|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465ERM Best Practices0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Perception Versus Reality|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Cyber War Games|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465ASIS News April 2017|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465The Evolution of Airport Attacks|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Lessons in Liability2017-03-01T05:00:00Z|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465SM Online April 20172017-04-01T04:00:00Z|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465A Vote for Biometrics2016-05-01T04:00:00Z|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Mastering Project Management2012-01-01T05:00:00Z|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465No Warrant Necessary for Text Message Search2011-01-06T05:00:00Z

Security Management

 Morning Security Brief

View RSS feed

 SM Weekly

Retrieving Data

 SM Daily

Retrieving Data
Not a Member? Join Now Online April 2017GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<h4>​RISK MANAGEMENT </h4><p>For federal agencies, enterprise risk management (ERM) provides ways to better anticipate and manage risk. In a recent report,<em><a href=""> Enterprise Risk Management: Selected Agencies’ Experiences Illustrate Good Practices in Managing Risk​</a></em>, the U.S. General Accounting Office describes its enterprise risk management framework. It enumerates six essential elements for implementing ERM. The report also identifies what works and provides real-world examples of best practices from federal agencies that are using ERM.</p><h4>RETAIL SHRINK</h4><p>Two retail industry groups supported recent research exploring how retailers view the problem of loss across their business. <a href="" target="_blank">The resulting report</a> explains how a new definition and typology for shrinkage might better capture its impact.</p><h4>ELECTION INFLUENCE</h4><p>In an <a href="" target="_blank">unprecedented unclassified report</a>, the U.S. intelligence community detailed Russia’s recent efforts to influence the 2016 U.S. presidential election. </p><h4>TERRORISM PERCEPTION</h4><p>How does a t<a href="">errorist attack in a person’s own community </a>change their perception of terrorism? </p><h4>HATE CRIMES</h4><p>Of all religious groups, Jews continue to be the most targeted in the United States, according to the findings of a new report. The study, <em><a href="" target="_blank">Terrorist Incidents and Attacks Against Jews and Israelis in the United States, 1969-201</a></em>6, examined the FBI’s annual hate crimes report for the years under study. </p><h4>RANSOM </h4><p>The New America Foundation examines hostage taking and outcomes in a new report,<em> </em><a href=""><em>To Pay Ransom or Not to Pay Ransom</em></a>.</p><h4>GOVERNMENT CLEARANCES</h4><p>Charles Phalen, Jr., director of the U.S. National Background Investigations Bureau, talks about the government background checks and how he hopes to improve the process<a href="/Pages/A-Conversation-with-the-Director-of-the-U.S.-NBIB.aspx" target="_blank"> in an interview​</a> with Associate Editor Megan Gates.</p><h4>BIOMETRICS</h4><p>The global biometrics technology market is projected to be worth $41.5 billion by 2020. Find out more about expected market growth by biometric type and technology highlights from a <a href="/ASIS%20SM%20Documents/IFT042E_Report%20Overview.pdf">BCC Research report</a>.  ​</p><h4>SURVEILLANCE</h4><p>European Union (EU) member states may not impose general obligations on electronic communications services to retain data, <a href="" target="_blank">the EU Court of Justice recently ruled</a>. The decision was a blow to the recently enacted U.K. Investigatory Powers Law, which allows the U.K. Home Department to require public telecommunications operators to retain all data related to communications for no more than 12 months.</p><h4>PRIVACY</h4><p>U.S. agencies <a href="" target="_blank">published a final rule</a> that requires contract employees who handle personally identifiable information or work with a system of records to complete privacy training. </p><h4>CORRUPTION</h4><p>Global construction conglomerate Odebrecht S.A. and petrochemical company Braskem <a href="" target="_blank">pleaded guilty</a> and agreed to pay penalties of at least $3.5 billion to resolve U.S., Brazilian, and Swiss charges of bribery.</p> LossGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​The world of retail has relied on the word “shrinkage” for more than 100 years to describe the losses companies experience as they go about their business. Shrinkage, however, is almost a euphemistic term describing a simple contraction in the size of the stock held by a company, without offering any real sense of what the cause might be. </p><p>In this way, the term is similar to “shoplifting”—a rather benign term often used by the industry to describe people actively engaging in criminal acts of theft in stores. For comparison’s sake, you rarely see burglars or robbers described as houselifters or purselifters.</p><p>Four buckets of loss tend to be included in survey descriptions of what shrinkage is: external theft, internal theft, administrative or process errors, and vendor fraud. The term “administrative error or process failures” is particularly vague; depending upon the type of retailer and the types of products sold, it can potentially cover an enormous array of types of loss, including damage, spoilage, product going out of date, and incorrect price adjustments. </p><p>A retailer selling food and using a shrink­age definition that includes food spoilage will have a dif­ferent level of loss compared to a retailer selling clothing or auto parts; yet, many shrinkage surveys continue to combine this data together to generate an overall figure for the industry. </p><p>To date, there is no consistent, detailed definition or typology of shrinkage. It is a term that is used throughout the industry, but interpreted in different ways depending on the retail environment and the prevailing organizational culture and practices.</p><p>There is a constant desire to understand what the root causes of shrinkage are: Is it mainly external thieves? Is it the staff employed by retailers helping themselves to the stock? Is it due to organizational inefficiencies? Or is it caused by retail suppliers wrongly delivering on purpose or through error?</p><p>Surveys will often provide numbers that supposedly apportion the total shrinkage losses to each of these types of losses, with external theft frequently—but not exclusively—seen as causing the largest amount. </p><p>The reality is that what these reported shrinkage numbers are actually measuring is what respondents think the causes of shrinkage might be. They are much more a gauge of how the loss prevention industry is feeling than any true measure of the breakdown of losses within the retail industry.</p><p>This is because the vast majority of current shrinkage data collected by retailers is based on periodic audit data collected in stores and sometimes in parts of the distribution network. This data captures the difference between the value of stock retailers think they have and the amount that can be physically counted. The difference between the two is how most companies measure their shrinkage.</p><p>But all this data does is provide a value of how much stock is not there. What it does not do is offer an explanation as to why it has gone missing: Was the stock delivered to the retailer? Did a customer steal it? Was it damaged or stolen in the supply chain? Did an employee steal it? </p><p>The causes could be many and varied, but what is clear is that audit data is rarely good at explaining why discrepancies exist; it simply captures the value of losses where the cause is unknown. Attempts to apportion causes to this data will always involve a high degree of guesswork and personal prejudice.</p><p>Retailing has gone through some profound changes since shrinkage was first used back in the 19th century, not least the introduction of open displays, the growth of branding, greater consumer choice, introduction of credit cards and debit cards, the rise of online shopping, and the widespread use of various types of self-service checkout systems, to name a few. </p><p>Yet, throughout this time of enormous change, the retail industry has continued to use a term that vaguely captures the difference between expected and actual stock values as the core measure of loss in their businesses.</p><p>Given this, it’s time to reconsider how retail companies understand and measure the losses they experience and to develop a more consistent approach to enable future benchmarking activities to offer more meaningful and applicable information.​</p><h4>Total Retail Loss<img src="/ASIS%20SM%20Callout%20Images/0417%20Cover%20Story%20Infographic.