July/August 2021

Published by ASIS International

Open Secrets Threats are evolving, but are corporate security intelligence methods keeping pace? By Mark Ashford CRITICAL INFRASTRUCTUREU PROTECTION AND INCIDENT MANAGEMENT

Natural disasters, active assailants, political unrest, crime, and terrorism refl ect the heightened need for coordinated preventive and response efforts and critical incident management. Protecting critical infrastructure demands planning, collaboration, and access to information. Geographic Information Systems (GIS) unifi es security teams, supports the early detection of risk, and aids rapid response and incident closure—enhancing your ability to SUSPICIOUS ACTIVITY protect employees, customers, organizational Nearest Facility: 0.2 mi assets, and the public. Total Employees: 23

ASSAULT Nearest Facility: 0.7 mi Total Employees: 35

asis-summer-ad.indd All Pages Reasons to Choose GIS for Your GIS can help your organization with the following: Site Security Operations • Understand your area of operation (AOO)— GIS is a framework for gathering, managing, Protect critical infrastructure with powerful and analyzing data in real time. ArcGIS® software map visualizations and incident data that from Esri integrates many types of data and evolve with your event security needs. security feeds, supports analysis in the context • Design operational pre–plans—Leverage of location, and organizes layers of information a fully integrated framework to guide the using 2D and 3D maps and visualizations. planning, preparation, and execution of security With these unique capabilities, GIS reveals operations for critical incident management. deeper insights into data—such as patterns, • Build a tactical response—Manage incidents relationships, and situations—helping security with adaptable and confi gurable response personnel make smarter, faster decisions. plans. Build and modify security plans in real time to support an evolving tactical situation. • Deliver shared awareness and collaboration— Integrate information from varied sources to create a live view of critical incidents. Collaborate and share data in real time.

Protect your employees, customers, and critical infrastructure. Learn more about how GIS enables corporate security and safety.

Download our ebook: go.esri.com/incident-management

Copyright © 2021 Esri. All rights reserved. Esri, the Esri globe logo, ArcGIS, The Science of Where, and esri.com are trademarks, service marks, or registered marks of Esri in the United States, the European Community, or certain other jurisdictions. Other companies and products or services mentioned herein may be trademarks, service marks, or registered marks of their respective mark owners. G1776952 For product info #1 securitymgmt.hotims.com

asis-summer-ad.indd All Pages Securing the peace. Campus police upgrade to a smarter body worn solution.

Hampered by slow video downloading and activation frustrations, the Campus Police Department of the Putnam City School District in Oklahoma wanted to replace their cumbersome 6-year-old body worn camera system. So, they turned to Axis Communications. The campus police officers love their new body worn cameras from Axis, particularly the simultaneous downloading and charging process, single tap activation, and video encryption. Check out their full story to see how the new solution has helped them dramatically streamline and improve operations.

Learn more at www.axis-communications.com/putnam

For product info #2 securitymgmt.hotims.com

axis_ad_casestudy_putnam_secmgmt_fpc_us_2106.indd 1 2021-06-02 13:01:42 Security Management | Jul/Aug 2021

Contents Notable “By understanding the needs of young employees, 1997 it is possible to tailor programs to meet The first year the U.S. Government Accountability Office placed these needs and retain talent.” government cybersecurity on its Jennifer Hesterman explains how mentorship programs present High-Risk Series. It remains on the a myriad of unexpected benefits. Page 42 list nearly 25 years later. Page 22

“All our staff — “The challenge of whether you’re an unreliable information, usher or a security guard or concession especially in today’s worker—will become age of disinformation, health capacitors.”

is not insurmountable.” Mario Coutinho, vice president of Stadium Operations and Security for Mark Ashford outlines the benefits and challenges of the Toronto Blue Jays, predicts that leveraging open-source intelligence (OSINT) for more COVID-19 will change the roles of dynamic threat assessments. Page 31 stadium personnel and technology forever. Page 48

76 The percentage of U.S. employees who 1.1 M described themselves as currently The number of English-language “stressed,” which could result in higher articles published in a five-month levels of burnout and physical illness. period that contained misinformation Page 19 about COVID-19. Mistrust in media only heightens the importance of corporate risk communications. Page 16

Security Management (ISSN 0145-9406) Volume 65, Number 4, is published bimonthly by ASIS International, 1625 Prince St., Alexandria, VA 22314; 703.519.6200; fax: 703.519.6299. Subscriptions: ASIS mem- bers—$60 for 1 year (included in dues, non-deductible). Nonmembers in US, Canada, and Mexico—1 year, $60; 3 years, $162. All others—air delivery—1 year, $120. Bulk subscription rates available. Periodicals postage paid at Alexandria, VA and additional mailing offi ces. Mailed in Canada under IPM #0743968. Postmaster: Send address changes to ASIS International, Attn: Security Management, 1625 Prince St., Alexandria, VA 22314. Security Management is a registered trademark and its use is prohibited. Copyright © 2021 ASIS International, Inc. This information is protected by copyright and trademark laws under U.S. and Interna- tional law. No part of this work may be reproduced without the written permission of ASIS International. Statements of fact and opinion are made on the responsibility of the authors and do not imply an opinion on the part of the editors, offi cers, or members of ASIS. Advertising in this publication does not imply endorsement or approval by Security Management or ASIS. The editors reserve the right to accept or reject any article or advertisement. Quantity reprints of 100 or more copies of each article may be requested from Security Management Reprints Dept. at 703.518.1451.

Images by iStock 5 For product info #3 securitymgmt.hotims.com Security Management | Jul/Aug 2021

Contents Features

JULY/AUGUST 2021 EXECUTIVE TEAM Peter J. O’Neil, FASAE, CAE chief executive offi cer COVER STORY Peter.O’[email protected]

Nancy Green, FASAE, CAE chief global learning and strategy offi cer 26 [email protected]

Nello Caramat Open Secrets publisher Threats are evolving, but are [email protected] corporate security intelligence methods keeping pace? By Mark Ashford

1625 Prince Street Alexandria, VA 22314 703.519.6200 fax 703.519.6299 MEDIA SALES Charlotte Lane Account Manager Companies # through L 703.518.1510 [email protected]

Femke Morelisse Account Manager Companies M through Z 703.518.1502 [email protected] 32 38 44 ORGANIZED CRIME MENTORING SPORTS SECURITY Profi ting Off A Two-Way Street Ballpark Figures the New Abnormal COVID-19 has wreaked havoc Baseball stadiums strive to adapt During a pandemic, the threat on global workforces. To retain their security postures and work of organized criminal activity and foster future leaders amid with their communities to keep evolved to survive and take the tumult, personal connection fans, players, and others safe, advantage of new business through mentorship can provide even when it’s not game time. opportunities. support and grow both mentor By Sara Mosqueda By Megan Gates and mentee. By Claire Meyer

Cover illustration by Michael Austin 7 For product info #4 securitymgmt.hotims.com Security Management | Jul/Aug 2021

Contents Departments

EDITORIAL STAFF 16 20 22 62 Teresa Anderson editor-in-chief NEWS AND TRENDS CASE STUDY CYBERSECURITY LEGAL REPORT [email protected] Trust Amid Proactive Patrols Cyber Catch-Up Judicial Decisions Claire Meyer Misinformation Campus security for the Nearly 25 years after risks A Russian national pled managing editor Trust in information University of Regina is to federal information guilty to conspiracy [email protected] sources and media hit using a new software systems were flagged, after attempting to pay record lows in 2021, system to support both the U.S. government a Tesla employee to Megan Gates but trust in employers the university and its may be poised to start introduce malware to the senior editor [email protected] remains high. guard force. addressing them. company’s network. By Claire Meyer By Sara Mosqueda By Megan Gates By Sara Mosqueda Sara Mosqueda assistant editor [email protected]

PRODUCTION & CREATIVE SERVICES STAFF Tyler Stone art director [email protected]

Keith Schilling manager, publishing production [email protected]

Caitlin Donohue assistant art director [email protected] 10 50 53 64 Mariah Bartz senior graphic designer Contributing Security Technology ASIS Global Board Marketplace [email protected] Authors Recent analysis found of Directors that there are already more than 770 million 65 12 surveillance cameras in 55 use worldwide, and 54 Advertiser Index 1625 Prince Street Online Exclusives percent are in China. Industry News Alexandria, VA 22314 Diversity, equity, and A remote monitoring 703.519.6200 inclusion (DE&I) are program at a restaurant fax 703.519.6299 66 more than a business chain found that only imperative—they are a 52 5 percent of alarms Infographic At the start of the MISSION STATEMENT matter of survival. ASIS News required police response. The game has changed. By Sara Mosqueda pandemic, the FBI Security Management is written So has GSX. Discover a warned that it expected primarily for security profession- als. It also makes vital security 14 new hybrid experience a surge in hate crimes information understandable to a September 2021. against people of Asian general business audience, help- Editor’s Note 56 ing ASIS International advance descent. Recent data is security worldwide. Readers When deliberating ISC West Product proving that to be true. receive timely information on vital decisions, context Showcase emerging security threats and practical solutions, which matters. they can use to protect people, property, and information.

9 Authors

Contributing Authors

Mark Ashford SECURITY ANALYST Mark Ashford works in security risk analysis and threat assessment within the financial industry, following a 12-year background in law enforcement as both a uniformed officer and appointed detective. Ashford also worked in state security. His educational background includes a bachelor’s degree in Policing Studies, as well as having undertaken terrorism studies with the University of St. Andrews in the United Kingdom. Ashford has engaged in professional development courses with NATO and the European Union Agency for Law Enforcement Training (CEPOL), and he is a member of ASIS International. His other areas of interest include intelligence analysis, strategic foresight, and international relations. “Open Secrets,” Page 26

Ross Johnson, CPP Joshua D. Fowler, CPP Dennis Eberly CRITICAL INFRASTRUCTURE CONSULTANT CUSTOMS AND BORDER PROTECTION RED TEAM LEADER ON TARGET INVESTIGATION & CONSULTING, LLC Ross Johnson, CPP, is president of Bridgehead Joshua D. Fowler, CPP, is a retired U.S. Air Dennis Eberly, M.S., LPI (Licensed Private Security Consulting, Inc. Johnson is the co- Force Security Forces officer with 28 years Investigator), is the owner of On Target chair of the Electricity Information Sharing of antiterrorism, emergency preparedness, Investigation & Consulting, LLC. He retired and Analysis Center (E-ISAC) Physical and law enforcement experience. He cur- as a lieutenant from the East Hempfield Security Advisory Group, a member of the rently conducts worldwide red team testing Township Police Department in Lancaster Critical Infrastructure Steering Committee of U.S. Customs and Border Protection County, Pennsylvania, after 33 years of at ASIS, and the author of Antiterrorism (CBP) locations. service. Eberly has held criminal justice Planning and Threat Response. Book Review, faculty positions at several institutions over Book Review, Page 23 the past three decades. Page 17 Book Review, Page 53

10 Wisenet AI Reduce false alarms with Deep Learning technology.

AI Cameras

Conventional cameras detect motion based on pixels alone. Hanwha Techwin’s Wisenet P series cameras combine Artificial Intelligence algorithms and Deep Learning technology to create event alarms only for people and vehicles, reducing false alarms and enhancing operational efficiency. Filter out irrelevant movements caused by waving trees, shadows or animals. Generate only the events you need to see for effective forensic searches. That’s the power of Wisenet AI.

HanwhaSecurity.com

© 2021 +DQZKD7HFKZLQ$PHULFD

For product info #5 securitymgmt.hotims.com Online Exclusives

Online Exclusives Read these articles and more online at asisonline.org/SM-Online

Fostering the Geniuses in Your Risk Assessment Approaches for Enabling Agile Decisions in an How to Avoid Pandemic- Backyard Through DE&I Efforts Reopening of Cultural Venues Evolving Risk Environment Related Litigation Risks By Claire Meyer By Andy Davis, CPP By Lianne Kennedy-Boudali By Rita Zeidner Diversity and inclusion bring myr- Slowly, global cultural and heri- We are in a period of significant Worries over workplace safety in iad benefits to organizations, from tage sites are starting to reopen to change in the global risk environ- the COVID-19 era, as well as con- unique perspectives in crisis man- the public. As part of that reopen- ment. These changes—which in- cerns about the impacts of busi- agement to fostering future talent ing process, it is important for those clude an exponential increase in ness closings, plant shutdowns, to building a more resilient culture. responsible for securing artifacts, signal data, greater focus on the and mandatory stay-at-home or- Diversity, equity, and inclusion visitors, and venues to ensure that role of corporations in civic and ders, spawned more than 2,000 (DE&I) are more than a business im- their security risk management ap- political affairs, social unrest, and lawsuits in the United States from perative, however, they are a matter proach remains viable. The cultural rapid globalization of local events— January 2020 through March 2021, of survival, says James Pogue, PhD, and heritage sectors have been se- have required security leaders to according to Atlanta-based em- an educator and speaker on diversi- verely impacted by forced closures adapt their risk analysis process ployment law firm Fisher Phillips. ty and CEO of JP Enterprises. and loss of revenue; not all are cen- accordingly. Many have discovered Complaints have included un- “When you talk about inclusion trally funded, and some, unfortu- that, due to the pace of change and safe-workplace allegations, as well and how it brings value, it’s about nately, have been forced to close increasing demands for real-time as grievances about the handling relevancy,” he says. “Do you want for good. risk analysis, organizational capa- of layoffs, furloughs and recalls; to exist? Do you want your busi- For those cultural properties that bilities that were effective five years remote work arrangements; and ness to thrive? Do you recognize could reopen, the social environ- ago are no longer sufficient in to- leave requests. that by precluding the inclusion of ment in which the world is oper- day’s environment. Some states have enacted leg- inclusive business practices that ating has changed irreversibly—at The ability to respond effectively islation blocking COVID-19-related you are relegating yourself to a least in the short to medium term. depends on having the right infor- claims against employers, but second-tier, third-tier, or fourth- The context in which the previous mation at the right time, and agile these laws do not prevent feder- tier set of opportunities?” risk assessments were—or should decision-making requires that busi- al lawsuits. The talent pool of people who have been—undertaken is different. ness leaders support risk analysis The current case inventory may are “just like me” is limited, Pogue Therefore, the threats that are faced by registering risks to their organi- be just the tip of the iceberg, since adds, and recruiting within that and the risks they pose by default zation, building proactive teams, many workers whose livelihoods homogeneous group not only lim- have also changed. and effectively leveraging data and were negatively impacted by the its an organization’s prospects— technology. public health crisis may still be con- it limits the organization’s ability sidering whether they have options to manage a diverse and rapidly for legal redress, says attorney Ger- changing landscape. ald Maatman, Jr., a partner at Sey- farth in Chicago.

12 Illustrations by Security Management, Photos by iStock Security Management | Jul/Aug 2021

TRENDING News & Analysis

Cybersecurity Executive Order U.S. President Joe Biden signed an exec- utive order demanding improvement in federal system security.

Climate Change Using Puns to Promote Human Traffi cking Intervention; Casino A scientific study found that human- Security Awareness Security; and Connected Devices caused climate change was responsible By Megan Gates Hosted by Chuck Harold for $8 billion of the damage caused by Hurricane Sandy in 2012. Travel is coming back. On 28 April 2021, 1.18 mil- Lauren Shapiro outlines recent U.S. human lion travelers passed through a U.S. Transporta- traffi cking liability updates and private tion Security Administration (TSA) checkpoint security’s role in helping victims; Derk Boss, Resisting Ransomware compared to 119,629 on the same day in 2020 and CPP, shares how casino security has changed A task force recommended 48 actions to 2.26 million in 2019. since the beginning of COVID-19; and Elisa mitigate the threat of ransomware, includ- With that resumption in travel, however, may Costante breaks down three big challenges in ing regulating cryptocurrency. come anxiety and uncertainty about what’s al- connected devices. lowed to pass through a TSA checkpoint at the airport. And for security practitioners them- Listen to the SM Highlights podcast Daily news available at asisonline.org/ selves, some may be wondering how best to at asisonline.org/podcasts. TodayinSecurity. share updates with travelers and visitors so they can prepare accordingly. According to Emily Bonilla-Pieton, social me- dia lead for TSA, the agency uses its celebrated Instagram account to communicate with nearly 1 million followers about essential security in- formation through puns, dad jokes, and K9 pic- tures. In an interview with Security Management, she shared security awareness lessons learned, tips, and a peek into the planning process be- hind each post.

SOCIAL MEDIA KEEP IN TOUCH

@SecMgmtMag

@SecMgmtMag

ASIS International

For product info #6 securitymgmt.hotims.com

13 Editor’s Note

A reader from 1968 would consider this incredibly newsworthy. Harford wrote: “It CONTEXT MATTERS would be big news that the Cold War had sim- ply ended without a nuclear exchange of any he truth sometimes relies not on fact, kind—even if no daily newspaper would have but on context. This is crucial to com- been tempted in the meantime to run with the prehending how facts and statistics headline ‘No H-Bombs Dropped Today.’” Tinfluence our lives and in determin- The 100-year headline—“Child Mortality ing whether these measurements add value Falls by a Factor of Eight”—and the 200-year to our understanding of the world, accord- headline—“Most People Aren’t Poor”—bear lit- ing to Tim Harford’s new book, The Data tle resemblance to the issues we regularly pon- Detective. As a thought experiment, Harford der because the news that catches our attention suggested thinking about how daily news out- is surprising, negative, and often misleading. lets report the news as compared to maga- In this month’s cover story, “Open Se- zines. “Bloomberg might pick up on sharp crets,” author Mark Ashford discusses how market moves over the past hour. The same open-source intelligence (OSINT) can pro- moves won’t merit a mention in The Econo- vide valuable information to security profes- mist,” he noted. sionals if approached in the correct context. Harford next invited readers to imagine Actionable intelligence Ashford, who specializes in risk analysis in news during a much longer period of time— the financial industry, notes that actionable decades, or even centuries. What would the is ubiquitous, but it must intelligence is ubiquitous, but it must be ap- headlines be? A newspaper published in 2018 be approached through proached through analysis and assessment. covering the past 50 years might be a declara- As evidenced by numerous global events tion of something that never occurred: “Phew! analysis and assessment. that captured comments, details, and even World Avoids Nuclear Armageddon!” changes recommended to accommodate space for signature below photos on social media, OSINT can be useful in making secu- rity decisions, but pitfalls abound. Ashford notes that OSINT must be an active process, not a one-time collection of data. “There is a need to regularly and active- ly re-evaluate intelligence as new questions arise, assumptions are challenged, and new information comes to light,” he writes. Ashford also warns about the threat of bias in making assessments about OSINT. Bias- es, he adds, “can lead to the wrong conclu- sions, so the information, our views, and our statements should constantly be challenged to identify what is actually important.” Determining what is actually important to security professionals is a key mission for ASIS International and Security Management. And context is key in our coverage, meaning that stories are delivered differently depending on the type of information. For the news of the day, we continue to expand our digital offerings to provide more timely stories and online exclu- sives. In-depth articles that require research and analysis will remain in the pages of the print magazine to provide context straight from your bookshelf for years to come. 

Editor-in-Chief Teresa Anderson

14 Illustration by Security Management; iStock CEIA USA • THREAT DETECTION THROUGH ELECTROMAGNETICS

GAME DAY AT RECORD SPEED.

OPENGATE™ (NEW) Groundbreaking Weapons Detection System

• Quickly and automatically screen guests with their backpacks and bags • Extremely high throughput with near zero nuisance alarms • Detects handguns and mass casualty threats, such as high caliber assault weapons and IEDs • Easy to relocate at 25 pounds and installs in less than 1 minute • Indoor and Outdoor operations

Our threat detection and screening systems take the guesswork out of security screening. Incorporating the latest in threat detection technology, CEIA sets the standard for safety, convenience and accuracy.

For more information, contact your CEIA USA representative at [email protected] or call us today at 833-224-2342.

CEIA USA, Ltd. All rights reserved. CEIA USA reserves the right to make changes, at any moment and without notice, to the models (including programming), their accessories and options, to the prices and conditions of sale. WWW.CEIA-USA.COM

For product info #7 securitymgmt.hotims.com

NEW Full Page Template.indd 1 06/11/2021 2:32:51 PM News & Trends | Misinformation Trust Amid Misinformation

Trust in information sources hit record lows in 2021, but trust in employers remains high. Security now has an opportunity to help rebuild confi dence in organizations through eff ective communication.

