Another Troubling Twist in Terrorism
By Anil Chitkara, Co-Founder and President –
The security of our country, our workplaces, and our people has taken a significant turn for the worse over the past 48 hours. The unpredictable course of terrorism has changed yet again, with an expansion of the target set, modification of the means, and synchronization of multiple acts. These most recent course changes should cause us alarm.
Soft Targets Expanded from Locations to People
The 2012 Aurora, Colorado movie theater attack, the 2015 San Bernardino, California office building attack, and the 2016 Seaside Park, New Jersey bomb signaled a shift in targets from airplanes and iconic settings to seemingly innocuous locations in small towns and cities throughout the U.S. Earlier this week, pipe bombs were sent to a businessman, top current and former government officials, and an actor. Another pipe bomb was found yesterday at the CNN offices at the Time Warner Center in New York City.
Targets have expanded to include anybody, at anyplace, in anytown, USA. Who’s next? Where will the target be? Will it be another pipe bomb, or something else designed to thwart our current capabilities?
Explosive Weapons Have Changed Yet Again
The “traditional” explosives once used have given way to homemade improvised explosive devices. This week is not the first-time homemade explosives were used. The 2013 Boston Marathon pressure cooker bomb and the 2017 New York City explosive belt were constructed in an individual’s home. The pipe bombs sent this week were reportedly made of plastic PVC pipe and contained glass shrapnel. These materials are of additional concern as they can be more difficult to detect with much of the security technology that exists today.
The weapons being used by terrorists continue to expand, with new configurations of explosive devices, firearms such as 3D printed guns, and knives concealed in ever more ingenious ways. Detecting these threats as they are concealed on individuals has become increasingly difficult, as most security technologies have not evolved at the same pace as the targets they are designed to detect.
Large Number of Simultaneous Targets
The third troubling concern is that eight reported attacks have been launched over the past 48 hours. The expansion of the target set obviously expands the potential impact of these devices, creates an enormous burden on our law enforcement and counter terrorism professionals, and elevates concern among the general public.
While these developments in terrorism are concerning, American counter terrorism, law enforcement, and security professionals are world class. They continue to work diligently to identify suspicious packages, safely secure people, and remove these devices. They are also actively utilizing all available resources to identify the individual(s) responsible for these heinous acts. They will continue to work to keep us safe. They will continue to fulfill their mission with the utmost skill, professionalism, and effectiveness.
By providing these professionals with technology that helps them stay abreast of the latest terrorist evolutions, including technology that can detect the nonmetallic elements found in this week’s pipe bombs, companies like Evolv Technology can help level the playing field by keeping people safe. While new technology is being rolled out in many venues, more needs to be done. Our adversary will never stop innovating. Neither will we.
A Wake-up Call About Non-Metallic Weapons as Tools of Terror
By Mike Ellenbogen, Founder and CEO –
There’s probably a reason the pipe bombs sent to two former Presidents and other politicians, an actor and a businessman were made of PVC piping instead of metal and contained glass shrapnel rather than nails and bolts.
It’s because the bomber knows that the world’s weapons-screening infrastructure for the last 30 years has been based on metal-detection equipment. Indeed, anyone considering committing an act of terror probably knows this as well. It’s well-documented on radical sites on the Web, where it’s easy to find guides on how to build non-metallic bombs, including in articles in ISIS’ online magazine.
We don’t know yet why none of the bombs exploded but based on our initial analysis of photos in the media we see no reason why they couldn’t have. They have all the necessary basic components. It’s possible the bomber chose not to activate a triggering device and just wanted to send a terrifying message. Or maybe all the recipients—the intended targets and the security and mailroom staffers that handled the devices–just got lucky.
Either way, luck was involved. And luck is not a strategy.
We should have learned this by now, since this is far from the first time a bomb that did not contain metal failed to go off. Richard Reid, the shoe bomber, got his non-metallic bomb onto a flight from Paris to Miami in 2001, but couldn’t light the device. Everything about the attack by Umar Farouk Abdulmutallab, the underwear bomber, went as planned except the bomb burned rather than blew up on a flight from Amsterdam to Detroit in 2009. Attacks with non-metallic bombs do happen. Al-Qaeda used plastic explosives to attack the USS Cole in 2000, and terrorists used a C-4 to blow up a U.S. military housing complex in Saudi Arabia in 1996. But the reality is that in this country, we’ve avoided casualties from some of the most potentially lethal and destabilizing attacks because of the failure of the attacks, not the success of the security.
So, what to do? For starters, any organization or citizen that has felt concerned enough about being a terrorists’ target to get a metal detector needs to look for screening systems that can identify metallic and non-metallic weapons. We sell such systems—they use a technology called millimeter wave that identifies materials by its chemical makeup – and so do other companies.