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;width:652px;" /></h4><p>Both the Retail Industry Leaders Association’s Asset Protection Leaders Council, based in the United States, and the ECR Community Shrinkage and On-shelf Availability Group, headquartered in Europe, supported a research project led by the author to explore how retailers currently view the problem of loss across their business and develop a new definition and typology that might better capture their impact. </p><p>The research, detailed in the report Beyond Shrinkage: Introducing Total Retail Loss, used several different methodologies: an extensive literature review; a questionnaire to a group of large European retailers; 100 face-to-face interviews with senior directors of 10 of the largest U.S. retailers; and a series of workshops and focus groups with loss prevention representatives from a range of European retailers and manufacturers.</p><p><strong>Loss versus cost. </strong>One of the difficulties of benchmarking any retail business using shrinkage is understanding what categories of retail loss are included or excluded. </p><p>Some companies taking part in this research adopted strict criteria: shrinkage is only the value of their unknown losses based upon the difference be­tween expected and actual values; anything else is regarded as known and, therefore, not included in the calculation.</p><p>Other companies were much more inclusive, incorporating other types of loss ranging from damages, wastage, spoilage, and price markdowns to the costs of burglaries and robberies.</p><p>Part of this definitional variance seemed to be based on how respondents interpreted the difference between what could be considered a “loss” compared with a “cost,” the latter being viewed as an everyday planned and necessary expenditure for the business to achieve its profit goals. Respondents varied considerably in how they interpreted the difference, although many made a key distinction between the value of the outcome and how this differentiated costs from losses.</p><p>“Costs—they bring value to the business; they are incurred because there is a perceived positive purpose in having them. They are part of the revenue generation process and without them, profits would be negatively impacted,” one respondent said. “Losses are things which, if they didn’t happen, there would be no negative impact upon profitability. They do not offer any real value to the business and simply act as a drain on profitability.”</p><p>It was also instructive to hear how some respondents adopted a process of normalizing what some considered to be losses into costs. One respondent explained that “we plan a lot of those costs [possible types of losses], so when we’re looking at it from a planning perspective, we have that built in—anything that we can account for and process and know what it is, we take more so as a cost rather than a loss when we’re defining it.”</p><p>Another respondent talked about how the planning and budgeting process enabled many losses to be redefined as costs. “If it goes above budget, then it becomes a loss; otherwise it is a cost,” the individual explained, while another respondent was blunter: “We try and convert as much of [losses] to costs; it’s then not on my agenda anymore. I deal with shrink.”</p><p><strong>Definition. </strong>From the interviews with senior U.S. retail executives and feedback from the roundtables held in Europe, definitions of costs and losses were eventually developed.</p><p>Costs were defined as “expenditure on activities and investments that are considered to make some form of recognizable contribution to generating current or future retail income.”</p><p>Losses were defined as “events and outcomes that negatively impact retail profitability and make no positive, identifiable and intrinsic contribution to generating income.” Using these definitions, various types of events and activities could then begin to be categorized accordingly. </p><p>For example, incidents of customer theft can be considered a loss—the event and outcome play no intrinsic role in generating retail profits—because it makes no identifiable contribution and were it not to happen, the business would only benefit.</p><p>Alternatively, incidents of customer compensation, such as providing a disgruntled shopper with a discounted price, can be seen as a cost. In this case, the business is incurring the cost because it believes compensating the aggrieved consumer makes the individual more likely to shop with the business in the future. The policy of compensating is an investment in future profit generation and is categorized as a cost—not a loss.</p><p>Another example of a loss is workers’ compensation, where a retailer will cover the legal, medical, and other costs associated with an accident at work, such as falling off a ladder. There is no intrinsic value to the business if an employee is injured at work; if it had not happened, the business would only benefit by not having to pay for the consequences of the event. Therefore, workers’ compensation is a loss.</p><p>While some respondents to this research argued that workers’ compensation is a predictable problem that can be—and is—budgeted for, it still remains an event that the retailer would prefer not happen because it negatively impacts overall profitability.</p><p>In contrast, expenditure on loss prevention activities and approaches, such as employing security officers or installing tagging systems, can be seen as a cost. The retailer has committed to this expenditure because it feels there will be some form of payback from the investment: lower levels of loss, which in turn will boost profits. Whether this payback is measured or achieved is open to debate.</p><p>What these examples focus on is not whether an activity or event can be controlled or whether the incurred cost was planned, but its fundamental role in generating current or future retail income. If a clearly identifiable link can be made between an activity and the generation of retail income, then it should be regarded as a cost; all those activities and events where no link can be found should be viewed as a loss.</p><p><strong>Categorizing losses</strong>. In developing the categories of the Total Retail Loss Typology, it was important to draw a distinction between the types of loss that can be measured in a way that is manageable for modern retail business, and those that cannot. </p><p>Additionally, it was important to consider the value of collecting data on a given loss indicator. Is it meaningful for the business to monitor a category of loss? Will its analysis offer potentially actionable outcomes that may help the business meet its objectives?</p><p>There is little point in developing a typology made up of a series of categories that are either impossible or implausibly difficult to measure or once measured offer little benefit to the business undertaking the exercise.</p><p>For example, most retailers would be keen to understand how often items are not scanned at a checkout. While it is theoretically possible to measure this, the reality for most retailers is that the ongoing cost would probably be prohibitive. </p><p>Determining whether proposed loss categories met the three M’s test (manageable, measurable, and meaningful) was an important part of creating a typology likely to achieve any form of adoption across a broad range of retail formats.</p><p><strong>Typology.</strong> The research identified 31 types of known loss that are included in the Total Retail Loss Typology covering a wide range of losses across the retail enterprise and incorporating events and outcomes beyond just the loss of merchandise. The typology is broken down into four locations of loss: store, retail supply chain, e-commerce, and corporate. Each location then has a variety of subcategories divided between malicious and nonmalicious. </p><p>For example, a malicious corporate retail loss would be fraud; a nonmalicious corporate retail loss would be workers’ compensation, regulatory fines, or bad debt. </p><p>However, the term does not encompass every form of loss that a retailer could conceivably experience. The word “total” is being used in this context to represent a much broader and more detailed interpretation of what can be regarded as a retail loss, rather than necessarily claiming to reflect the entirety of events and activities that could constitute a loss. In the future, the scope and range of the Total Retail Loss Typology will change to accommodate new forms of loss, and this is welcomed.</p><p>The typology is designed to enable the calculation of the value of retail losses, not necessarily the number of events; where an associated value cannot be calculated or there is no loss of value associated with an incident, it should not be included.</p><p>For instance, if shop thieves are apprehended leaving a retail store and the goods they were attempting to steal are successfully recovered and can be sold at full value at a later date, there is no financial loss associated with the incident. The retailer may still want to record that the attempted theft took place and was successfully dealt with, but that it would not be recorded in the Total Retail Loss Typology.​</p><h4>Potential </h4><p>The proposed Total Retail Loss Typology is a radical departure from how most retail companies have understood and defined the problem of loss within their companies, moving away from a definition focused primarily on unknown stock loss to one that encompasses a broader range of risks across a wider spectrum of locations.