By Claire Meyer

isinformation had a banner year When the government is health advice—putting themselves and others in 2020, and it continues to rise. at risk of the spread of COVID-19. In addition, A 2020 study from the Cornell Al- absent, people clearly expect “health protection strategies such as hygiene, Mliance for Science of 38 million business to step in and sanitation, social distancing, mask wearing, articles about the COVID-19 pandemic in En- lockdowns, and other measures will be less glish-language media worldwide in the first fi ll the void. effective if distrust of public health authori- five months of 2020 found that more than 1.1 ties becomes sufficiently widespread to sub- million contained misinformation ranging stantially affect public behavior,” according from mere mistakes to conspiracy theories to to the report. dangerously misleading or false statements Exposure to fabricated news or misinfor- about potential treatments and miracle cures. mation also leads to general distrust in po- Misinformation has the potential to cost litical institutions and media organizations. lives, the report’s authors said. If people are A Harvard Kennedy School study found that misled by unsubstantiated claims about the exposure to misinformation—particularly fake disease, they are less likely to observe official news delivered through a divisive or sensa-

16 Illustration by Security Management; iStock Security Management | Jul/Aug 2021

Risk communications is But during a crisis—whether a macro-crisis hard for you to convince the communicators that affects a broad audience, like a natural di- where they need to go.” about allowing the audience saster, or a micro-crisis within an organization or Or if security tries to be protective and lock to make its own decisions. department, like an insider threat—security is down any information about an incident from often an integral part of a business’s response. spreading, it won’t stop people from commu- Therefore, security professionals need to be nicating about the incident on their own— prepared to participate in communication often with erroneous information, or relying tional lens—in a one-month period around the efforts, says Ernest DelBuono, a crisis man- on outside reporting or opinion about the or- 2018 U.S. midterm election resulted in a 5 per- agement consultant and member of the ASIS ganization. cent decrease in media trust. Crisis Management and Business Continuity “Meanwhile, we’re losing market share, “The consequences of this lack of trust are Community Steering Committee. we’re losing reputation, because we’re not say- especially apparent in times of crisis and un- “You need to understand communications ing anything,” he adds. “Silence doesn’t help. certainty when citizens are most in need of because your corporate communications are You’ve just given up control of the narrative.” credible sources providing current and reliable an important part of any type of security issue Instead, DelBuono recommends forging information,” according to the report. “To the you may have,” he says. “As a security profes- early and frequent partnerships with coun- extent that fake news can undermine the pub- sional, if you can’t understand how the com- terparts in communications departments to lic’s confidence in mainstream media, it may munications system works, it’s going to be embed security in crisis management and not only leave its consumers misinformed, but also make them more vulnerable when disas- ter strikes.” Trust in information sources across the board hit record lows in 2021. According to Book Review the 2021 Edelman Trust Barometer, trust in traditional media dropped eight points from The Professional Protection Offi cer 2020, with only 53 percent of survey respon- dents looking to it for reliable information. Edited by Sandi J. Davies and Lawrence J. safety, use of force, or patrol principles; and Social media and owned media dropped even Fennelly. Butterworth-Heinemann; Elsevier. career development. lower—just 35 percent and 41 percent of re- com; 546 pages; $59.95. Protection offi cers who read and use the spondents, respectively. information and concepts in this book will pro- But there is a glimmer in this dark cloud The duties of today’s professional protec- vide superior performance. They will impress of mistrust. The 2021 Trust Barometer found tion offi cer are complex. They can be found clients and enhance their employer’s reputa- that business is the most trusted institution— conducting a wide range of activities: loss tion. They will also be exposed to a wide array globally, 61 percent of people trust information prevention, fi re prevention, traffi c control, of subjects, such as emergency planning, UAV from business—and among the four institu- access control, active shooter operations, HAZMAT, and informa- tions studied (business, NGOs, government, prevention and response, and tion security. and media), it was the only one seen as both emergency management—to This is the second edition of ethical and competent. mention just a few. this book, and it serves as a good “When the government is absent, people The one single factor whose signpost showing where the clearly expect business to step in and fill the presence or absence can predict industry is today. As anyone who void, and the high expectations of business to the success of a professional has attended GSX can tell you, the address and solve today’s challenges has never protection offi cer is training. security industry is going through been more apparent,” according to the report. Diverse training requires diverse a technological and doctrinal rev- More than 85 percent of respondents agreed resources, however, and that can olution of its own, with automation that CEOs should publicly speak out about so- be prohibitively expensive. and artifi cial intelligence pushing cietal challenges, and 68 percent said CEOs The Professional Protection Of- us into the future. should step in when government does not fix fi cer: Practical Strategies and Emergingng TrendTrendss ThisThis bookb is strongly recommended for societal problems. More than three-quarters of provides an up-to-date collection of thee kknowl-nowl- protectprotectionio offi cers at any career stage, their respondents said that they trust their employ- edge and skills required of protection ooffiffi cers manamanagers,ger and security professionals who er. More than half of survey respondents (53 in today’s environment. It is readable, orgaorga-- nneedeed oorr uuse their services. percent) said that when reliable news media nized, and should be issued to all protectionection is absent, corporations have a responsibility offi cers by their employers as an investmentstment iinn ReviewReviewer:e Ross Johnson, CPP, is the presi- to fill the information void. the offi cers’ and their companies’ futures.res. dent of BBridgehead Security Consulting, Inc. To maintain this trusted position, business- The book is organized into three parts: He is the co-chair of the Electricity Informa- es need to guard information quality, ensur- foundational knowledge that applies across the tion Sharing and Analysis Center (E-ISAC) ing that trustworthy information goes out to security profession; practical and operational Physical Security Advisory Group and is the employees and the community, the Barome- concepts—which provide details on specifi c author of Antiterrorism and Threat Response: ter said. tasks or issues, such as traffi c control, offi cer Planning and Implementation.

17 News & Trends | Misinformation

communications protocols. He also suggests president of Logos Consulting Group. A soci- Misinformation often serves positioning security leaders as internal subject etal lack of trust requires businesses to take matter experts and potential spokespeople— additional steps to shore up employees’ and the role of people making especially for security topics like workplace stakeholders’ confidence in their statements sense of existing grievances, violence incidents. and competence. Effective messaging depends on determin- The key to developing—or rebuilding—trust becoming a form of ing the correct audience and selecting the is to make good on your promises, Garcia says. right representative to deliver messages. But However, it cannot stop there. After the com- confi rmation bias. this is not always the CEO, DelBuono cau- pany makes a declaration of its commitment, tions—crisis communication models often it must deliver on that promise, remind people recommend selecting speakers based on cre- that it made a promise and met it, and then re- “There’s this clash of worldviews that puts dentials and qualifications instead of organi- peat the process frequently and vocally. people’s safety and lives at risk,” Garcia says. zational position. In a health crisis, for exam- And these promises don’t need to spring “Now what does this do to trust? You end up ple, the company could present information from an ambitious shift in company strategy trusting your own team, and distrusting the from its chief health and safety officer, who or mark the completion of a multi-year proj- other team.” could walk employees through developments ect, either. While different belief systems will always and safety measures as the crisis unfolds. “On all the things you know you’re going to exist in the workplace, Garcia says the key in Despite business ranking highest on the do anyway, turn each of them into a promise,” turbulent times is to declare and enforce a set 2021 Trust Barometer, trust in information Garcia says. “And if there are five steps to any of clearly defined values or protocols, such as from authority figures is still low all around. one of those things, make that five promises.” demanding that employees treat each other Even if an organization handled the many cri- After people are regularly reminded of how with respect, and imposing consequences for ses of 2020 well, it exists in a world rife with they can trust the business to meet its obliga- disrespect. Being clear and up-front from the polarization, conspiracy theories, and mis- tions, trust begins to grow and solidify, he adds. start helps people to know where they stand trust, says Helio Fred Garcia, a professor of During a crisis, promises may need to be cur- within the workplace, how they should model crisis management at New York University and tailed. DelBuono advises that crisis communi- their behavior, and what information to expect cations start early, stay open and trustworthy, from their employer. and only promise that leaders will do their “Risk communications is about allowing best. Situations can change quickly, rendering the audience to make its own decisions— Lacking early pledges obsolete or unfeasible, but the about whether to go out in public, to use this audience may not understand the context and product, to stop using this medication,” Del- Control only see that the organization failed to meet Buono says. “Particularly in a crisis, people expectations, he says. It may even be worth- want to know not so much that you’ve solved Most Americans said while to add a disclaimer to press releases is- the problem, but what action you are taking increasing staffing and sued during a crisis explaining that as more as an organization.” resources for border patrol facts emerge, information may change. However, this does not always address the and police is important for challenge of misinformation. “We can’t per- Stressed addressing the situation at suade the unpersuadable,” Garcia adds. Mis- the U.S.-Mexico border. information often serves the role of people About Wellness making sense of existing grievances, becom- ing a form of confirmation bias. U.S. workers rank mental and psychological 4% 11% “One reason it is so hard to get people off of wellbeing as one of their biggest wellness con- misinformation is because it makes sense for cerns, but participation in programs like men- them, connecting their grievances in a com- tal health resources or Employee Assistance mon cause,” he adds. Programs (EAPs) has dropped, according to a 53% Consider conspiracy theories about micro- March 2021 survey from The Conference Board. 32% chips in vaccine doses. People are already Among more than 1,100 U.S. workers across anxious about vaccines and the COVID-19 industries and positions, 59 percent of people pandemic, so they may use rumors and mis- ranked mental and psychological wellbeing— information to justify their fears. However, like such as stress or burnout—as one of their top rumors, these justifications spread and they three concerns, followed by physical wellbe- Very important Not too important amplify as they proliferate. ing (36 percent), social wellness and belong- Somewhat important Not important at all This can impact the workplace in a number ing (36 percent), professional wellbeing (27 of ways, Garcia adds. Increased division along percent), and financial wellbeing (21 percent). Source: Most Americans are Critical of differences in belief systems or conspiracies Among lower-level employees, 76 percent Government’s Handling of Situation at U.S.-Mexico Border, Pew Research Center, can foster an “us vs. them” mentality, which were concerned about mental wellbeing, com- May 2021 can result in conflict in the workplace. pared to 53 percent of CEOs.

18 Security Management | Jul/Aug 2021

Stress is a widespread problem. Despite concerns about stress and The 2021 Working Americans’ State burnout, participation in mental of Stress report found that 76 percent health resources and EAPs dropped of workers described themselves as four percent during the pandemic, currently “stressed,” and 46 percent The Conference Board found. Usage said their stress levels were moderate of online resources or tools increased or higher. six percent, however, and Millennials The Conference Board survey said in particular increased their use of on- that age and gender factored into well- line resources by 19 percent. Commu- being concerns, with Millennials most nity wellbeing programs took the larg- concerned about mental and psycho- est hit—25 percent fewer U.S. workers logical wellbeing and Gen X workers reported using these programs, which more concerned about social wellness provide time off for volunteering. and belonging. Women were more concerned Stress can result in physical and mental Leaders are largely doing well when it comes about spiritual wellbeing—feeling a sense of problems, including physical illness or fatigue to supporting their employees. The survey purpose in what they do—while men were more (51 percent); inability to concentrate, anxiety, found that 78 percent of workers believe their concerned about social wellbeing. depression, or burnout (56 percent); and sleep supervisor genuinely cares about their em- Stress levels vary by age as well. The State disruption or ineffective sleep (55 percent), ployees’ wellbeing, and 62 percent said they of Stress report found that while only 67 per- the report found. It also results in changes of feel comfortable speaking about wellbeing cent of workers over 60 years of age reported behavior; 48 percent of workers reported in- challenges at work. Nearly one-fifth of work- significant stress, this rate increases steadily creased consumption of unhealthy foods, 42 ers, though, do not feel comfortable discuss- across younger demographics until it reaches percent reported decreased physical activity, ing their hardships for fear of negative con- the youngest bracket of workers aged 18 to 29— and 25 percent reported increased use of alco- sequences, and women are more likely to be 84 percent of whom reported high stress levels. hol or controlled substances. uncomfortable than men. 

BARRIERS & SECURITY BOLLARDS

Protecting what MATTERS MOST. AMERISTARSECURITY.COM 866-467-2773

For product info #8 securitymgmt.hotims.com

Illustration by iStock 19 Case Study | Security Services

n many ways, 2019 was a typical year for Proactive the University of Regina. Its student body of roughly 16,500 students was living in Idorms and learning in lecture halls or labs on the campus, nestled within Regina, Patrols Saskatchewan, Canada. Similarly, the uni- versity’s 2,000 employees worked on site and Campus security operations for the University of Regina in in-person—including the security team. But today, like many other establishments Saskatchewan, Canada, is using a new soft ware system to of higher education, classes and work are support both the university and its guard force. largely conducted online, even for some se- curity roles. The University of Regina cam- pus and its various departments are prepar- ing to reopen to 50 percent capacity come September 2021, and if another wave of new COVID-19 cases doesn’t derail the progress, a full reopening is scheduled for January 2022. By Sara Mosqueda In the meantime, Scott Crawley, manager of campus security operations, can safely work from home while keeping tabs on developing issues on campus with real-time information coming in through the university’s incident re- porting software. And just because the campus is locked down to avoid spreading the coronavi- rus, it doesn’t mean all remains quiet. In 2019, students and staff filed a total of 1,225 reports about incidents—ranging from vandalism to sexual assault—which required the security team to follow up or investigate the issue. In 2020, that number dropped down to 806 security incidents. However, the number of total calls for service jumped from 13,633 to 19,640. Some of that in- crease was due to more information calls. For example, a limited number of access points were established for people approved to use the university’s facilities. Students and staff would check in at these access points, enabling the university to track the number of people entering the campus and the areas they would work in. So, if a COVID-19 hotspot developed on campus, university staff and security would We had to make a decision be able to notify anyone who may have been exposed to the virus. Crawley says that several because certain things weren’t calls came from these access points—includ- getting supported anymore. ing requests for information, for assistance if an unauthorized person was trying to enter the campus, or if the entrances needed more masks, hand sanitizer, or wipes. Before 2020, Crawley says he knew that campus security’s record-keeping software and record-sharing system (which involved printing out the report, copying it, and phys- ically sending it to other departments), while decent, could be better. “We had to make a decision because certain things weren’t get- ting supported anymore,” he adds.

20 Illustration by Security Management, iStock Security Management | Jul/Aug 2021

Patrols are not the only person submitting the report the option to re- says that the systems helped him obtain buy-in main anonymous. to refill those positions. proactive element of the Members of the security team will triage the He used reports to show the different kinds systems—the trend reports report, determining if they should continue in- of incidents patrolling officers were likely to vestigating the issue or if the incident would face and why they need additional resourc- also enable smarter be better handled by another department. If es. An officer responded to a break-in and at- security does continue to investigate, officers tempted theft of construction equipment and security decisions. conduct interviews (these days via Zoom) and tools on a satellite campus. That officer’s only leverage resources from other departments— backup was the dispatcher, however, meaning While looking for alternatives, Crawley and such as the student record database. that while both officers dealt with the issue, his department came across Resolver’s Inci- Security operations managers and super- the dispatch desk was left unmanned and a dent Management and Command Center soft- visors have access to the reports and can ap- report on the incident could not be filed until ware programs. But the products would have prove them through the Incident Management after the dispatcher returned. exceeded the allotted security budget for just system, whether they are on campus or work- While Crawley says he understands he will maintaining and sharing records. To get buy-in ing from home. They can also notify investi- not see four teams of four patrol officers again for the Resolver system, Crawley pitched to the gating officers if more information is required. until things start to pick up on campus, he university that it could be used by the security Once a report is approved by a second super- adds that he knows that these reports empha- team, HR, and other departments. Although visor, other relevant departments are notified. size how officers maintain safety throughout each group has access to the system, access to And if those departments need additional clar- the campus and how the university adminis- the files is determined by the user’s privilege ification or more information, the request is as tration can support them.  level and department. easy as sending an email—a big change from The programs are used by campus security; the old method of printing out reports, which For more information about Resolver, health, safety, and wellness; student conduct; were then copied and physically sent to other contact Isaac Trask, Isaac.trask@ respectful workplace, which falls under the relevant groups. Now, everything is saved in a resolver.com. umbrella of human resources; and sexual vio- cloud server, and sharing a file with the right lence. Although both software programs come people just involves selecting the correct on- as out-of-the-box solutions, Resolver worked line distribution route. with the different departments to customize A large part of security’s role has shifted their respective interfaces. It created specific since both the pandemic and the installation forms and workflows, bringing the systems on- of the systems. Crawley says that his team is line at the beginning of December 2019. “They mostly involved in “proactive patrols,” en- built it around our needs,” Crawley says. abled through the trends reports that the soft- Campus security officers use Command Cen- ware can generate to give insight into days and ter as a dispatch module to coordinate and areas that are more likely to be the site of an streamline their patrols. From the computer incident on campus. screen, a dispatcher in the security office is no- Crawley can pull a snapshot of the past 24 tified about officers’ locations while on duty, hours, including the number of calls for ser- specifically showing the time and location of vice and actual incidents within that time- the last call the officer responded to, as well as frame. He can then compare days that featured UP whether he or she is on a break or available to a higher number of security incidents. “I know take an incoming call. how many calls for service and how many in- YOUR GAME Crawley says that the university is also cidents were created out of that 24 hours just With GSX Pre-Conference working on bringing a connected smart- with one click of a button,” Crawley says. Certification Review phone application online, which would be The trend reports serve multiple purposes, Sessions. coordinated through Command Center. The both for justifying future budgets and driv- app would allow dispatchers to track officers’ ing scheduling decisions. “I kind of overlay locations in real time to quickly determine all that, and it helps me with staffing as well,” which officer is closest to an incoming call Crawley says. “It might mean someone getting and which route to take to the scene. Officers a vacation day versus not getting one if it’s a will also use the app to indicate when they are peak time.” on the scene, as well as directly upload pho- Patrols are not the only proactive element tos related to the incident that can be com- enabled by the systems—the trend reports piled in a final report. also enable smarter security decisions, Craw- The dispatcher can file a report in the Inci- ley says. dent Management program. The management For example, 16 officers usually staff the se- gsx.org/pre-cons system is also tied to the university’s online curity patrol team, but the recent departure of portal for reporting issues, which gives the two officers created additional strain. Crawley

21 Cybersecurity | Incident Response

t’s been a rough year for those responsi- Cyber ble for U.S. government network security. First, cybersecurity operators were noti- Ified that SolarWinds—a popular service used by government agencies and contrac- Catch-Up tors alike—was compromised in a major sup- ply chain attack that provided Russian actors Nearly 25 years aft er a government watchdog began highlighting access to sensitive information as part of an espionage campaign. risks to federal information systems, the U.S. government Then, in March, Microsoft called out China may be poised to start comprehensively addressing them. for taking advantage of a vulnerability in the company’s Exchange email program to hack into organizations around the globe. And in April, cybersecurity firm Mandiant accused China of orchestrating a series of compromises to a Pulse Secure, LLC, program. U.S. federal government employees use this program to By Megan Gates remotely connect to agency networks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the Pulse Secure compromise, saying that since June 2020 it affected government agencies, critical infrastructure entities, and other pri- vate sector organizations. “The threat actor is using this access to place webshells on the Pulse Connect Secure appli- ance for further access and persistence,” ac- cording to CISA. “The known webshells allow for a variety of functions, including authen- tication bypass, multi-factor authentication bypass, password logging, and persistence through patching.” CISA mandated that all civilian agencies scan their systems to see if they were impact- ed by the Pulse Secure compromise and to take actions to address it. This mandate marked the second time in just seven weeks that the agen- cy issued an emergency directive to take action to secure federal networks. Prior to 2021, CISA issued just three emergency directives in 2020 and one in 2019. “Over the last year, CISA has issued sever- Incremental improvements al alerts urging agencies, governments, and organizations to assess and patch Pulse Con- will not give us the nect Secure vulnerabilities,” said Acting CISA security we need. Director Brandon Wales in a statement. “This emergency directive reflects the seriousness of these vulnerabilities and the importance for all organizations—in government and the private sector—to take appropriate mitigation steps.” The cascade of cybersecurity compromises highlights an ongoing problem that was first noted in 1997 by the U.S. Government Account- ability Office (GAO), when it placed informa- tion systems security weaknesses on its High- Risk Series, an annual assessment of high risks to the U.S. federal government.