Beyond that, the solutions become a lot less clear, and a lot more daunting. This round of attacks highlights not only the threat from non-metallic devices, but the broad shift in terror tactics from attacking hardened locations such as airports and government buildings to targeting “soft targets” that typically have no weapons screening at all, such as office buildings. Indeed, the only reason the bomb meant for Robert De Niro wasn’t delivered to the actor is that an eagle-eyed security staffer at his production company saw a mailroom worker with a package that looked just like the one he saw a photo of on TV the previous day that contained a bomb.
We are lucky in this country to have world-class law enforcement and counter-terrorism people, and we will likely soon know who did this and why none of the bombs actually detonated. But as a society, we need to grapple more seriously with giving these professionals and their peers in corporate security access to more information and technology to predict and prevent such attacks. The President’s security detail no doubt had x-ray machines capable of spotting almost any kind of weapon, but do we need to upgrade, or in some cases, to introduce material-agnostic weapons screening in our public mail systems? How about scanning for private delivery services companies and distribution center offices? And what about screening for other kinds of attacks? The scary truth is that yesterday the attacks came through the mail, but tomorrow they could be delivered by a person walking through the front door.
DHS Warns of Continued Soft Target Threat in Latest Terror Bulletin
By Melissa Cohen, Evolv Technology, VP of Marketing –
In September, the Department of Homeland Security issued its latest National Terrorism Advisory System (NTAS) bulletin, notifying state and local organizations and the public that the U.S. continues “to face one of the most challenging threat environments since 9/11.”
That sounds pretty newsworthy, yet you probably didn’t hear much around this latest warning from DHS. Very few publications covered the bulletin, because it was very similar to the last two NTAS bulletins, in May and last November. But the bulletin should not be dismissed. In fact, it reiterates the troubling, long-term shift in the threat landscape since the NTAS system was rolled out in 2011. Rather than assign their own members to conduct carefully-planned, 9/11-style attacks on hardened facilities such as airports and government buildings, foreign terrorist organizations such as ISIS are using the Internet to “inspire, enable, or direct individuals already here in the homeland to commit terrorist acts,” the bulletin reads.
DHS’s concern isn’t only about the ability of groups like ISIS to radicalize Americans to do their bidding. It’s also about how and where those attacks will be made. Recent bulletins have all warned of attacks on “public places and events” using “easy-to-use tools.” As we have seen all too often in places like Nice, London and the U.S., attacks are on the rise at lightly-defended targets such as office buildings, entertainment venues and marketplaces, often with handguns, knives and rented trucks.
This long-term shift requires a substantial rethink of the security technology needed to protect visitors to these softer targets. Traditional metal detectors can find the tiniest pen-knife if given the time, but they will also find every last key and piece of spare change. That means long lines of frustrated people, just trying to get on with their everyday lives. For our companies, schools, businesses and entertainment venues to actually invest in weapons detection infrastructure, they will need higher throughput, smarter screening systems that are optimized to find weapons and explosives capable of inflicting mass casualties.
The need is especially pressing for low-hassle systems that can reliably spot major threats. There have been more than 20,000 shootings this year alone, many by lone wolf killers such as troubled teens attacking classmates to a shooting at concert goers from a hotel window. But the NTAS bulletin is an important reminder that ISIS and its ilk are also still out there. Indeed, DHS expects that the more ground ISIS loses in the Middle East militaries of the US and other nations, the more it will focus on fomenting soft target attacks on U.S. soil.
The Dangerous Dawn of the DIY Gun Industry
By Mike Ellenbogen, CEO, Evolv Technology –
In the first episode of his new show “Who Is America,” comedian Sacha Baron Cohen did a surreal bit in which he persuaded three U.S. Congressmen and former Senator Trent Lott to support his character’s desire to train children as young as four years old to carry guns to help stop school shootings. “Kinder Guardians,” he called them.
Well, how’s this for surreal? On July 10, five days before the episode aired, it became legal for anyone in most parts of this country — convicted murderers, known terror suspects and, yes, even children — to easily and legally make a gun in their own basement. And not just any gun, mind you. An untraceable gun.
This development is the result of the U.S. State Department’s decision to settle a lawsuit brought by Austin, Texas-based Defense Distributed, which sued the government in 2015 for the right to publish plans to 3D print a handgun, along with other designs including milling instructions to program a desktop 3D CNC machine to create guns and gun parts. Today was the day Defense Distributed had planned to relaunch the company’s online repository of files, which is calls DefCad.