</p><p>While there is a simple elegance about the approach adopted in the past, based upon the four traditional buckets of shrinkage, it is increasingly recognized that these broad brush and ambiguously defined categories are no longer capable of accurately capturing the increasingly complex risk picture now found in modern retailing. Instead, the Total Retail Loss Typology has the potential to benefit retail organizations by managing complexity, encouraging transparency, creating opportunities, and maximizing loss prevention.</p><p><strong>Managing complexity. </strong>The retail landscape in which shrinkage was first described has been transformed by innovation and change. Simply relying upon the traditional four buckets of estimated losses to fully reflect and properly convey the scale, nature, and impact of retail losses is no longer appropriate, particularly as the retail environment becomes more dynamic and fast changing.</p><p><strong>Encouraging transp</strong><strong>arency.</strong> The ambiguous nature of most shrinkage calculations and the difficulty of understanding its root causes generate a lack of accountability, particularly within retail stores.</p><p>Store managers question the reliability of the number, especially where there is a pervasive sense that the supply chain may be foisting losses upon stores that are actually caused by inefficiencies. Unknown store losses can conveniently be blamed upon short shipments or roaming bands of organized thieves, rather than being apportioned to actual events taking place in the store.</p><p>Losses can also be moved between different categories, depending upon the performance measures in place—wastage can quickly become shrinkage if the former is identified as a key performance indicator. </p><p>By measuring a broader range of categories of loss, it becomes much more difficult to play this game; most losses will be measured somewhere, improving transparency and accountability throughout the organization.</p><p><strong>Creating opportunities.</strong> A recurring theme from the research was the lack of prioritization and urgency associated with categories of loss that had already been measured or for which a budget had been allocated.</p><p>Many respondents were quick to view these factors as a cost; therefore, not requiring any remedial action by the business. In effect, the process of capturing the loss or planning for it through budget allocation rendered them immune from concern over the actual loss.</p><p>By adopting a systematic approach and agreeing on the definition of a retail loss and bringing these together under a single typology, opportunities may arise to minimize the overall impact of loss upon the business.</p><p><strong>Maximizing loss prevention.</strong> Dealing with an unknown loss, which is what most loss prevention practitioners typically focus on, is probably one of the hardest challenges faced by a management team in retail. This requires the team to develop a high level of analytical and problem solving capacity.</p><p>Trying to solve problems where the cause is typically unknown is also at the hard end of the management spectrum. It requires creative thinking, imaginative use of data, and considerable experience. Imagine if these capabilities were used on the broader range of known problems encapsulated in the Total Retail Loss Typology. The impact could be profound.</p><p><strong>Using resources. </strong>By generating a broader, more detailed understanding of how losses are impacting a retail organization, it may be possible to take a more strategic approach to the allocation and use of existing resources.</p><p>The Total Retail Loss Typology could offer value in how businesses not only respond to existing loss-related challenges, but also use it to review the implication of any future business decisions. </p><p>The interplay between sales and losses needs to be viewed in the round and not as a series of cross-functional trade-offs where losses and profits are allocated separately, driving behaviors that are unlikely to benefit the business.</p><p>It’s within this context that the Total Retail Loss Typology has been developed—to enable retail organizations to better understand the nature, scale, and extent of losses across the entire business, and to use this information to make more informed choices about how to grow profits and improve customer satisfaction.</p><p>As the pace of change in retail con­tinues to intensify, it’s time for the loss prevention industry to begin to move away from a notion of loss developed in the 19th century to one that better reflects and recognizes the complexities and challenges found in the 21st century.  </p><p><em><strong>Adrian Beck </strong>is a professor of criminology in the Department of Criminology at the University of Leicester in Leicester, United Kingdom. Beck undertook the study Beyond Shrinkage: Introducing Total Retail Loss commissioned by the Retail Industry Leaders Association’s Asset Protection Leaders Council and is an academic advisor to the ECR Community Shrinkage and On-Shelf Availability Group. ​ ​</em></p> Evolution of Airport AttacksGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​The bustling Brussels Airport in Zaventem, Belgium, handles more than 500 flights a day, bringing more than 27,000 passengers into the facility with approximately the same number departing. Mornings are particularly busy at the airport, and amid the flurry of activity, it is little wonder that on March 22, 2016, three men emerging from a taxi outside of the departures hall passed through unnoticed. </p><p>The trio loaded their heavy suitcases onto baggage carts and entered the flow of people heading through the doors toward the ticket desks. Shortly after they entered the departures hall, the three split up to take their places in separate ticket lines.</p><p>Three minutes later, one of the men detonated his suitcase bomb, which had been packed with nails, as he stood in one of the check-in lanes. Approximately nine seconds after that, the second man detonated his suitcase bomb in another lane. The third suitcase bomb did not detonate immediately; surveillance camera footage showed that after being thrown to the ground by the second blast, the third man, Mohamed Abrini, simply got up and walked away from the airport toward the city center. </p><p>It is unknown whether he left because he got cold feet or because his device failed to detonate, but he was later arrested and charged with participation in the attack. Police bomb technicians destroyed Abrini’s bomb-filled suitcase, which they report may have been the largest of the three, in a controlled explosion. </p><p>The attack at Zaventem resulted in 17 deaths. Another 14 victims were killed when a fourth suicide bomb was detonated an hour later in a subway train at the Maalbeek metro station in Brussels. The coordinated attack was the deadliest in Belgian history. It was also a lethal reminder of the continuing threat to the soft parts of airports outside security checkpoints. ​</p><h4>Evolving Tactics<img src="/ASIS%20SM%20Callout%20Images/0417%20Feeature%204%20Infographic.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:466px;" /></h4><p>The air transit system has been considered a prime target since the beginning of the modern era of terrorism. From a terrorist’s perspective, hundreds of people trapped inside a pressurized metal tube at 30,000 feet are ideal targets not only because the victims are so vulnerable, but because of the heavy media coverage such attacks generate. </p><p>For example, the photos of TWA 847 pilot John Testrake in the plane’s cockpit window being held at gunpoint by a Hezbollah hijacker became some of the most iconic images of 1980s terrorism.</p><p>Terrorist threats to aircraft spurred a series of security improvements, which were in turn answered by changes in terrorist weapons and tactics. The evolutionary—and deadly—game of cat-and-mouse between terrorist planners and aviation security officials has been occurring since the 1960s.</p><p>Initially there was very little security provided to the air transportation system, but a sharp increase in commercial airline hijackings in the 1960s and early 1970s led to enhanced airline security in the United States and Europe. High-profile hijackings led to greater and more widespread improvements to aviation security worldwide. </p><p>As hijackings became more difficult to conduct, terrorists began to direct their attention to aircraft bombings. Palestinian bombmakers created plastic explosives to look like everyday items in increasingly elaborate efforts to bring them onto aircraft undetected. The result was a number of airline bombing plots in the 1980s using concealed devices. </p><p>In 1987, North Korean agents destroyed a plane using a device hidden inside a radio to set off liquid explosives hidden in a liquor bottle. In another incident in 1986, explosives and the detonating device were hidden in a suitcase under a false bottom and a pocket calculator. Security detected the device before it could be taken aboard the plane. </p><p>Perhaps the most famous of these bombings was Pan Am Flight 103 in 1988, a bombing that killed 243 passengers, including two of my colleagues, U.S. Diplomatic Security Service Special Agents Dan O’Connor and Ron Lariviere. </p><p>Despite security improvements, terrorists continued to focus on attacking aircraft. In 1994, an attacker assembled a bomb in the aircraft lavatory and left it on board when he deplaned at an intermediate stop on the flight’s course. The bombing was a dry run for a more complex strike against multiple airlines. </p><p>When security measures were improved in the 1990s to defend against this style of attack, terrorists adapted once again. While planning the 9/11 attack, hijackers used permissible carry-on items—like box cutters—to hijack planes and turn them into human-guided cruise missiles. </p><p>In response to post-2001 security crackdowns to protect against that type of attack, jihadists again shifted their tactics toward onboard suicide attacks with hidden bombs. The first of these was the failed December 2001 shoe bomb attack. When security officers began screening shoes routinely, aspiring airline bombers then shifted to a plot to fill camouflaged toiletry containers in carry-on baggage with liquid explosives.