22 Illustration by Dan Page Security Management | Jul/Aug 2021

“These weaknesses pose high risk of unau- We’re sitting at 25 years service providers to alert agencies they have thorized access and disclosure or malicious use contracted with about any cyber incidents—or of sensitive data,” GAO explained in the assess- that GAO has been calling potential incidents. These mandates address ment. “Many federal operations that rely on com- cybersecurity one of the highest some of the vulnerabilities that were brought puter networks are attractive targets for individ- to light during the SolarWinds incident. uals or organizations with malicious intentions. risk areas to the nation. Along with these processes, the executive Examples include law enforcement, import entry order also requires the U.S. federal govern- processing, and various financial transactions.” ment to implement security best practices. The GAO highlighted that U.S. defense sys- cidents; improving detection of cybersecurity “Outdated security models and unencrypt- tems may have experienced roughly 250,000 incidents on federal networks; and improving ed data have led to compromises of systems attacks from hackers in 1995, with roughly 64 investigative and remediation capabilities. in the public and private sectors,” according percent of them being successful and most Many of the action items touch on address- to a White House fact sheet on the executive going undetected. ing vulnerabilities that malicious actors used order. “The federal government must lead the “Since June 1993, we have issued over 30 re- to compromise federal networks. For instance, way and increase its adoption of security best ports describing serious information security the executive order creates baseline securi- practices, including by employing a zero-trust weaknesses at major federal agencies,” GAO ty standards for the development of software security model, accelerating movement to se- wrote. “In September 1996, we reported that, sold to the federal government along with re- cure cloud services, and consistently deploy- during the previous two years, serious infor- quirements for developers to maintain greater ing foundational security tools such as multi- mation security control weaknesses had been visibility into their software. It also requires factor authentication and encryption.” reported for 10 of the 15 largest federal agen- cies. We have made dozens of recommenda- tions to individual agencies for improvement and they have acted on many of them.” But the U.S. government has not implement- Book Review ed hundreds of other GAO recommendations, and has often failed to move at a rapid pace Critical Infrastructure Risk Assessment when addressing cybersecurity at civilian agencies. That could finally be changing. By Ernie Hayden, PSP. Rothstein & Associates, ferences and determine which methodology is In May, U.S. President Joe Biden signed Inc.; Rothstein.com; 364 pages; $74.99. most applicable for specifi c assessments. an executive order to begin overhauling the The book describes the requirements of con- U.S. government’s cybersecurity and lay the Ernie Hayden’s Critical Infrastructure Risk ducting a pre-assessment, observation criteria, groundwork for future improvements and out- Assessment: The Defi nitive Threat Identifi - on-site actions, and the steps to conducting reach to the private sector. cation and Threat Reduction Handbook is a the fi nal report. Of special note is the sample “Incremental improvements will not give us comprehensive work that clearly provides the risk assessment report, which provides a clear the security we need; instead, the federal gov- reader with details from foundational authori- example of a complete assessment report— ernment needs to make bold changes and sig- tative documents about U.S. critical infrastruc- complete with pictures and format outlines for nificant investments in order to defend the vital ture, including various executive the reader’s use. institutions that underpin the American way orders, congressional laws, and The author achieved his intend- of life,” the executive order said. “The federal presidential directives. ed goal of providing a template government must bring to bear the full scope Hayden gives an internation- for conducting a risk assessment. of its authorities and resources to protect and al perspective from a handful This book is clearly formatted secure its computer systems, whether they are of key industrial nations, and and organized for easy reference cloud-based, on-premises, or hybrid. The scope he clearly highlights shared use, and its logical and benefi cial of protection and security must include systems dependencies and similarities. construction is worthy of use by that process data (information technology) and The book does a thorough job of every security specialist, whether those that run the vital machinery that ensures explaining the various compo- practitioner or consultant. our safety (operational technology).” nents of critical infrastructure, The executive order instructs agency heads risk, and risk management well Reviewer: Joshua D. Fowler, CPP, to take numerous steps that fall into seven enough to enlighten someone new to thethe sub-sub- is a retiretiredr U.S. Air Force Security Forces overarching categories: removing barriers to ject or to reinforce the knowledge of a skilled ooffiffi cer wwith 28 years of antiterrorism, emer- threat information sharing between govern- security specialist. ggencyency ppreparedness,r and law enforcement ment and the private sector; modernizing and The bulk of the book covers the processcess ofof exexperience.perien He currently conducts worldwide implementing stronger cybersecurity stan- conducting a risk assessment and providesvides exex-- red teateamm testing of U.S. Customs and Border dards in the federal government; improving cellent outlines for the performance andnd ddocu-ocu- PProtectionrotectio locations for chemical, biological, software supply chain security; establishing a mentation of the assessment. Hayden pprovidesrovides radioloradiological,g nuclear, and explosive (CBRNE), Cybersecurity Safety Review Board; creating a clear details of risk assessment methodologiesdl i fdlfraudulent document, human smuggling, and standard playbook for responding to cyber in- so that the reader can clearly identify the dif- narcotics threats.

23 Cybersecurity | Incident Response

Most of the 16 agencies Jennifer Franks, director of IT and cyberse- “Recent incidents have shown that with- curity issues at GAO, says that the ability to in the government, the maturity level of re- it reviewed had incident implement the numerous mandates outlined sponse plans vary widely,” the White House response processes with “key in the executive order is top of mind. fact sheet said. “The playbook will ensure all “You can establish policies and procedures, federal agencies meet a certain threshold and shortcomings” that limited but what we do is look at the implementation are prepared to take uniform steps to identify strategies of what these agencies are doing,” and mitigate a threat. The playbook will also their ability to minimize she says. “The executive order establishes a provide the private sector with a template for damage from attacks. clear timeline of what you should be accom- its response efforts.” plishing, who you should be coordinating The GAO also highlighted the need for the with, and how to communicate with others federal government to take action to protect what you have been accomplishing.” critical infrastructure, explaining that the gov- In addition to improving security, the ex- Previous administrations have gotten to the ernment had only implemented 30 of GAO’s ecutive order mandates touch on many of the point where they have organized priorities on recommendations in this area out of nearly problems that the GAO has identified in its as- cyber threats, but they have not been able to 80 made since 2010. This need became even sessments that have long been overlooked. execute a governmentwide strategy. more paramount the week that Biden signed “We’re sitting at 25 years that GAO has been “That’s been difficult,” Marinos adds. his executive order, during which a ransom- calling cybersecurity one of the highest risk “There are many things going on across the ware attack caused a major oil and gas pipe- areas to the nation,” says Nick Marinos, direc- federal government that are good, but it’s hard line company, Colonial Pipeline, to shut down tor, information technology and cybersecuri- to know what effect they’re having until you operations. While not an attack on federal net- ty, at GAO. “And in some ways, the difficulty combine them—then you could find opportu- works, the incident that began on a private here is that it’s not only evolving—it’s getting nities to share lessons learned, increase the network could have cascaded to create a na- bigger in the challenges and threats that our capacity of one program over another, and get tional security issue. country and the world are facing from cyber- a sense of urgency that is missing from a lack Marinos says he is encouraged to see the em- space attacks.” of clarity on who is running point.” phasis the executive order placed on address- Some of these threats were highlighted in the One crucial area that needs to be addressed ing critical infrastructure security through im- report that Marinos’ team published in March is incident response to cyber intrusions, data proving mechanisms for information sharing 2021, High-Risk Series: Federal Government breaches, or attacks. In 2019, the GAO found and supply chain security. Both of these ini- Needs to Urgently Pursue Critical Actions to Ad- that most of the 16 agencies it reviewed had tiatives will boost the federal government’s dress Major Cybersecurity Challenges, which incident response processes with “key short- cybersecurity while also enhancing the private represents the findings from 40 reports GAO comings” that limited their ability to minimize sector’s security, he says. published in the last two years on cybersecurity. damage from attacks. The GAO has also made additional recom- The report emphasized the need for “signif- The executive order sets out to solve this prob- mendations that need to be implemented, in- icant attention” from the U.S. federal govern- lem, laying out a process to create a standardized cluding that federal agencies with lead roles ment to establish a comprehensive cybersecu- playbook and set of definitions for cyber incident in protecting critical infrastructure collect and rity strategy and perform effective oversight. response by federal departments and agencies. report on improvements from using the Na- Key to this is the creation of a central role in the executive branch to implement the national strategy once it’s compiled. Congress authorized the creation of the Of- Skill Gaps fice of the National Cyber Director within the Executive Office of the President to do just When asked, “What are the biggest skill gaps you see in that. And in April, U.S. President Joe Biden today’s cybersecurity professionals?” most professionals said nominated John Chris Inglis to fill the role. But soft skills are lacking in the current workforce. he had not been approved by the U.S. Senate as of Security Management’s press time. Computing Devices With the issuance of the executive order, 10% there is an even more urgent need to fill this (hardware, software, filing sytstems) position as whoever holds it will be instrumen- Network Operations tal in implementing the order—as well as hir- (configuration, monitoring) 23% ing support staff to oversee the work. Data-Related Topics “The legislation called for several dozen po- (characteristics, classification, etc.) 31% sitions to be created and filled within the of- fice,” Marinos says. “To get to that point and Soft Skills get fully up and running will take time.... The (communication, leadership, flexibilty) 56% urgency is there. We don’t have time to waste on this issue.” Source: State of Cybersecurity 2021, ISACA, May 2021

24 Security Management | Jul/Aug 2021

tional Institute of Standards and Technology es electric grid owners and operators to imple- ance for the Chemical Facility Anti-Terrorism (NIST) Cybersecurity Framework and more ment measures or technology to enhance de- Standards (CFATS) program, such as incor- specific recommendations, such as plans de- tection, mitigation, and forensic capabilities porating training practices and identifying veloped by the U.S. Department of Energy related to cybersecurity. It also created mile- workforce cybersecurity needs; and that the (DOE) for electric grid cybersecurity. stones for owners and operators to identify Transportation Security Administration (TSA) “DOE had developed plans and an assess- and deploy systems that enable near real-time fully incorporates NIST cybersecurity stan- ment to address the risk to the electric grid; situational awareness and response capabil- dards into select assessments for the trans- however, we found that these documents ities in critical industrial control system and portation sector. did not fully address risks to the grid’s dis- operational technology networks. “Until our recommendations are fully im- tribution systems,” according to the GAO re- Additionally, the GAO recommended that plemented, federal agencies may be limited port. “To address this issue, we recommend- the Federal Aviation Administration (FAA) pri- in their ability to ensure the critical infrastruc- ed that DOE more fully address cyber risks to oritize oversight of evolving cyber threats and tures are protected from potentially harmful the grid’s distribution systems in its plans to increasing connectivity between airplanes cybersecurity threats,” according to the report. implement the national cybersecurity strate- and other systems; that DHS update its guid- The executive order is a good start, but Ma- gy for the grid.” rinos and Franks say it falls short of the na- In April 2021, the DOE announced it would tional cybersecurity strategy that the United begin a 100-day plan to address cybersecurity The playbook will ensure all States needs. risks to the U.S. electric system. federal agencies meet a certain “The reality is that without that and seeing “The United States faces a well-document- how the executive branch will take action to ed and increasing cyber threat from malicious threshold and are prepared to implement a national comprehensive cyber- actors seeking to disrupt the electricity Amer- security strategy, we will be left with ques- icans rely on to power our homes and busi- take uniform steps to identify tions,” Marinos says. “Are we best positioned nesses,” said Secretary of Energy Jennifer M. and mitigate a threat. for future attacks that are going to continue to Granholm in a statement. The plan encourag- evolve—just like the technology we rely on?” 

Featuring:

TM

When used with Garrett’s enhanced walk-through metal detectors, the Quick-Q™ technology does not require the divestment of cell phones or other small metallic items

• Quick-Q technology • Crowd reduction outside means we quickly speed you of each venue through the scanning process • Fewer false alarms • Faster lines

garrett.com • 800.234.6151 • 1.972.494.6151

For product info #10 securitymgmt.hotims.com Garrett_MayJune_2021_half.indd 1 4/7/2021 11:20:23 AM 25 Cover Story | By Mark Ashford

26 Security Management | Jul/Aug 2021

Threats are evolving, but are corporate security intelligence methods keeping pace?

By Mark Ashford Illustration by Michael Austin

27 Cover Story | By Mark Ashford

ON 6 JANUARY 2021, the world watched as a large crowd of pro- intelligence. It would be a mistake to think around the core aspects of the intelligence testers violently made their way past police cybersecurity OSINT is the totality of what cycle—clear planning and direction, a man- lines and into the U.S. Capitol building in OSINT entails. aged collection strategy, processing infor- Washington, D.C., posting videos and pho- OSINT is first and foremost an active pro- mation, structured analysis, and, finally, tos on social media throughout the riot. The cess and thinking style. In practical terms, disseminating intelligence to key decision night before, also in D.C., another as-of-yet open-source information is the collection of makers so they can take action. unknown individual placed two pipe bombs publicly available information from open, OSINT should seek to build a profile of the close to the Democratic National Committee freely accessible sources. areas where threat actors are active, such as headquarters and Republican National Com- But information alone does not equate forums and discussion boards, which would mittee headquarters. to intelligence. Intelligence is information help map their intentions. As those sources In April 2021, the UK’s Security Service with value added through analysis and as- of information inform the assessment pro- (MI5) warned that more than 10,000 UK na- sessment, disseminated in a timely manner cess, they also establish the network to en- tionals, including staff in government depart- to answer a key question or requirement. able continuous monitoring and reporting, ments and key industries, were approached OSINT can include both online and offline facilitating the routine updates security man- over the past five years via social networking materials—it is not a uniquely Internet-based agers need for decision making and security sites by hostile state actors who sought access methodology. posturing. The threat assessment becomes to sensitive information. Threat assessments are just one part of the a living document, highlighting the social The common thread that ties these threats overall suite of security management prac- networks and online spaces where the threat together is the candidness with which these tices for identifying and mitigating risks. Cri- actors are active. The result is a combined events played out across open and public on- teria for structuring threat assessments vary outlook of threat capabilities and a vital list line forums and social media platforms. In by virtue of the threat actor, the nature of the of sources that can continually monitor and completing threat assessments, we may un- intersecting risk, and the type and value of report information. fairly favor confidential, closely held sources the asset. However, threat assessments large- Determining the right places to look for of information that appear to give us an inside ly follow the core concepts of threat identifi- such information can first appear daunt- track on a threat. But focusing on insider in- cation, ascertaining threat capabilities, and ing, but using the intelligence cycle will help formation instead of sources that are openly managing the assessed threat. The threat as- narrow the search. Ideologically extremist available to all can blind us to the obvious. sessment process must become more dynam- groups, for example, seek to deliver their As the above examples highlight, adversar- ic to better manage and understand not just message to the public. In doing so, groups ies can be very open about their intentions the threat, but the threat’s evolution. create portals between their covert opera- and objectives, often using social media or Once completed, threat assessments are at tions and publicly available outlets. An ad- other public forums to post about future ac- immediate risk of becoming static statements ept OSINT process will help identify these tions. Traditionally, the remit of physical se- and summaries; over time, the positive effect portals, glean information of value, and pro- curity encapsulates the bounded space, em- of threat assessments as a means to inform vide intelligence input to a threat assessment. ploying a range of measures such as cameras, the risk and security posture of an organiza- access control, perimeters, and intruder de- tion become less effective or obsolete. tection systems. A gap exists in managing the While the wider political drama of the security of assets within the site and assess- U.S. presidential elections played out over A CLEAR DIRECTION ing the threats beyond it. It is not enough to months, the activities around ideation, plan- produce a one-off threat assessment; there is ning, and action leading up to the 6 January Incorporating OSINT into threat assessments a clear need for a more dynamic approach to U.S. Capitol riots may have occurred over should lead with a focused direction aided identifying, assessing, and managing threats. only weeks. OSINT offers the ability to shift by clear planning. The quantity of data and Part of the solution in bridging that gap to the threat assessment from a static state- information available will mean that without effectively ascertain and surveil threats be- ment into a dynamic cyclical process—a con- effective direction and planning, an unstruc- yond a site’s perimeter is developing and in- tinuous threat assessment. tured threat assessment exercise will inevita- corporating open-source intelligence (OSINT) There is a need to regularly and actively bly flounder when wading through vast vol- capabilities. re-evaluate intelligence as new questions umes of information. Direction—consisting While OSINT began as a discipline within arise, assumptions are challenged, and new of a specific query—helps set the groundwork the intelligence community, it was quickly information comes to light. This cyclicality for an OSINT investigation, and it will affect adopted in the cybersecurity field. However, is what makes OSINT an active process and the success or failure of the threat assess- cybersecurity professionals largely highlight thinking style—not merely a “check the box” ment exercise. aspects of the OSINT process that are most ap- exercise. By incorporating OSINT into threat The query should be realistic and practical. plicable to cybersecurity, such as cyber threat assessments, a framework can be structured The direction should not attempt to steer the

28 Security Management | Jul/Aug 2021

OSINT investigation to predicting the unpre- continuously volatile and dynamic environ- should ensure that the capabilities and de- dictable or quantifying the obvious—for in- ment—both online and outside of the Inter- mands are as evenly matched as possible. stance “when will the next pandemic occur,” net. Planning will significantly signpost the For instance, would the general media and or “will there be a terrorist attack in Europe areas where you need more information and public relations information from a threat within the year.” Taking the latter, given the where you need less, mitigating the risk of group sufficiently answer key threat assess- breadth of terrorism risks within Europe, a interference from bias. Additionally, probabi- ment questions, or is there a need to be in- terrorist attack within the year is a near cer- listic thinking in the planning stage will help volved in an online forum actively used by tain occurrence. Pursuing these thought ex- navigate the problems of accuracy in deal- members of that same group? Understanding ercises does not help inform how we manage ing with inherently unreliable information— where additional effort is required can help the risk, likely timescales, or types of attack. whether that’s social media, disinformation, identify efficiencies. Specificity is key to relating the threat to or deliberate obfuscation. Additionally, there are clear safety, se- an organization, while also having the added curity, and organizational considerations benefit of focusing the search parameters of to address long before executing informa- the OSINT stream. For example, terrorism is tion-gathering activities. A collection strate- too wide a threat—narrow the focus down to COLLECTION STRATEGY gy should account for any deterrents—legal, a particular terrorist group, modus operandi, financial, or reputational—that may impede or location. Framing the wider understand- The next stage is to establish the collection the work. Risk appetites, ethics, and moral ing with focus on the specifics of the threat strategy, the value of which will be built considerations all play a part in determining will add value to the outcome of an OSINT off of earlier work during the direction and appropriate OSINT activities. Consider the assessment in terms of turnaround time and planning stages. There has been significant 2018 Cambridge Analytica scandal, in which a resource management. Multinational organi- growth in commercial OSINT gathering plat- political firm harvested tens of millions of us- zations, for example, cannot rely on a threat forms and products in recent years—a trend ers’ personal data from Facebook. Although assessment that seeks to capture a terrorist that is likely to continue. From forensic the action was legal, it had long-term reputa- group’s global ambitions or lists the number browser software to continuous geo-fencing tional and data privacy implications. of attacks. for social media triggers to commercial satel- Flexibility is important. As part of the or- OSINT planning calls for breaking down lite imagery, there is most likely a commercial ganization’s security practices, threat assess- the key information required into more man- collections platform catering for your specific ments might only be an annual exercise. Like ageable parts. Exercises in probabilistic security needs. with the U.S. Capitol riots, however, the sub- thinking will help manage the OSINT threat Myriad areas will govern the type and ex- ject of the threat assessment could change assessment into its key parts. Probabilistic tent of the OSINT collection strategy. Some weekly, and the security response will de- thinking can be both a quantitative or quali- will be practical considerations—how many pend on the level of information secured tative practice and seeks to identify the most team members are free to spend time collect- from the collections plan, which may need likely outcome from an event among multiple ing information or what technical resourc- to change to keep up. Building in flexibility likelihoods. It is the act of building up sources es are in place to enable both information enables adaptability. of information and knowledge around possi- collection and routine security responsibili- Threat assessments can be subjective ex- ble outcomes to try and reduce the element of ties. Accurate planning of OSINT and threat ercises, and there may be additional signals uncertainty as much as possible. assessment requirements up to this point within the collected information that signify Planning a threat assessment around OSINT methods should initially quantify what is known, what can be learned, and the unknowable, while teasing out any bi- ases, all of which will affect the threat as- sessment outcome. Biases are an inherent part of assessments. They can lead to the wrong conclusions, so the Focusing on insider information, our views, and our statements should constantly be challenged to identify what is actually important. There are many information over sources identified knowledge biases, such as anchor- ing and availability biases, which place an over-reliance or over-emphasis on the first that are openly available to all available piece of information or drive as- sessments based on the immediate informa- tion to hand. The speed of new information can blind us to the obvious. generated online and the resource demands on physical security departments under- line how OSINT investigations are made in a