Fortunately, a Federal judge in Seattle issued a temporary restraining order yesterday in a case brought by eight states, preventing the distribution of the CAD files, pending the trial. While it turns out Defense Distributed had already started distributing the files, the website relaunch was sure to attract the attention of people who our society has decided should not have access to guns. As the blurb on Defense Distributed’s website (now turned upside down, in protest of the restraining order) proclaimed: “The age of the downloadable gun formally begins.” Rarely has the phrase “dodging a bullet” rung so true.
Defense Distributed’s vision is a big deal. While there’s been a DIY gun movement for years, you needed some expertise in metal-working and a hobbyist’s passion for guns, manufacturing or both. Not anymore. Defense Distributed has made making a real gun at home as easy as buying a home-brew kit to make your first batch of beer. Say you want to build your own AR-15 without the government having any knowledge. There are just four simple steps. First, put down a $250 deposit to get one of Defense Distributed’s Ghost Runner metal milling machines (while the full price isn’t listed on the website, this excellent article in Wired says the machine costs $1,200.) Second, buy legally-available gun parts, such as the muzzle and the grip of an AR-15, as well as a slightly-unfinished “lower-receiver” from Defense Distributed or another gun supplies website. (The sale of finished “lowers” for all guns has been regulated until now, as the lower contains the trigger mechanism and therefore is the part that controls whether a gun is single-shot, semi-automatic or automatic). When the “80%” complete lower arrives in the mail, follow the instructions to set it properly in the Ghost Gunner. Fourth, download the file for the part you want to make from Defense Distributed’s website, and then drag and drop the file onto the icon for your Ghost Gunner on your PC. With the push of a button, the machine will complete the milling of the lower, so it can be combined with other AR-15 parts you’ve purchased legally.
Note that the news today is not just about plastic guns. Defense Distributed became well known back in 2013 when it unveiled designs for a handgun called the Liberator that could be printed with a 3D-printer. While a technical milestone of sorts, this and other plastic firearms are only capable of a limited number of shots before they self-destruct. The real threat is the ability to make your own high-quality, fully functional mil-spec semi-automatic weapon.
As an American citizen, I am concerned that the State Department’s decision nullifies the one thing that everyone from the NRA to Parkland student activist Emma Gonzalez could agree on: that people who are known to be dangerous to the public should not be able to get a gun capable of inflicting mass casualties. Suddenly, every Federal measure put in place to make life difficult for mass shooters—the disgruntled teenage boy tired of being bullied at school, the furious ex-husband with a jealous grudge, the radicalized religious zealot—is rendered ineffective. Unless there are state or local laws in place, would-be murderers will not need to submit to background checks, or take the chance that a sharp-eyed gun shop owner will notify authorities of suspicious behavior. They’ll also have an easier time skirting “Red Flag” laws, such as the one passed by Massachusetts on July 3, that gives family members and house-mates the right to request confiscation of guns from people they consider to be dangers to themselves or others.
No doubt, some state and local laws will provide legal checks on Defense Distributed’s “guns-on-tap” vision. On July 30, two days before it planned to relaunch distribution of its CAD files, the company agreed to block access to the site in Pennsylvania to avoid legal action by the state’s Attorney General. It’s also illegal to sell guns and gun parts made with a Ghost Gunner to others without a Federal Firearms License, and in some cases may be illegal to even let someone else use their Ghost Gunner, according to Defense Distributed’s website.
Regardless of what happens with the lawsuit filed by the eight states and the District of Columbia, some checks on Defense Distributed’s “guns-on-tap” vision will remain. The State Department’s decision to allow distribution of the CAD files did not lift Federal prohibitions on the use of DIY milling machines for commercial purposes, without a Federal Firearms License. The machines are supposed to be only for personal use. Defense Distributed warns would-be customers on its website that it may be illegal to even let someone else use your Ghost Gunner in some jurisdictions. Many states and municipalities also have laws regulating use of DIY gun technology–and that will no doubt rise now that the topic has become front-page news.
Contact your elected officials and ask them not to lower the bar.
Read more here about today’s threat vectors and tomorrow’s security threats.
Safeguarding Against Insider Threat, Oakland International Airport Enhances Employee Screening Program
Dave Mansel is the Aviation Security Manager at Oakland International Airport, California. –
Oakland International Airport is known for its commitment to advancing innovative solutions to complex security operations. Recently, the Airport was selected as a TSA Innovation Task Force Site, a prestigious distinction that promotes improved efficiency and allows the Airport to try technologies to benefit its growing passenger base, to help the TSA apply lessons learned around the country.
We had an opportunity to talk with Dave Mansel, aviation security manager for the Airport about his decision to implement a new solution for threat detection and prevention. Oakland International installed an Evolv Edge system to enhance its employee screening program.
Q: What led you to seek a new threat detection solution to enhance your employee screening program?
