Soft Targets MUST Be Hardened Now! Business Continuity Safety
Soft targets have deeply concerned me for many years. One way or another all of our lives are touched when a soft target is attacked whether it is by an irate student, a person filled with hatred for others, nation states or terrorist organizations. As experts, we have the opportunity to identify threats, vulnerabilities, risks and prevent or control them using a number of tools.
Many of us work in organizations that could be considered soft targets – schools, hospitals, corporations, movie theaters, retail stores… We take mass transportation such as planes, buses, trains… We must weigh-in on this issue and make suggestions to harden these potential targets. First, and foremost, for the protection and safety of people and secondarily for operational continuity. This must be a global concern. It is not limited to any one nation.
Having a trained eye like we do in our profession, it is hard for me to accept some of the horrific soft target events that have occurred in recent years. These events must be a dire warning that we need to tighten our security now and begin using technology levers to help us beyond ‘see something, say something’. My point of view is there is so much more we can do to promote safety and help our security officials. We need actionable data, predictive analytics, social sentiment indicators, machine learning for the ability to understand threats and risks in real-time or prior to their impact.
On July 23, 2012, my editorial submission ‘Now is the Time to Harden our ‘Soft’ Targets!’ was published in Newsday, which is one of New York’s most widely read daily newspapers. I wrote it because I was upset and frustrated by the embarrassing lack of progress made to harden soft targets and connect-the-dots. Needless tragedies, in my opinion, are occurring on a more frequent basis and surely the worst is yet to come – possibly on a much larger scale. In fact, some of my thoughts in the article were unfortunately a chilling precursor to events that subsequently transpired.
Below is the original article I wrote (Newsday published a portion of it). I also include updates I posted to my blog in ensuing years.
I am interested in your thoughts on protecting soft targets.
Original July 23, 2012 article I wrote. A portion published in Newsday letters to the editor:
Now is the Time to Harden our ‘Soft’ Targets!
By Marty Fox, New York
The recent tragedy in Aurora, Colorado must serve as a wake-up call to harden our defense of ‘soft’ targets. The intent of this article is not to place blame or point fingers, rather it is to raise awareness of a frightening gap in our nations’ security and hopefully identify some possible solutions.
The police department of Aurora acted with great courage, and without their skill and bravery, possibly more lives would have been lost. Unfortunately, this event occurred and we cannot turn back the clock and the bloodshed dealt by a madman. However, practitioners of crisis management understand that every event, whether it is man-made or an act of nature is a learning opportunity. We must seize this moment and make a commitment that we will do everything possible to harden targets which are currently the path of least resistance – ‘soft’ targets such as schools, hospitals, shopping centers, movie theaters, restaurants, trains…
This act was carried out by a deranged student, but imagine if it was a well-funded nation-state or terrorist organization that determined they could inflict great harm on our nation by simultaneously attacking multiple soft targets. Do we have the confidence that with our current level of security we would stop all of the attacks, half, or even a few? Even one successful penetration could be catastrophic. Remember, a terrorist group would not limit their tools to bullets. They could use explosive devices or biological weapons. I know it sounds like an episode of a 24 but it is all too real and there will be no Jack Bauer riding to the rescue in the nick of time.
I believe the next phase of securing this new world in which we live must be to protect these ‘soft’ targets at all costs. Just as job seekers have come to realize that millions of outsourced jobs will not be coming back anytime soon, if ever, we all must realize the world has changed. The hour is at hand to implement improvements to insure the continuity of our way of life so we are not imperiled by a future event, possibly of greater magnitude in terms of casualties.
I became educated in the difficulty of protecting ‘soft’ targets at a Homeland Security seminar in 2006 in Washington, D.C. A high ranking Israeli security expert described the challenges and risk mitigation processes Israel implemented in theaters, schools and other public places to successfully deter and detect those that would want to cause harm. He described the challenges Israel faced in protecting their citizens and detailed why the United States would face the same challenges in the coming decades. His talk made a lasting impression on me. The United States, United Kingdom, France and many other countries are larger than Israel, but there is much to be learned from their experience and knowledge.