29 Cover Story | By Mark Ashford

a change in interpretation is required. Con- for commercial or private security manage- sider how rapidly social justice movements ment work. As such, if you, your organiza- PROCESS AND ANALYSIS and protests spread worldwide—massive so- tion, or the subject of an OSINT investigation cial unrest can start from subtle events half resides in the EU, investigators will likely Given the wide variability in types of infor- a world away, triggering local tensions and have to reckon with the GDPR. Additionally, mation and concerns over its reliability and sparking disruption. Events do not happen the GDPR equally applies to the processing credibility, processing is an integral element in isolation, and everyday ordinary signals of personal data online or offline, whether to OSINT. can come to mark the start of world events. in social media, employment, or govern- Where the required information is amena- With the information we collect, we should be ment records. ble to primary and secondary sources, look constantly looking to see how even the small Under the GDPR, an OSINT investigation to reach for the former: direct eyewitness ev- pieces could impact our understanding. will likely need a legal basis for processing idence is worth more than third- or fourth- Online entities, including social media, are PII, and it should apply certain principles on hand information, and we should grade the making personal and professional informa- how it is processed, such as data security, information as such. Where threat assess- tion freely available on a massive scale, pro- accountability, and governance, as well as ments necessitate OSINT investigations into viding real-time access to imagery of locali- identifying and incorporating the subject’s more uncertain areas, such neat classification ties, records of local events, as well as details rights. Compliance requirements, from GDPR of sources may not always be readily avail- of subjects’ social and professional contacts. to an organization’s capacity for data storage, able. As such, OSINT investigators should The value of such information cannot be over- underline how available resources will be a consider the Admiralty or NATO System to stated. Online and offline social engineering key consideration. help evaluate the collected information. attacks are built upon the freely available, One of the most frequent asks from OSINT, Under the Admiralty System, informa- in-depth personally identifiable information even by other OSINT practitioners, is the need tion is judged on reliability—based on the (PII) that exists across numerous platforms, for a list of tools, as though such a list will source’s past reporting, whether there are including social media. lead to direct success. It should come as no doubts about its authenticity or trustwor- An OSINT collection strategy will inevi- real surprise that there is no one OSINT pro- thiness, and the competency of the source. tably touch upon PII, and—depending on gram list or resource that will do it all. Rath- Information judged on reliability is graded A through F. Credibility is assessed against whether the information can be corroborat- ed against other sources or against what is already known about the matter. Credibility is graded with a numerical value between 1 and 6. If an eyewitness to a popular event pro- It would be a mistake to think vides direct, first-hand information that can be checked against other sources, for exam- ple, that source would be graded A1. A person cybersecurity OSINT is the reporting information that they have over- heard but have no direct experience of—and they are reporting for the first time—would totality of what OSINT entails. likely be graded F6. The purpose is to build confidence in the accuracy and reliability of gathered informa- tion by using the different grades to add nu- ance and context to pieces of information and better inform decisions. There is an inherent risk in any method the legal frameworks you are operating un- er, OSINT practitioners will usually build up of information collection to always want der—organizations will need to consider personal knowledge of tools, useful sites, more—more time or information with which how such information is identified, record- and a network of OSINT practitioners that to make decisions. A fatal risk for the OSINT ed, and stored. fit their specific needs. When deciding what threat assessment can materialize by coming The European Union’s General Data Pro- collection methods and tools to use, over- to a conclusion too early or failing to come tection Regulation (GDPR) is a wide-reaching riding consideration should always be given to any meaningful conclusion at all. Infor- and wide-encompassing document gov- to safe security practices, while keeping in mation collected, processed, and analyzed erning PII and its use. Exemptions exist for mind the legal, personal, moral, and ethical via OSINT methods will invariably change, OSINT activity as it pertains to national se- implications of engaging in OSINT collections and it will never remain static. An OSINT- curity and law enforcement (which have methods. The adverse legal implications may led threat assessment inherently enables separate directives). However, there is no apply equally to the OSINT analyst and the dynamic monitoring over a static statement specific or general exemption under GDPR organization. of intent.

30 Security Management | Jul/Aug 2021

it. For instance, undertaking a threat assess- mation, is not insurmountable. Additional DELIVERY ment for a member of staff traveling overseas issues remain, such as managing people’s may simply require a cover page with the key expectations of the OSINT process, the re- The final component is the delivery of time- findings for his or her manager while the body quirements for training and technology, and ly, relevant, and actionable findings to key of the assessment remains within the rele- resource allocation. However, employing the decision makers, be they within the physical vant security department. In other cases, a intelligence cycle as part of the threat assess- security remit or wider executive leadership threat assessment may be forwarded to an ment process will help make the most of re- positions. Invariably, there are in-house writ- internal investigation department or a wid- sources at hand within the time available.  ing style requirements, but they should not er audience, in which case the assessor may impede conveying the key judgments and seek to withhold certain aspects or findings Mark Ashford works in security risk analysis important information effectively to a reader until later. A formulaic process will fail. and threat assessment in the fi nancial industry, who may not have time to read an entire as- OSINT is an evolving framework, ideal- following a 12-year background in law enforce- sessment in detail. ly suited to dynamically assessing evolving ment and state security. His other areas of Ideally, the assessment should be written threats. The challenge of unreliable infor- interest include intelligence analysis, strategic for the person or department that requires mation, especially in today’s age of disinfor- foresight, and international relations.

CONVERGED INTELLIGENCE SOURCES OSINT is not a wholly Internet-based intelligence process. Information can come from offline, online, or blended sources.

OFFLINE SOURCES BLENDED SOURCES ONLINE SOURCES

Company record searches Government agencies Social media platforms

Patent and trademark offices News media Online blogs and forums

Real estate companies Political leaflets and manifestos Think-tank websites

Speaking events (talks Birth, death, and marriage certificates International agencies and presentations) Criminal and court proceedings Online map and Government publications surveillance providers Local planning applications Offices and universities Reverse imagery checks (grey literature) Land registry and home ownership records Dating apps Radio Academic research Dark Web Television Charities or non-governmental Online domains and organizations metadata databases

Video and file sharing sites

31 Organized Crime | By Megan Gates

32 Illustration by Tyler Stone, Security Management; iStock Security Management | Jul/Aug 2021

DURING A PANDEMIC, THE THREAT OF ORGANIZED CRIMINAL ACTIVITY EVOLVED TO SURVIVE AND TAKE ADVANTAGE OF NEW BUSINESS OPPORTUNITIES.

BY MEGAN GATES

33 Organized Crime | By Megan Gates IT STARTED

the way an investigation into an organized crime group often does. In- “I am concerned by the impact of serious and organized crime on the vestigators identified a group of Colombian, Dominican, and Spanish daily lives of Europeans, and growth of our economy, and the strength nationals who were part of a large-scale cocaine, hashish, and mar- and resilience of our state institutions,” De Bolle explained. “I am ijuana trafficking operation out of Cataluña, Spain. The authorities also concerned by the potential of these phenomena to undermine seized several shipments of cocaine in Colombia that were linked to the rule of law.” the group—approximately 2,900 kilos worth. But then, things took a turn. In February 2021, authorities arrested four individuals connected with the group in Tarragona, Spain, and seized 583 kilos of hashish that was intended for France and Italy. During the subsequent search of a warehouse used by the group, the EUROPE authorities found half a submarine. Terrorism and serious and organized crime continue to pose the “most “The boat—the first ever of its kind seized on European soil, was pressing internal security challenge” to the European Union, according to still in construction when it was found,” according to Europol. “The the 2021 SOCTA. This criminal activity ranges from the illegal drug trade to craft was 9 meters long and could have been able to transport up to 2 migrant smuggling to human trafficking to economic and financial crime. tonnes of drugs.” “The trade in cocaine, cannabis, synthetic drugs, and new psycho- More than 300 police officers were involved in the operation, with active substances is a key threat to the EU due to the levels of violence support from the National Police of Colombia, the Dutch National Po- associated, the multibillion-euro profits generated, and the substantial lice, the Portuguese Judicial Police, the UK National Crime Agency, harm caused by it,” the SOCTA explained. and the U.S. Customs and Border Protection Agency, with additional Of the groups behind these practices, one in four has been active for coordination aided by Europol. more than 10 years; 40 percent use a hierarchical structure, compared The submarine, which the criminals presumably built to enhance to 60 percent with a fluid crime structure; and 79 percent have six or their drug transportation capability, shows the lengths organized crime more members. Europol’s analysis found that more than 180 nation- groups will go to in 2021 to evade detection and extend their reach alities are involved, with seven out of 10 groups active in more than during the COVID-19 pandemic—a time of economic turmoil with an three countries. element of global chaos. “More than 50 percent of all reported suspected organized criminals In its most recent Serious and Organised Crime Threat Assessment active in the EU are non-EU nationals,” the SOCTA said. “Half of these (SOCTA), published in April 2021, Europol found that nearly 40 percent non-EU nationals originate from countries in the EU’s neighborhood, of the criminal networks active in the European Union are involved in such as the Western Balkan region, eastern European countries, and the trade of illegal drugs, roughly 60 percent of these networks use North Africa.” violence as part of their criminal businesses, and that more than 80 A concerning trend highlighted in the report is that the level and use percent of the criminal networks use legal business structures to fa- of violence associated with organized crime increased in frequency cilitate their operations. and severity since 2017. “The analysis indicates that criminal structures are more fluid and “Violence in illicit markets is often a sign of growing competition flexible than previously thought, use of violence by organized crime (e.g., over the control of lucrative distribution networks or a partic- appears to be increasing, and use of corruption and abuse of legal busi- ular geographic territory),” according to the SOCTA. “Shifting power ness structures are key features of serious and organized crime activi- balances within or between competing organized crime groups, the ties,” wrote Europol Executive Director Catherine De Bolle in the report. impact of law enforcement efforts, or broader economic pressures can Europol’s analysis found that organized crime in 2021 is more flexible also generate violence.” and changing in nature, “connecting individual criminal entrepreneurs This violence is seen in the form of threats, intimidation, vandalism, and smaller groups of criminals mediated by information and contract assault, kidnapping, torture, mutilation, and murder. It also takes the brokers and supported by criminal service providers lending advice form of internal violence—within the group itself—to settle conflicts or and assistance with expertise in law, finance, logistics, and many oth- punish individuals for breaking the group’s rules. er specialist domains.” One of the major economic pressures that organized crime faced in The COVID-19 pandemic has also had a significant impact on the or- 2020 and into 2021 was the threat of economic decline or recession re- ganized crime threat landscape in Europe, reshaping how criminal net- lated to the COVID-19 pandemic. In some instances, organized crime works operate and uncovering new opportunities for them to thrive on. was able to take advantage of the situation.

34 Security Management | Jul/Aug 2021

“Criminals were quick to adapt illegal products, modi operandi, and advertising features to reach an audience that is then directed to tes- narratives in order to exploit the fear and anxieties of Europeans and timonials and group chats on WhatsApp—also owned by Facebook. to capitalize on the scarcity of some vital goods during the pandemic,” In 2019, Facebook announced it removed hundreds of Indonesian according to the SOCTA. “While some criminal activities will or have accounts, pages, and groups, after discovering they were linked to an returned to their pre-pandemic state, others will be fundamentally online group engaged in spreading fake news and hate speech. changed by the COVID-19 pandemic.” “These accounts and pages were actively working to conceal what In an analysis for Corporate Compliance Insights, Stefano Siggia, se- they were doing and were linked to the Saracen Group, an online syn- nior consultant at Pideeco, explained that the pandemic allowed ma- dicate in Indonesia,” said Nathaniel Gleicher, Facebook head of cyber- fia groups—such as the Sicilian Cosa Nostra, the Neapolitan Camorra, security policy, in a statement. the Apulian Sacra Corona Unita, and the Calabrian ‘Ndrangheta—to However, as of Security Management’s press deadline Facebook had acquire bankrupted entities and use them for profit, especially in Italy not taken action on the activity identified by Vigilante. And the ability for where COVID-19 hit particularly hard. these criminals to learn, network, and market services on social media During 2020, banks lent less money to small- and medium-sized and online highlights another cause of concern for investigators looking to businesses, and the government saw an increase in requests for food tackle organized crime—their increasing ability to use the Internet for gain. aid from charities. In response, mafia groups took to distributing food to families facing financial difficulties—possibly as a recruitment method for business deals—and mafia organizations acquired failing businesses to help them obtain short-term financing in exchange for laundering money. This also tied into another major finding from the 2021 SOCTA, which I AM CONCERNED BY THE IMPACT found that criminal networks are increasingly using legitimate busi- ness structures to enable their activities, such as through money laun- OF SERIOUS AND ORGANIZED CRIME dering to integrate illicit funds into the legal economy. “The COVID-19 pandemic may be followed by an economic reces- ON THE DAILY LIVES OF EUROPEANS. sion,” the report said. “It is likely that criminals will exploit vulnerabil- ities in the economy to infiltrate legal businesses in order to facilitate their criminal activities. This may entail loaning funds to struggling businesses and making them dependent on criminal financiers or di- rectly buying up companies in financial difficulties.” “Social media mirror advertisements on websites and serve as dedi- cated channels for marketing or communication channels for criminal networks,” the SOCTA found. “All available illicit goods and services are also visible on social media.” Europol also noted that organized criminals may use disinformation SOUTHEAST ASIA campaigns to generate sales for their products or lure individuals into Halfway around the world in Indonesia, the COVID-19 pandemic is also fraud schemes. In addition, the law enforcement organization warned having a major impact on organized crime. In normal times, millions about a rise in the trend Vigilante had noticed in Indonesia—cyber- of tourists flock to the country—and its famous island of Bali—but with crime-as-a-service. the pandemic and subsequent travel restrictions, tourism spending “Criminal tools such as malware, ransomware, phishing facilitators, was drastically down in the nation. sniffers, skimmers, and distributed denial-of-service attacks are offered That’s when Adam Darrah, director of intelligence at Vigilante, and online, especially on the Dark Web,” the SOCTA said. “The crime-as- his team began noticing some odd online behavior. Due possibly to a-service business model makes criminal services easily available to economic desperation, more individuals in Indonesia were turning to anyone, lowering the level of expertise previously required to perform the Dark Web to buy access to stolen credentials, including those for specific criminal activities.” bank accounts and streaming services like Netflix. Before COVID-19, most cybercrime activity out of Indonesia centered around cyber activism in the form of website defacements, Darrah says. “They didn’t have a high reputation in the cyber criminal underground like the Chinese or the Russians,” he adds. AFRICA After COVID-19, more entry-level actors started engaging online with Just as the world has become increasingly digital and mobile, so too higher profile actors, asking for help to buy tools to use for cybercrime. has currency and banking. Nowhere else is that more apparent in the “We’re seeing an influx of requests for help: Where do we go to buy world than in Africa, which is considered the world leader in the mo- stuff? How do we buy stuff? Or do you know anyone who can help us bile money industry with more than half of all registered mobile money increase our followers, say on Alibaba?” Darrah explains. accounts globally, according to Interpol. While some of these requests for help are happening on the Dark Mobile money is generally a service that people can use to store, Web, some of them are being facilitated through one of the more ob- send, and receive money by using a mobile phone instead of a tradi- vious channels: Facebook. Darrah says Vigilante has seen an uptick tional brick-and-mortar bank. Users can also withdraw cash from au- in advertisements from criminal groups on Facebook, using the site’s thorized agents associated with their mobile money provider.

35 Organized Crime | By Megan Gates

The ability to pay using only a mobile phone has aided the growth of Africa’s economy, but it also provided opportunities for organized crime groups to take advantage of the service. In a 2020 assessment, Interpol found that the “lack of robust identity VIOLENCE IN ILLICIT MARKETS checks to verify users combined with a need for greater law enforce- ment resources and training on mobile money-enabled crimes have cre- IS OFTEN A SIGN OF GROWING ated a financial system distinctly vulnerable to criminal infiltration.” Interpol said there were “strong indications” that mobile money is COMPETITION. enabling criminality and poses a “significant threat” to African society through its use for terrorism financing, money laundering, extortion pay- ments, human trafficking, people smuggling, and the illegal wildlife trade. “In addition to this, mobile money service exploitation by criminals ben- efits from poorly applied regulations and expertise in the criminal justice double the forecast,” with the fastest growth happening in markets system,” Interpol explained. “If this is not addressed, there is a significant where governments provided relief to their citizens. risk of further criminal proliferation due to perceived risks versus rewards.” Additionally, in response to COVID-19 restrictions, some govern- This is especially concerning because the Global System for Mobile ments made regulatory changes to better facilitate mobile money pay- Communications Association (GSMA), which represents the interests ments, such as classifying them as essential services and increasing of more than 750 mobile operators and 400 companies, said the mobile transaction limits to allow more funds to be transferred at one time. money market grew exponentially during the COVID-19 pandemic in Along with using mobile money markets, organized crime groups in response to lockdown restrictions. Eastern Africa are taking advantage of the COVID-19 pandemic to move GSMA’s annual State of the Industry Report on Mobile Money, pub- into the illicit medications market. lished March 2021, noted that the “number of registered [mobile money] “A COVID-19 related hysteria has maximized profits for organized accounts grew by 13 percent globally in 2020 to more than 1.2 billion— crime in this field, whilst enabling relatively risk-free activity for crim-

NATIONALITY CRIMINAL OR ETHNICITY ACTIVITY Chinese organized Property crime or crime groups versus human trafficking. Russian organized crime groups.

TYPES OF ORGANIZED CRIME When it comes to organized crime, how do you distinguish between groups? In its latest Serious and Organised Crime Threat Assessment (SOCTA), STRUCTURE Europol identified four key OTHER DESCRIPTIVE Maf ia-style versus indicators for groups. CHARACTERISTICS street gangs. Value systems, such as in motorcycle gangs. These identifiers, however, are not hard and fast rules for how groups could be differentiated; nearly two-thirds of the criminal groups analyzed in the 2021 SOCTA were composed of members of different nationalities.

“In some cases, classifying criminal networks according to national or even ethnic homogeneity can be relevant for an investigation because the nationality and/or ethnicity can be an important element in international collaboration,” Europol said. “Strategically, the division of criminal groups according to ethnic homogeneity often lacks nuance.”

36 Security Management | Jul/Aug 2021

inals,” according to an Interpol assessment. “This activity has included Latin America also saw an increase in violence during the COVID-19 increased importations of counterfeit and substandard medications pandemic as organized crime groups fought over territory, wrote Robert from Asia, as well as the acquisition of powerful painkillers to sell on Muggah, principal at SecDev group, for Foreign Policy. the black market.” “Brazil’s three-year decline in homicide has come to a screeching In an analysis published in December 2020, Interpol said that or- halt,” he wrote. “In São Paulo, home to one of Latin America’s most ganized crime groups are “capitalizing” on the increased demand for powerful drug trafficking organizations, murders were up 10 percent medication during the pandemic, importing illicit medications through between March 2019 and March 2020. And in the northern state of Ceará, the Mombasa port because of reduced capacity to inspect incoming violent crimes (including homicide) spiked by 98 percent in just 10 days shipments. Misinformation is also playing a role as it spreads across in March. Levels of reported domestic violence have also surged in most social media; Interpol explained that misinformation about COVID-19 states, including by more than 50 percent in Rio de Janeiro alone.” has likely “increased the general willingness to source medications Muggah tracked similar levels of rising violence in El Salvador, find- via illicit means.” ing that mafia, militia, and criminal groups were reinforcing their soft power in the regions where they operate. “In addition to fueling rising violence, the pandemic could enhance the social, economic, and political clout of some criminal organizations in the same way that the Italian mafia and Japanese yakuza emerged stron- LATIN AMERICA ger after the great dislocations of World War II,” he wrote. “Crime bosses In Latin America, the COVID-19 pandemic is impacting organized crime know full well that law enforcement and criminal justice systems are over- and the illegal drug market—especially supply, production, and traf- stretched and that prisons are bursting at the seams in Latin America and ficking chains—as many nations imposed border restrictions to limit elsewhere. They also know great scarcity is coming, which may increase the spread of the disease. the risk of violence. The question is whether we are even remotely ready.”  In a Wilson Center analysis published in October 2020, experts found that restrictions imposed by the United States—the final destination Megan Gates is senior editor at Security Management. Connect with her for most of Mexico’s methamphetamines, heroin, and cocaine—made at [email protected]. Follow her on Twitter: @mgngates. it increasingly difficult for cartels to move drugs across the border. At the same time, Asian governments lim- ited the transportation of merchandise—cutting down on the chemicals sent to Mexico used in the production of these drugs. China only recently eased some of its re- strictions, allowing more shipments to Mexico. GET A “Thus, while the northern border still faces restric- tions and interdiction measures, the local capacity for MASTERS DEGREE producing and manufacturing different types of ille- gal drugs has gradually recovered,” according to the IN SECURITY Wilson Center report, Social Programs and Organized Crime in Mexico. “This situation clearly gives Mexican MANAGEMENT cartels an unprecedented and extremely delicate and risky alternative for Mexico’s national and public safe- IN 18 MONTHS. ty: growing, broadening, deepening, and developing the Mexican market for illegal drugs.” Q To adapt to the situation, the cartels are ramping up BS/MS in Security their local capabilities and strategies for the drug mar- Management ket. They are also considering new avenues of funding, including providing basic goods to vulnerable popula- Q MS in Emergency tions where the government response to the pandemic has been “weak, scarce, or altogether nonexistent,” Management the report said. The Mexican federal government also shifted its ap- proach to organized crime, focusing more on the social causes of crime and violence instead of openly fighting the cartels. “Facing less government pressure, the most powerful Mexican cartels have reinforced their distinct process of centralization and domination of territory, criminal ENJOY IN-STATE TUITION PRICING NO MATTER WHERE YOU LIVE. markets, supply chain links, transportation routes, crime groups, organizations, and structures,” accord- Visit JohnJayOnline.com ing to the report. For product info #11 securitymgmt.hotims.com

37 Mentoring | By Claire Meyer

By Claire Meyer

COVID-19 has wreaked havoc on global workforces. To retain and foster future leaders amid the tumult, personal connection through mentorship can provide support and grow both mentor and mentee.

