Is it time, then, that all businesses reviewed their current security measures, and upgraded their screening provisions accordingly?
Or are we, as security professionals, in danger of over-reacting?
Most companies have already implemented some sort of mail screening process, although recent surveys have shown that it tends to only cover large packages which the recipients weren't expecting (or mail sent to senior/high profile personnel), but is this sufficient? Should other types of screening be employed? How seriously should we be taking the latest warnings? To what extent should we consider ourselves to be at risk?
Assessing the basic risks
When determining the level of screening to be employed, you need to look at what sort of items you're screening for and address them in turn – be they weapons brought in by staff or visitors, incendiary devices left on the business premises or those insidious parcels sent via post or courier – or even the Chemical, Biological, Radiological or Nuclear (CBRN) packages that we've all heard so much about this year. There's also the risk of person-borne explosives, of course, which – if you believe what's being said by senior intelligence sources – should not be ruled out as a possibility.
The number of cases involving any of these risks is still relatively low, and so most of us would (at first glance) not consider ourselves or the organisations we work for to be the Number One target of such extreme actions. Unfortunately, you only have to look at what's happening in the States to gain a greater understanding of those types of crimes and what we can expect to witness in the future.
Certainly, the rise in the number of gun crimes perpetrated on home shores ('Gun Law Britain?', Editorial Comment, SMT, November 2003, p3) and weapons used by or found on pupils in our schools is something we haven't really experienced until recently, but are the very kind of problems we'd expect to see hitting the headlines across the Atlantic. What we can do is start to think about the new breed of crimes, and then prepare for them.
To answer the questions 'Are we at risk?' and 'If so, from whom?' you'll need to conduct a thorough and painstaking risk assessment. Alas, the answer to the first question is likely to be 'Yes' (to either a greater or lesser degree). It's a sad fact of life that in the modern world there are few activities which don't – at some point or another – attract opposition. While in the past this tended to be confined to forms of legal protest (accepting the activities of the IRA), more recently we've seen particularly violent crimes being committed or malicious activities conducted by all manner of individuals and protest groups.
Aside from becoming targets of some political, religious or extremist cause, there's also the threat of violence against individuals on your company premises that's largely unrelated to the business activity being carried out there. Mental illness or stress, jealousy or revenge, bullying or abuse can all provoke aggressive or malicious responses in people both young and old. In this light, the threat should not be seen to be limited to the terrorist or activist organisations.
Questions need to be asked...
What questions should security managers be asking themselves, then, in order to assess the risk to their companies? Take location, for example. Where is your business located? Are you in a high crime area? Are you operating in areas or countries hostile to your company's type of operation? Are you in close proximity to – or even in the same building as – a potential terrorist or activist target?
What's the nature of the business? Is what your company does or what it produces essential to a group or even a nation's survival? Would destruction of any of your company's processes cost any group or individual either financially or physically? Are there any areas of interest to any environmental, social or religious groups affected negatively by what you do? Do you have links with companies that might cause suffering to others, or be responsible for negative effects on the environment or on sites of specific interest?
And what about image? Who represents the company? Do any of the figures that represent you or work with you attract adverse attention due to their image, lifestyle, relationship or beliefs? Then there's your staff. Do your company's business activities attract individuals of questionable character and intention? We live in the age of the undercover investigator, but also the infiltrator. You need to know the real reasons for employees joining your workforce.
ÐÇ¿Õ´«Ã½ architecture is another consideration. What are your company premises like in nature? Is the building of historic or national importance? Does it house large numbers of members of the public and/or employees? Is it a key icon on the landscape? Is it a building of weak structure or of considerable height? Are there plenty of routes for escape, or areas in which you cannot be seen?
These are just some of the points you need to cover in a risk assessment that addresses screening. However, those questions will vary from one organisation to the other.
