Security in the news


Meet Bob

While monitoring information channels, I came across a thought-provoking article related to the application of a robot, appropriately named Bob (As of now in the research stage) to the task of building security. The immediate reactions are to associate this adaptation of advance robotics andAi, setting aside the inherent weaknesses in this technology platform, with two very sensitive areas of our current economic model, that of replacing human labor with technology at a time when there remains soft pockets of labor markets in the global economy. There is also a more acidic view, that of another creepy intrusion of advance technology into personal privacy as such “droids” may lend themselves to abuse either willingly by its operators or unwillingly by malicious intrusion from hackers exploiting flaws in its software architecture.

But there is another reading to this. For years we in the security profession have been witnesses to the convergence of physical and logical security, where in many cases these two separate ops centers functioned seamlessly. In other words the same command and control centers that handle cybersecurity and other InfoSec countermeasures also integrate surveillance, access control and the human (security officer) interactions forming a concentric mesh of enterprise protection. I see the development of new nodes, such as robotic technology powered by the latest in artificial intelligence technology as an inevitable evolution in the converged ecosystem. The challenge will be to leverage the new technology to plug gaps in existing security programs with augmented nodes of information. For instance this would take the surveillance technology which is for the most part fixed on particular locations and make it mobile and interactive with people occupying the space where deployed. Furthermore, promising technology such as facial or pattern recognition which has yielded limited results in protection schemes could have more effective applications when loaded onto a roaming droid.

These are just quick reflections on this development. In time we can come up with more sophisticated approaches to the application of robotic technology to protection programs and more importantly in a way that’s not detrimental to our privacy and to the millions of men and women that depend on the security profession as a livelihood.

Read article:

Meet Bob, Britain’s First Robotic Security Guard

Daily Mail (United Kingdom) (06/16/14) Zolfagharifard, Ellie


The tin can: CLICK HERE 



Anarchism in the Age of Cyber

An important announcement from my LEO channel. I thought it important to share with everyone for monitoring:

For situational awareness, the following message (in italics) was posted online by the hacking group Anonymous:

Anonymous announces a nationwide “Day Of Vengence” to take place in dozens of cities across the USA on Saturday – September 24, 2011 at High Noon.

In coordination with these protests across the USA on September 24th, Anonymous and other cyber liberation groups will launch a series of cyber attacks against various targets including Wall Street, Corrupt Banking Institutions – and the NYC Police Department. We encourage the media to follow the Twitter feed @PLF2012 for ongoing reports throughout the day.

Additional public source information has identified possible targets of these attacks, to include entities in New York (state and city), public and private entities associated with the recent execution of Troy Davis in the state of Georgia, and law enforcement in general.

No further information is available at this time in regard to the specific nature, means, or potential targets of Anonymous’ plans for September 24th; however, in the past, Anonymous has engaged in distributed denial of service (DDoS) attacks, utilized SQL injection to gain unauthorized access to computer systems, conducted social engineering to gather personal identifying information, and released both personal information (i.e. “doxing”) and the contents of compromised systems (e.g. e-mail message content, passwords, etc.).

InfraGard members are encouraged to engage in information security best practices, such as using strong passwords, not reusing passwords, updating software to protect against known vulnerabilities, and ensuring that web-based applications are not at risk to attacks, such as SQL injection.

Summer @ SBB

You may have notice a drop in activity on this blog. I’ve been busy seeking alternative means of income through professional and entrepreneurial endeavors. As the sole contributor to this site, that meant sacrificing the time I normally dedicated to bringing you timely and actionable information—the staple of the site. Be it as it may, I’m refocusing attention to important areas of security by working on a posting series to be published over the next few months.

I promised you the content would not disappoint. Being active in corporate security circles has given me unique insights into ideas we’ve been espousing since the site’s inception. Once such area I plan to drill down on is the role of security risk assessment in setting the pace for the strategic security plan.