38 Illustration by Eva Vázquez Security Management | Jul/Aug 2021

39 Mentoring | By Claire Meyer

hile 76 percent of people consider mentors dents from the business sector, the military, and other important, only 37 percent actually have realms. Not that an outside perspective isn’t refreshing one, according to a 2019 Olivet Nazarene and welcome, but mentoring efforts can help us build University survey of 3,000 full-time employees in the a large pool of tested, prepared, and willing security United States. Most mentoring relationships developed leaders for the many challenges on the horizon.” naturally, with nearly 40 percent of mentorship rela- And that pipeline of capable and diverse leaders is tionships beginning with a request or offer, the study needed. The tumult of the COVID-19 pandemic con- found. But therein lies the gap—without proactive ac- tinues to shake up workforce demographics. Globally, tion, mentorships are unlikely to get off the ground. women make up almost two-fifths of the global labor Mentorships offer an opportunity to surmount an- force, but they have suffered more than half of total other prescient workplace dilemma: cross-generational job losses from the pandemic, according to the World conflict and management. Management books and In- Economic Forum. ternet articles abound with complaints and potential In the United States, McKinsey & Company research solutions about how Baby Boomers (born 1946–1964) found that one in four women are considering leaving could work with Millennials (born 1981–1996) or how the workforce or downshifting their careers due to the Gen X (born 1965–1980) could steer the work culture pandemic, compared to one in five men. Three major of Gen Z (beginning 1997)—the latest generation of po- groups experienced some of the largest challenges: litically active, digital-native employees entering the working mothers, women in senior management posi- workforce. And while there are many sticking points tions, and Black women. They were driven to the brink between generational norms, personal relationships of dire career decisions by a variety of factors, includ- through mentoring can help individuals connect more ing the stress of juggling home and work responsibil- seamlessly across the workforce—especially in a field ities while trying to meet pre-pandemic performance with as much professional longevity as security. goals, feeling blindsided by decisions that affect day- “The security field is unique; it seems we never really to-day work, and difficulty talking with coworkers or retire, as this is more of a profession and calling than managers about the challenges they face. a job,” says Jennifer Hesterman, security consultant, “There are so many factors that will change our de- author, lecturer, and a retired U.S. Air Force colonel. “As mographics due to COVID,” says Donna Kobzaruk, ex- a result, there are four generations now represented in ecutive director of global security for financial services our workforce, with an age span of 55 years from new company JPMorgan Chase. “It’s indisputable that wom- security professionals to the most seasoned. Although en have left the workplace in droves. Women have made many see this as a challenge, it provides an incredible strides in diversity numbers only to see it’s changed. opportunityoppor to tap vast knowledge, broad experiences, That’s why it’s even more imperative for women, as well andand a variety of technical and soft skill sets.” as young professionals, to seek out a mentor. A mentor “Mentoring“Me is a powerful tool in leadership develop- can guide you in having a voice and raising your profile ment,ment, as it transfers knowledge and skills to the next within an organization.” generationgener of leaders,” she adds. “We don’t want to get Different age groups have also been affected by the into a position down the road where we lack a robust pandemic. A 2021 report from the National Council on popoolol ofo people to lead the security industry. Academia Compensation Insurance found that U.S. workers be- is facingfaci this very challenge and hiring college presi- tween the ages of 16–24 experienced a 30 percent de- cline in emploemployment, while older workers are on the rise witwithh an exexpectedp 50 percent growth in U.S. workers overover the age ooff 65 in the next decade. This will likely widenwiden tthehe age range in the security industry. A multigenerationalmultigene workforce, however, can offer opportunities—asopportunities— well as challenges. Shelly Kozacek, Mentoring efforts can help us build CPP, directordirector ofo security for ship repair at aerospace companycompany BAE Systems,S has been managing employees spanningspanning tthehe ggenerational spectrum throughout four a large pool of tested, prepared, UU.S..S. sites fforor yeyears. It is excitingexciting for her “to have someone from gener- and willing security leaders for the ation BabBabyy BBoomero or Generation X to team up and mentor somesomeoneo from Generation Y or a new college many challenges on the horizon. graduate,”graduate,” sheshe says. “There is a lot to be learned on both sides… TTheh mentorship relationship is so valuable becausebecause bbothoth ppeople learn from the experience. Getting thatthat insightinsight fromfro someone you might not team up with yourself is really helpful.”

40 Security Management | Jul/Aug 2021

Over her 20-year career so far, Kozacek was first mentored by a knowledgeable and personable su- pervisor 30 years her senior who stepped forward to share his skill sets and leadership approaches Sacrificing family, friends, outside while Kozacek served in the U.S. government. This mentor later became a peer she could lean on to de- interests, and personal health for termine what her role entailed and how she could expand her value when helping clients and the or- work is not acceptable to ganization. Later in her career, Kozacek became a mentor, including through ASIS International, new generations entering the gaining as much value as she imparted, especially when it comes to her mentee’s technical skill set and digital savvy. workplace, nor shoulduld it bbe.e. “Initially, in a mentorship, what you gravitate towards is trying to learn about daily ins and outs of certain processes and procedures, especially if they are internal to your organization, and trying This might shift mentoring relationships outside to navigate past experiences,” she says. “My experi- typical manager–employee relationships, which is ence has been—in a mentorship relationship—once not necessarily a bad thing. Hesterman adds that you’re beyond that initial ‘learning the ropes of the bosses can be seen as coaches—people who are job’ stage, the mentorship relationship flourishes concerned with employees’ professional develop- into more of an understanding of the leadership ment—while mentors have a more holistic view of and how to reach—how to obtain that next level.” the mentee’s growth as a human. Different generations and career stages have “If the goal is to climb a mountain, a coach will different mentorship needs, adds Kobzaruk, and provide fitness, nutrition, and equipment guid- mentor-led guidance can often focus on subjects ance—helping with the ‘how,’” she says. “A mentor that mentees cannot learn in a class or a book. would focus on why you want to climb the moun- Someone new to the security profession may need tain and help with expectation management. Both to focus on soft skills and cultural knowledge of are necessary to get to the top.” the industry and his or her organization. A mid- Not every emerging security professional knows level employee may need to focus on leadership which mountain they want to climb, however. Au- skills, and once he or she has a firm grasp of the thor Lewis Carroll once said, “If you don’t know basics, the individual may need help learning how where you are going, any road will get you there.” to progress up the hierarchy. Senior executives and Professionals who are seeking to climb the lad- leaders may also benefit from being co-mentored der but can’t quite find the first rung need some by a peer or a counterpart at a different organi- help, says Danny Chan, senior consultant for se- zation or department to share management ap- curity monitoring and response in the Asia Pacific proaches and problem-solve. and Middle East region for Mastercard Internation- “One of the more difficult items to grasp is orga- al. Chan says he spent a great part of his career as nizational cultures,” Kobzaruk says. “When was a rudderless boat, finding out the hard way what the last time you’ve seen a class on knowing your works and what doesn’t, and determining his ca- organization’s culture? Having this knowledge will reer goals as he went along. support a future leader on his or her trajectory into “As learning from someone else’s mistakes is a a leadership role, and a mentoring relationship is great way to learn, I have been helping the next invaluable with maneuvering through cultures.” generation of security leaders to not make these Mentees should seek out mentors with savvy in mistakes and, more importantly, help them craft the skills they want to learn, Kobzaruk advises. out a path towards their goals,” he explains. “If a mentee would like to strengthen his or her In Hesterman’s mentoring work with college leadership skills, look for a mentor that’s a well- students and young adults, she says she found respected leader in the industry,” she says. “The that “many want information on how to achieve leader may be one level above or several.” balance between their professional and personal From her experience in the military, Hesterman lives. Sacrificing family, friends, outside interests, says she finds that mentoring programs centered and personal health for work is not acceptable around a formal chain of command often fail. to new generations entering the workplace, nor “Forced mentoring is uncomfortable for both men- should it be. Employees who achieve a work–life tor and mentee,” she says. “A mentor is someone balance experience less stress, have lower risk of we naturally gravitate towards.” burnout, and a greater sense of wellbeing. This

41 Mentoring | By Claire Meyer

not only benefits employees, but also employers. Take care of the people, and they will take care of Mentor Matchmaking the mission.” Mentees should be willing to adjust if needed, and Mentoring programs have a long history within ASIS so should mentors. “A mentor owes it to a mentee to provide the best service he or she can,” Kobzaruk International. The Professional Development Community and says. This means tailoring mentoring styles and top- ASIS have been working during the past decade to connect ics to the individual. up-and-coming security professionals with mentors from “I mentored an individual who was of a different culture than mine,” she says. “Although she initially across the industry to foster their skills and boost their stated she wanted help in leadership skills, it became leadership potential. apparent that she would be better served in strength- The latest iteration of the program—the Security Leaders ening her communication style. When I mentioned this, it was an ‘a-ha’ moment to my mentee, and I was Mentoring Program—is open to all ASIS members at any pleased to see her successfully use the tips I provided.” job level to connect security professionals with resources, “We should style our mentorship by providing a advice, and guidance. The new program features a database more bespoke approach,” Chan says. “Regardless of age, gender, or professional status, to build rapport of mentors and mentees, so mentors can list skills and we need to better understand someone’s personal- expertise and mentees can find a mentor who aligns with ity and character. For example, are they detailed or big picture? What is their moral compass? Are they their objectives. people- or system-focused?” “We’re looking to increase awareness and increase use Knowing these elements will help a mentor to ad- of the mentorship program as a tool for individuals to have just and provide effective guidance that reaches the unique mentee, rather than applying a one-size-fits- someone to reach out to, to ask questions, and to have all approach. discussions—someone who can help you get to the next level As the parent of a 23-year-old, Hesterman adds, you want to be at,” says Shelly Kozacek, CPP, director of she understands firsthand the difficulties in launch- ing a new career. Personal insights like these help security for ship repair at BAE Systems and a member of the her connect to younger employees and tap into their ASIS Professional Development Steering Committee. frustrations and concerns. Users of the program set up a profile and can search the “Mentoring has a direct impact on employee reten- tion for two reasons: First, mentees appreciate the directory for potential mentor matches to connect with. investment of time and energy in their career and Mentorship relationships are encouraged to run at least six personal development, feeling more closely tied to months, and ASIS provides resources and handbooks to help and valued by the organization,” Hesterman says. “Also, mentoring is a way for leaders to gather in- guide new mentors and mentees. formation—by understanding the needs of young In addition to the value of connecting with higher level employees, it is possible to tailor programs to meet professionals, both mentors and mentees can reap these needs and retain talent.” The two-way street of mentorship has proved par- benefits from learning from a third party outside their ticularly valuable around soft skills, Kobzaruk says. own organization or sector. When feedback and guidance While she can help educate mentees about critical is completely internal to an organization, it can produce a communications skills in the workplace, mentees can provide insights on what motivates younger gen- narrower mind-set, Kozacek says. But connecting with an erations or how to communicate more effectively outside professional helps participants branch out, bounce with a wide audience, which provides security val- ideas off a new person, get objective feedback, and learn ue—not just leadership experience. “Communication is a critical component in the from new perspectives. This also enables mentors and workplace, but more so in security,” Kobzaruk says. mentees to bring those outside lessons learned back to the “A lot of what we do is managing anxiety. A strong communication toolkit that provides different com- organization—advancing security, as well as their careers. munication styles is invaluable.” The program is now accepting both mentors and mentees. Learn more at asisonline.org/mentoring. Claire Meyer is managing editor of Security Man- agement. Connect with her on LinkedIn or email her at [email protected].

42 What’s better than providing meals to people in need? Providing 1 Million Meals!

Mission 500 has launched the Million Meal Challenge in partnership with Feeding America to assist families in need across the U.S. who are struggling as a result of the coronavirus pandemic. We’re calling on all our peers across the professional security industry to help raise $100,000 to fulfill this goal. There are many ways to contribute whatever you can during these unprecedented times. Every single donation helps. For more info please visit Mission500.org

Supporting Families Across America

For product info #12 securitymgmt.hotims.com

9019NB-1_Mission500_FeedingAmerica_FullPage_SecMgmt.indd 1 4/15/20 1:09 PM 9019NB-1_Mission500_FeedingAmerica_FullPage_SecMgmt.inddUntitled-1 1 1 04/15/2020 4/15/20 3:54:55 PM 1:09 PM Untitled-1 1 04/15/2020 3:54:55 PM

9019NB-1_Mission500_FeedingAmerica_FullPage_SecMgmt.indd 1 4/15/20 1:09 PM Untitled-1 1 04/15/2020 3:54:55 PM Sports Security | By Sara Mosqueda

Baseball stadiums strive to adapt their security postures and work with their communities to keep fans, players, and oth- ers safe, even when it’s not game time.

By Sara Mosqueda

44 Photos by iStock Security Management | Jul/Aug 2021

citizens bank

rogersr CENTRE busch stadium

45 Sports Security | By Sara Mosqueda

Across from the stadium is Ballpark Vil- Some protests turned violent, and day- lage, with restaurants and bars; the Rob- to-day crime increased, especially as the ert A. Young Federal Building sits two downtown area was largely devoid of peo- blocks away; within a five-block radius, ple. There were also incidents of drag rac- there’s the Gateway Arch and the Histor- ing on city streets and an increase in vio- ical Courthouse; and about eight blocks lent crime with police logging 114 assaults from the stadium lies the Enterprise Cen- downtown in June 2020 alone, according ter, home to the city’s National Hockey to The St. Louis Post-Dispatch. League (NHL) team, the Blues, and Union Some of the rise in crime could be the As the song says, when you go out to the Station, with its own attractions, includ- result of economic turmoil in the region ballpark you’re hoping for peanuts, Crack- ing a Ferris wheel and an aquarium. caused by the pandemic. Melcher says er Jacks, and a win for your home team. “The way I have to look at security, he understands those frustrations and The game attracts all, regardless of back- it can’t end where my sidewalks end,” was seeing them firsthand within his sec- ground, ethnicity, sex, creed, or fame. Ac- Melcher says. “It has to extend beyond ond family—the Cardinals organization. tor Humphrey Bogart was so enamored that because you’re looking at the life- No guests at the stadium meant the dis- with baseball, he once said, “A hot dog blood of downtown.” appearance of a major revenue stream, at the game beats roast beef at the Ritz.” He adds that because the neighboring which in turn meant that people were laid For many fans of baseball, visiting a sta- venues are dependent upon the safety of dium is about more than just catching a the area, the Cardinals see benefits in be- game. It’s considered America’s national ing a good neighbor, making connections pastime, and the stands offer the chance and forming relationships with nearby to catch-up with old friends and make businesses. For example, when Melcher new connections and memories. conducts a risk assessment for the stadi- This is all a But in 2020, with the COVID-19 pandem- um, he invites these neighbors, “so we ic surging and spreading, Major League have kind of a shared security posture, so very real impact Baseball (MLB) teams belatedly kicked off we’re all benefitting, we’re all on the same their seasons in parks and stadiums with sheet of music in what we’re doing. I think silent stands and empty seats. that’s really important.” on so many levels “It’s surreal to be in Busch Stadium This became even more important in and have a game with no guests,” says the lead-up to the 2020 season, with Open- that we’ve had Phil Melcher, CPP. Prior to the 2020 sea- ing Day originally scheduled for 26 March. son, Melcher, security director for the St. But the MLB postponed the season by to Louis Cardinals, estimates that the Mis- three months while it worked on proto- souri ballpark would host roughly 40,000 cols for games and players aimed at mit- really rally guests on game nights. igating exposure to COVID-19, as well as behind each Although MLB was able to provide teams trying to secure a labor agreement with with crowd noise recordings from games in the MLB Players Association. The league other, previous seasons and parts of the stands cut the number of games from the usual be there were filled with cardboard cutouts of 162 down to 60. players, fans, and even dogs and horses, In that interval before the season, Bus- for each other. Melcher says it just wasn’t the same. ch Stadium’s gates were closed, and ap- While there was both hope and levity on proximately 90 percent of staff were or- the field as teams and fans explored new, dered to work from home. socially distanced ways to root for teams, But security guards remained at their off from the organization. Melcher, who Melcher and other stadium security lead- posts, partly to discourage trespassers be- regularly led in-person awareness and se- ers kept their game faces on and began cause of rising frustrations in the city. curity classes for the team and its staff pri- planning to adapt the ballparks and pro- St. Louis was immune to neither the or to the pandemic, says that the last year cedures so that fans and employees could pandemic nor incidents of civil unrest that hit them hard. “For us, it’s very personal, safely return. marked the summer of 2020 in the United the losses of people who have since been States and other countries. The stadium laid off,” he says. St. Louis: The Gateway City and other businesses became part of the The impacts of the coronavirus on the Busch Stadium is part of a busy down- backdrop to rallies for Black Lives Mat- team have been more than financial, town neighborhood that usually sees ter demonstrations and protests against Melcher admits, as the virus killed some heavy foot traffic regardless of game time. law enforcement’s use of excessive force. stadium employees and former staff. Com-

46 Security Management | Jul/Aug 2021

pounding frustrations further marked the Canada. But when the Canadian govern- team. In March, Melcher says, he attended ment closed its borders in 2020 to try to a wake for a former member of the stadi- lessen the spread of the virus, the team um’s grounds crew who died by suicide. moved to nearby Buffalo, New York, to “This is all a very real impact on so many keep playing against other clubs. And al- levels that we’ve had to really rally behind though Buffalo’s Sahlen Field sits on the each other, be there for each other, and let U.S.–Canadian border, the team started others know, ‘Hey, we’re here for you if you out the 2021 season even further away don’t feel right, even if you just need to talk in Florida. or scream, throw something at the wall. If According to Mario Coutinho, vice pres- you need a friend, if you need somebody to ident of Stadium Operations and Security be there, I’m here for you,’” Melcher says. for the Toronto Blue Jays, the team’s secu- Rogers Centre. “In thee Online and video chat platforms have rity department has made the most of its meantime, we’re adaptingaptingt that forf helped in maintaining communications different settings to test how its pandemic Florida based on local public health guid- with staff, not only for support and mo- efforts can adjust, depending on regula- ance, and also another plan for Buffalo.” rale, but also in enhancing security opera- tions and regions. While the MLB has established some tions while maintaining social distancing. “Working with the protocols that Ma- baseline protocols for clubs, every city One recent Zoom call included organizers jor League Baseball has provided to our and region is different in what they ask of a local homeless shelter, so the security players, we’ve developed a pretty compre- citizens and businesses to do. But two team could determine how to best interact hensive plan,” Coutinho says, adding that areas that Coutinho sees as universally with an increasing homeless population in he looks forward to applying that plan to agreed-upon practices among ballparks downtown St. Louis. “They may need some other kind of in- tervention that law enforcement isn’t the right call to make,” Melcher says.   He adds that he finds these education sessions useful for his team, helping it learn to start a conversation instead of a
 
conflict with at-risk persons.
 “Does it come from a position of author-   ity or does it come from a more human perspective where you’re trying to relate     to them and trying to share some human commonality with them that doesn’t deni-     grate them or make them feel less of a per- son? It’s a safer kind of environment for     my security staff as well because it’s less    confrontational,” he says. From Melcher’s view, de-escalation  has become more crucial than before.    Although fans were not admitted into    the stadium for the 2020 season, vehi- cle traffic was prohibited in surround- ing streets for viewing parties with big screens showing the games. Along with protecting guests from more traditional    threats—such as drugs or incidents with   firearms—security maintained social dis- tancing measures among guests outside. Toronto: The City That Works For the Blue Jays, home is usually Rogers Centre in downtown Toronto, Ontario, For product info #13 securitymgmt.hotims.com