A: Oakland International is the second busiest airport in northern California, and we’ve been growing on a consistent basis for four years. We had more than 13 million people travel through the airport in 2017, the most traffic we’ve ever seen. We expect that growth to continue. Obviously, we need more people working here to accommodate such growth, and we need innovation to make sure we provide a safe work environment and an efficient, non-disruptive screening experience for our employees.
Q: How is that threat detection screening experience different now that you’re using the Evolv Edge?
A: Prior to Evolv Edge, employees were screened using a variety of techniques and equipment, including walk-through and handheld metal detectors, and full-body pat downs. Now, employees pass through the Evolv Edge at walking speed, without having to empty their pockets or submit to invasive search procedures.
Q: How did you learn about the Evolv Edge?
A: We knew that a few other airports in the US were using it for employee screening, so we agreed to meet with the Evolv team at the ACI-NA Public Safety and Security Conference last fall. We recognized immediately that it was a good fit. Evolv helped us quickly get a test unit in place, and it has performed well.
Q: What are the main reasons you decided to proceed from testing to deploy the system?
A: We like that employees like it more than other inspection methodologies. For aviation workers, screening is part of the daily routine during shift check in. Traditional screening methods have been slow and invasive, including pat downs and physical examination of personal belongings. Simply stated, they are viewed as inconvenient.
Being able to speed up the screening process and make it less invasive is a big win. With Evolv Edge, employees “just walk through” – the system screens the employee and their belongings which provides for a fast, friction-free screening process. This is a welcome change compared to manual screening and traditional methods that were slow and required divestment and physical searches. These features are a plus for today’s employees and will support our growth.
The fact that the system is mobile is a plus. We can use it throughout the entire airport, to try it for different use cases. Safety and security is our number one priority, and Evolv Edge provides a good balance between comprehensive employee screening and a seamless experience. With this installation, we feel confident in our ability to protect against today’s threats while also minimizing inconvenience for our employees.
Q: Do you have plans to expand OAK’s use of the Evolv Edge platform?
A: Yes, but this is a future step that will require additional planning.
Read more about examining today’s threats vectors to address tomorrow’s security threats here.
Examining Today’s Threat Vectors to Address Tomorrow’s Security Threats
By David Cohen, security and intelligence expert, former CIA and NYPD, advisor to Evolv Technology –
One quick scan of violent public attacks in the headlines in recent years will convince even the most casual observer that society needs an improved approach to security. Lone gunman kills 58 and wounds more than 500 in Las Vegas. Former student kills 14 students and three staff members at Parkland, Fla., high school. Coordinated terrorist attacks murder 130 in Paris. Three drivers ram pedestrians on London Bridge, killing 8 and injuring 48.
Each incident is alarming and horrific in its own right. When we take a step back, what is also alarming is that these attacks vary in style, type of target and choice of weapon. Adversaries are getting more innovative, less predictable and, thus, more dangerous – underscoring society’s need to stay one step ahead of them.
Identifying the five threat vectors
One critical aspect of combatting adversaries is more clearly defining their motivations. Motivation can range from an ideologically driven, well-planned attack to a targeted release of emotional rage. With this range of motivations in mind, we identified the five threat vectors that incorporate the range of motivations that would produce violence against soft targets:
- Terrorism: Homegrown or instigated from abroad, driven by ideological, religious or political perspectives. Think Paris shootings, London car attacks.
- Active shooter: Irrational decision to kill or injure as many people as possible. Think Las Vegas shootings.
- Workplace (or institutional) violence: Retribution for perceived harm to the perpetrator. Think Florida school shooting.
- Gang-related: Result of planned or spontaneous conflagration.
- One-on-one, spontaneous event: Spontaneous explosion of emotion – rage – by weaponed person.
By incorporating these motivations into a threat assessment, risk managers and security professionals can better recognize adversaries’ strategies and design security plans with a multi-layered security approach that deploys tools that cover the five threat vectors.
Adversaries are innovating…
A major change visible in today’s adversaries is the number and nature of individuals carrying out mass casualty/violent events. Terrorists are no longer trained just at specialized training camps and directed from central locations. Today, the free flow of information and communication across internet and social channels makes it substantially easier for individuals to radicalize, organize and procure weapons.
Perpetrators of mass violence are also able to build improvised explosive devices that contain no metallic content and create easily constructed homemade devices. Newer non-metallic weapons, such as 3D printed guns, pose yet another new threat that traditional security technology cannot detect – which points to the fact that perpetrators of mass murder are much more knowledgeable about the types of countermeasures defenders are deploying.
