Lack of Convergence: Just as the convergence of the digital and physical space is important, the lack of it will continue to expose organizations. Bias and experiences [or lack thereof] will weaken protective strategies without unity. In the military we are taught the principle of Unity of Command – all forces operating under the authority of a single commander who directs them toward a common goal. A divide between security and accompanying security risk management practices weakens an organization’s ability to unify a comprehensive approach to protection management.
Complacency: In law enforcement, we are taught “complacency kills,” or the word has been used in the workplace context as the “silent killer.” Complacency continues to haunt organizational appetites for resource-protective practices. A common theme I have listened to for nearly 40 years has been, “I never thought this would happen to me” or “I never thought this would happen to our organization.” Complacency will remain a stand-alone risk category, with the unfortunate results producing negative consequences. Complacency avoidance begins from the top, with a supportive structure, and a foundation of training and awareness.
Uncrewed Systems (Drones): The rise of the machines is here. Drones continue to be a part of our lives – air, ground, and water. In unfortunate circumstances, the bad guys are also employing drones for a myriad of surveillance, nefarious, and harmful activities. It is also fair to say that laws associated with countering uncrewed systems have not caught up to the employment of the technology. Only a select group of government and military agencies have limited authority to take down an ariel drone. There are approaches and technologies to detect, identify, and locate drones and their operators. To start this process, the threat of drone capabilities should be included in risk management measures. Incorporate counter-drone detection technologies into perimeter security. There is no operational benefit to prolong the inevitable.
The Ugly
Mass Casualty / Weapons of Mass Destruction (WMD): There is no question that mass casualty events and WMDs are Ugly, as well as scary. These subjects are rarely discussed outside the security realm and many parts of the inner security sphere. Unfortunately, the threat is real. Active shooter scenarios and the use of Chemical, Biological, Radiological, and Explosive weapons are authentic and further expanded with the addition of drugs used as a weapon (CBRE-D).
The sabotage of food/water, healthcare products, and prescription drugs remains a credible threat. It is easy to ignore, as a low probability or negligible risk, until the day of an attack. Training in hostile surveillance and response measures are initial steps to mitigate events. Investment in detection technology through AI surveillance systems and advanced sensors is readily available for heavily populated venues. First responders are measurably ready when an incident occurs. The true measure relies on investments equally critical towards on-site prevention and detection measures to avoid or lessen consequential losses.
Violent Crimes: Violence in and out of the workplace is detrimental regardless of the location of the assaults. Criminals and disturbed persons either randomly or target their victims. The horrible impact on victims cascades to loved ones, communities, and the workplace, which has long-term effects. Mitigating the threat reflects the necessity of situational awareness, reporting unusual behaviors, including online activities like cyber-stalking, and physical security measures. Educating persons, managers, and human resource partners is essential to understand potential indicators and warnings of violent behaviors and take immediate action. Workplace violence plans and viable programs are essential branches of crisis management programs.
Terrorism: The threat of terrorism has unfortunately become a way of our everyday life. The fear transmitted is that terrorists can strike anywhere. Terrorism has evolved over time with adversarial tactics and techniques to match the modernization and openness of free societies. Terrorism comes in many different attack forms of violence ranging from organized nation-state actions down to self-radicalized individuals. Weapons of choice are unlimited, varying from the effects of munitions, homemade explosives, poisons, use of vehicles, kitchen knives, etc. Terrorist motives have also expanded beyond the distinctive political and religious to many other disgruntled segments of societies. The best measures to mitigate always come back full circle to the basics of situational awareness, target hardening, and expectation of governmental intelligence programs.
Disasters: Unfortunately, disasters will occur, whether environmental, accidental, or man-made. Their toll on people, communities, and business operations will remain insurmountable no matter the scale. Safety practices and safety compliance are key to preventing accidents. The planning, preparation, training, and readiness to manage a disaster are most critical. Investing in emergency response, crisis management, and continuity of operations will result in far fewer costs than dealing with the consequences of failing to prepare.
The Sequel
Is there a sequel to The Good, the Bad and the Ugly of Critical Infrastructure Protection? Probably not. It is a long-running performance that may never end. Those who work in the security industry can script out the scenes. Many of the protective basics for securing assets and incident response have remained. Security techniques and technology continue to modernize as adversaries improve their capabilities. As a community of practice, we can continue to shape the future and influence positive outcomes.