47 Sports Security | By Sara Mosqueda

are cleaning protocols and health checks. at entrances, waiting to scan their tickets, at Citizens Bank Park, where the Phillies “All our staff—whether you’re an usher walk through a metal detector, and have play, work on being proactive by research- or a security guard or concession worker— their bags and persons searched. ing trends and implementing technologies. will become health capacitors,” Coutinho Like Busch Stadium, the Blue Jays also Like the other ballparks, they also main- says. “We’ll have to do our part to ensure maintain partnerships with other groups in tain partnerships and communications that everyone sees us going the extra mile Toronto, including law enforcement, emer- with their neighbors, many of whom share to ensure their safety.” gency responders, CN Tower, Social Bank similar security challenges. Coutinho adds that the pandemic seems Arena, Ripley’s Aquarium, and the city’s Citizens Bank Park is part of the Phil- to have accelerated the pace of technolog- transportation departments. This network, adelphia Sports Complex, which also in- which shares information on events and cludes the Wells Fargo Center, where the security matters, has allowed for the de- city’s NHL and National Basketball As- velopment of “a unified approach to man- sociation (NBA) teams—the Flyers and aging our events,” Coutinho says. 76ers, respectively—play; Lincoln Finan- The way I have The partnership with law enforcement cial Field, home football stadium for the and other city departments means that Eagles; and Xfinity Live!, an entertain- to look at Coutinho can coordinate on any surveil- ment, dining, and shopping center. The lance of potential threat actors. The stadi- security leaders from these sites constant- um’s camera system along the perimeter ly share information, from suspicious peo- security, can also assist with monitoring for poten- ple or vehicles to drug detection to social it can’t tial threats and crowd management. media monitoring. DeAngelis says that where my “By testing some of these measures their communication is sometimes infor- end in Florida, it’s allowing us to see what mal, but nevertheless effective, crediting works, what doesn’t work, where we’re the respective organizations for buying sidewalks end. focusing our staff and communications into security. strategy, physical markers, messaging,” Unlike Busch Stadium and Rogers Cen- Coutinho says. tre, Citizens Bank Park is more removed ical developments and adaptation of ex- from the city’s walkable neighborhoods isting technologies for security protocols. Philadelphia: The City with shops, restaurants, and bars. But For example, shifting its fans to digital of Brotherly Love like the other ballpark security leaders, instead of paper tickets offers the team in- Before COVID-19 and 2020 had stadium DeAngelis says he understands the impor- sight into trends that can help it improve security shifting its focus to pandemic tance of relationships with groups based the facility. protocols and hygienic thresholds, it was outside of the Sports Complex. Coutinho notes that when they return learning from other types of incidents “We’re in constant communication to Rogers Centre, this data analysis will be and attacks. with the Philadelphia Police Depart- highly useful—such as for knowing when September 11 was the “start of a lot of ment,” DeAngelis says. His department and where to adjust staff numbers so bot- my colleagues’ careers in the sports se- also regularly connects with the Del- tlenecks do not build up at more popu- curity role,” says Sal DeAngelis, security aware Valley Intelligence Center, a re- lar entrances. The stadium’s location in director for the Philadelphia Phillies. “A gional fusion law enforcement monitor- the downtown region lacks significant lot of us worked in ballpark operations, ing program that gathers, analyzes, and parking spaces for guests, who instead me included, and when 9/11 happened a shares threat intelligence. largely use the city’s public transporta- lot of us got thrown into a security role, Beyond regional partnerships, the ball- tion system. However, on previous game even without a security or law enforce- park’s security team is also familiar with days, this also meant that large numbers ment background. We learned quickly, U.S. federal agencies—including the FBI, of guests arriveda in waveswa ess andnd clusteredclus but we’ve been honing our craft for the U.S. Department of Homeland Security last 20 years.” (DHS), the U.S. Department of State, and Subsequent attacks—including the the U.S. Secret Service—because, prior bombing of the Boston Marathon in 2013, to the pandemic, the site was a venue a suicide bombing at a concert at Man- for concerts, outdoor NHL and Ameri- chester Arena in England in 2017, and the can Hockey League games, and political mass shooting at a 2017 music festival in events for presidential campaigns. Las Vegas, Nevada—further shifted secu- “I believe they were successful events rity postures at sporting and music events. because of our relationships with our law Along with reacting to new threat tactics, enforcement partners,” DeAngelis says DeAngelis and the rest of the security team of the non-baseball events. “Nobody is

48 Security Management | Jul/Aug 2021

meeting anybody for the first time when league—which means that the sites are Even though vaccination campaigns there’s an event at Citizens Bank.” fully staffed again. continue to spread throughout the Unit- DeAngelis says that for the Phillies there ed States, security leaders are aware that The Best Defense is currently a shift in how staff screen another epidemic or pandemic is a like- Those relationships for Citizens Bank guests and inspect bags, with new limits ly reality. So, while the nation’s pastime Park and other stadiums are reinforced on what is approved. For the most part, will continue to play out for devoted fans, by security methods and technologies that the ballpark is no longer permitting bags other traditions linked to the games are mimic those seen in critical infrastructure or backpacks since searching them could unlikely to return—especially traditions facilities, especially since the stadium se- put their staff at risk and make screening that bring fans into close or direct contact cured a SAFETY Act designation from the a longer process. However, smaller bags, with players. DHS in 2019. including purses, medical bags, and di- In 1910, U.S. President William Howard Through the Support Anti-Terrorism by aper bags no larger than 16”x16”x8” are Taft threw a ceremonial first pitch at the Fostering Effective Technologies (SAFE- permitted. Also, guests are the ones to go opening day game for the Washington, TY) Act, DHS coordinated with the MLB, through their bags, with security keeping D.C., Senators, creating a tradition of pres- NFL, and NBA on upgrading stadiums’ their eyes alert but hands off. idential first pitches. Since then, nearly and arenas’ security posture against acts “That’s something to help us stream- every U.S. president has had at least one of terrorism. line the screening process,” says Coutin- first pitch on opening day, an All-Star Bruce Davidson, former director of the ho. Back at Rogers Centre, the stadium game, or during the World Series. Per- Office of SAFETY Act Implementation, already instituted a no-bag policy for formers would stand on the field to sing said in a statement that achieving SAFE- non-sporting events while the team re- the National Anthem. As players exited TY Act designation or the even more de- mains away. It also eliminates the need the stadium or the field, fans would clus- manding full certification is no small task. for staff at gates to come into direct con- ter in the hope of getting an autograph. Through an evaluation process that in- tact with guests. If a fan caught a ball in the stands, he or cludes a site visit during an event, sites she could keep it or throw it back to a play- must prove the establishment and adher- er on the field. With new restrictions and ence to best practices for security opera- security shifts set off by the pandemic, tions. These include procedures for life these are all things that might only be seen safety, evacuations, patron screening, se- We’ll have to do again if you’re watching Bull Durham. curity equipment, delivery/loading dock In St. Louis, security is spending less screening, command and control, security time dealing with guests and more time personnel, access control, and training. to ensuring protocols are followed. Before Melcher, who began pursuing the des- our part the coronavirus, people had greater ac- ignation for Busch Stadium after taking ensure that cess to the team and the clubhouse—the his current position, says he knows that room or rooms where players can shower achieving full certification requires the and change prior to and after a game. Out- support and a shift in focus for the entire everyone sees us side sources’ access to the clubhouse is organization. The stadium achieved full now kept to a minimum to limit the spread certification in September 2019. going the of COVID-19. “It’s an acknowledgement of the work extra “Even the media, after a game, would of the organization as a whole,” says to ensure go into the clubhouse and do interviews Melcher, who is now in his fifth season in the locker area,” Melcher recalls. “That with the team. “It’s definitely a holistic mile ended. That’s not going to happen, and I kind of approach to security that every- their safety. don’t know if that will ever come back.” body has to buy into and everybody has “That’s the sad part of this because to be a part of for it to work.” these teams are such a part of the commu- nity regardless of the city,” Melcher says. Batter Up “Sport is definitely kind of a safe place As the MLB continues its 2021 season, Other protective measures are work- and a place for uplifting society, and peo- some things are swinging back into a ing to mitigate crowding at gates—guest ple have so much invested in it.”  more normal flow. Both Busch Stadium capacity is reduced, in accordance with and Citizens Bank Park have allowed local, state, and league guidelines. This Sara Mosqueda is assistant editor at Se- for at least some fans to come back in- allows facilities to spread out active en- curity Management. Connect with her at person—social distancing and face masks trances, avoiding clusters and maintain- [email protected]. Follow aren’t going away anytime soon for the ing social distancing. her on Twitter: @ximenawrites.

49 Security Technology

Lorem ipsum dolor sit amet, consectetur Lorem ipsum dolor sit amet, consectetur Lorem ipsum dolor sit amet, consectetur adipiscing elit adipiscing elit adipiscing elit By Lorem Ipsum By Lorem Ipsum By Lorem Ipsum Lorem ipsum dolor sit amet, consectetur Lorem ipsum dolor sit amet, consectetur Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor adipiscing elit, sed do eiusmod tempor adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. incididunt ut labore et dolore magna aliqua. incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud Ut enim ad minim veniam, quis nostrud Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex exercitation ullamco laboris nisi ut aliquip ex exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor ea commodo consequat. Duis aute irure dolor ea commodo consequat. Duis aute irure dolor in reprehenderit. in reprehenderit. in reprehenderit.

RISE OF THE SURVEILLANCE STATE // By Megan Gates eople in China are among the most “The mass surveillance programs in Xin- surveilled in the world, taking 16 To continue reading this article jiang are China’s most visible and intrusive, of the top 20 spots on the most sur- and more of the June 2021 but they are just one end of a spectrum,” P asisonline.org/ veilled cities list, based on the num- issue, visit wrote Maya Wang, senior China researcher for ber of cameras per 1,000 people in an annual SecurityTechnology Human Rights Watch, in an April 2021 piece assessment from Comparitech published in for Foreign Affairs. May 2021. forcement begin their digital transformation “Chinese authorities use technology to con- The analysis found that globally there are of existing surveillance practices. trol the population all over the country in sub- already more than 770 million cameras in Now, China has a vast surveillance infra- tler but still powerful ways,” she wrote. “The use, and 54 percent of those cameras are in structure made up from video systems, Inter- central bank is adopting digital currency, which China. Taiyuan, for instance, has approxi- net monitoring, location tracking, and more. will allow Beijing to surveil—and control—peo- mately 117 cameras per 1,000 people. And nowhere is the power of this system more ple’s financial transactions. China is building China laid the groundwork for this surveil- on display than in Xinjiang where approxi- so-called safe cities, which integrate data from lance network decades ago with community mately 13 million Turkic Muslims are moni- intrusive surveillance systems to predict and grid management and the Golden Shield Proj- tored through mobile apps, biometric collec- prevent everything from fires to natural disas- ect, which helped local officials and law en- tion, artificial intelligence, big data, and more. ters and political dissent.” 

50 Illustration by Security Management Security Management | Jul/Aug 2021

Read these articles and more online at asisonline.org/SecurityTechnology

Three Cybersecurity Risk Issues A Global Disconnect: Regulation How Drones are Enhancing to Consider with Surveillance Systems of Commercial Privacy Practices the Security Toolbox RISK ASSESSMENT and Government Surveillance UNMANNED AERIAL SYSTEMS By Elisa Costante NATIONAL SECURITY By James A. Acevedo, CPP By Caitlin Fennessy Connected physical security equipment, like Security, investigative, and executive protec- networked surveillance cameras and smart When it comes to international data transfers, tion professionals around the world appreciate access control systems, offer many advantag- the EU’s General Data Protection Regulation the evolution and advancement in technol- es for facility and safety managers respon- (GDPR) demands that foreign data protections ogy that have added to their everyday carry. sible for securing the premises of retail, in the national security sphere be assessed But with new operational requirements and industrial, government, and other organiza- alongside commercial ones. This dichotomy threats, professionals need to be creative with tions. Integrated IP-video recording systems has placed the two issues—commercial data the items they add to their daily use. with cloud-based recording and administra- processing and government surveillance—on For instance, the use cases for unmanned tion features are popular among users with a collision course. In July 2020, when the Court systems are only limited to the imagination little time to purchase and integrate different of Justice of the EU (CJEU) handed down its and the legal operating theater. Despite the camera, cabling, and video storage hardware. “Schrems II” decision, the wreckage of yet myriad of rules and regulations—and the lack Research on this physical security slice of another crash was strewn globally. of them in some instances—security organiza- the Internet of Things (IoT) device market Policymakers and companies around the tions are beginning to use unmanned aerial and real-world events, however, shows adop- world are now working to pick up the pieces. systems for surveillance. tion of these systems introduces complex cyber risk issues.

SMILE: YOU’RE PROBABLY ON CAMERA Where in the world is the city with the most surveillance cameras? It depends on how you want to measure, according to analysis by Comparitech, which looked at the number of cameras per square mile versus the number of cameras per 1,000 people when putting together its annual list of most surveilled cities. It found that 16 of the top 20 most surveilled cities—based on cameras per 1,000 people— were in China. Delhi, London, and Chennai lead the categories for cities with the most cameras per square mile. In either case, Comparitech said: “We found little correlation between the number of CCTV cameras and crime or safety.”

Taiyuan, China, had the most Delhi, India, had the most cameras Tokyo, Japan, is populated by cameras per person with 465,255 per square mile with 551,500 cam- 37.33 million people but has just cameras for 3.96 million people; eras for 302 square miles; 1,826.58 39,504 cameras; 1.06 cameras per 117.02 cameras per 1,000 people. cameras per square mile. 1,000 people and 7.54 cameras per square mile.

Source: The world’s most-surveilled cities, Comparitech, May 2021

Images by iStock 51 ASIS News

Up Your Game ASIS Global Governance: 2022 Update at GSX ASIS International is poised to take the next major step in its transition to a global gov- ernance structure that allows the organiza- tion to provide better service to its members at the local, regional, and global levels. Be- ginning in 2022, ASIS will stand up region- al boards of directors in both the European and North American regions, with plans for additional regional advisory committees to be seated in future years. The active chairs of both the European Regional Board (which will seat eight direc- tors) and the North American Regional Board (which will seat 12 directors) will serve on the ASIS Global Board of Directors. These re- gional boards’ representation on the Global Board will begin in their first year of opera- tion, in 2022. In keeping with recommendations by ASIS’s European and North American governance workstreams, half of the inaugural members of each regional board will be appointed by the Global Board of Directors. A European Regional Board Nominating Committee, consisting of ASIS’s Global Board of Directors Nominating Committee and three The game has changed. So has Global Security Exchange (GSX). Global Board-appointed European members, Taking place 27-29 September, GSX is designed to meet your will select the remaining participants for the needs—offering global security practitioners a new hybrid experi- European Regional Board from a pool of Eu- ropean members who have submitted can- ence from the largest association for security management profes- didate interest forms for consideration to sionals. GSX will be held both online and in-person at the Orange serve. Likewise, a North American Regional Board Nominating Committee consisting of County Convention Center (OCCC) in Orlando, Florida, USA. the Global Board Nominating Committee and three Global Board-appointed North American GSX is a pro’s playbook to security’s most Digital attendees can enjoy live broadcasts members will similarly select North American important topics. With sessions focused on from two of the theaters, with the top attended members to serve on the North American Re- preparing for the unexpected, withstanding an sessions from the remaining theaters becoming gional Board. attack, building and motivating teams, attract- available after the live event. Digital attendees ASIS will begin accepting candidate in- ing and retaining skilled employees, what’s will be able to chat live with in-person attendees terest forms from individuals in Europe and next for security, navigating the growing se- and even ask the speakers questions. North America in late July. Forms will be due curity industry, and more, the GSX education ASIS International’s top priority is the health in early September. Visit the Global Gover- lineup has something for professionals at any and safety of GSX stakeholders. The OCCC is nance page on the ASIS website for the lat- level in their career. one of the largest venues in the United States est updates. GSX in-person offers All-Access attendees to receive the Global Biorisk Advisory Council® This new governance structure, which six themed learning theaters and 80+ live (GBAC) STAR™ accreditation, recognized as the began with the seating of the first Global sessions, including inspiring education ses- third-party gold standard in cleanliness and dis- Board of Directors in 2020, marks a new era sions, expert-led tracks, exhibitor presen- ease prevention. ASIS is also partnering with Safe for ASIS International—reflecting the diver- tations, timely general sessions, and digital Expo, the preeminent service provider for pre- sity of geography, thought, specialty, age, content available before, during, and after the event health planning support, onsite implemen- market vertical, and experience of our global on-site event. All-Access attendees, whether tation, and post-event health monitoring. membership. in-person or digital, can earn up to 21 CPEs Learn more about GSX health and safety proto- For the latest information on ASIS Gover- toward their recertification. cols and register for an All-Access pass at GSX.org. nance, visit asisonline.org/GlobalGovernance.