… So we, too, must innovate
To combat adversaries’ tactics, defenders need to create more versatile and aggressive security plans. Plans need to include intelligence, physical security infrastructure, weapons detection technologies and trained guards or law enforcement professionals. These components form a comprehensive counter violence plan based on both a threat assessment and a vulnerability assessment.
The elements of a new, more innovative approach to security can be found in a “risk-based security” (RBS) methodology. The RBS methodology – the opposite of a one-size-fits-all approach – promotes flexibility and adaptability. This approach helps security leaders evaluate different threats based on a variety of risk factors, plan for the threats and continually revise them as new information becomes available.
Incorporating the right technology
A successful new approach to security must also include a strong focus on weapons detection. Plans should include the ability to detect person-borne weapons including firearms, explosives and other threats. New detection technologies with multiple types of sensors are capable of detecting non-metallic threats as well as more traditional metallic weapons. Ultimately, the weapons detection technologies must be able to change over time with new sensors and improved algorithms.
Security also needs to identify known individuals who may do harm to people or facilities. These may be individuals on a BOLO (be on the lookout) list, former disgruntled employees, individuals previously removed from the premises, or others known to cause trouble. Facial recognition technology can be used to identify these individuals as they enter a facility and provide an alert to the guards or the security operations center. Moving intelligence to the front line is a key enabler to address evolving threats.
The steady flow of horrifying events in newspaper headlines hammers home the point that security threats are not going away nor are they any more predictable over time. Different situations will require different tactics, and tomorrow’s evolving threats will push defenders to exercise new levels of innovation to fend off increasingly dangerous attacks – and the only way to combat the threats is to adopt a new, more holistic approach to security.
Read more here about risk-based security.
About the author
David Cohen is one of the world’s leading authorities on intelligence analysis and operations, with expertise developed over a nearly five-decade career with the Central Intelligence Agency (CIA) as well as with the world’s largest metropolitan law enforcement organization, the City of New York Police Department (NYPD). He served for 12 years as the NYPD Deputy Commissioner for Intelligence, a position established in the wake of the 9/11 attacks. He revolutionized the way the NYPD collected, analyzed and used intelligence, and leveraged traditional intelligence methods and relationships abroad to successfully protect New York City from another terrorist attack.
A Step In the Right Direction to Protect Our Surface Transportation Hubs
By Mike Ellenbogen, CEO, Evolv Technology –
At various times since 9-11, the Federal government has issued mandates to require increased screening of travelers and luggage at airports. Many of these mandates spurred investments in innovative technologies that made air travel safer. When the government required advanced body scans after the “underwear bomber” attempted to blow up a Northwest flight on Christmas day, 2009, the Transportation Security Administration (TSA) worked with airports, airlines and technology vendors to create a process that was effective and preserved travelers’ dignity through the subsequent development and deployment of advanced automated software. Without the Federal deployment mandates, that software would still be sitting on the shelf.
Now, it’s time to start hardening the nation’s other transportation hubs – the train, bus, subway and ferry stations that are part of millions of Americans’ daily lives. I’m always hesitant to talk about potential targets for mass casualty attacks. I don’t want to give would-be terrorists any ideas, and I never want to be accused of fear-mongering as a way to generate sales. That said, it’s no secret that terrorist groups have been shifting their focus to these softer targets (Inspire magazine, Summer 2017, Issue 17). Surface transportation hubs provide big crowds in confined places, with very little security infrastructure to prevent an attack. Since there are no federal screening requirements, the ISIS-inspired lone wolf who detonated a pipe bomb during a Manhattan morning rush near the Times Square subway stations last December didn’t have to worry much about getting to his intended target. Only his ineptitude as a bomb-maker—he was the only person seriously injured–prevented a far more gruesome outcome.
The good news is that the topic is starting to be discussed where it really counts: in Washington DC. Last month, the House of Representatives passed the Securing Public Areas of Transportation Facilities Act of 2018. Should the Senate sign the measure into law, the Department of Homeland Security will be required to create a working group with transportation facility owners, service operators as well as equipment and services providers. The law would also require DHS to provide best practices and some assistance, should hub owners or transportation line-operators request it.
Clearly, this is a baby step—but it’s an important one that sends a strong signal to our industry. Now, we need continued efforts to make sure we don’t just end up with white papers and recommendations.
Ultimately, I believe we’ll need some type of Federal mandate to create the impetus to deploy technology and develop best practices, which will result in further innovation. Of course, this argument is blatantly self-serving. If every train, bus and subway terminal were required to screen even a small percentage of visitors, we believe it would create a $200 million market for Evolv and our competitors.
Self-serving or not, history suggests that the job of protecting our surface transportation hubs won’t get done without some appropriate government regulation. I know a lot of progressive, well-intentioned security chiefs who would like to make the necessary investments but can’t get the budget dollars to begin to implement screening processes.
