|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Vehicle Access at Stadiums0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Seminar Sneak Peek: Bringing Metrics to the C-Suite|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465How to Practice Ethics|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Sounding the Alarm at Lone Star|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465New Data Rules|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465In the Public Interest2016-05-01T04:00:00Z|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Active Shooter Guidelines2009-01-01T05:00:00Z|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Q&A: Cannabis Cash2016-07-01T04:00:00Z|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Wagering on Preparation2014-09-01T04:00:00Z|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Security Beyond Sunday2016-04-01T04:00:00Z

Security Management

 Morning Security Brief

View RSS feed

 SM Weekly

Retrieving Data

 SM Daily

Retrieving Data
Not a Member? Join Now SurveillanceGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>There’s a growing consensus on the issue of placing security cameras in schools—a recent study found that 72 percent of adults favor the practice. That percentage of support is up 7 percent from a year ago, when 65 percent were in favor of school cameras in a similar survey. </p><p>“This number has risen in recent years, with increased attention on preparedness in handling potential threats,” wrote Dean Drako, president and CEO of Eagle Eye Networks, which commissioned the study. The report compiled surveys from 1,500 respondents from all regions of the United States taken earlier this year. The survey defined schools as preschool/daycare, K-12, and college.  </p><p>Asked to cite why respondents saw security cameras as valuable, the most popular reason (cited by 64 percent of respondents) was to “identify criminals and facts after events.” This reason was followed by “real-time insights during emergencies,” at 59 percent, and “deterring crimes,” at 57 percent.   </p><p>In addition, 78 percent of respondents said they thought it was important for first responders to be able to access school video during an emergency. “This result signals the high value the community places on ensuring immediate situational awareness during a crisis on campus,” Drako wrote.  </p><p>In the report, the top five camera location priorities were at entrances and exits (76 percent), hallways (62 percent), and lunchrooms, playgrounds, and gyms (53 percent). Only a minority of respondents wanted cameras in classrooms (36 percent) and locker rooms and bathrooms (18 percent). </p><p>However, Kenneth Trump, president of National School Safety and Security Services, who has worked and consulted on school safety projects across the country, says he now sees a few complicating factors regarding the use of surveillance cameras in schools, based on the many assessments his consulting firm has done for schools from preschool through 12th grade. </p><p>“We often see that schools put cameras in based on a one-time shot in the arm funding—often due to state grants, or a one-time allocation in a capital improvement program,” Trump says. The launch of these new cameras is often featured in press conferences or public announcements. </p><p>But then, when the cameras need to be fixed or replaced three or four years down the road, the school district has no budget allocation at either the individual building or district level for repair or replacement. The cameras can then sit dormant for months, or even longer, while “parents, students, and staff are under the impression that cameras are functioning when they are not,” he explains.  </p><p>  Trump himself believes that cameras can be a useful tool in overall school security. “Cameras deter those who can be deterred,” he says.  And their footage can serve as evidence in some cases. “They serve a role, but there are limitations,” he adds.   </p><p>  Trump also says that, in his assessments, he has found an overall trend that some schools are putting disproportionately more emphasis on hardware and products, and less “on the people side” of school security. “School leaders are well-intended, but there is a lot of political pressure to do this,” he says. “And certainly there are a lot of opportunistic vendors.” </p><p>“Many school administrators will throw up some cameras to fortify their front entrance,” he continues. “But the reality is, it is what is behind those fortified walls that really makes up the heart of your school security program—which is your people.” </p><p>Of course, investing in “the people side” of school security takes time and money, he says. It often means professional development training not just for teachers and administrators, but for support staff: the bus drivers, who are the first and last ones to see students every day. Secretaries who might take a call from someone making a bomb threat. Custodians and food service staff, who may be the first ones to notice any strangers on campus. “They are on the front lines,” he says. “They should be included in tabletop exercises, along with the first responders.”  </p><p>However, training and development for all staff takes a funding investment, and some districts find it cheaper to buy more hardware instead. In addition, Trump says that he has been seeing another trend—hardware and product vendors in some states lobbying state legislators to put school security and emergency planning into the hands of homeland security officials, and out of hands of the school administrators, which could thwart training and development. </p><p>In the Eagle Eye survey, a majority of the respondents (56 percent) said they believe that visible security cameras would reduce bullying in schools. Again, however, Trump says that while cameras can be an effective component of an antibullying program, “the first and best line of defense is a well-trained and highly alert staff and student body.” Unlike a camera, staff can “see things that are invisible,” such as dynamics between students, which indicate potential or possible bullying. Technology can be a supplement, but not a substitute, for this. </p><p>Strong security programs continue to be sorely needed, as violent fatalities continue to be a problem in schools. Another recent report, which looked at the 2012-13 school year (the latest data available), found that nearly 3 percent of violent deaths among American school age youth took place at school or school-related environments. </p><p>The report, Indicators of School Crime and Safety: 2015, is a joint effort from the National Center for Education Statistics, U.S. Department of Education, and the Bureau of Justice Statistics at the U.S. Department of Justice. It found that, in the period from July 1, 2012, through June 30, 2013, there were a total of 41 school-associated homicides in U.S. elementary and secondary schools, slightly less than 3 percent of the total number of school-age homicides in America.   </p><p>The 3 percent figure has stayed consistent since annual statistics were first compiled for the 1992-93 school year. Authors of the study indicated that the percentage, although low, was still unacceptable. “Our nation’s schools should be safe havens for teaching and learning, free of crime and violence,” the authors wrote. </p> Arm or Not to Arm?GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>Steve Baker, CPP, PCI, PSP, is president of VTI Associates, a security consulting firm that provides use-of-force training and litigation services. He is also a certified instructor for security officer firearms training in the states of Nevada and Arizona. Baker talks with <em>Security Management</em> about the subject of arming guards and how companies can evaluate what options are best for them. </p><p> </p><p><strong>Q. What are some of the considerations businesses should weigh when deciding whether or not to arm guards?  </strong></p><p><strong>A. </strong>Companies should first ask whether there is a business need. What is the business trying to protect? What’s the threat for the facility, the nature of the business, assets that need protecting, hours of operation? Some places at different times of day may have different issues. For example, a gas station located near a busy highway may want an armed guard at night.  </p><p>Then they have to consider, will it be 100 percent arming, or is there going to be a mix of armed and unarmed personnel? And then, to break that down even further, what level of arming are we going to do—are we going to have it restricted to supervisors and managers only, or all officers?  </p><p>We also have to talk about the financial impact of screening, hiring, and retaining the employees; also training and equipping them. There’s the factor of law enforcement response time. All of these issues should play into that initial needs assessment. </p><p><strong>Q. What types of businesses typically arm their guards?  </strong></p><p><strong>A. </strong>The gaming industry historically has a lot of armed people, but it’s not universal. Sometimes you’ll get convenience stores and other properties where there’s a lot of public traffic coming through. Some of the utilities, depending on what they are and what they are protecting, have armed guards. </p><p><strong>Q. How about hospitals?  </strong></p><p><strong>A.</strong> A lot of them don’t want to have firearms. They really don’t want to be in the shooting business, if you will. However, nobody goes to the hospital happy. There’s a lot of anxiety no matter what. So if you’re going there as a patient you have anxiety, if you’re there because a loved one or a friend is ill or injured you have some anxiety, and then you have people with various maladies and mental disorders—all of which can make any property challenging.  </p><p>On top of that, there’s also the availability of drugs. And [thieves] know that the drugs are locked and secured, but they also know if they stick a weapon in somebody’s face, that person is more likely to comply with a request to open that cabinet.  </p><p><strong>Q: Besides firearms, what are the common types of force used by security guards? What are the potential drawbacks? </strong></p><p><strong>A. </strong>One of the things we look at is what options do you have on the continuum of force? Pepper spray is pretty widely used, though there can be some insurance issues because—while the use of it isn’t as severe as a firearm—it’s used more frequently. And it’s messy. It does subject people in the area to cross contamination and overspray, so other people may get a whiff of it, and that can result in some insurance claims. So you have that frequency versus severity calculation that the insurance companies all run, and that can sometimes impact your premiums. </p><p>Batons are actually difficult. They require a higher level of training, and what happens is people tend to go “medieval” with the stick. And the minute something happens, guards can forget all of their training, and it just becomes a club. And that’s problematic—the probability of injury is great with the baton. </p><p><strong>Q. Are handcuffs considered “force”? </strong></p><p><strong>A. </strong>Handcuffs are another option. They are not truly a weapon, and there’s a large training issue with using them. The adage of “slap on the cuffs” is a really bad way to put it. If you don’t place them on properly, and you were to come from a distance and slap them on someone, it’s like taking a steel rod and hitting yourself on the bones of your wrists. Your reaction is going to be to pull away, which we generally call resisting. So just by the method that we’re using to apply the handcuffs, a compliant person can suddenly appear noncompliant.  </p><p>In my classes, I have all the students handcuff each other after lunch. I leave them all handcuffed, and then I have them sit down and I lecture for about half an hour, so that they can understand what happens as they are sitting there handcuffed.  </p><p>And what happens is that, as you move around just a little bit, sometimes the handcuffs’ oval shape and the wrist’s oval shape don’t match up anymore, and it hurts badly. They say, “it’s too tight,” and you just take <span style="line-height:1.5em;">a couple of fingers and readjust the cuffs around the wrist. So cuffs are a little bit more complicated in their minor nuisances, but training makes </span><span style="line-height:1.5em;">a huge difference.  </span></p><p><strong>Q: Tasers seem to also be a popular choice for nonlethal force, though they come with their own set of challenges as well. What are the pros and cons of these devices? </strong></p><p><strong>A. </strong>When Taser first came out it was an alternative to deadly force. If you were in a situation where you were justified in using deadly force, you could use this nondeadly device and hopefully rectify the situation with that.  </p><p>I was actually on Taser’s initial advisory board when the company started branching out more into the security industry. Tasers are a wonderful device, and again you’ve got a higher training level. It’s not the fix-all that many people would like to believe it is. In law enforcement generally you have multiple officers available when deploying the Taser, at least in a perfect world. And usually those other officers have higher levels of force, like a firearm, for backup. So if a Taser doesn’t work and they have to escalate force, they can do so.  </p><p>But what I’ve found is that the use of Tasers [with guards] were tenfold to that of firearms, because there’s the perception that it’s “okay” to tase people. So there has to be a lot of training and judgment in use of force and appropriateness so that we don’t overuse these devices just because they are nonlethal. </p><p><strong>Q. What other topics do you cover in your training?  </strong></p><p><strong>A. </strong>We have to go through the basics of criminal and civil law, as well as criminal procedure. We have to touch on some risk management concepts. Security officers need to understand certain things–they are not the police. For law enforcement, their goal is to make arrests and address crime. Security’s responsibility is to keep their property reasonably safe. If a threat actor has departed the property, unlike law enforcement, guards don’t give chase, they need to turn that over to the police. And a lot of them don’t understand that. They have that mentality of, “well something happened and I have to chase them down and get them.”  </p><p>I always ask, are there any misdemeanor crimes where you’d be justified in shooting somebody? I can spend up to an hour on that question. The answer is no. That’s the reason they are misdemeanors, they are lesser crimes. So a punch in the nose is a misdemeanor. Are you going to shoot someone because they punched you in the nose? You shouldn’t—and if you do, you’re going to have problems. Now if they are beating you to death, that changes the situation. You’re now in justified fear of your life.  </p><p>It’s a split-second decision with a firearm, and if you’re wrong, it can be catastrophic to the officer, whoever the other person is, and to the organization.   </p> Usual SuspectsGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>Whether large or small, from two to 431,000 employees, companies were similarly victimized, according to data patterns revealed in a new study. </p><p>As part of a larger study that focused on the creation of typologies and criminological perspectives related to trade secret theft, the authors of this article analyzed all 102 successful U.S. trade secret theft prosecutions from 1996 to 2014 using FBI and U.S. Department of Justice press releases, indictments, docket information, and other data related to the types of organizations that were victimized. </p><p>Trade secrets discussed in these cases are not public or published like copyrighted and patented materials. Instead, they are protected by the organization through the privilege of nondisclosure. This designation leaves the trade secrets protected in perpetuity—unlike patents and copyrights, which have limitations on the number of years they are safeguarded from use by competitors. </p><p>The theft of this type of protected information is illegal under the Economic Espionage Act (EEA) of 1996. It is considered a form of economic espionage or “larcenous learning,” because secrets are targeted and stolen from the rightful owner by individuals, rival companies, and even foreign countries through economic-espionage related activities.  </p><p>And trade secret theft is not a rare occurrence. American businesses owned an estimated $5 trillion worth of trade secrets in 2014, and approximately $300 billion was stolen per year, according to a statement made by Randall C. Coleman, assistant director of the FBI’s Counterintelligence Division, in a hearing before Congress.  </p><p>The authors’ analysis of these cases provides insight into the most common types of trade secret and economic espionage activities, as well as the prevalent characteristics of offenders. ​</p><h4>Who is Vulnerable? </h4><p>All companies, regardless of size and type, are vulnerable to trade secret theft. The majority of companies that were victimized were large (employing more than 1,000 employees), and many were easily recognized Fortune 500 companies.  </p><p>Organizations in the manufacturing sector were most likely to be victimized (64.6 percent), followed by service industries (19.2 percent), when examining sectors using their Standard Industrial Classification Codes. ​</p><h4>What is Stolen and How? </h4><p>The authors’ review of EEA cases showed that anything of actual or potential value—including current, future, or intrinsic—can be stolen or compromised when it comes to trade secret theft.  </p><p>This includes source code, photographs and images of machinery, proprietary software programs, sales order forecasts, customer and client lists, billing information, subscription lists, research data, and project data, to name a few examples. </p><p>While a common assumption may be that trade secret theft involves some degree of sophistication, the study suggests otherwise.  </p><p>For instance, a bartender who worked in the corporate dining room of MasterCard’s headquarters in Purchase, New York, stole reams of confidential material from the dining room and surrounding areas—including CD-ROMS and binders—that he offered to sell to Visa.  </p><p>Visa, however, reported him to the FBI, which set up a sting operation to negotiate the purchase of the materials. </p><p>In another case, Chinese nationals simply walked into corn production fields owned by Monsanto, DuPont, Pioneer, and LG Seeds, and stole bioengineered seeds after claiming they worked for the University of Iowa. </p><p>Trade secret theft episodes are not always long-term events. In fact, some  <span style="line-height:1.5em;">are short-term, opportunistic, one-</span><span style="line-height:1.5em;">time events.  </span></p><p>One example of this is when two engineers for Wyko Tire Technology—a company that supplied Goodyear parts for its tire assembly machines—were left unescorted in a Goodyear factory. They used the opportunity to take cell phone photos of proprietary machinery at the factory, despite being told not to. A Wyko IT manager later discovered the photos on one of the engineer’s e-mails and forwarded the message to Goodyear. ​</p><h4>Who’s the Thief? </h4><p>There is no one-size-fits-all profile for those who commit trade secret theft, according to the authors’ study. Even though the majority of cases involved insider threats, advanced analysis found no discernable offender profile.  </p><p>Additionally, the authors’ review showed that offenders were not distinguished by citizenship, age, gender, or employment status.  </p><p>However, some generalizations can be made about trade secret thefts and offenders. Any type of trade secret can be stolen, most thefts are simple, males commit trade secret theft more than females, and most thefts are committed by lone offenders. Citizens—not foreigners—commit most trade secret theft. </p><p>Insider threats. The majority of suspects in EEA cases were insider threats (83.3 percent). In most cases, the insider had legitimate access to trade secrets through the course of his or her daily work.  </p><p>These insiders were often in a position of trust, such as network administrators, executive secretaries, computer programmers, engineers, computer specialists, vice presidents, former owners, and IT directors. </p><p>Among these insider threats, most were still employees of the company (71.8 percent) when they were indicted. Next most prevalent were former employees, who committed the theft while still employed but who were detected post-employment (22.4 percent).  </p><p>The least likely insider threat was an invitee of the company (5.9 percent). This group included contract employees or subcontractors who had legitimate access to the company.  </p><p>The study also found that most insider threats are citizens and lone offenders. The majority of offenders were U.S. citizens (64.6 percent) and were U.S. born (53 percent), males (56 percent), and in their 40s. The majority of the internal threats were also lone assailants (67.5 percent). </p><p>This could be because in many trade secret theft cases, the employee leaving the organization used stolen trade secret–related information for professional gain. </p><p>In 2013, Ketankumar Maniar quit his job at a company that made disposable syringes. Prior to his resignation, however, he downloaded trade secret files onto his work laptop.  </p><p>Through an internal investigation, the company discovered that Maniar had downloaded these files. It contacted the authorities, and FBI agents later caught Maniar in a hotel room as he was preparing to leave for India. While FBI agents searched the room, Maniar admitted that he planned to use the trade secrets for future employment opportunities in India. </p><p>In another case, Xiang Dong Yu—an employee of 10 years with Ford Motor Company—quit to take a new position with Beijing Automotive. He was arrested by the FBI when he flew back to the United States and agents found at least 41 Ford design specifications on his Beijing Automotive–issued laptop. </p><p>If not seeking new employment opportunities, however, internal threats often created their own consulting or start-up companies, the study found. Such was the case with Yu Qin, a vice president of engineering and research and development at Controlled Power Company (CPC) who also had his own company for five years, unbeknownst to his employer. </p><p>In this case, Qin and his wife (a former employee of CPC and General Motors) were stealing trade secrets from both CPC and General Motors. Their thefts were discovered when CPC employees found a hard drive, which contained 16,000 confidential files <span style="line-height:1.5em;">that belonged to General Motors. </span></p><p>CPC management then sent the files to General Motors, which determined that Qin’s wife had stolen the electronic documents before her voluntary resignation. CPC then realized that Qin had also used trade secrets from CPC for his own consulting company. </p><p>While trade secret theft can help individuals achieve professional gain, personal financial gain should not be discounted. Trade secret theft is also committed by current or existing employees, who in most cases are motivated by financial gain or revenge.  </p><p>For instance, Yuan Li—who was employed by Sanofi—held a 50 percent partnership in Abby Pharmaceuticals. Sanofi was unaware of this fact.  </p><p>Li accessed an internal Sanofi database and downloaded information about Sanofi chemical compounds onto her Sanofi-issued laptop computer. She then transferred the information to her personal home computer by either e-mailing it to her personal e-mail address or by using a USB thumb drive. Li later made the Sanofi trade secrets available for sale on Abby’s website. </p><p>External threats. While the majority of trade secret theft cases involved internal threats, security professionals should not discount the external threat. External threats, those individuals who have no legitimate access to the company or to secret information, accounted for 16 of the prosecutions analyzed in the study. </p><p>The review of cases showed that these external threats included persons who were classified as true spies (38.9 percent) or employees from a rival company (23.5 percent). Other external threats included friends or relatives of current or former employees (29.4 percent) who exploited their friend or relative’s status as an employee to access and steal trade secrets. </p><p>The majority of these external offenders were also U.S. citizens (52.9 percent), U.S. born (100 percent), and males who were in their 40s. In cases where the number of suspects could be determined, lone assailants were the most common (48.7 percent), followed by pairs of suspects (31.3 percent). However, a few crimes included groups of conspirators. </p><p>For example, former Business Engine Software Corporation (BES) Chief Technology Officer Robert McKimmey from Business Engine Software Corporation conspired with other executives to illegally access competitor Niku’s computer network. McKimmey gained system administrator privileges at Niku and used the passwords from 15 different employees to download more than 1,000 files over a 10-month period ending in 2002. </p><p>The FBI investigated the intrusion, and McKimmey and the other executives later pleaded guilty to conspiracy to misappropriate trade secrets and interstate transportation of stolen property. ​</p><h4>How Were They Caught? </h4><p>The actual means of detection was difficult to determine because a majority of cases did not disclose the specific measures used, the authors’ study found. The information that does exist, however, shows that many incidents were discovered by monitoring the computer use of employees. More interestingly, companies and their employees reported trade secret thefts perpetrated on rivals and competitors. </p><p>For instance, a former Lockheed Martin employee was hired by Boeing. Later, a Boeing employee discovered that the former Lockheed Martin employee had classified Lockheed Martin documents in his workstation and immediately notified his supervisor.  </p><p>This led to an internal investigation, and Lockheed Martin and the U.S. Air Force were notified. A subsequent investigation by the FBI revealed that the employee had stolen 25,000 pages of documents from Boeing. </p><p>In another case, a former DuPont employee was seeking technical assistance from current and retired company employees. Several of these solicited employees contacted DuPont’s management because the information the former employee sought was proprietary. DuPont officials then relayed their concerns to the FBI. </p><p>The authors’ study confirmed that, due to the limited number of trade secret indictments and prosecutions, many thefts go undetected by organizations and law enforcement entities. Based on this finding, organizations should develop proactive means to deter and detect such crimes.  </p><p>Security professionals must be prepared to protect their trade secrets from individuals who have no identifiable profit. They should adopt a comprehensive and strategic approach toward protecting trade secrets because all companies—large and small—are vulnerable to trade secret theft.   </p><p>-- </p><p><em>Brian R. Johnson, Ph.D., is a professor in the School of Criminal Justice at Grand Valley State University in Allendale, Michigan, and specializes in private security and law enforcement. Christopher A. Kierkus, Ph.D., is an associate professor in the School of Criminal Justice at Grand Valley State University and specializes in research methods and criminology. Patrick M. Gerkin, Ph.D., is an associate professor in the School of Criminal Justice at Grand Valley State University and specializes in criminology, ethics, and restorative justice.  </em></p> TrackingGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​<span style="line-height:1.5em;">Saint Louis University, founded in 1818, was the first university established west of the Mississippi River. When deciding where to build the institution, the scouting crew was essentially in the Wild West as it surveyed the uninhabited land.</span></p><p>Surveying of a different sort is now used by the university to help staff keep track of the institution’s assets. Security benefits from such surveys as well, says Edward Pfeiffer, assistant director of administration at the university’s Department of Public Safety and Emergency Preparedness.</p><p>The campus is spread over three square miles in downtown St. Louis, with about 85 buildings concentrated in the immediate vicinity. Given this large footprint, Pfeiffer says that it is critical to keep track of security systems throughout the many buildings on campus. “We’re right in the middle of the city—we’re an urban campus,” he says. The Department of Public Safety has a force of about 80 private security officers who patrol the campus around the clock.</p><p>When he first started working at the university more than two and a half years ago, Pfeiffer says that wrapping his head around the access control, fire alarm, and other security systems on campus was overwhelming. “Some doors have card access on them, some have cameras, some don’t,” he notes. “Some are just key locks, and some doors have burglar alarm systems on them.” In addition, the university has nearly 1,000 cameras installed throughout the campus.</p><p>Pfeiffer wanted a way to be able to keep track of the many security assets on campus in a visual way that mapped the location of each. And while there are existing layouts of the university’s floor plans, none of them has an efficient display of information to be accessed quickly in the event of an emergency. “Some of them have too much information, some don’t have enough information,” he says. “But none of our diagrams have all of the stuff I want to show law enforcement or a first responder who would need to get into the building—or for that matter, even our own officers.”</p><p>Sending such information to law enforcement could be critical in an active shooter scenario, for example, so first responders know which doors have what type of access control, and where cameras are located.</p><p>Knowing there was a marketplace for app-based solutions to keep track of security assets, Pfeiffer did a simple search online and came across System Surveyor. The next day he contacted Mike Intag, director of business development at the company, and got the app set up for the university.</p><p>System Surveyor is an app designed for the Apple iPad. The company is working on versions for Microsoft Surface and Android tablets, which will be rolled out in the near future, according to Intag. The app allows users to import drawings and digital documents of floor plans and building layouts. From there, they can customize the diagrams with any assets and information they want. Icons that can be dragged and dropped onto the floor plan are available for doors, cameras, access control system types, and more.</p><p>“You want to bring in a camera, you just put your finger on it, drag and drop it, and it’s there. You can quickly identify what [access control] is on each door,” says Pfeiffer.</p><p>When a user taps on an icon, they get an additional list of features they can assign to that equipment. For example, they can say whether a camera is pan-tilt-zoom or fixed. Pfeiffer notes he can take a picture and add it to the camera’s notes as well, showing the field of view that the camera sees. “Obviously it’s not a live picture but it shows addresses, so I know exactly where that camera is pointed,” he adds.</p><p>System Surveyor is still working on rolling out more features for the app that customers can add to the layouts, such as security systems and fire alarms. For now, users can make custom annotations, which Pfeiffer uses to mark where such systems are for the university.</p><p>The layout can be stored locally on the tablet device or in a cloud portal available from System Surveyor. Saint Louis University uses both local and cloud storage for its saved plans. Pfeiffer says he also likes the ease of printing out and sharing documents electronically as PDFs. He has the option to filter out certain information before sharing the plans, including where security systems are located.</p><p>Although there have not been any incidents requiring Pfeiffer to send the plans to first responders, he notes that an active shooter situation is a scenario he wants to be as prepared for as possible. “It’s a threat more real than I want to dream about,” he says.</p><p>Pfeiffer notes that the app is also use­ful when developing plans for new construction, because he can show vendors what he is looking for by dragging and dropping the appropriate icons.</p><p>Multiple users can be added as administrators to the System Surveyor account, though Pfeiffer has not taken advantage of that option yet, because he only has a two-person security team.</p><p>Reports can e​ven be as detailed as listing all relevant information for each piece of equipment. “If you want, you can get a report that keeps track of the part number, what day it was bought, who installed it, serial numbers, passwords,” he says. “A whole litany of in­for­mation is available on that report if you want to get that involved.”  ​ ​</p> the Alarm at Lone StarGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>In our interconnected world, the vast majority of people within a college campus community think little of an emergency and how the institution will communicate with them—until it happens. Then, they want timely information on what is occurring, what to do, and where they can learn more.  </p><p>There is an assumption that if anything happens, everyone will receive a text message instantly, the faculty and staff will know what to do, and there will be an announcement over a public address system. Expectations are set. </p><p>Recent events, like the shooting at Oregon’s Umpqua Community College in October 2015, have students, faculty, parents, and guests inquiring about the notification equipment and procedures in place on their campus. They want assurances that the emergency systems will work when needed. </p><p>Many institutions have opt-in text messaging solutions and public address systems used for a broad range of services, including special events. In an emergency, speakers, sirens, and horns are often the first warnings received that danger is present or imminent.  </p><p>To meet the expectation of the campus community, schools must understand what emergency communications are necessary, what the law requires, and what the school can afford.  </p><p>This was the challenge facing Lone Star College (LSC) in 2010. The largest higher education institution in the Houston area, with six colleges, eight centers, two university centers, and LSC-Online, LSC provides high-quality academic transfer, workforce education, and career training programs to more than 83,000 credit students each semester, and a total enrollment of 95,000 students. It would need a robust emergency communication system to support its diverse campus community. ​</p><h4>Crafting a Solution </h4><p>When LSC decided to create its notification system, LoneStarAlert, in 2010, it used a team approach, crafting a selection committee and choosing a sponsor who could move the project forward. An LSC vice chancellor responsible for safety and security was chosen as the sponsor—an indicator of the project’s importance within LSC. </p><p>LSC then began selecting its committee members, including a cross section of the organization: administrative, college relations, compliance, emergency management, facilities, IT, law enforcement, procurement, student services, and tenants. </p><p>The committee also included individuals who preferred the status quo system at LSC, which had six colleges and six alert systems with their own name, workflow, vendor, and contracts. Having individuals on the committee who represented each of these systems made them realize that one solution with one name was a better overall system for LSC. Because of this, these individuals felt they had a voice and were being heard, making them great ambassadors for the new system. </p><p>Once the committee was assembled, LSC began assessing its environment. It knew it had different systems and various levels of sophistication because the campus had buildings that ranged from 40 to less than five years old. The buildings were also geographically dispersed among the city of Houston and Harris and Montgomery Counties in Texas, each of which has its own building and fire codes.  </p><p>To tackle this service area—approximately the size of Rhode Island—LSC first targeted the LSC-Greenspoint Center, a mid-rise atrium building with the most stringent fire ordinances of all the buildings on LSC campuses.  </p><p>LSC also targeted buildings within two colleges: LSC-North Harris and LSC-Kingwood. LSC-North Harris was chosen because it is close to a major airport and runway. LSC-Kingwood was chosen because it falls under three jur­isdictions—half the campus sits in Montgomery County, the remaining half is in Harris County, and the entire campus is annexed by the City of Houston.  </p><p>Then, over a five-year period, LSC created a mass notification system (MNS) with multiple levels of redundancy. ​</p><h4>the lone star system </h4><p>LSC implemented LoneStarAlert in 2011, consolidating its various emergency campus text messaging services under one solution. LoneStarAlert is a Web-based warning system that can send voice and text alerts to registered individuals when an emergency occurs. </p><p>The system works by issuing an alert over speakers, via a prerecorded or live message, and through e-mail messages in English and Spanish. For example, for a lockdown the prerecorded message says: “Attention. Lockdown now. There is an emergency on campus. Go into the nearest room or closet and lock the door.” Messages also instruct the campus community to wait for further instructions while they remain in a safe place. </p><p>LoneStarAlert also uses text messages of 90 characters or less—in English and Spanish. For an active shooter situation, messages say “Lockdown now. Emergency on campus. Go to nearest safe place, stay calm, and wait for further instructions.”  </p><p>More than 100,000 users are registered for the alert system, and it is only used for emergency messaging and testing of the system. Users are added through an automated system at the beginning of the semester, and users also have the option to self-register.  </p><p>This information is collected in compliance with the State of Texas Education Code Section 51.218 Emergency Alert System. The code requires institutions of higher education to gather a student’s personal e-mail, cell phone, or telephone number to deliver emergency communiques; using only LSC’s e-mail and voice mail system does not satisfy the requirement. </p><p>This information must be added to LSC’s LoneStarAlert system once provided, typically during registration. This process is repeated at the start of each semester.  </p><p>The system is also designed as an opt-out system, rather than an opt-in (choosing to participate) system, in compliance with the code. LSC does not allow this data to be used for any other purpose.  </p><p>Some users are still reluctant to regist­er for LoneStarAlert for fear that their information will be sold to third-party marketers. Ensuring this personal information is only used for emergency use not only keeps LSC in compliance with state regulations, it also shows that the institution is committed to protecting users’ privacy.  </p><p>LSC has made a commitment to closely manage this information and grant access to it only on a need-to-know basis and as authorized.  ​</p><h4>targeting the lsc population </h4><p>For an MNS to work, the institution has to think of the recipients it wants to target and ensure the system is capable of sending alert messages to those target groups. </p><p>LSC identified its target groups as employees, distribution lists (internal and external response teams), dynamic groups (created as needed), geographical locations, networked equipment, students, contractors, tenants, and guests. </p><p>LSC also needed to consider its unique status as a commuter college without campus housing. Some students, employees, and guests visit different campus locations more than once throughout the semester. Sending an emergency communication to just one given area would limit the reach of the MNS, and might miss some individuals who are en route and others who want to know what is occurring on any LSC campus.  </p><p>Instead, the system would need to be structured to send emergency messages to all registered users, regardless of their location. This system would be easier for LSC to administer and more desirable for the LSC community. </p><p>LSC also knew that accessibility and inclusion would be key to the success of its MNS. The system would need to be accessible to individuals with physical, sensory, mental health, and cognitive or intellectual disabilities that affect their ability to function independently. </p><p>The system would also need to be inclusive of seniors, those with limited English proficiency, and unaccompanied minors on campus. LSC has dual education programs for high-school students, Discovery College for children during the summer, full- and part-time day care centers, high schools, and public libraries that all provide opportunities for underage guests on campus.  </p><p>To reach these individuals, LSC would need to design its MNS to provide information online and to enroll them through LoneStarAlert. Because minors cannot be asked directly for personal contact information, LSC would have to work with leaders of these various groups to contact parents and guardians—who would then provide the information that then allowed their child to be enrolled in the system. </p><p>LSC also knew that its system would need to reach the public libraries, four-year educational partners, school systems, executive conference centers, and commercial tenants that are a part of its campus. To reach these stakeholders, LSC would have to provide instructions and a means for individuals to self-register in LoneStarAlert. ​</p><h4>choosing the right integrator </h4><p>LSC awarded its initial MNS contract to a local system integrator, Convergint Technologies. They worked together to create LSC’s wide-area MNS, which is used for any hazard or threat that poses an imminent or present danger and requires immediate action. This includes an evacuation, shelter-in-place, or lockdown scenario. Advisories and alerts that do not pose an imminent or present danger are sent out via LSC e-mail. </p><p>LSC’s MNS is deployed using Windows and Microsoft SQL Servers in a secured and high availability environment. The servers are clustered into a shared pool of monitored resources, so if a host fails, the system immediately responds by restarting each affected host from a different host. </p><p>The MNS encodes and decodes audible signals and live-voice messages transmitted across a TCP/IP local area network using voice over Internet protocol (VoIP). LoneStarAlert text, voice mail, and e-mail are delivered using a Web-based application hosted by the provider. </p><p>LSC’s wide-area MNS command system is located at the main administrative offices and is interconnected with each campus’ central control station, comprising the total system.  </p><p>Each campus is classified as a zone, and each building within a zone is considered a sub-zone. Most campuses have sub-zones that are interconnected. This configuration enables activation of prerecorded, live voice, or tone signals that can be sent to a sub-zone, zones, or the total system, providing redundancy throughout the system. </p><p>LSC police dispatch is responsible for immediately distributing voice messages or alert signals. It is authorized—and empowered—to send emergency messages to the affected populations using either prerecorded messages or live messaging via the wide-area MNS and LoneStarAlert.  </p><p>Dispatchers will send an alert when requested by an officer on the scene, or when requested by senior leadership. They will also issue an alert if there is credible information coming to the dispatch center that warrants sending a message. </p><p>As part of its initial installation, LSC included speakers for common areas with signals adjusted so the message could be heard through a closed door. However, the level of noise in the area impacts the level of intelligible voice or tone that can be heard.  </p><p>Additionally, LSC has video displays at all of its campuses where emergency messages are displayed using a digital management system. This ensures that individuals who cannot hear the emergency alerts do not miss them. </p><p>LSC also uses a buddy system where a buddy will help ensure a person with functional needs is supported, and first responders are aware of their last known positions and conditions. This information is then captured—when provided—in each campus fire safety plan. </p><p>As an additional measure, most LSC campus community members have cell phones. This enables those who are deaf or have other hearing impairments to receive emergency text messages and, where available, two-way communications using the Telecommunications Relay Service (TRS).  </p><p>The TRS bridges the communication gap between voice telephone users and people with hearing impairments by allowing users anywhere in the United States to dial 711 to be connected to a TRS operator. The operator then serves as a link for the call, relaying the text of the calling party in voice to the called party, and converting to text what the called party voices back to the calling party. </p><p>Following the initial setup, in-house resources assumed most of the responsibility for supporting the system over a five-year period. However, the system integrator supplements LSC resources.  </p><p>Additional system integrators are also used to provide support for the MNS. Sharing the service responsibilities among multiple vendors provides redundancy in the event a vendor is unable to provide services to one or more of LSC’s locations. ​</p><h4>testing </h4><p>Whether a fire exit drill or a lockdown drill, testing of emergency communications processes and systems is a base requirement. LSC has a rolling three-year sustainability and exercise program that’s part of the LSC Emergency Management Plan, which tests the LoneStarAlert and its MNS. </p><p>In the beginning, some questioned the approach and anticipated backlash from disrupting operations by testing the systems. However, LSC quickly learned that the process built confidence within the community that the school is doing its part to keep its campus safe. </p><p>Testing also gave users who were registered incorrectly and did not receive text message alerts a chance to inform LSC. Users who did receive texts and e-mail alerts could also report how long it took to receive them. </p><p>This helped LSC determine that, on average, more than 95 percent of regis­tered users received text and e-mail alerts within two to three minutes of activation. </p><p>On one occasion when LoneStarAlert was not tested during a larger emergency management drill, LSC received negative feedback, debunking the myth that testing the system during normal operations is viewed negatively. This approach has helped LSC align its MNS with its brand.   </p><p>-- </p><p><em>Denise Walker is chief emergency management officer at Lone Star College System, responsible for policy and direction on emergency management; safety and security audits; fire safety; environment, public health, and safety; and victim advocacy. She serves as the chair of the Greater Houston Local Emergency Planning Committee and is executive member of the Texas Emergency Management Advisory Committee. She is the author of several books, including Mass Notification and Crisis Communications: Planning, Preparedness, and Systems.   ​</em></p> Strategic ResponseGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>There’s a disconnect when it comes to emergency disaster response, experts say. On one hand, factors such as society’s increasing reliance on technology, the effect of environmental changes like rising sea levels, and the way globalization connects disparate regions of the world have made dealing with 21st century disasters and their widening effects a more complicated task. </p><p>“What this all adds up to is complexity,” says Admiral Thad Allen, a former commandant of the U.S. Coast Guard who directed the federal response to Hurricane Katrina in 2005.    </p><p>On the other hand, the U.S. government’s response to this increasing complexity is mired in an outdated paradigm. The approach implicit in the country’s primary federal disaster response law, the Stafford Disaster Relief and Emergency Assistance Act, is to restore affected sites to preloss condition. But in many cases, such as in coastal areas where advancing water table levels indicate that future floods are likely, this approach is shortsighted. </p><p>“We put it back the way it was, not the way it should be,” says Brad Kieserman, vice president of disaster operations and logistics with the American Red Cross and a former official with the Federal Emergency Management Agency (FEMA). </p><p>The government’s approach to the funding component of recovery is also problematic, Kieserman adds. In general, funding is not capped, and this leads to a kind of feeding frenzy when disaster hits. Kieserman recalls his days at FEMA when fiscally conservative members of Congress, who were often critical of how much money was being spent through the Stafford Act, would do an ideological about-face when their area was hit with a disaster. “They were absolutely appalled we weren’t spending more money in their state,” he says. “It is sporadic self-interest.”  </p><p>What might resolve this disconnect in the future, and make disaster response more suited to the complexity of disasters and their effects? That was the subject of a recent seminar, Expert Voices III: Improving Disaster Recovery Services, held at the National Press Club in Washington, D.C. Participants like Allen, Kieserman, and other experts offered best practices for improving emergency management and disaster response.    </p><p>Taking the broad view, Kieserman said that government needs to shift away from its current process of managing disaster response in a “highly prescriptive, high-risk-averse, high-transaction-cost” fashion. “We need to change the law, and the funding stream, to recognize that recovery is the future, not the past,” he said.  </p><p>That will require rethinking emergency funding so that it becomes less a method for restoring preloss condition, and more a way to strategically protect assets from future emergencies, he added. “Fundamentally, I think we need to look at federal disaster dollars in particular as investments as opposed to the way we look at it right now—as this revolving door funding stream,” Kieserman explained.   </p><p>And funding is the not the only thing that needs to be changed, Allen said. Emergency response in general needs to be more strategic, so that complicated disaster events can be better managed. “We’re going to have to learn how to confront complexity as a risk aggregator. Start breaking it down into component parts, and learning how to deal with it in an operational and tactical sense. That’s going to require us to think differently,” he said.  </p><p>A more strategic approach will also require more thoughtful preparation before events happen, according to Mike Isman, vice president of strategic consulting and analytics for Booz Allen Hamilton. Too often, emergency response drills become exercises in which complacent participants go through the motions and carry out rote procedures, he said. </p><p>“There’s this attitude of, ‘We ran a successful exercise, because nothing went wrong.’ But that’s not a successful exercise. A successful exercise is, ‘We hit a snag, and we’ve now figured something out from that snag on how to do something different,’” Isman says. “…You need to fail in benevolent environments, where you’re doing your exercise, so you can actually learn from it. So when the real things happen, you’re actually much smoother in what you’re doing.” </p><p>Once an exercise does identify snags, follow-through is crucial, said Mark Misczak, recovery director with Hagerty Consulting. For example, a year before Hurricane Katrina hit, officials conducted a weeklong hurricane response simulation for a fictional “Hurricane Pam.” The exercise gave officials an idea of the scale of response capability needed in case of a catastrophic storm. “Unfortunately, there was little or no follow-up after the exercise to see if the capabilities existed,” Misczak said.  </p><p>And strategic preparation also includes better damage assessments—a process that should start before events occur, experts say. A jurisdiction’s annual budgeting process can include valuations of assets that may be vulnerable to disasters, so planners have a better idea of the range of potential losses. “We need a prescriptive assessment of damage, and the consequences of damage, not a windshield drive-by after an event occurs,” Kieserman said. This prescriptive method would enforce the link between disaster relief funding and a jurisdiction’s annual budget process, which would make for more efficient relief allocations. “We need a unified budgeting and funding approach to disaster operations,” he said. “And folks, it’s not that hard. It really isn’t.”  </p><p>Finally, better practice of the predictive sciences is a key component of the strategic preparation process—and that is something that the government is actively trying to improve, Allen said. Besides the existing federal hurricane center in Florida, tornado center in Oklahoma, and space weather center in Colorado, the government recently opened a national water center in Alabama. “They will try to become as good at predicting river rises as they are with hurricane landfalls,” Allen said.  </p><p>To illustrate predictive importance, Allen cited the responses to the flooding in South Carolina in 2015 and Missouri earlier this year. Both responses would have been stronger with better flood forecasts, he said. “Those were near misses in our ability to understand what was going on and to be able to react in time,” he explained.  </p><p>Technology can also be used more strategically, in innovative ways, to improve  emergency response. Misczak offered the example of Lidar surveying technology that measures distances by illuminating targets with radar. In damage assessments, that technology can be used in a flyover to measure damage such as sand erosion from beaches, or tree and canopy loss, instead of manually going beach to beach or tree to tree. This saves money and manpower, he said.  </p><p>And damage is not the only thing that needs to be measured—the economic recovery of the community itself needs better measurement after a disaster, Kieserman said. “The speed of the restoration of the tax base is directly proportional to the speed of the recovery. Few people pay attention to that data point, but it is ‘the’ data point,” he explained. But that data point is often hard to measure in an easily understood way, without getting lost in a sea of statistics. “Most of us are visual people, so that big data kind of paralyzes us,” he added.  </p><p>And the economic recovery process itself also takes strategic planning, even in the smaller details. Allen illustrated with a story from the Katrina response he called the “Waffle House Conundrum.” In the wake of the storm, officials were pleased to see that a Waffle House had reopened. But when they visited the restaurant, the owner told them that no one was coming, because everyone was eating at the feeding stations that were set up by the responders for local residents.   </p><p>“So we had to wean the people off the feeding stations–the food was really good there, by the way; I was eating there too—and say ‘OK, now you have to go to the Waffle House,’” Allen said. “And then all of a sudden this starts to regenerate [the economy].” </p>