52 Security Management | Jul/Aug 2021

Updated POA ASIS members can enjoy a discount of $200 ASIS Global Board off the list price and free global shipping on Now Available the softcover bundle. Learn more about the OF DIRECTORS Protection of Assets at asisonline.org/PoA. To keep pace with the evolving security in- PRESIDENT dustry, in May ASIS released an update to the John A. Petruzzi, Jr., CPP Protection of Assets Young Professionals G4S Americas (POA) reference set. New York, New York, USA Refreshed to reflect Corner PRESIDENTELECT our changing times Meet ASIS Young Professionals Community Malcolm C. Smith, CPP and keep security Steering Committee Secretary Dustin Wilhoit Qatar Museums professionals on the and participant Codee Ludbey, CPP. Doha, Qatar leading edge of best practices in the Dustin Wilhoit SECRETARY/TREASURER Timothy M. McCreight, CPP field, this collec- Young professionals can Canadian Pacifi c Railway tion is designed stand out in this indus- Calgary, Alberta, Canada to assist securi- try by speaking less, lis- ty management tening more, and taking CHIEF EXECUTIVE OFFICER directors and advice from everyone. Peter J. O’Neil, FASAE, CAE professionals re- Take the good advice and ASIS International sponsible for corpo- build upon it. Take the Alexandria, Virginia, USA rate asset protection. bad advice and change it ATLARGE DIRECTORS This updated reference to work. Always be will- Pablo Colombres, CPP set—which was first published in 1974—is ing to step up to any task GIF International considered the security industry’s premier re- thrown your way, and think and work outside São Paulo, Brazil source. Written, edited, and revised by hun- of the box. Be innovative, not typical. dreds of veteran subject matter experts across Joe M. Olivarez, Jr. the security continuum, the POA constitutes Codee Ludbey, CPP Jacobs Houston, Texas, USA recommended reading for all four of ASIS’s Security is a truly multi- certifications. disciplinary field of ex- Axel Petri Available individually or as a bundle, the pertise that requires Deutsche Telekom AG POA includes vital learning on the following quick but deep thinking Bonn, Germany aspects of asset protection: about some of the most Malcolm B. Reid, CPP pressing social challen- Brison • Business Principles, including the funda- ges we face as a global so- Richmond, Virginia, USA mentals of security business operations, ciety. I enjoy working in management, and leadership. the security field because Chiko Scozzafava • Crisis Management, including emergency it requires me to think lat- Ewa Beach, Hawaii, USA management, business continuity, and erally about how to achieve security outcomes Eddie B. Sorrells, CPP, PCI, PSP crisis communications. while balancing public amenity, community DSI Security Services • Personnel, including security officer op- expectations, and a functional asset. Locking Dothan, Alabama, USA erations, employee drug testing, execu- everything up isn’t always practical! tive protection, and spotting problematic EXOFFICIO VOTING behavior. Scott A. Lowther, CPP, PCI • Physical Security, including design prin- Member Book Review PetroChina ciples and practices, tools and techniques Crisis Negotiations: Managing Critical Incidents Rocky View County, Alberta, Canada and Hostage Situations in Law Enforcement to satisfy protection objectives, and prac- Cy A. Oatridge, CPP and Corrections. tical project management guidance. By Michael J. McMains, OSG • Investigations, including interviews Wayman C. Mullins, & Andrew T. Young, Tacoma, Washington, USA and interrogations, undercover investi- Routledge; Routledge.com; 602 pages; $64.95. gations, due diligence, preemployment EXOFFICIO NONVOTING background screening, evidence collec- This book represents a comprehensive trea- Bernard D. Greenawalt, CPP tion, and expert testimony. tise of the discipline of crisis negotiations. It is Retired • Security Management, including theft and well-suited to serve as a textbook in a college Tinley Park, Illinois, USA fraud prevention, security standards, loss or university course. Kristiina Mellin, CPP, PCI, PSP reporting, methods, and enterprise secu- Each chapter includes thought-provoking Accenture rity risk management (ESRM). discussion questions and access to support Tyresö, Sweden

53 ASIS News

materials including slide presentations and ple, juveniles, elderly, combat veterans, and in the field during negotiations, initial train- test banks. law enforcement. ing of newly assigned negotiators, and as a More importantly, it is essential reading for All three authors are not only university pro- source for ongoing training for all assigned practitioners in crisis negotiations. The book fessors, but also have extensive field experi- negotiators. includes a thorough history and development ence in crisis negotiations. It is clear through The authors have interjected numerous case of the discipline, negotiation techniques, risk their writing that they not only have the aca- studies and negotiator profiles throughout the assessment, and crisis management guide- demic knowledge, but also practical field ex- text. These elements provide additional valu- lines. It also addresses negotiation tech- perience in the discipline. able learning opportunities for the student niques for various special populations, such Other suggested uses of the textbook by and practitioner. They bring the principles of as emotionally disturbed or mentally ill peo- practitioners would be as a reference guide negotiation to life for the reader. The content of Crisis Negotiations is well- organized and easy to read. The book clearly #MYASIS IMAGE OF THE MONTH illustrates that the discipline has evolved since its inception about 50 years ago. It is a high- Pablo Colombres, CPP ly recommended resource for any student or Supporting ASIS International Chapter Portugal kick off! Congratulations to the practitioner of crisis negotiations. security colleagues from Portugal who have chosen to become part of the world’s largest membership organization for security management professionals. Reviewer: Dennis Eberly, MS, LPI (Licensed Private Investigator), is the owner of On Target Investigation & Consulting, LLC. He retired as a police lieutenant from the East Hempfi eld Township Police Department in Lancaster County, Pennsylvania, after 33 years of service. Eberly also served as a Negotiation Unit Supervisor for the Lancaster County Special Emergency Response Team (SERT). He has held criminal justice faculty positions at several institutions over the past three decades. 

ASIS CERTIFICATION PROFILE // KEVIN SMITH, CPP, PCI, PSP

evin Smith transitioned into He earned ASIS Internation- tor for the ASIS Asset Protection a security management al’s Certifi ed Protection Pro- Course, and as a contributor Kcareer after seven years fessional (CPP®) certifi cation in to the Investigations section of in law enforcement. Now an 2010, following the lead of his the newly revised Protection of enterprise security specialist triple-certifi ed mentor. “Part of Assets (POA) reference set. for a utilities provider in the value of becoming certifi ed is An especially memorable Colorado, he fi nds himself the invaluable knowledge you moment for Smith came when drawn to the security function’s gain from your study and prepa- he and his team rolled out a new ability to create positive out- rations,” he says. “My organiza- workplace violence protection comes for an organization—from tion supported me in pursuing program for the organization. top to bottom. my certifi cations because they “Security offers you the oppor- With approximately 20 security understand the value this knowl- tunity to shape the minds, culture, offi cers reporting directly to him, edge brings to the organization.” and, ultimately, behavior of others Smith and his team monitor all ship has connected me with se- Now, Smith holds the ASIS with the goal of creating and events that may pose a threat curity professionals around the International Triple Crown, having maintaining a safe environment,” to the organization’s operations. world who share the common earned the CPP, the Professional he refl ects. “This fi eld allows you With such an important mandate, goal of protecting individuals, Certifi ed Investigator (PCI®), and to explore creative and proactive Smith fi nds that adhering to in- wherever they may work. Those the Physical Security Professional ways to help mitigate threats in dustry-proven best practices is an connections have helped shape (PSP®) certifi cations. He shares our ever-changing world.” effective way to ensure success. the services, programs, and his knowledge as an adjunct pro- “My mentor introduced me to procedures that I have brought fessor for the Metropolitan State Profi le by Steven Barnett, ASIS ASIS,” he shares. “My member- back to my organization.” University of Denver, an instruc- Communications Specialist

54 Industry News | By Sara Mosqueda Security Management | Jul/Aug 2021

VIDEO MANAGEMENT Interface Security Systems announced that restaurant chain El Pollo Loco is relying on its managed video verified alarms and intrusion alarm monitoring. The system allows restaurant security to detect intrusions and minimize false alarms. The service included replacing outdated alarm systems with new ones, plus Interface’s 360 Alarm Maintenance Service, which ensures all maintenance issues involving duress but- tons, connectivity, or the alarm panels are addressed. Annual techni- cal inspections ensure the alarm systems always remain operational. A pilot project revealed that with every alarm event, Interface’s remote monitoring team would verify whether the alarm required a call to local law enforcement. Only 5 percent of such events required police involve- ment, while the rest were false alarms, saving El Pollo Loco thousands of dollars by cutting down false alarm penalties and associated costs.

Appsian Security Xpandion IMG Companies, LLC INTA Technologies Corporation Appsian’s acquisition of the company will provide an integrated approach to auto- The acquisition advances IMG’s growth plan mating authorization lifecycles and con- and customer diversifi cation in target sec- trolling access to sensitive business data. tors, as well as enhancing manufacturing. MERGERS & Hexagon AB CADLM SAS MOVES HelpSystems Beyond Security Hexagon will use CADLM’s products and The acquisition allows HelpSystems to ex- processes to improve product design pand its infrastructure protection portfolio, innovation, manufacturing productivity, which already includes Digital Defense, and product quality. Core Security, and Cobalt Strike.

Award Partnerships SecurityHQ received a 2021 IBM Beacon Award in the Outstanding Securi- ty Solution category for its Incident Management & Analytics Platform, in Smart Cars recognition of its use of IBM technology to innovate a solution for clients. Vehicle cybersecurity provider AUTOCRYPT partnered with SHIELD Automotive Cyber- security Centre of Excellence to prioritize research and development in securing con- Contract nected and autonomous vehicles. March Networks will provide mobile surveillance for the California Transpor- tation Agency’s fl eet of more than 400 buses and up to seven years of cloud- Digital Forensics based monitoring services. MSAB and Detego announced a strategic partnership that will off er users a site to acquire data for both mobile and computer analysis, plus a complete end-to-end suite of Announcements modular digital forensics tools. Gilbane Building Company selected AMAG Technology’s Symmetry Security Management System to deploy at the new Hines 100 Mill commercial high rise Cybersecurity in Tempe, Arizona. XM Cyber entered into an agreement with Spire Solutions, allowing for expansion into Israeli and Middle Eastern markets.

55 ISC West | Product Showcase PRODUCT SHOWCASE

SURVEILLANCE CAMERAS The Hanwha Techwin PNV – A9081R camera is an artifi cial intelligence, IR outdoor vandal dome camera that captures images up to 4K resolution, while also including powerful, in-camera deep learning algorithms. Utilizing object recognition versus motion detection all but eliminates false alarms while also providing valuable business and operations insight. These AI cameras also of- fer performance in both analytics and deep learn- ing applications. The included license-free analyt- ics detect and classify a range of objects including people, vehicles, license plates, and faces. This technology can also provide a reliable edge-based intelligence. Visit www.hanwhasecurity.com/pnv- a9081r.html to learn more. Circle 101

WIRELESS ETHERNET EMERGENCY RADIOS ComNet Communications Networks is introducing its new Generation 4 Net- With StarLink Fire Cellular Communicators, Wave wireless products, which off er greater performance in applications where clients can ensure they will have a fast emer- throughput is a challenge. The NW1 Gen 4 can exceed gency and fi re alarm response when weather 500Mbps, accommodates 10/100/1000Mbps Ethernet, events or telephone companies cut off leased and it also now has IEEE802.3at PoE Compliant PD on landlines, which are already starting to disap- port 1 and an IEEE802.3af power source (PSE) pear in parts of the United States. Clients can available on port 2. The new hardware features a upgrade a fi re alarm that is reliant upon old high-performance chipset with a quadcore CPU communication technologies, making it code that is designed to meet the high throughput compliant with these universal cellular or cell/ demands that surveillance applications require. IP solutions for Commercial Fire. StarLink Fire Visit www.comnet.net/comnet-products/ethernet/ Radios can communicate either on AT&T or Ver- wireless/5ghz-wireless-ethernet/nw1-gen4 to learn izon networks and off er users a chance to save more. Circle 102 thousands of dollars compared to landlines. Visit www.starlinklte.com to learn more. Stand 12031, Circle 103

OUTDOOR LOCKING BAR Detex is the only manufacturer of the outdoor latch retraction device, a solution that can be used in a variety of environments, including corpo- rate facilities, gated complexes, outdoor entertainment, dorms, stadiums, and more. Unlike electromagnetic locks, this outdoor locking solution can remain locked when there is a power loss. Those protected by the locking device can always push upon the need to exit, while no unauthorized out- siders can pull on it in order to get into the protected room. Visit www.detex. com/ISCW to learn more. Stand 12092, Circle 104

56 Security Management | Jul/Aug 2021

SCREENING LANES Evolv Technology off ers a patented solution that enables venues all over the world to deploy touchless screening technologies for weapons detection, identity verifi cation, and health-related threats. Built on top of the Evolv Cortex AI platform, Evolv Express improves visitor fl ow 10 times faster than metal detectors and, using sensors and artifi cial intelligence, instantly diff erentiates personal items from concealed threats like weapons and explosives. Visit evolvtechnology.com/evolv-express/ to learn more. Stand 13059, Circle 105

VEHICLE SURVEILLANCE ISS’s SecuSecurOS OS UnderU Vehicle Surveillance System (UVSS) combines soft ware and hardware for under- vvehicleehicle surveisurveillance.llan The solution is developed with various ISS patents and designed to integrate wwithith IISS’sS SecurOS v10 platform. The SecurOS UVSS also creates a database of high- reresolution images of vehicle undercarriages and recognizes vehicle license plates, making it applicable for numerous venues where underground parking or structured parking facilities are used. The system can monitor vehicles with high precision and can be deployed virtually out of the box when interfaced with the ISS SecurOS VMS. Visit www.issivs.com to learn more. Stand 8077, Circle 106

ENTERPRISE SECURITY Maxxess Systems off ers complete enterprise security solutions with increased situational awareness and coordinated responses for all markets. These solutions deliver features such as COVID control, integrated mass communication, situation assessments, monitoring at-risk users, multiform panic buttons, and more within a unifi ed security management platform. The open architecture solutions integrate with more than 70 third-party manufacturers in video surveillance, fi re systems, intrusion detection, and other industries to meet project requirements. These solutions are customizable with no code changes, and implementation is fast and easy. Visit www.maxxess-systems.com to learn more. Stand 8077, Circle 107

IR SURVEILLANCE The Pelco Spectra Enhanced 7 Series IR Look Up PTZ camera off ers users wide area coverage, high-speed tracking, and long-range details in unilluminated areas. Able to look up above the horizon and utilize automated infrared illumination, this next generation of cameras allows security operators to monitor large areas, as well as the ability to see in the dark so no incidentin is missed. Featuring 2MP and 30x opticaloptical zoom,zoom the camera series provides top tier image quality,quality performance, and intelligent embedded featuresfea for critical infrastructures such as cities, bridges, roadways, ports, stadiums, and transportation systems. Visit www. EVENT MANAGEMENT pelco.com/products/cameras/ptz- Everbridge helps manage critical events for more cameras/spectra-enhanced-7-ir-lookup/ than 5,600 customers across the world, reaching more to learn more. Circle 108 than 700 million people in over 200 countries, reser- vations, and territories. Visit www.everbridge.com/ platform/critical-event-management/ to learn more. Stand 5036, Circle 109

57 ISC West | Product Showcase

RECORDERS Speco is introducing the new Recurring Monthly Revenue (RMR) feature for its NRE series recorders. The RMR feature allows Speco customers to pay for the features they need on a monthly basis. This provides the user with an additional monthly revenue stream from a single recorder at no additional cost to the client. Setting up is easy enough, as clients can simply download and register through the Speco Blue Manager App, then quickly select which features the customers can access. Visit www. specotech.com to learn more. Stand 23017, Circle 110

DOORDO DESIGN Door hardwarehardware and physical security have had a tradi- tionally complicatedcompl and challenging relationship, but wiwithth ZBetaZBeta, clients can automate design standards ASSET MONITORING anandd tame tthe door hardware beast. Learn how ZBeta’s Users can level-up their GSOC with artifi cial unique ddesign technology can automate security intelligence-powered crisis alerts and asset standardsstanda and use requirements data to improve the monitoring by samdesk, which can provide rerelationshipla moving forward. ZBeta off ers a tech- notifi cations any time a crisis event occurs near nologyno solution that organizes requirements data, a client’s assets, even while on the go. Users helpsh automate the application of security policies can get the full picture as it is happening, with anda standards to design projects, and results in access to live updates on local traffi c, weather, air dramaticallydramat better project results. Visit www.zbeta.com to quality, and more. Alerts can also be customized learnlearn more. Circle 112 by event type, region, level of severity, and more. With alerts on disruption events, users can react faster and respond with confi dence. Samdesk off ers more signal and less noise so users can protect their people, assets, and brands. Visit SURVEILLANCE CAMERAS www.samdesk.io to learn more. Circle 111 Panasonic I-PRO Sensing Solutions announces its new S-series line of cam- eras. The new S-series off ers clients high-quality images thanks to technical ad- vancements. Bundled with built-in artifi cial in- telligence, the high-precision analysis helps simplify surveillance operations, which in turn can improve crime prevention. Three indoor models are scheduled for release in June 2021, and two exterior camera models will be released in September 2021. Every S-series camera comes with a fi ve-year warranty and Video Insight camera license. Visit i-pro.com to learn more. Circle 113

SOC MANAGEMENT Vector Flow’s Physical Security Operation Center (SOC) Automation Suite uses deep artifi cial intelligence-based automation of SOC operations, autonomous alarm reduction, and real-time insights across multiple functions to enhance security operations. Vector Flow’s customers see a return on investment from three enterprise soft ware modules: SOC Alarm Reduction Manager, SOC KPI Manager, and SOC Predictive Maintenance Manager. SOC Automation Suite has proven to re- duce cost and risk by eliminating up to 80 percent of false or nuisance alarms, automating repetitive tasks, and proactively managing security infrastructure while helping deliver more SOC services, such as COVID-related reopenings. Visit www.vectorfl ow.com to learn more. Circle 114

58 Security Management | Jul/Aug 2021

FACILITY MANAGEMENT Continental Access has evolved into a developer of smart security and facility management solutions. It off ers a wide variety of solutions, including enterprise, mobile, cellular, cloud, wireless locks, and embedded solutions. Continental’s fl agship CA4K Enterprise Security and Access Control Management Platform is a scal- able access control and security platform designed to provide a single fl exible, interoperable, integrated security solution. Its CA4K Access Manager App acts as a Virtual Enterprise Workstation on any smart device. New addi- tions to the Continental solutions line-up include E-Access Embedded Solutions and Bluetooth Readers and Air Access cellular-based access control. Visit www.cicaccess.com to learn more. Stand 12031, Circle 115

ACCESS CONTROL GUARD BOOTHS This optical security device from Designed Security, Inc., us- Par-Kut International off ers clients the design and production of built- ing proprietary sensing technology to detect direction and tail- to-order, factory assembled security guard shelters. Its welded steel secu- gating, is suited for areas requiring tighter security. Compatible rity booths, with standard climate control, can be found at access control with all card reader technologies and access control systems, points around the world. Model designs range from basic to high-end ar- the Entry Sentry helps to ensure that only one individual enters chitectural and all points in between. Sizes range from small, single-offi - through a secured doorway for each valid authorization, pre- cer booths to multi-room and multi-module buildings. Built-in restrooms venting tailgating. Its design are available in booths for does not detract from interior facilities that demand con- aesthetics and mounts easily stant vigilance over opera- on standard door frames and tions. Other features include hallway walls. Entry Sentry bullet-resistance, camera consists of two self-con- and data preps, custom tained, narrow door/wall countertops, and platform mounted units providing both or trailer mounting. Visit local and remote alarm indi- www.guard-booth.net to cations. Visit www.dsigo.com/ learn more. Circle 116 PSSM07 to learn more. Stand 12092, Circle 117

STORAGE OPERATING SYSTEM Dell Technologies has teamed up with VMS partners to reduce the risks associated with deploying safety and security solutions. Easier to manage and maintain, the PowerScale OneFS OS enables a single volume, shared by all the camera streams. The solution off ers scalability and performance, and it is able to increase capacity in seconds by simply adding another node, meaning no downtimee or disruption. PowerScale also off ers enterprise-level data protection and can help organizations deploy big data analytics faster and with less cost. Visit www.delltechnologies.com/en-ca/storage/ powerscale.htm to learn more. Circle 118

INSURANCE COVERAGE The Brownyard Group’s Brownguard Insurance Program has served and protected the interests of security professionals for more than 70 years. The Brownyard family continues to affi rm its commitment to the security industry by supporting the Intrepid Fallen Heroes Fund. Visit www.brownguardins.com/quote-request/ to learn more. Circle 119

59 ISC West | Product Showcase

KEY CONTROL Morse Watchmans is the original developer of electronic key control. Clients can manage all facil- ity keys with the Morse Watchmans KeyWatcher Touch. Users can also design and customize a sys- tem by selecting from several module options that secure keys and key rings, as well as lockers that secure assets such as wallets, cell phones, and laptops. The KeyWatcher Touch is expandable and can be integrated with other access control systems for enhanced security. All products are made entirely in the United States, and Morse Watchmans has distributors around the world Visit www. morsewatchmans.com/products/keywatcher-touch to learn more. Stand 12109, Circle 120

SAFETY LOCKSETS Marks USA LifeSaver ANSI Grade 1 institutional life safety locksets address managed li- ability accident prevention, life safety, and security in behavioral health care institutions, X-ray settings, and correctional facilities. LifeSaver off ers a number of variations—cylindri- cal, mortise styles, models, and functions are available, including electrifi ed units, which can work on buzz-in and man-trap settings, plus GermAway antimicrobial fi nishes. Also, the 5-Point Ligature-Resistant Slide Health models, an option for institutional and corrections SURVEILLANCE SYSTEM applications, meet the latest BHMA At the core of Hanwha Techwin’s product devel- 156.34 anti-ligature trim standard opment is the Wisenet 7 System on a Chip (SoC). De- and are approved by the Joint Com- veloped in-house and built in Korea, Hanwha Techwin mission (JCAHO). Marks’ products continually enables new features and analytics. With are backed by the Marks exclusive its own device certifi cate issuing system, Root CA, the lifetime mechanical warranty. Visit Wisenet 7 camera lineup off ers the highest levels of www.marksusa.com to learn more. cybersecurity possible. Hanwha Techwin’s cybersecu- Stand 12031, Circle 121 rity policy embeds unique certifi cates into all products during each step of the development and manufac- turing process, resulting in a cybersecurity policy that satisfi es stringent UL CAP standards, plus Hanwha’s LOCK CONTROLS own requirements for product reliability and design in- Dortronics’ 48900 PLC Interlock Controller off ers a novation. Visit ww2.hanwhasecurity.com/wisenet-7/ solution for implementing door interlock systems with to learn more. Circle 122 up to nine doors. The fully integrated, single-board solution provides installers with complete control of all operating and confi guration options without the need and expense of complex soft ware. The 48900 Series PERIMETER FENCING Controller integrates with virtually any access control Ameristar’s Matrix Alpha allows the user to system utilizing dry contacts. The unit also provides defi ne the level of security needed by choosing outputs for traffi c lights, door violation alarm, and a suitable mesh option that details the degree three individual timing sequences for propped door of delay and site visibility. Available in hot-dip time, emergency override unlock, and request-to-exit galvanized or PermaCoat fi nish, this fence unlock time. Visit www.dortronics.com to learn more. system is a baseline for perimeter security. The Stand 12140, Circle 123 curtain-wall architecture allows for variable post spacing, resulting in reduced installation times. The Exodus Pedestrian Egress Gate system is designed to mitigate multiple trips to the jobsite. This all-in-one gate system has all the required panic exit device hardware preinstalled. Visit www.ameristarfence.com/en/products/fence- systems/matrix-alpha-curtain-wall/ to learn more. Stand 9073, Circle 124