</p><p>The U.S. Transportation Security Administration subsequently intro­duced restrictions on the quantity of liquids that passengers could bring aboard an aircraft, and, in turn, a jihadist attempted an attack with a device that was sewn into a suicide operative’s underwear. </p><p>Once security measures were amend­ed to address the threat of underwear bombs, attackers turned to cargo aircraft, hiding improvised explosive devices in printer cartridges bound for the United States. </p><p>And the deadly escalation continues today. In November 2015, a bomb concealed in a soda can was smuggled onto an airliner in Egypt, killing 217. Three months later, another bomb, this one disguised in a laptop, was smuggled aboard a flight in Somalia. Fortunately, that bomb only killed the suicide operative when it detonated and the aircraft was able to return to the airport for an emergency landing.</p><p>However, not all attacks on aviation involve hijacking or smuggling bombs aboard aircraft. Just as terrorists adjusted for heightened security at embassies by targeting traveling diplomats, attackers have found ways to attack airline passengers even as it has become more difficult to attack aircraft. </p><p>Back in the mid-1980s, terrorists attacked crowds of airline passengers beyond the confines of airport security at ticket counters in Rome and Vienna. In November 2002, al Qaeda operatives attempted to attack an Israeli airliner in Kenya with a surface-to-air missile. A 2011 attack at Moscow’s Domodedovo airport took advantage of the facility’s soft areas, as did the Brussels attack. </p><p>In the wake of the Rome and Vienna attacks, perimeter security at airports in Europe was temporarily increased, but due to the cost and effort involved, soon reverted to business as usual. </p><p>Similar short-term increases in security posture at airports across the globe were seen in the wake of the 9/11 attacks and to a lesser extent following Domodedovo.  </p><p>The targeting of the soft side of airports is especially attractive to grassroots groups and individuals who lack the ability to construct bombs sophisticated enough to be smuggled through security. </p><p>The July 4, 2002, armed assault against a ticket counter at Los Angeles International Airport and the June 2007 attack against the Glasgow Airport using a poorly constructed vehicle bomb are examples of attacks against the soft side of airports by poorly trained grassroots jihadists.​</p><h4>Expanding Danger</h4><p>In response to recent attacks in Brussels and Istanbul against the soft side of airports, security has again been increased. However, in many places this increased security is not much more than a show of force intended to reassure the traveling public and to perhaps deter poorly trained would-be terrorists. Without names or bag checks, it is difficult to keep a professional terrorist—especially one who has a ticket—away from the facility. </p><p>In some places, more thorough checkpoints have been established away from the airport to conduct initial screening. This tactic can be quite effective at smaller airports, but cumbersome at larger, busier airports where the heavy volume of travelers causes a backlog at the inspection point, thus effectively pushing the target away from the building to the crowd of people awaiting screening.   </p><p>It is important to remember that the objective of terrorist planners is to create a high body count and a large amount of publicity. This means that an attack against the soft side of an airport can be almost as good as an attack against an aircraft, and a successful attack against an airport is better than a failed or thwarted attack against a harder target. </p><p>As the security at airports is pushed outward in response to attacks against the soft sides of airports, and checkpoints are established away from the building, this merely moves the real target—the vulnerable group of people awaiting screening from inside the building—to an area outside of it.   </p><p>This principle was demonstrated during the June 28, 2016, attack against Istanbul’s Ataturk International Airport. In that attack, three operatives armed with AK-47s and suicide vests launched an attack on the soft side of the airport. Coming in the wake of the Brussels attack, and due to the overall high terrorist threat inside of Turkey, security was increased at Turkish airports, and armed security checkpoints were established at the entrances to the departure hall to prevent terrorists from entering the hall like they did in Brussels. </p><p>Shortly after the three attackers exited their cab outside the departure hall, they were confronted by police and a firefight erupted between the police and the attackers. The first operative was able to approach the security checkpoint and detonate his device amid the crowd. This device shattered a large window that permitted the second attacker to enter the building and begin searching for a crowd of people to target with his suicide bomb. </p><p>Fortunately, the second attacker was shot and immobilized before he could do so. The third attacker was pursued by the authorities and detonated his device in a parking lot, causing minimal damage like the second bomber. Between the gunfire and the first bomb, however, 45 victims were killed—nearly three times more than in Brussels. The bulk of the victims were outside the security checkpoint at the door to the departure hall. ​</p><h4>Staying Ahead of the Game</h4><p>Moving the security checkpoint outward from the airport simply moves the chokepoint outward, and the crowd of people waiting to get through that checkpoint remains vulnerable. This principle applies to many circumstances and locations beyond airports as well, posing a significant challenge to security professionals. While not an easy problem to address, some methods exist to mitigate the threat.</p><p>First, static security checkpoints themselves are not enough. It is necessary to establish outward-looking protective surveillance that extends beyond the property line. This surveillance also needs to focus on preoperational surveillance rather than just attack recognition. Once the attackers start shooting or detonating bombs, it can be helpful to quickly counter them and limit their access to additional victims, but it is far better to catch them at an earlier phase of the terrorist attack cycle. </p><p>Many large international airports are using surveillance technology that identifies suspicious behavior and alerts operators. The information collected by these programs can be shared with nearby airports, allowing them to keep an eye out for similar activity on their premises. </p><p>Terrorists often follow an attack planning cycle and are vulnerable to detection as they conduct the surveillance they require to carry out an attack. Terrorist operatives generally possess poor surveillance tradecraft and are not difficult to spot if people are looking for them. </p><p>But cops or soldiers manning a checkpoint at a door are not normally well positioned to spot such activity. This, ideally, needs to be accomplished by specialized units that have been trained in the craft of detecting surveillance and who are not tasked with manning checkpoints. Teams such as these will patrol parking areas and other spaces further away from the airport to identify potential threats.</p><p>This type of technology and information sharing between airports is imperative because attackers may scope out multiple facilities in a region. It is important for security teams at different airports to foster information sharing by alerting their counterparts to anomalous behavior.</p><p>Surveillance must also go beyond the use of cameras and should use a combination of human agents and cameras integrated with analytic software that can be used to help expand and direct the efforts of the humans. Cameras with nobody watching them are little better than no cameras at all. They may be useful for investigating an attack after the fact, but will be of little help in preventing an attack.  </p><p>Even in a case where the preoperational surveillance is missed and an attack is underway, personnel located beyond checkpoints can help to see problems as they are developing rather than allowing attackers to gain tactical surprise by permitting them to have free rein in areas where they can assemble and coordinate their attack.  </p><p>Furthermore, undercover operators can enjoy tactical surprise themselves and are in a great position to turn the tables on the attackers. Action is always faster than reaction, and if the attackers are permitted to draw and shoot first, it gives them a significant advantage over security forces. </p><p>A failed attack against a soft target venue in Garland, Texas, in May 2015, showed that security personnel manning the door of a facility can gain a life-or-death advantage in a firefight if they have advanced warning and a description of a potential threat. </p><p>In the Garland case, the FBI alerted local authorities of a potential threat to the event and provided the suspect’s vehicle description. This passing of critical intelligence prepared local officers for an impending attack. It also highlights the importance of intelligence sharing both horizontally and vertically within the law enforcement and security communities as they seek to secure airports and other soft targets.  </p><p><em><strong>Scott Stewart </strong>is vice president of tactical analysis at and lead analyst for Stratfor Threat Lens. ​</em></p> and Iris ScansGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​Next time you fly the friendly skies and take a bite of your airline-provided meal, you may be eating food prepared by Gate Gourmet, a global provider of airline catering and services, which has approximately 130 locations in 28 countries. </p><p>“There’s a great deal of skill and care that goes into producing the food that we provide to our customers,” says Richard Newman, director of corporate security at Gate Gourmet for the United States and Canada. “It’s important to Gate Gourmet that we deliver the highest quality product that we can, in the safest way we can.”</p><p>With approximately 25 catering facilities nationwide, Gate Gourmet serves airline clients that fly out of major U.S. airports. </p><p>One of Gate Gourmet’s larger facilities is located at the Washington Dulles International Airport near Washington, D.C. Employees at the location produce 18,000 to 25,000 meals a day, depending on the season. </p><p>“The busiest fast food restaurant you can think of probably does about 8,000 meals a day,” Newman says. “We’re doing three to four times that just out of the Dulles kitchen.” </p><p>Who gains access to Gate Gourmet facilities is crucial. “As part of a layered approach to security, it’s important that we make sure that the people that are supposed to be on the inside can get inside, and the people that aren’t, don’t,” Newman says. <img src="/ASIS%20SM%20Callout%20Images/0417%20Case%20Study%20Stats.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;width:505px;" /></p><p>Beyond protecting its product and the customers it serves, Newman adds that the U.S. Transportation Security Administration (TSA) has its own security guidelines Gate Gourmet must adhere to. </p><p>“Because we’re in the aviation industry—and there is a layer of security that the industry puts on everything that goes on an airplane—those rules apply to us as well,” he explains.  </p><p>The operation at a Gate Gourmet kitchen is complex, Newman says. It includes preparing the meals, packing them onto trucks, and delivering them directly to the airplanes and the flight attendants who will ultimately serve the food. </p><p>“When the trucks come back from the airfield, they’ll bring the carts that have the dirty dishes into the kitchen, then we go through the dishwashing process, wash the equipment, and then the whole process starts again,” he says.</p><p>To monitor the employees coming in and out of work, Gate Gourmet had been using hand geometry at its Washington Dulles location. With this biometric technology, a user places his or her hand over a scanner that measures the shape of the palm. </p><p>While the palm method was effective at identifying employees, it wasn’t necessarily efficient for the company. “We wanted to move into something that was faster, easier, and touch-free,” Newman notes.</p><p>In 2013, Gate Gourmet was on the lookout for a new biometric access control solution, and came across the iCAM iris reader from Iris ID at that year’s ASIS International Seminar and Exhibits in Chicago. “I saw their booth at the convention; they gave me a demonstration, and I was impressed,” Newman explains. </p><p>The Iris ID iCAM is a black rectangular box that mounts to the wall with a built-in camera that measures the iris. When a user approaches the scanner, it adjusts to their height; once it enrolls a user, the technology will automatically return to that setting when the employee uses it again. The viewfinder can also be manually adjusted.</p><p> “For many people it can take the picture and recognize your eyes through your glasses, through your contact lenses—that’s helpful to us,” Newman adds. </p><p>When the system is ready for enrollment and iris capture, a user walks up to the reader, standing about an arm’s length away, and a yellow light appears. Once the administrator presses the enroll button, and the user has the camera properly centered on the bridge of his or her nose, the light turns green. The technology also has an automated voiceover that guides the user through the process. </p><p>Once the iris is properly captured, the administrator adds the rest of the enrollee’s information and registers them as a user in the system. “There’s actually not a photograph stored; it’s all reduced to a code through an algorithm and stored in a database,” Newman explains.</p><p>The company evaluated four different solutions from vendors to replace the palm scanner. After narrowing it down to two technologies, including Iris ID’s iCAM, Gate Gourmet began pilot testing the products in February 2014 at Washington Dulles. During the testing, which lasted for two months, the company deployed one technology at the entrance where employees report to work and another at the exit where they leave the premises. </p><p>Gate Gourmet was impressed with the speed of the iCAM, as well as with the price point, which was similar to the palm technology already in place. Newman found that enrollment takes a matter of minutes, and daily use is even faster. </p><p>“It takes one or two seconds to check an employee in, which is four times as fast as the technology it’s replacing,” Newman notes. </p><p>He adds that iris identification results in fewer false positives—when the system thinks the iris belongs to someone else who is registered—than other biometrics like palm reading technology. This is because there are so many unique points within the eye that can be mapped out and recorded by the system, says Newman. </p><p>The company ultimately chose to go with Iris ID, and Newman says the deployment process has been seamless. “Of all the technology that I’ve deployed since I’ve started with the company, this has probably been the easiest rollout just because of the nature of the technology.” </p><p>Employees are granted access in and out of the facilities at the beginning and end of their shifts by having their irises scanned in nearly the same way in which they enrolled. </p><p>To be granted access, Gate Gourmet requires dual authentication. In addition to using the iris scanner, employees must introduce a credential to a card scanner. Newman adds that the iris enrollment process is only for employees. Visitors have a sign-in and escort protocol, and “visitors are issued specific media to identify them,” according to Newman. </p><p>The iris identification registration system is administrated from the Gate Gourmet headquarters in Dulles, Virginia, but each location with iCAMs has the ability to enroll and remove people from the system. This allows the company to keep the registration updated when employees leave Gate Gourmet.</p><p>The iris scanners are still being deployed across many of its locations, and Gate Gourmet hopes to eventually install the Iris ID iCAMs at all of its U.S. locations.</p><p>Newman emphasizes that upgrading from the previous biometric solution has not compromised security, but only enhanced it, for Gate Gourmet. </p><p>“We’re replacing biometrics with biometrics,” Newman says. “We haven’t surrendered anything by having the iris scanners—this is just the next generation for us.”  </p><p><em>For more information: Tom DeWinter, Iris ID,,, 609/819-4724 ​</em></p> and StereotypesGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​Juveniles make up 40 percent of the shoplifters in the United States. Shoplifters, in total, contribute to billions of dollars of loss each year, according to the National Association for Shoplifting Prevention’s 2014 report <em>Shop­lifting Statistics.