Each year in November, Washington D.C. hums with activity focused on all things related to public and private sector security. Over 1,000 security industry professional attend events hosted by OSAC, DSAC, Security 500, and multiple private sector service providers.
The 2015 events which occurred this month took on a very focused and serious tone following the November 12th terrorist attacks in Paris. Every presentation slide deck I’m sure, was modified to include substantive information related to the terrorist attack, ISIS, and just what the future looks like for corporate security. What were the top two themes of the week among the security leaders who attended these conferences?
Readiness: The #1 Issue U.S. Security Leaders Are Discussing Now
All aspects of readiness become vital during a critical incident even if the event does not directly affect your staff and operations. In this regard, the high-level operational questions discussed during many of the “security summits” in our nation’s capital two weeks ago included principally the following:
- Are employees safe or at risk?
- What are the impacts on operational functions?
- At what level should we activate and execute our response plan?
- What do the next days and weeks look like?
- What do we communicate to our employees and stakeholders?
The first three of these key questions must be planned, tested and resolved. If you are still searching for processes or the right stakeholders to determine answers to these questions when a major security event occurs, then you have failed the “prevent” and “prepare” elements of your response plan.
Look at the fourth question. Predictive analysis shouldn’t be an afterthought or an exercise in prognostication. This is where the ability to receive, process and interpret data becomes a critical component of sustainability. You can own that responsibility, rent it or buy it. But be prepared for one of those three approaches before the CEO’s cell phone rings or the alarm goes off in the Security Operations Center.
Now look at the last question. As a security leader – especially when a crisis is at hand – how you communicate to your internal and external stakeholder population depends on a few very important factors. Here are five that kept cropping up in mini summit meetings all over Washington two weeks ago.
- Leadership and the quality of decision-making at many levels of the enterprise
- Situational awareness and visibility across risks, threats and vulnerabilities
- State of readiness and the maturity of your security organization’s preparedness
- Whether or not a prevention-oriented culture is well embedded across your organization
- The extent to which your organization’s leaders understand the collective risks to your business
Radicalization: The #2 Security Issue on Many Security Leaders’ Minds
Radicalization has emerged as a threat that, according to CIA Director John Brennan, “recognizes no space or authority.” This is particularly troublesome in the private sector where deeper levels of employee screening and vetting are much more restricted.
Behavioral observations normally are limited to employee concerns such as abuse, harassment, and drug or alcohol dependence that contribute to a hostile environment, cybercrime and criminal behavior. Radicalization can be effectively added to the list within particular geographies and workforce populations. It’s reasonable, without trampling on civil or privacy rights to observe very unusual behaviors associated with radicalization and – when appropriate – gather more information to assess the likelihood that violent or threatening behavior might follow.
This will always be a sensitive topic that requires informed management and scrutiny within the security department in partnership with attorneys and HR leaders. Radicalization in many countries is a crime in and of itself. In the United States, however, it’s only criminal if it leads to violent extremism.
Be Prepared and Stand Fast
As was expressed at conferences across our nation’s capital in November, there has never been a more critical time for public and private sector relationships to be strong. As terrorist groups increase and expand their ability to wreak violence on unprotected citizens and innocent people across the world we need to re-double our focus on prevention and preparedness.