60 Security Management | Jul/Aug 2021

POWER DISTRIBUTOR Altronix’s Trove Plus series combines preconfi gured power distribution and control sup- porting the leading access brands, as well as with wire harnesses for controllers and fi nger duct for wire management. These features allow for an easier and cleaner installation. The series also has a new option that accommodates even more doors in a Trove3 system, uti- lizing angled brackets to include more power and control in a single enclosure for a client’s largest access applications. Altronix products are both NDAA and TAA compliant, manu- factured in the United States, and backed by a lifetime warranty. Visit trove.altronix.com to learn more. Circle 125

BODY CAMERAS The AXIS Body Worn Solution off ers users a way to capture valuable evidence, deter bad behaviorsbehaviors,, and positivelypositively infl uence the actiactionson of both the camera wearers and the public. Designed on an open system architecturarchitecture,e, which allows for integration with other video management systemssystems (VMS) and evidence managementm systems (EMS), this solu- tion is highlyhighly fl exiexible.ble. RuggeRuggedd anandd llightweight,ightweight, itit consists of the AXIS W100 Body Worn Camera,Camer AXIS W800 System Controller, and thethe 1-bay1- AXIS W700 or 8-bay AXIS W701 DockingDoc Station. The solution’s cameras arear easy to use and deliver sharp audio andan video recordings. Visit www.axis.com/ products/wearablespro to learn more. StandSta 14051, Circle 126 TURNSTILES From Boon Edam, the Speedlane Compact off ers the safety and security of a security turnstile in a smaller footprint. Featuring an VISITOR MANAGEMENT ergonomic design, the short V-shaped cabinet With AlertEnterprise Visitor Identity Man- optimizes the use of valuable fl oorspace and agement, the user can control the full visitor the smooth, swing-motion glass barriers can lifecycle, from arrival to departure. On-site coordinate with any existing building décor registration off ers fast processes, including and design. The Speedlane Compact also off ers COVID-19-specifi c attestation; email and standard tailgating, safety, and object detec- Web pre-registration; self-service kiosks; and tion sensors, which can relieve pressure on optional facial recognition technology for a security and reception staff as well as off er fl ex- frictionless experience on the customer end. ible lane confi gurations, easy installation, and With real-time vetting against watchlists and user intuitive guidance. Visit www.boonedam. policy-driven background checks, visitors and com/en-us/products/optical-turnstiles/speed- contractors are validated before gaining access. Integrated audits and reporting work- lane-compact to learn more. Stand 8037, fl ows provide automatic compliance enforcement in meeting all standards and regula- Circle 128 tions. Visit alertenterprise.com/products/enterprise-visitor-identity-management/ to learn more. Stand 3077, Circle 127

LOSS PREVENTION SERVICES Metro One has off ered professional security services since 1984. With decades of combined loss prevention and security management experience, Metro One can tailor its service to fully integrate into the client’s loss prevention and security program, as well as play a key role in obtaining their objectives, while providing a return on investment. The fi rm off ers recruiting, training, and program development of its loss prevention offi cers. Visit www.metroonelpsg. com to learn more. Circle 129

61 Legal Report | By Sara Mosqueda

Domestic terrorism. A U.S. federal judge sen- tenced Richard Holzer to 19-and-a-half years in prison for plotting an attack on a synagogue in Pueblo, Colorado. Holzer pled guilty to a federal hate crime charge and actions that amounted to domestic terrorism, according to the U.S. Department of Justice (DOJ). He planned to use fire and explo- sives to destroy Temple Emanuel Synagogue on 2 November 2019 and “obstruct persons in the enjoyment of their free exercise of religious beliefs,” according to court documents. Holzer, a self-identified Neo-Nazi and white supremacist, used social media to promote racist ideologies and violence. An undercover federal agent contacted Holzer through social media in JudicialJudicial 2019 and determined he was targeting the tem- ple in preparation for a racial holy war. (United States v. Richard Holzer, U.S. District Court for the DecisionsDecisions District of Colorado, No. 19-mj-00246-NYW, 2021) Sexual harassment. A resort business with ath- letic and leisure facilities in California and Or- Conspiracy. Russian national Egor Igorevich Kriuchkov was sen- egon will pay $500,000 and other relief to set- tle a sexual harassment and retaliation lawsuit tenced to 10 months in prison and a $14,825 fine in restitution for filed by the U.S. Equal Employment Opportu- attempting to recruit a Tesla employee to introduce malware into nity Commission. According to the lawsuit, female employees of the company’s computer network. the Bay Club Company were sexually harassed by customers and managers. The suit also claimed Kriuchkov pled guilty to one charge of conspir- According to court documents, the attack that managers in at least one location retaliated acy to intentionally cause damage to a protected would have been two-pronged. The first would against employees who complained about ha- computer on 18 March 2021. He initially pled not have appeared to be an external DDoS attack, rassment. (EEOC v. Bay Club Fairbanks Ranch, guilty in September 2020. distracting cybersecurity staff from the second LLC, et al., U.S. District Court for the Southern Dis- Along with his co-conspirators, Kriuchkov attack that would exfiltrate data from the net- trict of California, No. 3:18-cv-01853-W-AGS, 2021) planned to introduce malware to extract data work. Kriuchkov and his co-conspirators also from Tesla’s network. They would then extort allegedly targeted other companies through the company by threatening to publish the in- similar methods, notably ransomware. Legislation formation online unless Tesla paid a ransom. Since Kriuchkov had already spent nine United States Kriuchkov approached a Tesla employee months in custody, his sentencing in May Sexual assault. The U.S. House of Represen- based in Nevada, worked to establish a rap- was nearly tantamount to time served. He tatives reauthorized the Violence Against port, and eventually offered to pay the employ- will be deported but will be placed under fed- Women Act (HR 1620), which would protect ee $500,000—later agreeing to increase the eral supervision for three years if he instead and provide resources for victims of domestic payment to $1 million in Bitcoin—in exchange remains in or upon his return to the United abuse and sexual violence. The bill awaits a for introducing the malware onto Tesla’s net- States. (United States v. Egor Igorevich Kriuch- vote from the U.S. Senate. work. The employee reported Kriuchkov’s of- kov, U.S. District Court District of Nevada, No. The law was expired in 2018 when Congress fer to the company, which notified the FBI. 3:20-mj-83-WGC, 2021) was unable to reach an agreement over certain

Issue: Domestic terrorism Issue: Cybersecurity Case: United States v. Siesser Case: United States v. Kher Venue: Western Dist. Ct. of Missouri Venue: Southern Dist. Ct. of California Status: Sentenced Status: Sentenced LEGAL Signifi cance: Jason Siesser was sentenced Signifi cance: Deepanshu Kher was sentenced

COURT CASES COURT to 12 years in prison for trying to buy a to 24 months in prison for deleting user ac- HIGHLIGHTS chemical weapon on the Dark Web. counts from his former employer’s server.

62 Illustration by iStock; Security Management Security Management | Jul/Aug 2021

issues, notably language regarding restric- termined that Alibaba made its vendors “pick tions on firearms and protections for trans- International sides”—pushing out its competitors by forcing gender people. those selling on its marketplace to choose ei- Regulations ther Alibaba or rivals’ services. Excessive force. Maryland enacted new ac- The fine, equivalent to 4 percent of Alibaba’s countability measures for law enforcement TheThhee NNeNetherlands domestic sales revenue in 2019, sets a record officers, repealing the U.S. state’s Law Enforce- Datat breach. The Dutch Data Protec- for antitrust fines issued in China—three times ment Officers’ Bill of Rights. tion Authority (DPA) fi ned Booking. as high as the previous one against Qualcomm The Democratic-controlled legislature com €475,000 ($577,439) for belatedly in 2013, according to the Financial Review. (Ad- passed the Maryland Police Accountability Act reporting a data breach where hackers ministrative penalty decision, State Adminis- (MD HB0670) a second time after Republican accessed the personal data of more tration for Market Regulation, No. 28, 2021) Governor Larry Hogan vetoed it. than 4,000 customers. The hackers also “The original intent of these bills appears to mined credit card data of 283 victims United States have been overtaken by political agendas that and were able to collect credit card sec- Aircraft safety. The U.S. Federal Aviation Admin- do not serve the public safety interests of the urity codes in 97 instances. istration (FAA) levied a $5.4 million fine against citizens of Maryland,” Hogan said in a letter The online travel agency did not Boeing Company for failing to adhere to the terms to the leaders of the state House and Senate. report the incident until 22 days after it of a 2015 agreement intended to renovate the The bills “will result in great damage to police occurred on 13 January 2019, long past company’s culture and attitude towards safety. recruitment and retention, posing significant the 22-hour deadline. In the agreement, Boeing promised to improve risks to public safety throughout our state.” and prioritize its internal safety check process- The law, one piece of a four-part reform es in line with regulatory requirements. Boeing package, introduces rules on authorized use entered the agreement with the FAA, resolving force, investigations into such incidents, and multiple civil penalties against the company. The disciplinary procedures for officers found vio- regulatory pressure focused on the manufactur- lating the new rules. Police convicted of using er was due to compliance issues, although there excessive of force can face additional criminal were no accusations from the agency that Boeing penalties, including up to 10 years in prison. was creating unsafe conditions. Other aspects of the law include granting The DPA noted that even in instances Boeing missed improvement targets outlined public access to complaints lodged against of- where credit card information was not in the agreement, and some managers failed ficers and internal affairs files. There will also compromised, users’ leaked personal to prioritize adherence to federal regulations. be new thresholds for securing permission to information could still be used by hack- Boeing also agreed to settle two FAA enforce- raid homes after dark and for “no-knock” war- ers in phishing attempts. These potential ment cases for $1.2 million. One of the cases al- rants, such as signatures from both a police attacks would appear more credible if leged that the company failed to properly imple- supervisor and the state’s attorney. a scammer had access to information ment an FAA-approved Organization Designation on booking dates and exact locations of Authorization (ODA) program while also inter- previous trips. fering with members of that program. The sec- Regulations Site users were notifi ed of the breach ond case claimed the company did not adhere China three days before the DPA, and the com- to quality-control processes and interfered with Antitrust. China’s market watchdog group, the pany attempted to mitigate the damage, safety inspections of aircraft. In both instances State Administration for Market Regulation including offering compensation. the FAA determined that members of the ODA (SAMR), issued an 18.2-billion yuan ($2.8 bil- Although Booking.com is headquar- program still fulfilled their responsibilities. lion) fine against e-vendor Alibaba for violat- tered in The Netherlands, it operates Prior to the fine, and as a condition of the ing competition laws. internationally and attracts customers original 2015 agreement, Boeing paid $12 mil- SAMR said in a statement that the fine from various countries; the Dutch DPA lion in civil penalties. (Settlement Agreement, comes after a four-month investigation into coordinated with other European privacy U.S. Department of Transportation, Federal the online commerce company and its “abuse regulators in investigating the violations. Aviation Administration, Office of Regional of market dominance.” The investigation de- Counsel, 2015) 

Issue: Privacy Issue: Marijuana Issue: Immigration Case: In re Facebook Bill: SB1406 Bill: Immigration (Amendment) Bill 2020 Venue: Northern Dist. Ct. of California Venue: Virginia Venue: Hong Kong Status: Settled Status: Enacted Status: Effective 1 August Signifi cance: Facebook will pay $650 Signifi cance: Legalizes possession of up to 1 Signifi cance: Offi cials can bar people from million for unauthorized collection of LEGISLATION ounce of marijuana for adults 21 and older. entering or leaving Hong Kong, like main- biometric information. Sales remain illegal. land travel bans used to trap dissidents.

Photo by iStock 63 Marketplace MARKETPLACE

Included in this month’s solutions are thermal cameras, audio devices, facial recognition, and more.

#701 Access Control

Johnson Controls introduced the Tyco Illustra Insight, a facial recognition camera that allows authorized personnel to pass through an access control point without disrupting the flow of people. It does not require physical contact with a credential reader or keypad. Powered by artificial intelligence and deep learning algorithms, the camera leverages access control management software to simultaneously recognize multiple people. Integrated LEDs and audible messaging inform people whether they are authorized to enter an area. www.illustracameras.com/insight

#702 Temperature Screening

FLIR Systems announced the FLIR Elara FR-345-EST, a fixed- mount radiometric thermal security camera that measures elevated skin temperature without contact or the need for a reference temperature source. Applicable for high-traffic airports, stadiums, commercial buildings, and manufacturing facilities, the camera automatically focuses on the body part that most closely correlates to core body temperature, accurate within 0.5 degrees Celsius, while maintaining social distancing guidelines. Whether used as a standalone system or integrated into a broader system, the camera’s improved AI capabilities mean a faster assessment time, with an average of one second per person. www.flir.com/fr-345-est

#703 Guard Station

Aiphone introduced the new IXG-MK IP Video Guard Station for screening visitors and improving security measures for multitenant and commercial spaces. The solution allows visitors to call a building’s concierge, receptionist, or security guard directly from an entrance. Once safe intent is determined, calls can be transferred to the appropriate unit or the door can be unlocked for deliveries. A seven-inch touchscreen allows for clear video, and the station enables communication between guard stations, call recording, and call forwarding to tenants. The IXG- MK can have up to 9,999 units in its address book and maintains a history of calls received. www.aiphone.com/video

64 Security Management | Jul/Aug 2021

#704 #705 Body Cameras Facial Recognition

Panasonic I-PRO Sensing Solutions Corporation introduced the SAFR from RealNetworks, Inc., announced improved face detection BWC4000, a body-worn camera that offers law enforcement a and recognition accuracy for both masked and unmasked faces solution with a 12-hour field-swappable battery. Other features with the release of SAFR 3.0. The latest version introduces a new include the ability to tag videos with metadata with a user-friendly default high sensitivity face detector, which boasts a 95.1 percent LCD menu; MP4 file recording; H.264/H.265 video compression detection rate and 98.85 percent recognition accuracy rate for to maximize recording capacity; and 1080p, 720p, or 360p HD faces covered by PPE face masks—including non-surgical fabric resolution in either a 16:9 or 4:3 ratio. Able to be used even in masks of varying patterns—in surveillance-style videos of faces harsh conditions, the BWC4000 was built to meet MIL-STD 810H in motion. Detection efficiency was also improved when multiple military testing standard with an IP67 weather-resistant rating. faces are simultaneously in the field of view to ensure detection and The new camera also offers built-in GPS, Wi-Fi, and Bluetooth. recognition speeds remain high. www.publicsafety.i-pro.com www.safr.com

REQUEST DETAILED PRODUCT INFORMATION THROUGH OUR MONTHLY ERESPONSE, VISIT HTTP://SECURITYMGMT.HOTIMS.COM, OR USE YOUR SMARTPHONE TO ACCESS THE QR CODE ON THIS PAGE. 1. Download a free QR code reader from the Android, Blackberry, or iPhone apps store. 2. Open the app, hold your phone camera steadily above the QR code on this page, and your device will connect to our custom site where you can request product information from any of our advertisers.

CIRCLE # PAGE # advertisers online 08 Ameristar ...... 19 Ameristar Mission 500 02 AXIS Communications ...... 04 www.ameristarsecurity.com www.mission500.org 07 CEIA Ferromagnetic ...... 15 AXIS Communications Par-Kut International 01 ESRI ...... 02-03 www.axis-communications.com www.parkut.com

10 Garret Metal Detectors ...... 25 CEIA Ferromagnetic Prosegur 05 Hanwha Techwin ...... 11 www.www.ceia-fmd.com www.prosegur.us

11 John Jay Online ...... 37 esri Special Response Corporation 12 Mission 500 ...... 43 www.goesri.com www.specialresponse.com 13 Par-Kut International ...... 47 Hanwha Techwin Speco Technologies www.hanwhasecurity.com www.specotech.com 14 Prosegur ...... 67 06 Special Response Corporation ...... 13 Garrett Metal Detectors StarLink Fire LTE/Napco www.garrett.com www.starlinklte.com 04 Speco Technologies ...... 08 John Jay Online Zbeta Consulting 15 StarLink Fire LTE/Napco ...... 68 www.johnjayonline.com www.zbeta.com 03 Zbeta Consulting ...... 06

65 Infographic | Hate Crime

Hateful Backlash At the beginning of the COVID-19 pandemic, the FBI warned that it expected a surge in hate crimes against people of Asian descent. While it is diffi cult to quantify the exact number of hate incidents because they oft en go unreported, advocacy group Stop AAPI Hate received more than 3,795 fi rsthand accounts of anti-Asian hate incidents in the United States between 19 March 2020 and 28 February 2021.

Climbing Concerns Despite Lockdowns, Hate Persisted

More than half of 1,500 Asian Americans The Center for the Study of Hate and Extremism who responded to an AAPI Data 2020 Asian at California State University found that anti-Asian American Voter Survey said they are worried hate crimes spiked 149 percent across 16 of America’s about experiencing hate crimes, harassment, largest cities between 2019 and 2020, while reported or discrimination because of anti-Asian hate crimes overall declined 7 percent during rhetoric about COVID-19. lockdowns and COVID-19 restrictions.

Motivation Categories

There were 7,103 single-bias hate crime incidents reported in the United States in 2019, according Very Often 27% to the FBI. Among those incidents, the motivations cited were primarily race or ethnicity. While anti-Asian hate crimes declined in the late 1990s, they have been on the rise in recent years.

Race/Ethnicity: 58% Religion: 20% Sexual Orientation: 17%

24% Sometimes Often Source: 2019 FBI Hate Crime Statistics

Hate Incidents Against Asian Americans and Pacifi c Islanders (AAPI) Sometimes 25% According to Stop AAPI Hate, most reported incidents involved verbal harassment. More than 35 percent of discrimination incidents occurred at businesses, and race was cited as the pri- mary reason for discrimination.

Verbal Harassment Physical Assault Online Harassment 68.1% 11.1% 6.8% 24% Almost Never Shunning or Avoidance Coughed At/Spat Upon Workplace Discrimination 20.5% 7.2% 4.5%

66 Infographic design by Mariah Bartz; Illustrations by iStock For product info #14 securitymgmt.hotims.com Don’tDon t Wait Until ItIt’s s Too Late

Save Lives & Money. Replace POTs lines on Fire Alarms Today with Leading Fire Cellular for All FACPs

• Safeguard All Fire Alarms Now In Jeopardy Of Failing To Communicate as weather, events or Telephone Companies continue to cut off leased landlines − Tradeup to StarLink Cell Communicators for less

• Improve Alarm Response Times When Seconds Matter Most, Save Life And Property with StarLink Fire® fast cellular reporting to any Monitoring Station • Proven to Save $1000’S Of Annual Budget Dollars vs. POTs lines − Each Starlink Fire Cell Communicator replaces 2 leased landlines per FACP • AHJ-Friendly & Code Compliant: NFPA 72 2019, UL 864 10th Ed, CSFM, LAFD, NYC FD

• Supports All FACP brands, 12V or 24V, new or old − StarLink Panel-Powered Technology installs in minutes; Low current draw, NO additional power supply & NO extra conduit. Dual Path Cell/IP now with EZ-Connect Telco jacks & self-supervised w/o modules. • AT&T or Verizon StarLink models to choose from, proven to work, even where others won’t, using Signal Boost™ & twin dual diversity antennae for max. signal acquisition & null avoidance, not possible with single stick antenna radios

® or ® 1.800.645.9445 • www.StarLinkLTE.com

StarLink, StarLink Fire™, Signal Boost™ are trademarks of Napco. Other marks trademarks of their respective cos. †For model compliance listings always consult tech docs & AHJ.

For product info #15 securitymgmt.hotims.com

SMag-9x10-87 5StarLinkFireDontWait060821.indd 1