What kind of mandates would do the trick? The key is to start small…but start. Requiring random screening of just five percent of visitors would make would-be attackers think twice before targeting mass transit and inspire pilot programs and other collaborations that could get the innovation flywheel spinning. Without a mandate, the new law could become one more authorization in a world that only pays attention to appropriations.
Mandates may be even more important to protecting surface transportation hubs, than they were for the aviation market. For airports, the TSA approves all of the screening processes, is the sole buyer and operator of all equipment and has ultimate responsibility for aircraft security. Protecting a train station is in some regards more complicated, given a patchwork of sometimes overlapping jurisdictions. The local transportation authority may own the main terminal, but rail operators are responsible for their own train cars. Other landlords may also be involved. The New York subway bomber, for example, tried to detonate his bomb in a walkway connecting two subway lines that are owned by different authorities.
Figuring out how to protect surface hubs will pay broader societal dividends. Some of these hubs deal with truly massive traffic volumes. More than 4.3 million people use the New York subway every day, nearly twice the number the TSA handles daily across all of the country’s airports. That makes them the perfect testbed for creating high-throughput screening processes, that could be used by entertainment venues, popular restaurants or any other potential targets, should the number of soft-target attacks continue to rise.
I’ve been in this business for nearly three decades. During that time, I’ve noticed that significant advances in security happen for one of only two reasons. The first is as a reaction to smart, appropriate mandates, by government agencies that understand the potential threats and the needs of the marketplace. The second is as a far-less considered knee-jerk reaction to a tragedy. That’s an easy choice.
Read about six ways screening technology can protect soft targets from terrorist attacks.
Risk-Based Security Gets in the Game
By Chris McLaughlin, Vice President, Global Solutions, Evolv Technology –
If you’re coaching a soccer team in the World Cup this summer, you’re going to want to adapt your defensive strategies for each opponent. To stop an aggressive, high-scoring offense, you’ll keep your defenders back and play cautiously. To beat a cagey, clever foe, you’ll apply some pressure to try to force turnovers.
Successful strategists in the security arena face the same kind of tactical issues. The stakes are much higher, of course, but security pros need to deal with their own group of “attackers” who are skillful, resourceful, and motivated to succeed. Soccer coaches can’t deploy a “one-size-fits-all” strategy, and neither can today’s security strategists.
In security, this strategy has a name. It’s called “Risk-Based Security,” RBS for short. If this sounds like a simple, common-sense approach to a serious, complicated issue, it is – sort of. At its core, RBS defines a commitment to flexibility and adaptability to deal with ever-changing threats. It also values the use of “tailored” systems that are designed to mitigate risk, evoke a sense of safety for users, and not present an undue burden on the user population.
The traditional, one-size-fits-all approach to security is cumbersome. It usually involves having security officers physically inspect every person entering a facility, relying heavily on the limited capability of metal detection. This approach provides a service, deflecting obvious traditional threats. But it is costly and slow, and often ineffective without additional capabilities to screen more aggressively.
Security systems that implement a risk-based approach to screening, for example, tend to be more accepted by the public than those that don’t provide any differentiation. A good example of this practice is the TSA PreCheck program. TSA PreCheck leverages a preliminary vetting process that separates “low-risk” passengers from those who are unknown or may require additional screening. By extending the process beyond the airport, TSA has significantly increased the throughput of its PreCheck screening lanes for passengers while mitigating risks and reducing staffing and equipment costs.
A risk-based approach recognizes that while there are no perfect security solutions, those that strategically balance security, access, usability, and cost can ultimately provide the best long- term protection against an evolving adversary.
An effective RBS strategy considers changes in the environment over time, and changes in the risk profile of different groups of people – employees, visitors, and dignitaries – over time. It also puts equal emphasis on technology solutions and more people-focused factors like organizational, managerial, and operational capabilities.
It relies primarily on a short list of components: gauging threats; understanding vulnerabilities; vetting users; identifying users and attaching risk assessments to them and their belongings; routing high-, low- and unknown-risk users through the appropriate security channels; and using equipment to screen personnel and belongings.
A successful risk-based security strategy is reliant on an enterprise approach that not only provides excellent technology to perform physical screening but also ensures that the personnel performing the screening are using the technology appropriately, that people presenting themselves for screening have already been assessed, and those vetted to a higher standard are provided a screening process that is not unduly burdensome.
There is no “silver bullet” or “cookie cutter” enterprise approach. What might work particularly well in office buildings and places of worship, where it is possible to learn more about the regular user, will be different than in public venues where most people presenting themselves may be unknown, and this may present a different threat.