</em></p><p>To combat adolescent shoplifting, according to the report, retailers depend on private security officers combined with other security measures, including security cameras, observation mirrors, and radio-frequency identification (RFID) tags. </p><p>The key to apprehending juveniles during or after shoplifting, however, is to correctly determine whom to surveil. Security personnel often rely on a combination of common underlying physical characteristics—race, gender, and age—and behavioral indices—glancing at clerks nervously, assessing security measures, and loitering—to distinguish shoppers from potential shoplifters. </p><p>Are these surveillance decisions a result of bias? To find out, the authors conducted original academic research funded by the John Jay College of Criminal Justice of the City University of New York on how stereotypes play into who is suspected of shoplifting, how that suspect is dealt with, and what private security can do to limit discriminatory practices.​</p><h4>Existing Data</h4><p>A 2003 Journal of Experimental Psychology article, “The Influence of Schemas, Stimulus Ambiguity, and Interview Schedule on Eyewitness Memory Over Time,” which discussed research findings and lawsuits against retailers, concluded that stereotypes of juvenile shoplifters may unduly influence security officers to target juveniles on the basis of their physical characteristics, rather than their behaviors.</p><p>Over the past 20 years, the media has reported on cases in which the retail industry engaged in discriminatory practices. This is known as consumer racial profiling (CRP), “the use of race and or ethnicity to profile customers.” According to a 2011 study in the Criminal Justice Review, “Public Opinion on the Use of Consumer Racial Profiling to Identify Shoplifters: An Exploratory Study,” officers sometimes use CRP to determine which juvenile shoppers are potential or actual thieves. </p><p>Most people develop negative stereotypes about juvenile thieves through exposure to various types of media, particularly when they reside in areas that contain few minorities. The media has the unique ability to both shape and perpetuate society’s beliefs about which juveniles typically commit offenses through its selective coverage of crimes. </p><p>It is also common for the media to portray adolescents—particularly boys—as criminals. Biases are then used, whether consciously or unconsciously, in the private sector by retailers and security officers to target shoppers, and in the public sector by those in the legal system, including law enforcement officers, prosecutors, judges, and even legislators, to arrest and prosecute thieves.</p><p>The consequences of applying discriminatory practices can be seen in the private sector through lawsuits against retailers. Ethnic minority shoppers purport that they were targeted through excessive surveillance—and even through false arrests. </p><p>Researchers have shown that this automated bias occurs even when observers were trained to focus on behavioral cues, and it persists despite findings that shoplifting occurs across racial and ethnic groups, according to the 2004 Justice Quarterly article “Who Actually Steals? A Study of Covertly Observed Shoplifters.”</p><p>Stereotypes also affect retailers’ decisions on how to handle shoplifters, either formally by involving the police, or informally. The results of accumulated discrimination, accrued during each step in the legal process—initial involvement of police, decision to prosecute, conviction, and sentencing—continue in the legal system. This is evidenced by the disproportionate number of African- and Latin-American boys shown in the apprehension and arrest statistics of juvenile thieves, compared to their representation in the population, according to Our Children, Their Children: Confronting Racial and Ethnic Differences in American Juvenile Justice, a book published by the Chicago University Press. ​</p><h4>Current Research</h4><p>To test the premise that there is a widespread stereotype of the typical juvenile thief and shoplifter, our research team obtained information from young adults in two diverse areas:  97 psychology-major college students in a small city in the U.S. state of Kansas, and 156 security and emergency management majors at a college in a large city in New York state. </p><p><strong>Shoplifter profile. </strong>The psychology-major students were 83 percent European American. The rest of the students were represented as follows: 5 percent African American, 2 percent Asian American, 1 percent Latin American, and 9 percent of mixed or unknown descent.</p><p>The security and emergency management major students—72 percent of whom were male—came from a variety of backgrounds: 31 percent European American, 37 percent Latin American, 19 percent African American, 9 percent Asian American, and 2 percent Middle Eastern American.</p><p>Participants in both locations were asked to guess the common physical characteristics of a typical juvenile shoplifter—age, gender, ethnicity or race, and socioeconomic status. </p><p>The stereotypical juvenile shoplifters described by both the Kansas and New York respondents were remarkably similar: male, aged 14 to 17, and from lower- to middle-class families of African-American, Latin-American, or European-American descent. The two samples also indicated that the stereotypical thief was likely to have short or medium length brown or black hair and an identifying mark—such as a piercing. </p><p>These findings show commonality in the prevalence of certain physical characteristics, despite the diversity of the two groups of respondents, and demonstrate that American society has a well-developed juvenile shoplifter stereotype.</p><p><strong>Decision processes. </strong>After determining the stereotype, the research team considered whether juvenile shoplifter stereotypes affected respondents’ decisions. The goal was to determine the degree to which the respondents believed that physical characteristics influenced the security guards’ decisions regarding whom to surveil, and what consequences to apply when a youth was caught stealing.</p><p>The New York respondents read a brief scenario describing a juvenile shoplifter as either male or female and from one of five backgrounds: European American, African American, Asian American, Latin American, or Middle Eastern American. However, the description of the overt behaviors by the juvenile was the same for every scenario—selecting and returning shirts in a rack, glancing around the store, and stuffing a shirt into a backpack.</p><p>Respondents provided their opinions about the degree to which the security officer in the scenario relied on physical characteristics in surveilling a juvenile, and whether the retail manager and security officer should impose informal or formal sanctions on the shoplifter. Researchers reasoned that respondents should draw identical conclusions for surveillance and sanctions if they were simply evaluating the juvenile shoplifters’ behaviors, but that students would have different recommendations for these choices if their racial or ethnic stereotypes were activated.</p><p>Respondents who indicated a preference for applying informal sanctions did so more frequently for girls of African-American and Middle Eastern-American descent. These respondents also assessed that the officer described in the scenario based his or her surveillance decisions on physical characteristics. No other gender differences for race or ethnicity were notable when considering reliance on physical characteristics.</p><p>Stereotypes also affected decisions on how to sanction the shoplifter. Respondents were given the option of implementing one of four informal sanctions: speak to the juvenile, call parents to pick up the juvenile, get restitution, or ban the youth from the store. Their selection of the least severe sanction—talk to the juvenile—was doled out at a higher rate for boys than for girls of each ethnicity except European Americans, which did not differ.</p><p>The moderate level sanction—call the youth’s parents—was selected more for girls than for boys of African and Latin descent. The most severe level sanction—ban the youth from the store—was selected more for boys than for girls of African descent. However, it was selected more for girls than for boys of Asian, European, and Middle Eastern descent.<img src="/ASIS%20SM%20Callout%20Images/0417%20Feature%202%20Chart%201.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:510px;" /></p><p>Respondents who indicated a preference for applying formal sanctions attributed physical characteristics to the guards’ surveillance decision for girls more than for boys of Latin descent; gender differences were not apparent for the other ethnicities. </p><p>Respondents were also given five formal sanctions for the youths: involve the police, prosecute the theft as larceny, impose a fine, give the youth diversion or community service, or put the incident on the youth’s criminal record. Their selection of the least severe sanction—involve the police—was endorsed more for boys than for girls of Asian, European, and Latin descent, but more for girls than for boys of African descent. No gender difference was apparent for youths of Middle Eastern descent.</p><p>The most severe sanction—diversion or community service—was preferred more for boys than for girls of African descent. A small percentage of respondents endorsed a criminal record for the theft of a shirt, but only for girls of African and European descent and for boys of Middle Eastern descent.