The next step is to prioritise and address the risks. This can be difficult as it requires a balanced and objective view to ensure that the correct level of attention is paid to each of the risks, in particular when the likelihood seems slim but the potential for disaster is so high. Fortunately, protecting your business or working environment from such incidences need not be expensive or particularly difficult.
Mail and package screening
Most Mail Room staff are aware of the basic rules governing the manual screening of mail and packages. If they're not aware of the 'top tips' such as too much postage on the package, or grease marks on the envelope, information is readily available on the Internet at www.hse. gov.uk/hthdir/noframes/anthrax.htm Recently updated to cover CBRN advice, this site also contains useful information to help you identify the proper procedures when it comes to dealing with an item of mail that is suspect. However, many companies overlook the importance of screening items delivered by courier, assuming that no-one would risk identifying themselves with the delivery of a device or toxic substance. Couriered items should always be subjected to similar checks.
There are many publications and web sites offering advice on CBRN screening techniques and procedures following unknown substances being sent through the post. Although we have (so far) been lucky enough not to experience this type of situation in the UK, our counterparts in the United States haven't been so fortunate. We should learn from the salient lessons they have already been taught.
All of the suspicious substances sent through the post in the past 18 months have turned out to be hoaxes. Had they proven to be real, then in the majority of cases the consequences could have been extremely serious. Preparing for how to handle such scenarios would be very useful to some groups or companies. An organisation we've come across had a package containing white powder sent through the post to their Mail Room. Unprepared, and with no idea of how to handle the situation, management decided to evacuate the building and call in the police. They were informed not to expect the lab results for at least three months, and that in the meantime they should 'watch for symptoms'.
Fortunately, the powder turned out to be harmless, but had it been otherwise the management's response could have been crucial in limiting the number of casualties. A 'wait and see'-type stance isn't recommended as Anthrax can kill within a few hours of inhalation and Ricin within minutes.
When determining the level of screening to be employed, you need to look at what sort of items you’re screening for and address them in turn – be they weapons brought in by staff or visitors, incendiary devices left on the business premises or those ins
The terrifying prospect in this day and age is that you don't need to be a scientific boffin or a trained terrorist to make up these 'concoctions'. There are countless pages on the Internet informing you how to construct a parcel bomb or even mix deadly toxins.
Knowledge of how to deal with potential threats might be key to survival, so the most basic precaution in mail screening is to have your procedures up-to-date, and to brush up on your training.
For those that want some technical assistance, there are x-ray machines available that have been designed for the Mail Room by companies including Todd Research and Scanna MSC. Both concerns also offer a range of training courses concerning the equipment and mail handling techniques in general.
Don't forget, either, that metal detectors might also be useful in screening smaller items of mail, but should be able to discriminate on the levels of metal in packages and pass common metal items such as paper clips.
Baggage screening: the main points
We're already beginning to see some of the larger corporation or public building security managers bring in baggage screening. It is a practice long operated by Courts of Law, in prisons and some Government buildings, and has gradually been introduced at political conferences and in television studios.
Indeed, as stories of workers attacking co-workers begin to emerge, we're starting to see businesses enquire about x-ray screening machines – but attention is still focused on the risk from visitors. To some extent, proper pre-employment screening would help to eliminate the risks posed by employees, but the screening of future employees for either aggressive or violent behaviour tends to use stereotyping. That's not always helpful.
If you've ever seen an interview with the neighbours of an arrested terror suspect or serial killer they always seem to testify: "He seemed like such a nice man" or that "She was a pleasant, polite and quiet lady"...
On that basis, perhaps it's the nice quiet ones we should be suspecting.
For high profile businesses, individuals, groups or sites it's a sensible precaution to bring in – at the very least – manual searches of baggage brought on to the premises, but don't overlook searching your own employees.
During one investigation we carried out into a case of misconduct by a senior employee, we had to complete a final inspection of his working area following his dismissal – and were surprised at what we found.
