Border Security DisorderGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652016-12-01T05:00:00Z, Mark Tarallo<p>​Mexico, sometimes maligned during political campaigns, nonetheless remains vital to the economic interests of many nations. For the many companies doing business there, security remains a crucial concern.      </p><p>And that security landscape is becoming more complicated, due in large part to the dynamics of the drug trade, experts say. The homicide rate in Mexico increased by 15 percent during the first six months of 2016 compared with the previous year, with approximately 9,400 people murdered across the country in that time period, according to a recent study, iJET's Quarterly Report: Organized Crime and Drug-Related Violence in Mexico.</p><p>Underlying this rise is a resurgence of activity by drug-trafficking organizations (DTOs), with dozens of DTOs fighting pitched battles for territory. </p><p>“They are engaged in turf wars on multiple fronts,” said Justin Kersey, intelligence manager for iJet’s Americas team, at a recent briefing on Mexico’s security situation.</p><p>Some DTOs are expanding into new territories in Mexico, so that a majority of Mexican states are now seeing organized drug-related crime. Increased demand for methamphetamine and heroin in the United States is another driver for DTO activity. Mexico’s Sinaloa cartel has been particularly successful in penetrating the U.S. drug market, with a significant presence in places like Chicago, Philadelphia, southern California, the Ohio Valley, and portions of West Virginia and Kentucky, Kersey said.</p><p>With their resurgence, DTOs have now become more integrated with legitimate political and business activity in Mexico, iJet Americas expert Sean Wolinsky said at the briefing. Along with this integration comes rising levels of impunity for DTO criminals; roughly 90 percent of DTO crime goes unreported to police, Wolinsky added.  </p><p>While most DTO-related crimes involve gang members rather than expatriates or unaffiliated business people, “that doesn’t mean that larger multinational corporations are completely immune,” Wolinsky said. Those doing business in Mexico for an extended period of time face some degree of elevated risk, especially regarding four major forms of crime: kidnapping, assault, robbery, and extortion. </p><p>“Anyone operating in Mexico is at risk of becoming collateral damage in these crimes,” Wolinsky said. Mining companies have been recently beset by kidnappings, he added, citing the example of several Goldcorp employees who were abducted and later found dead in Mexico’s Guerrero state last year.</p><p>Two more specialized types of abductions—virtual kidnapping and express kidnapping—have become more common in Mexico recently, experts say. In a virtual kidnapping, a kidnapper will use social media to select a “victim” online by looking for someone with an extended virtual network. The criminal will contact the victim’s friends and family and, claiming to hold the victim hostage, threaten to harm him or her if no ransom is provided.  </p><p>In an express kidnapping, the victim is held for only a short time, anywhere from a few hours to a couple of days. Often, the abductors will force the victim to make as many ATM withdrawals as possible during that short period, then let the victim go.</p><p>Whatever form kidnappings take, they are crimes that can affect victims in ways that employers should be aware of, says Rachel Briggs, executive director of Hostage US, a nonprofit organization that supports hostages and their families during and after kidnappings. </p><p>Briggs has personal experience in these matters; in 1996, her uncle was kidnapped while he was working as an engineer in Colombia, and “for seven-and-a-half months, she and her family were thrown into an alien world of fear, isolation and helplessness as others negotiated for his release,” according to her organization’s website.</p><p>When working on a case, Briggs’ group assigns a team member to be the contact person for the victim’s family members, who are often thrust into the daunting situation of trying to deal with authorities, journalists looking for news, and a host of other parties. </p><p>“You’re suddenly dealing with governments and private security companies, and they speak a different language,” she says. </p><p>Later, if the victim is released and returns to work, his or her employer should be aware of various issues that may arise. Take, for example, an employee working in Mexico who is kidnapped and held in captivity in a windowless room for many months. Returning to work in a small windowless office or cubicle may be problematic for the victim, and could potentially trigger traumatic memories. Even commuting in closed-off spaces, such as a crowded underground train, could be difficult for that individual, Briggs says.