Demystifying the Security Business Unit

By Francisco Mateo

Many organizations around the world have hired security professionals to man security departments.  The reasons are obvious, in a fragmenting world risk are ever more unpredictable. Companies can no longer sit around and wait for threats to inflict damage to their people, assets, reputations and brands (PARB), so they tap the professionals to do vulnerability and threat assessments and subsequently provide recommendations and action plans.

Security is unique among operations department, looking at the organization horizontally, vertically and laterally for risks. That is why when the going gets rough the company honchos look to security for solutions. Just look at the services many companies expect to be provided by their security business partners: physical security for staff and assets, travel security, loss prevention, investigations, crisis management, executive protection, guard force management, just to name a few. It is an incredibly complex matrix of mission critical solutions expected from an understaffed, under-budgeted and overworked department. That is indeed the reality of the security suite today. The experts are in agreement that security department is one of the business units that has suffered must since the economic downturn began.  The key indicators tell the story, from hiring freezes across industries to low attendance at trade shows and reduced security technology spending.

Ever the optimist, security practitioners have set out to deal with the new normal, a fragmenting global economy, crushed by the weight of debt, underemployment and under-consumption all having a detrimental effect on productivity and profit margins. There are also asymmetrical risks (illicit global business activities) working their way through from the periphery to the core of our global business environment. Through all of this the security suite must be a vanguard in understanding and mitigating its effects. Take for instance the trends in theft of hot commodity products and raw materials negatively affecting, on one end prices and on another production cycles, as well as, infrastructure capacity.  But, who can ignore the chronic piracy problem on the Horn of Africa; a hydra of risk events affecting this vital route of global commerce, eroding confidence and creating global supply chain inefficiencies.  You can rest assure there are many security suites at organizations large and small monitoring the gathering storm of violent protest in Europe driven by government austerity measures (and given the fragility in the state of global affairs) to determine the risk they represent and creating tactical plans to lessen the impact on their people and assets. It is this maelstrom of risk scenarios that fills a security executive’s agenda. It begs the question whether enough resources have been allocated to tackle these mission critical events. The answer may surprise you.

The truth is that there has been a new mantra in security, like any other service organization, for quite some time, “do more with less”.  Despite the shrinking budgets, the security executive is challenged to manage a peak performance organization without skipping a beat from the plumb times just a few years ago. Adopting efficient business operation methodologies like Lean Security have been paramount. Applying lean security principles requires focus on value-added activities on a continuous improvement loop that delivers result and enhances productivity.  The simple process that keeps the security practitioner from lamenting the lost of budget allocation for important security investment and instead making it work just as well, if not better than before is an act of lean thinking.

Allow me to illustrate the point: say you want to harness and enhance your security guard service’s return on investment (ROI). You identify which security guard activities cut across multiple functions. You zero in on building patrols, which from the outset offers a return on investment by reducing premises liability exposures, as well as leading to lower insurance rates. But this activity has greater potential as it can also be leveraged to cut maintenance cost. It is feasible that the retained security services staff would be trained and empowered to perform tasks such as: turning off lights and HVAC systems after hours; identifying defective building systems and calling for emergency service (elevators, data centers, electricity and water services, ect); as well as turning off space heaters, and coffee pots, which may elevate the risk of building fires. Such activities can reduce maintenance staffing cost, while constantly mitigating potential vulnerabilities. As you apply continuous improvement processes you determine some patrol routes only add time to the physical walk through, without the residual benefit previously described. The process is more effectively served with automation like adding an integrated CCTV with zone-specific sensors array to enabled virtual patrols of the area with clearly defined escalation protocols. The real power behind lean security principles is that it can be dynamically applied to asset protection (as previously exemplify) as well as people, reputation and brand protection problem solving.

The linchpin behind the successful application of these methodologies is reflective leadership or when the managers actively apply new ideas to transform on-going initiatives and concerns.  We thrive under these difficult times because like other high performance organizations the security suite resides in a problem solving space, making us adept at evaluating personalities; constantly looking for collaboration opportunities (decimating silos); leveraging institutional synergies and culture. One of the reasons that executives at many organizations have come to rely on security professionals for mission critical activities at their outfits is because they’ve come to expect this level of transformational results.