As the employee in question had been using sophisticated software and technical equipment to extract and tamper with data, in order to cover his tracks we weren't surprised to find he'd used all manner of electrical devices for hacking into and messing around with the office communications equipment.
What we did not expect to find in his desk was a rather large axe, a knife and a whip! One can only assume he smuggled them on to the premises, perhaps in a briefcase or under a raincoat, but you dread to think why he felt such implements might be necessary.
On top of the main equipment costs, there’s the additional cost entailed with staffing the screening machines. It’s felt that, due to the high levels of concentration required to scan baggage, shorter shifts and regular breaks are required
Costing the overalll scanning process
There are some issues involved with introducing x-ray screening devices for baggage scanning. The first is invariably the cost of the equipment, although there have been significant improvements to the types of equipment available. As new items are produced, so the earlier versions become more affordable to mainstream businesses.
In most buildings the number of bags to be checked during an average working day would be far less than an airport baggage handler would see in a one or two-hour period, and thus it may be likely that operators wouldn't spend so much time in front of the screens. Therefore, the costs will come down.
Added to these machines and staffing costs would be the training and recruiting costs associated with selecting the right calibre staff who possess the correct skills. If you think it's an easy job then we urge you to check out www.msnbc.com/news/softtarget_ front.asp and click on the interactive button for an online baggage scanning test. It's by no means as easy as it sounds.
Thankfully, there have been some inventions that have made the task of scanning a much easier one. There's a huge range of x-ray equipment which is now supplied with a variety of image evaluation or enhancement features. Some systems allow you to have different materials coloured in different hues so you can clearly see, for example, what image is metal and what might be plastic (and therefore should be able to separate them). Other systems offer an integral image recognition system which overlays a picture of a weapon or device it has stored in its memory.
The difficulty with screening baggage is that often there are many objects grouped tightly together that render a suspect outline on the screen, which then has to be investigated through a manual search. This slows down the whole scanning process. In response to this problem, a UK-based concern – Image Scan Holdings – has developed a machine which is currently being trialled at Heathrow Airport's Terminal One, and that offers real time 3D screen images of baggage. The 3D view affords screeners an improved knowledge of the shape of an object in a bag or package.
In the case of explosives, there are some additional gadgets that might help. Smiths Heimann has developed a range of x-ray systems that incorporate EDS (Explosives Detection Systems) as well as hand-held detectors that can pick up on chemical agents or explosives within packaged items.
What about your visitors?
Walk-through metal detectors are often useful in premises where large visitor numbers are expected, or where there's a risk to certain individuals. Metal detectors are commonplace in US schools, and have been in use in our own Courts of Law and various Government buildings for some years now.
It's possible to have them integrated into the structure around the entrances or exits, but the biggest issue for companies considering them tends to be the embarrassment factor of asking visitors or employers to pass through manual checks in a bid to find the cause of the detectors being set off. At the end of the day, it's not a precaution seen as a necessary and acceptable practice over here (outside of airports and Government buildings, that is).
You may need additional structural changes to your building(s) as well. For instance, flooring might need to be raised in places to ensure that the detectors can cover all areas of the body – right down to the shoes. Again, the implementation of such a system requires those staff present to check over people who set off alarms, and to be trained on how to deal with all manner of altercations that might occur following the system picking up on anything.
Also remember that good access control and 'pass' systems should be used in support of any other screening efforts to eliminate visitors gaining access to your premises without prior knowledge or permission.
A few cautionary notes...
No piece of equipment will detect all dangerous mail or weapons, while the equipment chosen to be used should always be supported by properly trained and alerted members of staff.
Do also bear in mind the fact that any changes in policy to address risks would probably require additional training, and that changes in either policy or increases in security measures might cause alarm among staff and/or visitors. Properly assess and plan for systems integration at every opportunity.
Source
SMT
Postscript
Alex Chambers is a consultant with IJA, the independent security and risk management consultancy (www.ija.co.uk)
No comments yet