</p><p>Similarly, a victim who was held for an extended period of time in solitary confinement may have trouble concentrating in a busy office environment or one with an open floor plan, she adds. </p><p>In addition, there is a common mis­perception that the shorter the time a victim is held in captivity, the less traumatic impact there will be on him or her. </p><p>“In my experience, the reverse tends to be true,” Briggs says. That’s because a hostage who was held for a long period has time to mentally come to terms with what is happening, she explains. In small but important ways, the victim can take control of some of his or her actions, such as deciding to walk around the room every hour, or exercise twice a day, or even whether to eat. This helps them adjust. </p><p>In contrast, a 48-hour “express” kidnapping may seem like a violently disruptive experience that was chaotically terrifying from beginning to end. “The prolonged trauma from that can be much greater,” she says. </p><p>Overall, kidnappings do seem to be on the rise, and not only in Mexico, Briggs adds. For example, more terrorists are using short-term hostage situations as a tactic: the Pulse nightclub attack in Orlando, the Bataclan Theater attack in Paris, and the Raddison Hotel attack in Bamako, Mali, all featured short-term hostage taking.</p><p>As tragic as those events were, the less sorrowful news is that the majority of kidnappings end with the victim being released. “Thankfully, most hostages do come back alive,” Briggs says.</p>

Border Security Disorder’s-Staying-Over.aspx2016-06-01T04:00:00ZWho’s Staying Over? Attacks in Brussels Leave Numerous Dead, Cause City Shut Down Wars at the Border in the Supply Chain,-A-Guide-for-International-Travelers.aspx2015-06-01T04:00:00ZBook Review: Personal Security: A Guide for International Travelers New Recruits Lone Terrorist Paso and Juarez: Securing the Sister Cities Waters Questions DHS on Minors Illegally Crossing Mexican Border into U.S. Questions DHS on Minors Illegally Crossing Mexican Border into U.S. Releases Revised Use of Force Policy Handbook Releases Revised Use of Force Policy Handbook Patrol Agent May Not Answer a Suspect's Phone Searches Must Be Reasonable Rules Court on the Waterfront’s Wrong with Border Security? CBP’s Problem Agents Come from Posts on the Southwest Border

 You May Also Like... & Maritime Security Intelligence<div class="body"> <p> <span style="color:#ff0000;"> <em> <strong>*</strong> </em> </span> <em> <strong>**** Aviation & Maritime Security Intelligence by Hassan Eltaher. E&W Communications; Available from ASIS, item #2014; 242 pages; $35 (ASIS member); $39 (nonmember). </strong></em></p><p><em><strong>This book provides a basic over­view of some intelligence functions in transportation security, but it omits a number of important elements. For example, it focuses on the bureaucratic and organizational issues surrounding intelligence management rather than the fundamental concepts and potential solutions that could improve the effectiveness of intelligence support to key transportation modes. It focuses on intelligence support for an organization with regulatory oversight of security measures rather than organizations responsible for executing security operations or programs. As a result, this book is unlikely to be useful for professionals with a background in intelligence or transportation security.</strong></em></p><em> </em> <p> </p> <p>The first half of the book focuses on basic concepts of intelligence and the structure of intelligence units or agencies. It includes additional material on cultural bias in the analysis and threat of terrorism. While the problem of bias is important in determining the quality of analysis, it is not the only issue affecting analytical quality. Analysts also need to understand operational contexts and structured methodologies, assess sources for accuracy and bias, and be able to defend their findings. Unfortunately, the focus on organizational constructs results in an incomplete description of the intelligence cycle.</p> <p>While analysis and intelligence-sharing issues among government agencies are discussed, there is little acknowledgement of intelligence requirements for consumers who may be in a position to act, including front-line security and law enforcement personnel. </p> <p>The second part of the book focuses on the aviation and maritime security operating environments. The author provides general descriptions of possible threats to maritime and aviation targets, but the context is within the international regulatory codes for maritime and aviation. The threats cited are primarily terrorism and piracy and do not focus on other issues such as organized criminal activity and smuggling. As a result, ports, ships, aircraft, and airports are treated as targets, not conduits for illicit activity. </p> <p>This book’s lack of a complete description of the intelligence cycle is likely to be misleading for novice practitioners. For experienced intelligence and security practitioners, this book is unlikely to offer any new or valuable information.</p> <hr /> <span style="color:#800000;"> <strong>Reviewer:</strong> </span> Michael Edgerton, CPP, is a security consultant based in the Middle East and a member of ASIS Global Terrorism, Political Instability and International Crime Council. He has more than 28 years of military, government, and private sector experience in security and intelligence with a focus on maritime and port security. <p> </p></div>GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 Security Assessments<p dir="ltr" style="text-align:left;">​At Concurrent Technologies Corporation (CTC), a Johnstown, Pennsylvania-based research and development company, the security staff developed a tool that keeps senior executives informed on critical questions. Adapted from U.S. government assessments used in Iraq, the tool was adapted to CTC’s security environment. CTC, which provides physical security for laboratories and industrial facilities, protecting more than a thousand employees, contractors, and visitors, has used KPA assessments to measure and strengthen its corporate security function since 2009.