It is quite evident when you look at the job descriptions for security managers at many organizations that they aim to obtain more than assurances.  For the most part they’re not disappointed, but don’t make the mistake of expecting a pad on the back. Do expect however to be challenged at every junction to demonstrate your worth regardless of the risk scenarios.  For senior company executives the real issue is obviously one of perception, any threat to revenue and shareholder value can be partially transferred to the security suite with the expectation that it won’t hit the balance sheet. Unfortunately as the pendulum has swung to bust cycles on the bursting of global financial bubbles the security suite has been a prime target for trims.  We are well prepared though. It does not change the basic fact that as our risk mitigation strategies improve (lower cost, greater output), and the economic recession deepens…insert your expected outcome here: _______________________________________________________________________.

Security Risk Management On-Demand

By Francisco Mateo

It appears to be prime time for corporate security units across Europe. During the last few months Greece, Portugal, Spain, France and England have seen a resurgence of labor protest as austerity measures are enacted to contain the onslaught of a worsening global economy.  With that in mind it is important for security managers to prioritize strike and violent protest protocols and have their teams at the different facilities ready for any collateral or spillover risk from violent confrontation between protesters and police.

When strike action involves countrywide protest, road and critical infrastructure blockades, it is necessary that you assist your supply chain team prevent disruptions by protecting in-route cargo and seeking alternatives for continued operations.   It is important that contingency plans be drawn in advance and that duties for carrying out specific actions under the plan are top of mind for each member of the team. Although many of the security decisions that need to be made at this time are situation-driven, your knowledge of internal business operation; clients, routes, labor and police leadership, as well as open-source intel can give you the most leverage.  In short know the terrain and know the stakeholders, so that you can intelligently steer your contingency team and navigate clear of any risks your company may face. 

Do not underestimate how much demand for third party service (cargo security escort) would peak during these times. My experience has been that, in anticipation of such events, the security departments must secured agreements with key vendors way in advance of such events to ensure preferential treatment when it is must critical. You don’t need to be psychic to know these protest have been brewing for a while and as a result of the burden the sustained economic recession has put on government’s purses.  It is also very likely that these protest will continue to spread other European Union member countries.

Another thing I want to share with you is that the protesters have shown signs of sophistication and a high degree of organization. If you take into the account the way protesters in France have aimed to provoke systematic disruption of critical supplies by blocking fuel depots and creating choke points against delivery, where it is most needed.  If you are responsible for risk management in the affected industry don’t forget to bring your A-game when crafting your response. If your organization lacks the leadership to tackle these risk management efforts than now may be a good time to consider hiring a knowledgeable and experienced security practitioner that can set a roadmap to protect your PARB.

Additional Recommendations:

  • Increase your operation’s alertness level; encourage staff to provide status updates of risk conditions, in and around the facilities and main routes, to your command center
  • Update  your key contact list, and test communication systems
  • Keep a detailed activity log
  • Advise staff to be aware of localized bouts of unrest with the potential to result in violent confrontations
  • Also advise staff to avoid all demonstrations and if caught in the middle of a violent confrontation seek immediate safe haven in a predetermined location where assistance can be summoned
  • Have additional security staff on stand-by in case you need to ramp up your protective presence at any facility

Security Jobs Are Evolving

Over the last few years I’ve witnessed a transition of the security role within global organizations. The pace at which asymmetrical risks develop appear to have quickened and so have demands for the security practitioners to step up to the plate and lead preparedness and response efforts, often times on multiple fronts.  When you mix in the cloud of a global recession, you should start to get the picture. No easy pickings these days.