As attackers have expanded their focus, major sporting and public events have become more of a target. The challenge commercial entities have in implementing a risk-based program is two-fold. First, a “known patron” program must be established along with a quick way to validate membership in that program at the entry to the screening system of a facility. Second, a program must tailor the screening process to account for the different risk levels of those entering the venue.
The potential benefits to implementing a risk-based screening program are significant. This approach can create a better experience for known, repeat customers. A risk-based screening program can also improve overall brand perception of a venue by implementing “smart” security solutions. These risk-based solutions help make entering a venue easier while maintaining a level of safety, allowing faster throughput, and thereby mitigating the risk of long queues. Overall security costs can potentially be decreased since people can be screened at a faster rate, requiring less security staff.
Further, while people want the safety that screening systems provide, they do not want to lose the culture, openness, and sense of welcome that make their venue, stadium, or house of worship special. Implementing a risk-based security program provides the best option and allows an organization to tailor a program that fits their culture, so they do not have to sacrifice what they represent for safety.
“One-size-fits-all” security can work in specific, limited situations. But it’s no match for today’s attackers. Successful security strategists, like World Cup contending soccer coaches, make sure they’re prepared. They have their tools, their plans, and their training intact, and they’re ready to defend.
Six Ways to Prevent Soft Targets from Terrorist Attacks
We bet five years ago that soft-target attacks would become the favored tactic of terrorists, particularly if ISIS began to lose ground on the battlefield. Unfortunately, we were right.
Many stadium and arena operators no longer allow visitors to bring backpacks or other bags into their venues. Policies like these were instituted to ensure that the venue can balance the need for effective screening with the need to avoid miserably long security lines.
But there’s no getting around it: for anyone wanting to pack an extra sweater, a snack for the baby or raincoat just in case, this is a big deal–a serious degradation of the customer experience. Unfortunately, such are the compromises security professionals have had to make in this post-ISIS era. Soft-target attacks–everything from sophisticated assaults on iconic arenas to lethal “lone wolf” attacks on unsuspecting neighborhood nightclubs—are on the rise, forcing operators of public venues of all sizes to rethink their security strategies. All too often, venues have had to resort to the oldest, bluntest response: hire more security guards and request more police support and do more thorough physical searches.
We all know that’s not a sustainable response. Throwing labor at the problem is costly in the short-term and economically unsustainable in the long-term. It’s not sure to dissuade a determined terrorist, but may impact your brand. After all, your business is to provide a carefree, entertaining experience for your customer—not to turn a night out into what feels like a visit to a hardened military installation. And when customers complain, we all know who will bear the brunt of the pressure. You will.
Therefore, here are six ways that screening technology can protect soft targets from terrorist attacks:
1: Create an Enhanced Visitor Experience – Deliver security at the pace of life. Visitors are not asked to “pause and pose”. Because it uses high-speed millimeter imaging, the system can screen people at walking speed. Since we need to search for mass casualty weapons, there’s no need to empty one’s pockets and purses into “dog bowls”.
2: Don’t Treat All Threats Equal – Our industry responded impressively after 911, with powerful systems designed to find anything a highly trained terrorist could use to attempt a repeat of that infamous day. The unsophisticated lone wolves who carried out most of the more recent soft-target attacks needed powerful weapons and explosives to cause mass casualties. We’ll look for those—not screwdrivers, razor blades, or other everyday objects with minimal potential for terror.
3: Don’t Deploy Security That is All or Nothing. It’s Complicated. – In the past, the main question for many organizations was whether to deploy screening technology. Like it or not, ISIS has changed that calculation. Now, almost any place where crowds gather can be a target. Look into technology that improves your defenses at all your facilities – whether it is adding another layer of protection to a sports stadium or introducing one to a previously unprotected nightclub or corporate office.
4: Know that Flow Matters – Living in a free society means accepting some risks. Security cannot come at the cost of freedom of movement, freedom from intrusive searches and freedom from inconvenience.
5: Understand that Customer Experience Matters – Minimizing the unpleasantness of screening is not a secondary consideration—not for your customers and visitors, and not for your boss. Our working assumption is that if our technology hurts your ability to retain and attract business, you won’t use it for long. You need to protect your customers and help your business.
6: Consider Future-Proofing Through Software – Powerful software platforms help you easily adjust as new threats emerge. This is crucial to keep you prepared for today’s sophisticated terrorist networks, who use social networks and other tools to quickly share instructions for building more lethal bombs or executing new types of attacks.
It’s time the security industry stepped up with solutions for the reality of today’s world. Our technology is specifically designed to expose the threats behind mass casualty attacks that have become all too common to help your front-line personnel take quick action without inconveniencing your customers.
To learn more, read the three questions security directors need to ask before the next soft target event here.