</p><p dir="ltr" style="text-align:left;">This article describes a tool for communicating important security program performance information to CEOs and those who advise them. The tool is adapted from an assessment methodology developed by U.S. and British military officers and U.S. Department of State representatives building Iraqi civilian police capabilities from 2005 to 2007. Aligned under the Multi-National Security Transition Command – Iraq, the team directed recruiting and training programs, advised Iraqi government officials, and managed delivery and distribution of vehicles, weapons, and police equipment. By 2006, the team had developed a series of metrics that identified the most important aspects of those processes and tracked progress toward specific goals established by senior military commanders. The aspects deemed critical to overall mission success were termed key performance areas (KPAs). Monthly assessments of KPAs were presented to senior military commanders and resource adjustments were often based on the monthly assessments, team recommendations, and subsequent discussions.  </p><p dir="ltr" style="text-align:left;">The reliability and usefulness of the tool increases over time as key staff become familiar with it and trends become evident.  The tool is flexible – any relevant factor may be captured in the methodology. Assessments can be conducted monthly, quarterly, or annually. </p><h4>Defining KPAs</h4><p dir="ltr" style="text-align:left;">The following paragraphs offer an example of how to define and implement a KPA process. It is important to begin with a common understanding of terms used in the assessment. The security manager must carefully define each KPA for his or her particular security environment.  Capacity, for example, may be based primarily on the number of staff members in one instance and on data storage in another case. Senior executives routinely work with risk management and strategic planning concepts, and will quickly grasp essential points when those concepts are used within a security context.  </p><p dir="ltr" style="text-align:left;">Information presented to top executives should identify and define the KPAs and metrics used in the assessment. The security manager should then provide an assessment of the overall security program, followed by a drill down assessment of each KPA. Senior executives will want to know why a problem exists and how the company can help solve it. To help answer those questions, ratings and values may be projected for upcoming time periods based on security projects being planned, new policies being considered, a program or requirement ending, or other anticipated changes.    </p><p dir="ltr" style="text-align:left;">The security assessment model considers five KPAs: capacity, strategic planning, compliance, risk management, and efficiency.</p><p dir="ltr" style="text-align:left;"><strong>Capacity:  </strong>The ability to support routine workload, anticipated surges, personnel screening and onboarding, sensitive document and material storage, and special projects.  </p><p dir="ltr" style="text-align:left;"><strong>Compliance: </strong> Current conditions or ability to meet corporate, client, and program security specifications such as intrusion detection and assessment, visitor processing or throughput standards, government security classification guides, material handling plans, or other security-related guidance.</p><p dir="ltr" style="text-align:left;"><strong>Risk Management:</strong>  Balancing security concerns with threats and other business processes; providing leaders with accurate and useful information for risk management decisions.</p><p dir="ltr" style="text-align:left;"><strong>Efficiency: </strong> Providing value added to the corporation; return on security investment; delivering vital services at low cost.</p><p dir="ltr" style="text-align:left;"><strong>Strategic Planning: </strong> Existence of an approved, viable, resourced plan to help ensure Security initiatives support long term corporate objectives.</p><p dir="ltr" style="text-align:left;">Good management decisions are often based on quantifiable results or an expected return on investment. Effective assessment models will present information and recommendations in the way decision makers are accustomed to seeing them for other key areas such as production, advertising, or sales. In competitive business environments, managers will either improve or abandon areas deemed to be floundering, inefficient, out of compliance, or unhelpful to the organization’s long term interests. Security managers must be clear about the scale used to indicate relative strengths and weak areas. CTC executives are now accustomed to seeing a series of charts indicating the current status of the overall program as a single color: green, yellow, or red. The color is followed by a detailed assessment of each KPA. CTC uses the following simple relative values scale.  </p><p dir="ltr" style="text-align:left;">1- Red - Low or unacceptable; warrants immediate attention </p><p dir="ltr" style="text-align:left;">2 - Red or Yellow - Marginal; adverse trend</p><p dir="ltr" style="text-align:left;">3 - Green or Yellow - Meets standards or requirements</p><p dir="ltr" style="text-align:left;">4 - Green - Exceeds standards or requirements; positive trend</p><p dir="ltr" style="text-align:left;">5 - Green -  Far exceeds standards or requirements</p><p dir="ltr" style="text-align:left;">This simple system of color codes and numerical values along a relative scale enables the security manager to easily communicate important trends and messages to senior executives.  The staff member, security manager, or committee making the assessment must have first-hand knowledge of actual program performance and be ready to provide supporting information for each subjective determination.   </p><h4>KPA Sub-Areas</h4><p dir="ltr" style="text-align:left;">The KPAs are broad topics or concepts comprised of sub-areas that must be identified and evaluated against set standards or requirements. While an overall corporate program or particular KPA may be assessed as green, certain problems and adverse trends may warrant executive level attention. Drill-down information should support the overall assessment for each KPA, especially when the organization is underperforming or when added resources or a major policy change may be needed. Potential KPA sub-areas for a corporate security program are listed below and may be tailored to fit specific situations and organizations.</p><p dir="ltr" style="text-align:left;"><strong>Capacity</strong></p><p dir="ltr" style="text-align:left;">--Availability of expertise in applicable security disciplines (operational security, physical security, industrial security)</p><p dir="ltr" style="text-align:left;">--Secure storage and facilities</p><p dir="ltr" style="text-align:left;">--Ability to support business proposals, conduct investigations, handle visit requests, or respond effectively to unanticipated workload</p><p dir="ltr" style="text-align:left;"><strong>Compliance</strong></p><p dir="ltr" style="text-align:left;">--Results of audits and inspections, including self-inspections</p><p dir="ltr" style="text-align:left;">--Number and nature of security incidents such as procedural violations and data spills </p><p dir="ltr" style="text-align:left;">--Meeting security-relevant contractual commitments</p><p dir="ltr" style="text-align:left;"><strong>Risk Management</strong></p><p dir="ltr" style="text-align:left;">--Conducting security risk assessments (analyzing threats and vulnerabilities)</p><p dir="ltr" style="text-align:left;">--Mitigating known risks through process improvements and funded projects</p><p dir="ltr" style="text-align:left;">--Keeping senior executives informed on security issues</p><p dir="ltr" style="text-align:left;">--Including security stakeholders—directors of human resources, contracts, information technology, legal department, and others—as part of a collaborative team</p><p dir="ltr" style="text-align:left;"><strong>Efficiency</strong></p><p dir="ltr" style="text-align:left;">--Proprietary or contract guard force operations</p><p dir="ltr" style="text-align:left;">--Access controls</p><p dir="ltr" style="text-align:left;">--Monitoring or surveillance of sensitive areas</p><p dir="ltr" style="text-align:left;">--Inventory shrinkage/property losses</p><p dir="ltr" style="text-align:left;">--Visitor processing functions</p><p dir="ltr" style="text-align:left;">--Security training and awareness programs</p><p dir="ltr" style="text-align:left;">--Screening and on-boarding new employees</p><p dir="ltr" style="text-align:left;"><strong>Strategic Planning</strong></p><p dir="ltr" style="text-align:left;">--Establishing security objectives and milestones aligned with corporate values and goals</p><p dir="ltr" style="text-align:left;">--Providing resources to achieve short term, mid-term, and long term objectives</p><p dir="ltr" style="text-align:left;">--Maintaining organizational relationships and assessing evolving security threats and trends in relevant market areas</p><h4><br>Develop Metrics</h4><p dir="ltr" style="text-align:left;">A handful of reliable, relevant, and easily maintained metrics should provide the bedrock for any organizational performance assessment. Measurements and recorded data should be included or relied upon whenever possible. Average visitor throughput, number of trouble calls received, the number and nature of security violations, inventory loss rates, security overtime hours, and client or employee feedback are examples of measurable factors which may support periodic assessments and indicate positive or adverse trends. </p><p dir="ltr" style="text-align:left;">If information taken from multiple site locations or departments, the security manager must ensure a common approach is used in determining what events or data to include. Site A may record a vendor delivery as a “visitor” while Sites B and C may count those events simply as a “delivery.”<br></p><h4>Conduct the Assessment</h4><p dir="ltr" style="text-align:left;">Quantifiable metrics must be validated with a solid understanding of internal processes and supplemented with the security manager’s more subjective determinations based on experience and personal observations, along with feedback from other departments, key program managers, his or her own staff, and clients. The aim is to periodically review each KPA and assign a specific value or rating for that performance period.  </p><p dir="ltr" style="text-align:left;">Security should design charts displaying an overall KPA assessment. For example, security should be prepared to explain lapses in performance along with recommendations for fixing the problem. If the security manager will not have opportunity to speak directly to senior executives, accompanying notes or flag words should be included with the assessment to convey supporting information and recommendations. For example, clarifying notes accompanying a KPA assessment on capacity could indicate that product shipment delays are affecting the availability of storage space for high-value inventory.  </p><h4>Getting Results</h4><p dir="ltr" style="text-align:left;">The risk management KPA has been particularly useful at CTC in advocating security initiatives to keep pace with evolving threats and client concerns. Decisions taken during program reviews and discussions among C-suite executives led to new Web-based security training, a consolidated security policy manual, special events promoting security awareness, a structured approach to handling suspicious e-mail, annual vulnerability assessments for sensitive facilities, and projects to upgrade or refresh electronic security systems. The increased emphasis on risk management processes, along with buy-in across departments and at all levels led to improved performance on compliance inspections and significant reductions in security violations.</p><p dir="ltr" style="text-align:left;">Focusing attention on the efficiency KPA helped foster CTC processes for purging old documents and electronic media containing sensitive information. Accountable document inventories were reduced by 30 percent in two years, saving thousands of dollars in overhead costs and reducing the risk of information loss or compromise.  </p><p dir="ltr" style="text-align:left;">Effectively implementing KPA processes over the long run also resulted in CTC receiving the highest possible rating on two consecutive security compliance audits conducted by U.S. government representatives in 2012 and 2014, enhancing CTC’s business reputation.        <br><br>The most productive and beneficial KPAs will present concise, accurate and relevant information to those who must balance security, financial, operational, and technological risks, along with strategic factors such as human capital and market trends.  Consistent use of a methodology such as KPA assessments will help security professionals build long term credibility and confidence among senior executives. Periodic assessments also give senior executives added opportunities to steer the security program and ensure it stays in step with long term organizational goals and values.        </p><p dir="ltr" style="text-align:left;"><em>Ronald R. Newsom, CPP, is senior director, enterprise security for Concurrent Technologies Corporation, of Johnstown, Pennsylvania.</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 Review: Secrets<p>​Verus Press; available from; 306 pages; $24.97.</p><p>Author James Pooley is a noted expert in protection of intellectual property and trade secrets, and his knowledge and perceptions of issues related to proprietary information are evident in <em>Secrets: Managing Information Assets in the Age of Cyberespionage</em>. He provides intelligence and information security practitioners with considered approaches to contemporary issues that will guide them in enhancing the security of information assets and networks. </p><p>Pooley’s writing style is straightforward, making discussions and explanations of legal terminologies and concepts easy to understand. The book is well researched and provides historical references and perspectives that are always relevant. Pooley masterfully frames the issues of secrecy in the age of the Internet and delves deeply into specific concepts and issues geared toward protecting intellectual property. The impact of technology on information protection is explored, as are openness philosophies and global supply chain constructs.  </p><p>The thorough exploration of information ownership includes a look at how laws protect trade secrets. Pooley provides a roadmap of the regulatory processes of the cyber environment, like NIST guidance, as well as explaining how to develop information protection plans. Various chapters look at contractual considerations for sharing information, how to avoid the contamination of data, and the legal implications of sharing outside data. </p><p>A chapter on economic espionage highlights risk profiles that apply to management of information assets, plus issues such as hackers, Bring Your Own Device (BYOD) policies, and social media and messaging systems. The text includes appendixes highlighting samples of agreement documents referenced in the text.</p><p>I recommend this book to anyone who needs to address the management and protection of corporate and proprietary information assets in the information age. Insightful concepts and useful suggestions will guide the reader in protecting sensitive and competitive business information.</p><p>--<br></p><p><em><strong>Reviewer: David O. Best, CPP</strong>, ISP (Industrial Security Professional), CBM (Certified Business Manager), SFPC (Security Fundamentals Professional Certification), ISOC (Industrial Security Oversight Certification), and Security+CE, is an information assurance and security specialist with Flatter & Associates in Quantico, Virginia. He is a member of ASIS.</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465