One example is they utilize security screening in their theaters, as a small percentage of theaters in the United States do as well. Of course, this costs theater owners money and it is a bit of a hassle to theater-goers. On the other hand, if an event were to occur that could have been prevented, the cost would be incalculable to theaters in many ways. The value of a life cannot be measured in dollars. As someone who loves to go to the movies I would certainly accept the minor inconvenience of going through a security checkpoint as I do at a ball game, to be safer in a dark theater. Without this type of security, the risk/reward of watching at home on a digital TV swings towards watching from the safety and comfort of my couch.
As a career technologist, I believe there is much that can be done to empower our security officials by implementing new technologies that aid them and allow them to reduce the time to react. During a crisis seconds can be the difference between life and death. Certainly, facial recognition is useful to match against a database of known terrorists. Pattern recognition is useful to filter out unusual behavior that could be the forewarning of a malicious act. If an exit door in a theater is opened during a screening and left ajar, an alert should be triggered and sent in real-time to security personnel. Tiny RFID tags embedded in weapons can alert us when one of these deadly objects enters a secure area – we already tag books, medicines and jewelry. These types of laser focused signals cut through the noise of data around us to pinpoint unusual events that require immediate attention.
Vigilance and ‘if you see something say something’ is critically important in leveraging the eyes of a nation and we must stay the course in that regard. I try to be aware but there are times I doze on the train or read a book and I know I would not realize if a package was left unattended two seats away from me or if the person just went to the bathroom. Cameras in train cars that scan for unusual behavior or abandoned packages can be of huge value. If they could alert an on-board security agent it could save many lives. Again, I do not care if someone is monitoring a train for suspicious activity if it can prevent a catastrophic event.
Finally, we must regularly test our security processes and technologies. An untested plan is a worthless plan! We must flesh out the gaps before an actual event. Tiger teams can test the validity of plans and procedures with penetration tests. Providing security personnel with comprehensive tools and training will help keep everyone safe. We must be proactive! We cannot be reactionary and wait to raise our guard after each event takes place and the damage has been done. Every great athlete knows that failing to plan is planning to fail. Unfortunately, in crisis management there often is not a second chance for the victims. The time to act is now.
Marty Fox is a technologist, crisis management and business continuity professional with a lifelong passion for applying technology to solve big problems.
June 12, 2016 (four years later) I added this information to my blog:
Tragically, another massacre of innocent people has occurred on U.S. soil. The horrific shootings during the early morning hours of Sunday June 11 at an Orlando, FL nightclub impacts us all. My heart goes out to the families directly impacted by this event.
It is early in the investigation but all indications point to another soft target that was too easily compromised. The pattern of failing to connect the dots again once reared its ugly head. As usual the police acted heroically. They always do!
In my opinion our soft targets are more vulnerable today than they were four years ago when Newsday published portions of my ‘Now is the Time to Harden Our Soft Targets’ article. Four years is a long time for monsters focused on doing evil to discover new vulnerabilities in our physical structures and computer systems. Terrorists, whether they intend to do physical or cyber harm are very patient and smart. Complacency on our part is our downfall.
As a lifelong systems, process and business continuity officer with the largest corporations, I can clearly see the current federal computer systems and processes in place to ‘connect-the-dots’ are not adequate – even though the budget for Homeland Security has increased exponentially the past 15 years.
The warning signs once again were clearly there. This was not a Black Swan (Nicholas Taleb). Had the systems and processes worked as they should have, the Orlando event might not have occurred.
Prediction – unless we do a far better job hardening our soft targets AND immediately improving our systems this will happen again. It might be a theater, maybe a bus or a train or possibly a mall, but it will happen. We will once again look at missed opportunities due to the ‘dots not being connected’ or security not where it should be or non-existent. Statistics prove that often we do not learn from ‘lessons learned’.
‘See something, say something’ will only take us so far. Most events happen so quickly we must be alerted in seconds, nano-seconds and preferably before an event occurs. The technology is there to do it. We are not even using it in a primitive way. I am sure if some of the dynamic tech minds were at the helm of our federal security analytics programs, they would be more effective. Unfortunately, many of the most creative minds are in the private sector. Maybe an advisory think-tank consisting of the Musk’s, Dorsey’s and other creative thinkers/Technorati’s would begin moving us in the right direction.
If Musk can get people to Mars by 2025, which he probably will, he can certainly help in some way to have systems speak to each other and close gaping gaps, such as a Florida security guard that had been questioned by the FBI being able to buy automatic weapons. That is shameful and unfortunately proved deadly to scores of innocent people. No do-overs or lessons learned can bring back those lives.