Lessons Learned from Pulse Nightclub: Modern Threats Require Modern Security Technologies
By Melissa Cohen, Vice President, Marketing, Evolv Technology –
Two years ago, Omar Mateen entered Pulse Nightclub in Orlando, Florida and started shooting. Today, we remember and honor the victims who lost their lives in this terrible act of violence. Here at Evolv, anniversaries such as this one serve as a constant reminder to why we are here and how critical it is to continue our mission to preserve everyone’s fundamental right to be safe in all the places people gather.
In reflecting on what has happened in the two years since Mateen entered Pulse Nightclub, it’s important to first understand the larger trend the physical security industry has been experiencing and how the incident in Orlando fits into that broader shift. We sat down with Evolv CEO and Co-founder, Mike Ellenbogen to discuss how the threat landscape has changed in the past two years and what the industry can learn from the shooting as we look to prevent
Q. Today marks the two-year anniversary of the active shooter incident at Pulse Nightclub. What have we learned?
A. Namely, there’s a need for active shooter security that did not exist 10-15 years ago here in the United States.
According to the FBI, since 2000 there have been 250 active shooter incidents in US with 2017 seeing 30 active shooter incidents – the highest in the past 18 years. The numbers don’t lie – and no matter how you break it down or what angle you look at it from, the fact of the matter is these incidents are not only becoming deadlier but also more frequent.
When Mateen opened fire on the evening of June 12, 2016, it went on record as being the deadliest single gunman mass shooting in United States history. That was until almost a year and a half later, when a gunman opened fire on a crowd of concertgoers at the Route 91 Harvest music festival in Las Vegas, leaving 58 people dead and 851 injured.
If we’ve learned anything in the past two years, it’s that the current security solutions and processes we have in place are not sufficient. Put simply, yesterday’s tools were not designed to address today’s threat landscape.
Q. Talk to me about the threat landscape that exists today.
A. Terrorist attacks and mass shootings have changed the threat landscape drastically. In the old-world paradigm, planes and government buildings were the target. However, in today’s new world paradigm, anything can be a target. We’ve increasingly noticed a shift in attacks that focus on public spaces – think concert venues, transportation hubs and open office campuses. The result is millions of people becoming vulnerable to attacks. The incident at Pulse Nightclub exemplifies this trend to a tee.
Q. What needs to change from a technology perspective to prevent incidents like the next Pulse Nightclub shooting from happening?
A. Despite the fact that attackers have expanded their focus beyond airplanes to include private facilities, public venues, and the transportation infrastructure, we often see the same legacy security technologies and procedures in place, or nothing at all since the old solutions just don’t work for so many locations. We are fighting modern day problems with legacy technologies and that needs to change. We need to fight modern day problems with modern technology and modern thinking.
The Millimeter Wave advanced imaging technology (AIT) systems we see at the airport and walk-through metal detectors serve their purpose in the environment they were built for; however, they were not designed to combat the threats we are encountering outside airports today. At a time when we should be focused on detecting explosives and firearms, old technology is still detecting pocket knives, car keys, and cell phones. We need to move our security response from reactive to proactive to enable an active shooter prevention system/process.
Today there are numerous technologies available at our fingertips that can do remarkable things – from AI to 3D printing. Harnessing these innovations, and applying them to the physical security space, will enable us to provide smarter physical threat detection. That means higher throughput technology, less disruption and expanding the security perimeter beyond the walls of a building.
Q. How can we go about leveraging technologies to combat this new world paradigm? What needs to change from an industry perspective?
A. We need to leverage technology that combines detection, identification and intelligence – not rely on one technology by itself. This functionality will enable night club owners, stadium operators and other professionals charged with keeping us safe to face these safety problems head on.
Machine learning – an advanced form of AI – is the underlying enabling technology to address today’s and tomorrow’s physical security needs in a way that’s reflective of how venues today operate. Machine learning helps the sensors in safety technology become smarter over time.
This enables us to screen more people, more quickly and makes facial recognition and anomaly detection increasingly more accurate. As a result, we can identify people of interest against a collection of millions of known threats. In the case of the Pulse Nightclub shooting, Mateen was known to authorities and his previous encounters with the law resulted in him being put on the terrorist watch list for a period of time. Had AI surveillance technologies been in place, there is a chance he could have been identified prior to entering the club. As the threat landscape continues to evolve, it is important society, and the industry, becomes more comfortable with the use of innovative identity data.
By combining the power of machine learning with smarter sensors and biometrics, we’re empowered to both identify and heighten security against adversaries in real-time. This proactive, technology-driven approach to security allows organizations to focus on what is most important, protecting people by providing security anywhere.
To learn more, read the three questions security directors need to ask before the next soft target event here.