is doing some things really well: preventing several more attacks and apprehending a handful of would-be bombers. However, airport security, border security and the immigration process are obviously not as good as they could be. As for the security industry, our partnership with the government has improved through better communication and a genuine willingness to help. But it seems that no real best practices have emerged – from the private or public sector – for preventing terrorism. New technology, intelligence-sharing and government participation seem to be dependent on where you live and who has the most grant money.”

“The one area that is more disturbing, rather than surprising, is the degree of complacency that has settled back into our society,” adds Tom Giannini, CPP, director of security and emergency communications marketing for SimplexGrinnell. “While much progress has been made to improve security within the private and public sectors since 9/11, most of the critical infrastructure and security resources are based in the private sector. Not all companies, organizations or institutions have embraced the best practice of emergency preparedness so that they are ready to meet and mitigate risks with improved, proactive security programs. There is no question that improving security requires an investment, but many have not taken the necessary steps to invest in true emergency preparedness because there has not been an event since 9/11 that has shaken our sense of security. From my perspective, these very investments – made in both the public and private sector – have thankfully helped safeguard against another 9/11. But we have more work to do.”

Security Initiatives Since 9/11/01

Many security initiatives have been developed since 9/11, some of which are still works in progress. Here is a partial list, contributed by some Security magazine readers.

•  The Department of Homeland Security.

•  The identification and establishment of the 18 Critical Infrastructure and Key Resources (CI/KRs) for the United States. Recognizing, coordinating and structuring the CI/KRs into sectors provides both the private and public sectors an operational platform that did not exist before. “Protecting one sector protects all sectors,” says Thomas Collins.

•  The “See Something, Say Something” Campaign promoted by the Department of Homeland Security that allows the average citizen to participate in the protection of his or her neighborhood and country.

•  Fusion Centers. “The implementation of 72 Fusion Centers across the United States have provided a nexus for law enforcement agencies and representatives of the private sector to share information and participate in the all-hazards all-crimes fusion center environment,” says Dave Shepherd, CEO of the Readiness Resource Group.

•  The Homeland Security Information Network or HSIN, that allows vetted individuals from both the private and public sector to receive the latest information on the current threat environment, distribution of intelligence reports, notification of training opportunities and even communicate with other security professionals throughout the U.S. in a community of interest.

•  The National Incident Management System. “We have been utilizing the incident command system or ICS in our schools since 2003,” says Guy Grace. “It is a tremendous resource to have this framework in our schools. The system helped us to organize our major crisis response elements. The school districts’ ICS has dealt with countless emergencies over the years, and without this ICS structure we could have had some disasters.”

•  CFATS (Chemical Facility Anti-Terrorism Standards) regulations and mandates address some of the most critical assets in the U.S., such as chemical plants, electrical generating facilities, refineries and universities.   

•  “The SAFETY Act that was passed in 2002 to encourage the development and deployment of anti-terror services and technologies without fear of liability in the event of more terrorist acts,” says Marc Shapiro, senior vice president International Accounts Division, G4S.

•  “As controversial as the Patriot Act may be to some Americans, the provisions within the act have enabled our federal agencies to gain the intelligence to implement pre-emptive actions to help thwart terrorists domestically and globally,” says Tom Giannini of SimplexGrinnell.

•  “Private and public cooperation initiatives, such as the FBI’s Infragard program, provide an excellent forum for public education,” says Bob Messemer. “While Infragard pre-dates 9/11, it quickly became the preferred forum for the exchange of ideas between the public and private sectors in how to better protect critical infrastructure assets vital to our economic development and national security.”

“The reality is while these activities are ‘worthy,’ nothing can ever replace the losses and tragedy that came out of the terrorist acts and crisis of 9/11,” concludes Sandy Jones of Sandra Jones and Company. “I can only hope that as an industry we continue to recognize that our products and services can make a difference, help save lives, protect assets and mitigate risk.”

Securing Critical Infrastructure Post 9/11

The cyber and physical security of the North American power grid is center stage in the efforts to ensure critical infrastructure resilience in the United States and Canada. Every aspect of modern life depends on electricity, from banking and finance to transportation, from education and social services to operation of our military complex, from hospitals and public safety to communications. The North American Electric Reliability Corporation (NERC) leads the effort to improve physical and cyber security for the bulk power system by initiating leadership, supporting security practitioners and moving the electric sector forward by addressing threats to critical infrastructure. NERC coordinates electric industry activities designed to protect the industry’s critical infrastructure from physical and cyber threats. Security is addressed in the daily operation of the electricity grid and in future planning of the grid.