</p><p>Finally, a comparison of our data revealed that respondents believed informal—rather than formal—consequences should be imposed for girls rather than for boys of Asian and European descent, and for boys rather than for girls of Latin descent. ​<img src="/ASIS%20SM%20Callout%20Images/0417%20Feature%202%20Chart%202.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:519px;" /></p><h4>Lessons Learned</h4><p>Our findings clearly demonstrate that people have stereotypes about juvenile shoplifters. They also showed that people unconsciously use the typical physical characteristics of gender and race or ethnicity associated with their criminal stereotypes to make decisions and recommendations, such as whom to surveil and how to handle a shoplifting incident. Otherwise, there would not have been a difference in how the juvenile shoplifter was processed or punished, because the behaviors exhibited by all of the juveniles were identical across scenarios.</p><p>Consumer racial profiling is a defective filtering system that may direct private security officers’ attention to characteristics that are not reflective of actual shoplifting conduct. Our data suggests that CRP not only hurts retail businesses by discouraging minority consumers from shopping in their stores, but also simultaneously prevents security officers from apprehending shoplifters.</p><p>Other research, such as from “Juvenile Shoplifting Delinquency: Findings from an Austrian Study” published in the 2014 Journal for Police Science and Practice, shows that only 10 percent of juveniles are caught shoplifting. Even more disconcerting, the typical shoplifter steals on average 48 to 150 times before being apprehended. Clearly, retailers need a better strategy if they are to reduce loss due to shoplifting.</p><p>Another issue that was addressed was the decision to involve the legal system. Many businesses, despite having posted prosecution warnings, reported only about half of the adolescent shoplifters they caught to the police. </p><p>Retailers instead focus on minimizing loss and negative publicity, and may rationalize against reporting the offense to the police because they do not want to stigmatize the adolescent or because they consider it a one-time incident, particularly when the juvenile admits to the theft and then pays for or returns the items, according to the U.S. Department of Justice’s (DOJ) Community Oriented Policing Services.</p><p>These beliefs, however, may be misguided. Though current research is scarce, a 1992 study—The Sociology of Shoplifting: Boosters and Snitches Today—indicated that 40 to 50 percent of apprehended adolescent shoplifters reported that they continued shoplifting. </p><p>There are benefits for retailers who involve the legal system, especially for informal police sanctions. </p><p>First, criminal justice diversion programs and psychological treatment and educational programs treatment may reduce recidivism. For example, shoplifters who attended and completed a diversion program had significantly fewer re-arrests compared to those who failed to complete or did not attend, a DOJ study found.</p><p>Second, the private sector needs the support of the public sector to reduce shoplifting. Shoplifters can be given an opportunity to participate in first offender programs and, upon completion of classes on the effects of shoplifting, have their charges dismissed or even erased. ​</p><h4>Recommendations</h4><p>Retailers and private security officers need training to make them aware of their own biases and how their stereotypes affect their choices. They also need training to learn which behavioral indices are most effective in distinguishing shoppers from shoplifters. </p><p>If retailers do not make significant changes in guiding their employees—particularly security officers—towards objective measures of vigilance to prevent shoplifting, their financial loss will continue to be in the billions of dollars. </p><p>Private security officers must be taught how to treat all potential shoplifters, regardless of their gender, in the same way to prevent making mistakes and subjecting retailers to lawsuits for discriminatory security practices.</p><p>Overcoming unconscious biases is difficult. Prior to specialized training in bias identification and behavioral profiling, it is important to determine the biases of security officers. Self-assessment measures similar to the ones the researchers used in their study can be administered. </p><p>The officers should also keep records that specify each incident of shoplifting, what behaviors drew their attention to warrant surveillance, what act occurred to provoke them to approach the juvenile shoplifter, the items that were taken, the method used, the shoplifter’s demographics, how the situation was handled, who made the decision, and reasons for the decision. The officers should then review these records with their retail managers.</p><p>Retailers should also implement a mandatory training program to provide private security officers with the tools needed to identify shoplifting behaviors to increase detection and reduce shrink. </p><p>The incident records could be introduced and used to help identify the impact biases have on private security professionals’ decisionmaking about juvenile shoplifters. It would also help security guards learn the various types of suspicious behaviors that shoplifters exhibit, such as juveniles who make quick glances at staff, examine items in remote aisles, monitor security cameras and mirrors, and purposefully draw employees’ attention away from others.</p><p>Additionally, a practical component would be to show surveillance videos of the behaviors exhibited by juvenile shoplifters of different gender and race or ethnicity. In this way, the findings of past studies showing the insignificance of race, ethnicity, or gender can be learned through real-world examples.  </p><p>--<br></p><p><em><strong>Dr. Lauren R. Shapiro </strong>is an associate professor in the Department of Security, Fire, and Emergency Management at John Jay College of Criminal Justice. She has published several journal articles and chapters on the role of stereotypes in perception and memory for crime and criminals. <strong>Dr. Marie-Helen (Maria) Maras</strong> is an associate professor at the Department of Security, Fire, and Emergency Management at John Jay College of Criminal Justice. She is the author of several books, including Cybercriminology; Computer Forensics: Cybercriminals, Laws, and Evidence; Counterterrorism; and Transnational Security.   ​</em></p> War GamesGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​In the chaos of World War II, the U.S. Information Agency began a German radio broadcast to counter Nazi propaganda. The Voice of America (VOA) was designed to promote American values abroad, and after the end of the war, the United States enacted the Smith–Mundt Act to continue its broadcasts during peace time.</p><p>During the Cold War, VOA took on a new target—Soviet propaganda—and concentrated its message on communist nations in eastern and central Europe. By 1953, VOA was broadcasting 3,200 programs in 40 languages every week.</p><p>And America was not alone. The Soviet Union soon began adopting similar technology, attempting to influence elections through radio broadcasts, campaign funding, and recruitment efforts. In the 1970s, for example, during a U.S. presidential race, the Soviet KGB recruited a U.S. Democratic party activist to report on Democrat Jimmy Carter’s campaign and foreign policy plans.</p><p>Fast-forward to the present, when influence is no longer restricted to radio broadcasts or recruiting covert agents; it’s now being conducted on social media by nation-states. In an unprecedented unclassified report, the U.S. intelligence community detailed Russia’s most recent efforts to influence the 2016 U.S. presidential election in favor of candidate and eventual president Donald Trump. </p><p>The report, crafted by the U.S. National Security Agency (NSA), the CIA, and the FBI, and released by the U.S. Office of the Director of National Intelligence, found that Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election. </p><p>Putin’s goals, according to the report, were to undermine public faith in the U.S. democratic process, denigrate Democratic candidate former U.S. Secretary of State Hillary Clinton, and harm her electability and potential presidency.</p><p>“In trying to influence the U.S. election, we assess the Kremlin sought to advance its longstanding desire to undermine the U.S.-led liberal democratic order, the promotion of which Putin and other senior Russian leaders view as a threat to Russia and Putin’s regime,” the report explained.</p><p>To carry out this influence campaign, Russia used a messaging strategy that blended covert intelligence operations with overt efforts by Russian government agencies, state-funded media, third-party intermediaries, and paid social media users—known as trolls.</p><p>“The Kremlin’s campaign aimed at the U.S. election featured disclosures of data obtained through Russian cyber operations; intrusions into U.S. state and local electoral boards; and overt propaganda,” the report added. “Russian intelligence collection both informed and enabled the influence campaign.”