Defense is Your Best Offense: Understanding the Fundamentals of Risk-Based Security

In football, the room for error is slim to none. The hours of film study, drills and situational awareness all play a major role in what separates the good from the great. For defense coordinators, this means ensuring the off-season is focused on building an aggressive defensive line that can work cautiously and is flexible enough to make real-time adjustments. To beat a cagey, clever foe during a game, the defensive line needs a strong backbone strategy to keep them prepared for any situation.

Successful strategists in the security arena face the same kind of tactical issues. Attackers are skillful, resourceful and motivated to succeed. Football coaches can’t deploy a “one-size-fits-all” strategy, and neither can security strategists. On a macro level this is called “Risk-Based Security” or RBS, which at its core defines a commitment to flexibility and adaptability to deal with ever-changing threats. RBS uses a “tailored” approach to security that adjusts over time based on changes in the environment and in the risk profile of different groups, such as employees, visitors and dignitaries. RBS is designed to mitigate risk, evoke a sense of safety and not present an undue burden on the users. Most commonly this strategy is used at airports in the form of “TSA Precheck.”

Risk-Based Security Gets in the Game

The traditional, one-size-fits-all approach to physical security is cumbersome. It typically involves security officers physically inspecting every person entering a facility, relying heavily on the limited capabilities of metal detectors. This approach is costly and slow, and often ineffective without additional capabilities to screen more aggressively. A risk-based approach recognizes that while there is no perfect security solution, those solutions that strategically balance security, access, usability and cost can provide the best long-term protection.

An effective RBS strategy puts equal emphasis on technology solutions and more people-focused factors like organizational, managerial and operational capabilities. It relies primarily on a short list of components, including gauging threats; understanding vulnerabilities; vetting users; identifying users; and attaching risk assessments. It also includes routing high-, low-and unknown-risk users through the appropriate security channels.

An RBS strategy is also reliant on an enterprise approach that not only uses excellent technology to perform physical screening but also ensures the personnel performing the screening are using the technology appropriately. When implementing a risk-based security strategy, security professionals need to focus on two priorities: First, they must establish a “known patron” program that includes a quick way to validate membership at the entry to the screening system of a facility. Second, they must tailor the screening process to account for the different risk levels of those entering the venue.

How RBS Can Combat Modern Threats

Attackers have shifted their focus from hard targets such as airplanes and government facilities to soft targets such as sporting venues and music arenas. This shift has created need for a new approach to venue security. It is no longer enough to just to screen visitors and guests as they enter the stadium. We need to expand the security perimeter beyond the walls of the building and focus on new strategies, such as RBS, for long-term protection against an evolving risk landscape.

The potential benefits of implementing a risk-based screening program are significant. It can make entering a venue easier while maintaining a level of safety, allowing faster throughput, and thereby mitigating the risk of long lines. This can create a better experience for known, repeat customers as well as improve overall brand perception of a venue. Overall security costs can potentially be decreased as the security staff is optimized. Further, while organizations want the safety that screening systems provide, they do not want to lose the culture, openness and sense of welcome that make their venues special. Implementing a risk-based security program allows an organization to tailor a program that fits their culture, so they do not have to sacrifice what they represent for safety.

There is no “silver bullet” or “cookie cutter” approach to security. What might work particularly well in office buildings – where it is possible to learn more about the regular user – will be different than in public venues. Like football coaches, successful security strategists make sure they’re prepared, and with risk-based security, they have the tools, plans and training intact to ensure they’re ready to defend.

Chris McLaughlin, Vice President, Global Solutions, joined Evolv Technology in the fall of 2016 to lead work in the transportation sector. In this role, he leads engagement with airports, airlines, and rail organizations and assists in other sectors to develop concepts of operation and configurations that integrate into existing and emerging landscapes. Prior to joining Evolv, McLaughlin worked for the Transportation Security Administration first as a Federal Security Director in Colorado and then as the Assistant Administrator for Security Operations where he led a team of 56,000 employees across more than 450 airports nationwide and managed a budget of $4 billion. As a national policy maker, he worked closely with national industry associations, other federal agencies, and Congress, and was instrumental in shaping and advancing TSA’s current philosophy of risked based security. Chris also led field operations and security for the biometric security provider, CLEAR, as well running ground operations at major hubs and line stations for United Express and Frontier Airlines. Following in his father’s footsteps, he started his career as a self-employed blacksmith, providing top-end farrier services in the mountains of Colorado.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.