Here, Mark Weatherford, vice president and CSO of NERC, shares his thoughts on securing the electric grid post 9/11:

“Security has become a more visible component in the everyday lives of American citizens, and there has been tremendous change in both the requirements of government and business and the expectations of citizens. People are more aware of their surroundings and more willing to identify things that are out of place or unusual. Within the private sector critical infrastructure communities, the events of 9/11 provided illumination of how critical the secure operation of our businesses is to the functioning of society. Within the electricity industry, events over the past 10 years that resulted in geographically isolated specific power outages combined to drive vast improvements in physical security of plants and facilities. On the cybersecurity front, the electricity industry has been very proactive in developing mandatory and enforceable security standards for those entities considered vital to the reliability of the bulk power system in North America.

The electricity sector has had a mature understanding of risk management for many years as related to natural disturbances such as hurricanes, earthquakes and how hot and cold weather can affect the efficient operation of the power grid. The greatest changes in risk management have been in the evolution and understanding of man-made threats such as targeted terrorist attacks and the ever-changing cybersecurity threat environment.

 Within the electricity sector, the development of Critical Infrastructure Protection (CIP) Standards has had a profound effect on the industry. While industry was adopting and incorporating changes in digital technologies to increase productivity and realize economic efficiencies, there was no consistency in the efforts. The CIP Standards continue to evolve as would be expected in any new large scale initiative but in a very short period of time have already resulted in higher levels of consistency and more focused awareness across the North American electricity sector.”

Alerts and Mass Notification in a Post 9/11 World
Joe Wilson

By Joe Wilson, president, Industrial System Division, Federal Signal

The tragedy of 9/11 triggered a long overdue examination of emergency preparedness strategies and the systems in place that keep America safe. Yet, a decade later, as public safety becomes increasingly more important, less than half of Americans still do not have an emergency plan in place and 37 percent do not feel confident in their abilities to react properly during an emergency, according to the 2010 American Public Safety Survey conducted by Federal Signal and Safe America Foundation.

While Patriot Day (9/11) reminds Americans of the dangers that should never be completely removed from our minds, the recent unrest caused by this year’s devastating earthquakes, tsunamis, tornadoes and other severe weather, not only escalates public safety awareness, but reaffirms the need for emergency preparedness. So how do emergency managers effectively communicate in the event of an emergency?

It was not that long ago when the agencies responsible for issuing warnings and alerts to the general public depended almost exclusively on outdoor sirens and radio and television broadcasts. However, today’s emergency managers must consider a much broader spectrum of communication technologies and messaging formats, no matter what type of threat occurs. This includes everything from landlines, cell phones, pagers, radios, text messaging, public address and intercom systems, LED signage, message boards and strobe alerts, to a variety of IP-based technologies, including e-mail, instant messaging, RSS, smart phones and even social networking technologies such as Twitter and Facebook.

These advanced technologies and messaging formats are clearly playing an expanded role in the development of the newest generation of emergency warning and mass notification systems. By the same token, it has become evident that these new technologies must be considered in context with a host of human factors such as age, physical disabilities and cultural differences, which have always been a concern in planning emergency alert and notification systems. For this reason, today’s emergency communications and mass notification planners must consider how the two major domains – increased communication layers and human factors – come together to directly affect the myriad of issues that must be addressed.

An effective, comprehensive emergency warning and mass notification strategy must demonstrate the flexibility to accommodate the needs of different audiences. For instance, consider the needs of those unable to read English, or of people who are simply illiterate. The question begs to be asked: If someone cannot read a text message, then what good is a smartphone platform?

Another example of human factors to consider is the way people prefer to be notified. The Public Safety Survey also revealed that Americans prefer technology for emergency notification:

•    By a telephone call – 26 percent
•    By a television alert – 25 percent
•    By text message – 18 percent
•    By outdoor loudspeakers – 15 percent
•    By radio alert – 10 percent
•    By e-mail – 3 percent
•    Not sure – 4 percent

While it’s impossible to address every issue relating to the expanded layers of communication and diverse human factors in challenging today’s emergency planners and first responders, having an expanded perspective on both the scope and complexity that comes into play in the development of emergency communication systems will help address today’s new set of concerns.

The most effective strategies for today’s and tomorrow’s emergency communications and mass notification systems will reflect the views of planners and decision makers who can answer “Yes” to three central questions:

1. Have you made every effort to understand the needs of your community inside and out? This encompasses researching and assessing the full scope of social and cultural norms, including language differences, as well as evaluating factors such as age and physical handicaps.

2. Have you applied this knowledge to available technologies and leaned on others’ experiences? This includes a thorough analysis of current and potential mediums of communication with a focus on issues that relate to reach, control, and variability.

3. Are you taking all the necessary steps to ensure that the citizens you serve are adequately prepared for an emergency situation? In addition to providing both initial and continuing education and training in emergency communications and procedures, this includes providing information on emergency kits, checklists and instructional pamphlets, while promoting awareness programs.
 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Diane Ritchey

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+