</p><p>For instance, in July 2015 Russian intelligence organizations gained access to the U.S. Democratic National Committee’s (DNC’s) networks and maintained access to them until June 2016. Using this access, Russia’s General Staff Main Intelligence Directorate (GRU) compromised the personal email accounts of Democratic Party officials and political figures, including Clinton’s campaign chair, John Podesta. </p><p>Then, under the alias Guccifer 2.0, the GRU leaked those emails to and WikiLeaks, which shared information with RT—the Kremlin’s principal international propaganda outlet, which has more than 4 million Likes on Facebook and 2 million followers on Twitter. </p><p>“Russia’s state-run propaganda machine…contributed to the influence campaign by serving as a platform for Kremlin messaging to Russian and international audiences,” according to the report. “State-owned Russian media made increasingly favorable comments about President-elect Trump as the 2016 U.S. general and primary election campaigns progressed, while consistently offering negative coverage of Secretary Clinton.”</p><p>For instance, Russian media began to call Trump’s impending victory a “vindication of Putin’s advocacy of global populist movements” and the “latest example of Western liberalism’s collapse.”</p><p>Millions of people viewed these articles and shared them on social media, spreading them among U.S. voters. The U.S. intelligence community did not conduct opinion polls to see how Russian propaganda influenced voting behavior, said former Director of National Intelligence James Clapper in a Senate hearing. But he did reinforce the report’s assessment that Russia will apply lessons it learned from the campaign to future efforts to influence the United States and its allies.</p><p>And, because Americans elected Trump in the 2016 election, Russia is likely to view its influence campaign as a success and continue using similar methods to influence future elections.</p><p>“Putin’s public views of the disclosures suggest the Kremlin and the intelligence services will continue to consider using cyber-enabled disclosure operations because of their belief that these can accomplish Russian goals relatively easily without significant damage to Russian interests,” the report said.</p><p>Putin may hold this view because the United States responded to the influence campaign through targeted sanctions. One week before the U.S. intelligence community’s report was released, former U.S. President Barack Obama sanctioned two Russian intelligence services, four individual intelligence service officers, and three companies that provided material support to the Russian intelligence service’s cyber operations.</p><p>The U.S. Department of the Treasury also sanctioned two Russian individuals for using cyber-enabled means to misappropriate funds and steal personal identifying information. The U.S. Department of State also shut down two Russian compounds in Maryland and New York that were used by Russia for intelligence purposes, and declared 35 Russian intelligence operatives “persona non-grata.”</p><p>“These actions are not the sum total of our response to Russia’s aggressive activities,” Obama said in a statement. “We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized.”</p><p>While some experts are not surprised by Russia’s actions, one expert has said he was surprised at Russia’s willingness to engage in a disruptive cyberattack against U.S. institutions. </p><p>Adam Segal, Ira A. Lipman chair in emerging technologies and national security and director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, published The Hacked World Order at the beginning of 2016, saying that he thought states on the periphery—Estonia, Georgia, and Ukraine—would conduct disruptive attacks on each other, but that major nation-states would not.</p><p>“Clearly, I underestimated the willingness of Russia to use disruptive attacks on the United States,” Segal said at an event hosted by the American Bar Association in January. “I never considered disruptive attacks on the United States focused on institutions, even though I thought those might be the most vulnerable to attacks in the future.”</p><p>Disruptive attacks, like the Russian influence campaign, will be a difficult area for the Trump administration moving forward, especially based on the U.S. response to the activity. </p><p>Segal, who had just returned from China before speaking at the event, said that the Chinese “seem to see no deterrent value” in the U.S. response to Russia and that the response needed to be stronger to send a clear message not just to Russia, but to other adversaries who might try something similar.</p><p>That message was further muddled when just weeks into Trump’s presidency, the U.S. Department of the Treasury eased sanctions to end a ban on selling information technology products to Russia. The ban was originally put in place by Obama in 2015 in response to alleged “malicious cyber-enabled activities” by Russia’s security service in the U.S. electoral process.</p><p>Despite the deficient response to the disruptive attack, however, Segal said he still thinks that Russia and China are unlikely to use destructive cyberattacks against the United States—such as targeting critical infrastructure and causing damage—unless their national interests are threatened.</p><p>“The Chinese definition of core interests is unfortunately expanding,” Segal said. “But the Chinese know that the United States is going to attribute an attack to them, so they have to be ready for escalation.”</p><p> An escalation of destructive cyberattacks is something Leo Taddeo, former special agent in charge of the FBI’s New York Cybercrime Office and current CSO of Cryptzone, a network security and compliance software provider, says he sees happening in 2017. In an interview with <em>Security Management</em>, Taddeo says he sees nation-states—including the United States—taking a more aggressive position on international cybersecurity, leading to a cyber escalation between nation-states.</p><p>The U.S. public has an “appetite for more aggressive cyberactivity” and for “striking back” against those who conduct cyberattacks against American interests, according to Taddeo.</p><p>However, Taddeo says he is concerned that the U.S. private sector will be caught in the crossfire of this escalation involving the United States, Russia, China, and possibly Iran, when banks, power companies, and other critical infrastructure—largely controlled by the private sector in the United States—are targeted. </p><p>“The Russians don’t have that problem as much as the United States does because Russia is more autocratic,” Taddeo adds. “The private sector there doesn’t complain without permission from the regime and can tolerate more in a crisis.”</p><p>Those attack methods are also likely to trickle down to regional conflicts between nation-states with less cyber prowess, such as India and Pakistan. For instance, Taddeo says to look at the attack on the Bank of Bangladesh in 2016 when hackers stole $81 million. </p><p>“That type of attack may have been committed by a nation-state to obtain much needed cash resources or to embarrass a smaller state,” Taddeo says. “I think we’ll see more types of cyber conflict…some adopted by nation-states, some by super powers, but with all of these different tools becoming part of the arsenal.”</p><p>Taddeo adds that, with today’s technological advances and hacking services for hire, it doesn’t take a great deal of expertise to steal information and share it with organizations like WikiLeaks.</p><p>Either way, Taddeo says the “genie is out of the bottle” and actors and nation-states are now using cyber methods to conduct influence campaigns for strategic goals. </p><p>For the Kremlin, this includes gathering information and attempting to influence public—and government—opinion via social media in favor of Russia.</p><p>“Immediately after Election Day, we assess Russian intelligence began a spearphishing campaign targeting U.S. government employees and individuals associated with U.S. think tanks and NGOs in national security, defense, and foreign policy fields,” the U.S. intelligence report said. “This campaign could provide material for future influence efforts, as well as foreign intelligence collection on the incoming administration’s goals and plans.”   ​</p>


05 April 2017
Preparing Your Healthcare Facility for All Hazards (Webinar)

19 April 2017
ADA Compliance for Security Professionals (​Webinar)

23 - 25 April 2017
10th Annual CSO Summit ​​(Conference, Arlington, VA)

26 April 2017
Identify and Research Threats Via Open Source Intelligence (Webinar)

03 May 2017
Finance 101 for Security Professionals (Webinar​)​

​08 - 09 May 2017
Active Shooter (Education, Las Vegas, NV)

08 - 09 May 2017
Executive Protection (Education, Las Vegas, NV​)​

08 - 09 May 2017
CPP ​& PSP Review at PSA-TEC (Education, Las Vegas, NV)

​08 - 11 May 2017
ASIS Assets Protection Course (Education, Las Vegas, NV)​​

10 - 11 May 2017
Violence Assessment and Intervention (Education, Las Vegas, NV)

​10 - 12 May 2017
​Physical Security Workshop​ (Education, Las Vegas, NV)

​More Events>>​​​