Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Overseas and Secure Column / Security & Business Resilience

How Corporate Security Can Face Down Fourth-Generation Warfare

Just because your enterprise is not operating in a warzone does not make you immune to fourth-generation warfare.

November 5, 2013
Trans

Historically, corporate security professionals have been responsible for making sure the cameras watched cars in the parking lot, access control systems allowed for authorized employees and the alarm system was turned on at night. Add to this, ensuring the security officers stayed awake and the occasional investigation was conducted; and you have a fairly straightforward job description. Recent events though, have redefined the job description for the security profession. To operate in the modern, globalized environment, senior security staff needs to be cognizant of a variety of boardroom level concerns that bring risk to their company; and a new paradigm of thought when it comes to viewing those threats.

             This new paradigm was explored in 1989, when experts on military affairs, while preparing for an article in the United States Marine Corp Gazette, postulated that nation states have, or will soon, lose their monopoly on being the primary war fighters in the world. This theory came to a realization over a decade later as the first major assault on United States soil since Pearl Harbor, was carried out on the nation’s most preeminent financial center on a clear morning in September 2001. The attack was borne out, not by a nation state that was seeking to overthrow the United States or retaliate for attacks on their foreign soil, but by radicalized members of a religious sect that wanted to cause harm to the United States, both on government and private entities that operate inside, and outside of her borders. For the private sector security professional, the business of security, changed from access control, alarm systems and security officers, to being thrust into the world of national defense by enemies that span the globe. In other words, security is moving into being part of the next generation of warfare.

           

Next Generation Warfare

The theory that was put forth in the United States Marine Corp Gazetteis termed Fourth Generation Warfare, or 4GW. The basic construct of 4GW, in terms of security, puts forth that nation states with political agendas and their standing militaries will no longer be the primary participants in conflict. They have been replaced with a conglomerate of religious, social, economic and private entities. The traditional battlefield where large armies have gathered at front lines with overwhelming firepower; has been replaced with an ever-morphing arena where the fight is carried out over the Internet, in the streets and from the pulpit. Weapons of Mass Destruction still exist, but instead of destroying whole populations, they can bring a country to its knees with a simple keystroke. To concisely put it, 4GW is simultaneously a diffuse, disparate, lethal and complex form of warfare that not only is the burden of traditional military leaders, but also those whose duty it is to protect private concerns as well.      

Under 4GW, terms such as “wartime and peace time,” “public and private,” and “soldier and civilian” all but disappear, to be replaced with the blurred lines of ongoing conflict, extremist politics, economics and culturism. The traditional soldier that has allegiance to the nation state is replaced by private contractors and consultants; intelligence agencies come to rely on private companies for gathering, sorting and analyzing information while government clearances for national defense projects are investigated by contracted companies as rapidly as possible. And even though these entities have themselves shown a desire to protect the country, as with all private companies, they are there for financial reasons. Corporations that not only have their own agenda, but have money to influence outcomes on a political and media level, have their own battle in a 4GW world.  

Conversely, the enemy army of yesterday has been replaced with an amalgam of terrorists, government officials, hackers, smugglers, pirates, protestors and sectarian zealots. Some foreign governments will have no qualms attempting to infiltrate a private company through the use of corporate spies or repeated ongoing assault on a company’s servers if they can gain access to new technology or an economic advantage over rivals. Other threats will simply want to cause chaos of some sort to further their agenda. Their targets? Those of opportunity that present themselves to whatever groups they happen to take interest in, including private organizations that security professionals are responsible for protecting. If the company you work for provides a service, operates in a foreign arena or has an agenda, be it political, social or otherwise, than most likely there is some group that will have an issue with this. At that point, your company has become a part of
4GW. 

4GW Threat Spectrum

So, who or what exactly are the threats represented in 4GW? The spectrum that is characterized covers a diverse cross section of potential adversaries. Cyber Threats are represented both on an individual basis, such as the lone hacker sitting in his or her basement, attempting to insert malicious code into your company data because it represents an blow for social change; or governmental affiliated groups operating in a concerted effort to gain systems access for advantages in economic markets or military systems. Armed combatants such as terrorists, guerrillas and lone-wolf gunmen across multiple regions of the globe are potential threats. Political, Animal Rights and Environmental activists that reportedly burn, bomb and destroy targets to further their agenda have allegedly targeted governmental agencies, private organizations and private citizens.    

 

How Does 4GW Affect Corporate Security?

For those responsible for protecting a corporation in today’s multi-national environment, 4GW is less a theory on modern warfare, than a practical operating dictum for day to day operations. For the security operations specialist, having an understanding of alarms, access control and digital surveillance are equally important as global politics, economics and social agendas. For an example of the complexity of 4GW and the impact on security operations, one just has to look at the current events that are transpiring in Egypt and Somalia to see how political, religious and economic events can affect corporations on an international level.

Consider this: If a tanker full of oil needs to get from the Middle East to any number of destinations in the western hemisphere, there are two ways to go: through the Suez Canal or around Horn of Africa. Does the senior security official in charge of advising the Board of Directors for a company advise the ship to go through the Suez Canal, with all of the political upheaval caused by military leaders that have overthrown a democratically elected Muslim Brotherhood? Or should the ship go past the Horn of Africa and the Somalia Coast, a region that is plagued with the most extreme examples of modern-day piracy in the world? And with both of these examples, if a significant event were to transpire in either region, your company would instantaneously be subjected to the 24-hour news media, a fate that will instantly subject your company to scrutiny, no matter the outcome. In this example, 4GW has presented problems both on the operational level in the region where business interests are being conducted, with potential for media scrutiny that could alter public opinion on both the domestic and international level. All of which could have long-term ramifications on you company again, both operationally, socially and financially. Neither of the choices presented are right nor wrong, but merely are examples of the challenges that a security specialist in a 4GW situation has to face.

           

Additional Considerations Affecting Security in 4GW

Not all considerations in a 4GW environment are potential threats. There are other entities that security managers need to acknowledge, not necessarily as a threat, but at least as an active participant with their own agendas that could affect operations both from a protection standpoint and the business standpoint. As mentioned, the news media as a vested interest group can affect the way a nation or people react to events. News anchors set a tone that the public will react to, depending on their reporting politics. If it is a slow news day, then events that would not normally be considered newsworthy might become the talking point of the day, and like the pebble dropped in a lake, it can affect distant shores. Economic interests groups can use social influences as a methodology to alter market values that can drive business in whatever way they deem necessary. Radicalized extremists, who have used violence in the past, can use the guise of economic aid to influence populaces for their own political agendas; a challenge that can easily affect your enterprise’s business interests every bit as much as a bombing could affect them.  

           

Providing Security in a 4GW World

Enterprise security executives know how to protect their companies and have the skill sets to use a range of technologies, tactics and operations in which to accomplish that goal. In a 4GW world though, traditional security strategies may not be enough. Success in a 4GW environment is understanding that you will not “win” battles or stop all of the threats. There will always be another protestor rallying against your company, another terrorist group that sees your operations as a part of the evil whole and another hacker trying to penetrate your computer defenses. 4GW must be approached from the holistic view of managing the threats, understanding why your company is considered a target and becoming a strategic leader with the other business units in your enterprise in order to create a culture of security that reduces risk to the business.

Remember, you are no longer protecting against basic crimes against property, but are now considered part of a greater global conflict. The goal of security is to primarily protect the business operations which employ it, and to accomplish that, security must not only be integrated into the company as a team member, but also strive to have an overall understanding of the social, cultural and political environments that the business operations exist in the new 4GW world.  

 

About the Author:

 Brian Bender, CPP has been in the security/law enforcement field for more than 15 years and is currently the Personnel Security Manager for Health Net and an Adjunct Professor for Criminal Justice at Taft College. He has a Master's Degree in Security Management from American Public University and is a member of ASIS International. 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.