What does this all mean from a strategic stand point? For one think core physical security practices are not enough anymore; if they ever were.  New trends have taken hold over the security suite; the practitioner is expected to navigate geopolitical rip currents, which more than ever, shape an organization’s fortunes. You’re also required to develop meaningful relationships with Law Enforcement Agencies (LEA) and intelligence services; which in some locales means jumping right into a cesspool of corruption and double dealing.

If you follow security recruiting, like I’ve done over the years, for obvious reasons, you’d notice a shift in what companies believe to be important trade skills to tackle their most pressing needs.  The security jobs I’m refereeing to focus heavily on key competencies like business acumen; conflict management; customer focus; interpersonal savvy; priority setting; time management; as well as problem solving. Most of all you have to bring an uncanny ability to blend these soft skills with more traditional hard-wired security experience.

Another major development over last few years has to do with the location where talent is being sourced from. Companies are increasingly deploying talent at important business hubs. They’re being pushed to where company operations take place, which for a multinational organization it is most likely in the global south. There is not only a greater concentration of company operations in some of these countries, but that’s also where they face the greatest challenges to protect their people, assets, reputation and Brands (PARB).  As a result of these transitions the composition of the security team is more reflective of the social make up (ethnicity, gender, and age) of the countries where operations are based from. I for one thing this is a positive change since much current innovation in business overall has been emanating from emerging markets; the security suite is bound to get a boost as well.  Unfortunately those of us who live closer to company HQ find ourselves at a disadvantage, which means that like our brethren from emerging markets we need to put on our thinking caps and flesh out a round of innovation to stay competitive. Of course these are mere observations from the periphery as there are experts in the thick of these mammoth changes going in our profession who can provide a much deeper analysis. Part of staying current and having an opportunity to influence these changes by staying involved, networking and sharing your expertise with the general security professional community.

The Global Illicit Pharmaceutical Business; A Scourge of the 21st Century

“As much as fifty percent of the medicine sold on the Internet is counterfeit” – WHO

“Counterfeit medicine sales will reach seventy-five billion dollars worldwide this year” – CMPI

Have you consumed fake prescription drugs?  Odds are you have purchased and ingested these concoctions at some point or another, especially if you live in a developing country; with their lax health regulatory environment and acutely corrupt institutions.

“The World Health Organization says the problem with counterfeit medicines is especially bad in Africa, Asia, Latin America and the Middle East. The W.H.O. estimates that up to thirty percent of the medicines on sale in many of those countries are counterfeit.” Up to know industrialized nations, like the United States, Canada, Japan and New Zealand, have kept the problem relatively under control, restricting fakes to approximately one percent of the total prescription and over-the-counter drug’s market. But that is no solace, judging from the effectives of counterfeiters to innovate their packaging and overall appeal online, as huge profits would provide the incentive to continue injecting these often deadly products into the drug supply chain, and in the process grabbing market share (competing as low cost substitutes, effective in a down economy) from legitimate drug companies.

The best weapon in the fake drug profiteers’ toolkit happens to be consumer’s ignorance of the real source of drugs they think will cure them or alleviate an ailment. Product that could be in reality a toxic mix of chemicals; that end up being expensive (cost in human lives/livelihood) placebos.  The stakes are high for the pharmaceutical industry; these companies have had to come up with ways to make fake drugs easy to spot. After all the most effective prevention and eradication method is to disrupt the consumer’s propensity to be duped by worthless and deadly knock-offs, whether they’re in the developed or developing world.

Combating counterfeit medicines is no walk in the park, as small, yet nimble organized crime groups (A loosely federated collection of manufacturers, distributors, and even marketing operations) are dedicated to this racket. They often use new media and social networks (for their anonymity and mass reach) which allows them to hawk their dangerous products while skirting the risk of ever getting caught. To make affront to this global illicit business the pharmaceutical industry would have to go beyond the technology solutions it has implemented and try the true and tested awareness campaigns to make consumers worldwide sensitive to the issue. In closing, I’d advocate bringing these campaigns to the criminals’ own turf, online and through social networks.

Learn More: