Holidays and celebrations bring people together — but in doing so, create “soft targets”, i.e. locations and venues that people gather that aren’t closely or heavily monitored and protected.
Examples of large, well-known holiday gatherings include Rockefeller Center around Christmastime, the annual St. Patrick’s Day parade in Boston, and the New Year’s Eve fireworks show at TIAA Bank Field in Jacksonville, Florida.
Since we know that attackers are increasingly targeting public venues and large-scale gatherings, as security professionals, we have an opportunity to transform the way we approach security to meet this evolving threat landscape.
July 4th is a Soft Target
With one of the most popular holidays in America right around the corner, it’s important to recognize the myriad ways we create soft targets during the fourth of July. Whether the Boston Pops July 4th Firework Spectacular, a community concert, or workplace barbeque, massive amounts of people are planning to come together in celebration across the country.
On a day intended to celebrate freedom, one of the last things venues want to do is burden guests with onerous security measures. However, allowing these large gatherings to go unprotected is a sure way to create a soft target and open yourself up to an attack.
Protecting Holiday Celebrations
Here are several proactive best practices that your venue – outdoor or indoor – can take to protect your staff and guests this 4th of July.
1. Collaborate with Law Enforcement
In the event of an attack, local law enforcement is essential to mitigating damage and protecting guests. Your venue security, law enforcement (e.g. police, fire department, etc.), and venue staff should all be introduced prior to an event. Establishing relationships between these is key to fast, streamlined emergency response.
2. Perform a Security Threat Assessment
In light of recent active shooter and bomb incidents, performing a security threat assessment and establishing specific response protocols will help safeguard your staff and guests.
In partnership with local law enforcement, walk the perimeter and identify all entry and exit points. Determine if you are able to lock down the event – and if so, identify what it will take to quickly make that happen without letting unwanted persons in, or a person of interest to escape.
It’s good to ask yourself these questions while performing your assessment:
- Where are the gaps in our security?
- Do we have enough perimeter control measures? (i.e. gates, security personnel, signage, etc.)
- Do we have screening systems in place to identify persons of interest and detect threats?
- What will we do if a threat is identified?
- How do we physically lock down the event?
- Will communicating to all security personnel and law enforcement be easy?
- How easy will it be for law enforcement to enter the venue/event?
- Where should local law enforcement be placed for rapid response?
- Do we have proper evacuation signage for event attendees?
- If an incident occurs, and exiting the event is not an option, do we have adequate areas for attendees to take shelter?
3. Build Emergency Response Plans & Procedures
Upon performing your security threat assessment with local law enforcement and your security staff, you will want to work together to determine safety plans and procedures in the case of an attack.
Think about including the following:
- An emergency response & communications plan – to ensure all staff and local law enforcement know what to do and are notified immediately
- A bomb threat plan – to manage bomb threat calls and know what to do if you locate a suspicious object
- An evacuation plan – with venue layout and evacuation routes
4. Incorporate Visual Deterrents
While creating plans and procedures, as well as highlighting evacuation routes, are an important and necessary process to ensure you are prepared, there are a few ways to keep yourself left of boom/bang.
Notifying guests that there are screening solutions upon entrance has actually proven to prevent attackers from entering or even targeting a venue. For example, the Orlando nightclub shooting that took place in 2016 was actually intended for Disney World’s shopping and entertainment complex, however the shooter became spooked by police that were on-site and instead chose the night club as his target.
Thus, maintaining a strong security presence can deter attackers from executing their plans and simultaneously show guests they’re being protected. Whether you implement visible cameras, strategically place security guards and police on horseback, add signage identifying items guests are prohibited from carrying into the venue, or simply alert guests that they’ll be subject to screening, there are numerous ways to show an attacker that the venue is prepared to deter an attack.
As Americans look forward to sporting red, white and blue, you and your staff need to be prepared for potential attacks on your celebrations. For more resources on protecting mass gatherings, the Department of Homeland Security provides several steps venues can take to strengthen security posture. And, for future events, consider implementing next generation weapons-sensing technology to efficiently identify threats and improve your guests’ experience.
Looking to learn more about how to protect a soft target? Read our blog “Relying on 100-Year-Old Technology is Not the Answer to Stop Today’s Active Shooter.”
One of the indelible lessons seared into our consciousness over the last 20 years is that every public gathering and event is now a soft target. From concerts to prayers – there are few places that would be considered sanctuary against the evils perpetrated by mass shooters.
According to the Gun Violence archive, there were more than 340 mass shootings in the U.S. alone in 2018 – nearly one a day. While there remains disagreement on a legislative solution to the mass shooting problem, one thing has become clear – facilities that have a high degree of visible security measures are less likely to become a target.
Visual deterrents, like metal detectors, can be incredibly effective in preventing attacks from occurring, but the technology has had minimal improvement since the walkthrough metal detector was invented more than 90 years ago.
Doesn’t our modern problem deserve a more modern solution? It should be possible to deter and prevent mass casualty events like what happened in Las Vegas without requiring every single person to take off their belt and take out their keys before entering a building?
According to a recent report, organizations will spend more than $1.5 Billion on metal detectors in the next five years. This doesn’t even account for the massive labor costs required to adequately staff these devices to ensure heightened security. Nor does it account for the impact on visitor experience – at some point, your patrons will grow tired of having to wait in line to then strip down and hold their hands in the air to show that their phone isn’t a weapon.
Metal detectors represent the security approach of the past – the future of prevention is a combination of better sensors, AI and biometrics that helps immediately identify all manner of threats without compromising visitor convenience.
As today’s threats grow more menacing, the technologies preventing the next tragedy need to evolve as well. Here are four primary ways that the we can improve upon the metal detector:
Superior Detection at the Speed of Life
Metal detectors are pretty descriptive – they detect metal objects. Determining whether the objects present a threat requires additional layers of screening – and more importantly, they don’t account for newer threats that have emerged in recent years, including explosives, plastic weapons, and more.
Using a combination of active millimeter wave and electromagnetic sensors, solutions such as the Evolv Edge are able to detect both weapons and explosives, while avoiding the nuisance alarms that make lines slow down so people can remove keys from their pockets.
People and Bags; Bags and People
While security and prevention should stand alone, the reality is that each needs to be balanced with customer convenience. Stringent requirements to enter a public facility may increase security, but if the approach is too onerous, there may not be an event to protect as the customers stay at home.
Metal detectors are often accompanied by ancillary screening measures – like X-Rays or even hand searches – to account for bags and other items. We want a facility to allow people to be people – so they can walk through the checkpoint at a regular pace without pausing, stopping or posing. They can even walk through with their bags and are not required to remove materials from bags or their person.
Individual Screening – Eliminating Single File Requirements
One of the biggest detriments of the walk through metal detector is that crowds need to line up and filter through in single file. If the person in front of you triggers an alert, then the entire line slows down as that person receives secondary screening.
It needs to be possible to screen individuals within crowds, pinpointing individual threats within a free-flow environment. This allows for screening on a more natural basis for crowds entering a facility, improving customer satisfaction while ensuring that everyone is vetted for weapons of all kinds.
Improving Guard Effectiveness
As we discussed above, the walk through metal detector requires significant human intervention – each alert requires physical intervention for additional screening. Whether it’s a pat down, or the use of wand technology guards need to manually vet persons of interest after each alert.
Solutions exist that are designed to help guards do their job more effectively – which is protect the customers of the facility they’re guarding. Potential threats are identified with a picture of the person who set off the alert, as well as a clear indication of where the threat exists on the body. This expedites secondary searches, while providing guards with actionable intelligence that could be the difference in preventing a mass casualty event.
The technologies used to try to detect and prevent the next mass casualty event are outdated. Metal detectors were not designed to handle modern facilities or crowds. Security investment needs to be focused on more capable security systems that allow for fluid detection and a better visitor experience.
Learn more about Evolv Edge here.
In a previous blog post, we explored how the changing threat landscape has impacted security at performing arts venues. With attackers expanding their targets beyond iconic venues in the largest cities, it’s imperative that venues around the world and in small towns create a more concrete strategy and plan to improve their security approach.
However, performing arts venues pose a unique set of security challenges. Open design concepts, an influx of guests ten minutes before showtime, and varying capabilities of guards are challenges that a plan must consider when tailoring security for visitors that also meets a venue’s specific needs.
At smaller venues and venues without a dedicated security lead, the responsibility of developing and implementing a security plan often falls to individuals who are responsible for other areas such as facilities or guest services. To help get started, here are five steps smaller venues can take towards developing their own formalized security plans.
Step 1 – Find a Trusted Advisor
For venues that don’t have dedicated security professionals, the first step is to identify a trusted advisor who can serve as a resource and help demystify the process. We often find that venue managers think the first step is to hire a standalone security manager, when in fact an advisor can initially provide a similar level of insight and guidance.
This advisor can be anyone from the local chief of police to an FBI liaison or even a security director at another performing arts venue. What’s most important is that venue managers identify someone they trust who can help them start to answer questions like, “what am I missing?” and “what are my peers focusing on?”.
Step 2 – Assess Your Current Plan
Before diving into developing a formal security plan, venue managers should take the time to evaluate any security measures in place to get a sense for what is and is not working. During this step, it is important to incorporate feedback from other “groups” within the venue. For example, in addition to taking guest feedback into consideration, venue managers should talk to members of the operations team and the front of house manager to get a holistic understanding of past successes and challenges.
Step 3 – Identify the One Thing You Can Do Tomorrow
With guidance from their trusted advisor, as a next step, venue managers should think about where they can get started and what immediate changes they can implement that will improve their security process. Keep in mind, this doesn’t need to be a sweeping, drastic change. Look to identify one action that will make an immediate impact. For example, provide active shooter training to guards or have staff watch a 30-minute training video. What this tactic means and looks like can vary based on the venue and the procedures that are already in place.
Step 4 – Make a List of Additional Security Measures to Implement
Depending on the venue, there are a number of practical security procedures and processes that managers can look to start implementing after their initial phase is complete. Two valuable resources are security managers at other performing arts venues in other areas, and security managers at other commercial venues (such as arenas or tourist attractions) in the same city. These people can help identify key issues and security measures they are taking. For example, these might include hiring guards for the next high-profile event or starting to research various CCTV vendors to identify the best fit.
To help, there are a number of resources that venue managers can reference. For example, the International Association of Venue Managers has a Safety & Security Subcommittee, which is a valuable resource for venue managers; while the New Jersey Department of Homeland Security frequently releases information that is helpful and relevant for venue managers.
Step 5 – Develop a Plan to Put Procedures in Place
After identifying which practical steps to execute, venue managers should look to develop a comprehensive implementation plan. This plan may span weeks or months, and should take budget cycles and required approvals into account. Managers should consider which steps will have the highest impact to the venue’s overall security posture and consider implementing those measures first. Other steps can be phased in over time. This is an opportunity to tap your trusted advisor for guidance.
As venue managers turn their attention to addressing physical security challenges head on, they will likely be met with questions and concerns related to guest experience and logistics. To help mitigate these concerns, venue managers should focus on delivering a balanced approach that considers both security and the visitor experience so that guests continue to visit the venue and are provided with the safety they come to expect.
It can be overwhelming to think about implementing a formalized security plan. By following the five steps outlined above, venue managers can help ensure an enhanced security process that also provides a simple, unobtrusive experience to visitors.
Read this case study to learn how one performing arts venue improved its security posture by screening for both explosives and firearms while improving the visitor’s screening experience.
In September, the Department of Homeland Security issued its latest National Terrorism Advisory System (NTAS) bulletin, notifying state and local organizations and the public that the U.S. continues “to face one of the most challenging threat environments since 9/11.”
That sounds pretty newsworthy, yet you probably didn’t hear much around this latest warning from DHS. Very few publications covered the bulletin, because it was very similar to the last two NTAS bulletins, in May and last November. But the bulletin should not be dismissed. In fact, it reiterates the troubling, long-term shift in the threat landscape since the NTAS system was rolled out in 2011. Rather than assign their own members to conduct carefully-planned, 9/11-style attacks on hardened facilities such as airports and government buildings, foreign terrorist organizations such as ISIS are using the Internet to “inspire, enable, or direct individuals already here in the homeland to commit terrorist acts,” the bulletin reads.
DHS’s concern isn’t only about the ability of groups like ISIS to radicalize Americans to do their bidding. It’s also about how and where those attacks will be made. Recent bulletins have all warned of attacks on “public places and events” using “easy-to-use tools.” As we have seen all too often in places like Nice, London and the U.S., attacks are on the rise at lightly-defended targets such as office buildings, entertainment venues and marketplaces, often with handguns, knives and rented trucks.
This long-term shift requires a substantial rethink of the security technology needed to protect visitors to these softer targets. Traditional metal detectors can find the tiniest pen-knife if given the time, but they will also find every last key and piece of spare change. That means long lines of frustrated people, just trying to get on with their everyday lives. For our companies, schools, businesses and entertainment venues to actually invest in weapons detection infrastructure, they will need higher throughput, smarter screening systems that are optimized to find weapons and explosives capable of inflicting mass casualties.
The need is especially pressing for low-hassle systems that can reliably spot major threats. There have been more than 20,000 shootings this year alone, many by lone wolf killers such as troubled teens attacking classmates to a shooting at concert goers from a hotel window. But the NTAS bulletin is an important reminder that ISIS and its ilk are also still out there. Indeed, DHS expects that the more ground ISIS loses in the Middle East militaries of the US and other nations, the more it will focus on fomenting soft target attacks on U.S. soil.
Mass shootings like the one that occurred this past weekend at The Jacksonville Landing entertainment complex and last year at the Route 91 Harvest Music Festival in Las Vegas shake us to our core. They make us feel vulnerable in moments when we should instead feel excited. Large performance spaces have been cultural cornerstones for thousands of years because they uniquely bring together people regardless of race, creed or gender over a shared love for the arts. Attacks like these exploit one of the most powerful uniting forces in our society.
The challenge for security professionals is that these venues take a number of different forms. For example, in the Boston area you could see Moulin Rouge at the Emerson Colonial theatre, the Eagles at TD Garden arena and Cirque du Soleil’s LUZIA under a big top at the grounds of Suffolk Downs – all within the same month. As adversaries shift their focus to public places and become increasingly innovative in their strategies, we need a new approach to venue security.
A New Focus for Attackers
Since adversaries have moved on from hard targets such as airplanes, government facilities and military bases, there has been a significant shift to soft targets such as performing arts centers, sporting venues and arenas. While this is widely known – our CEO tells the story often of the anxious conversations he recently witnessed fellow parents having as he picked up his son’s friends to take them to an Imagine Dragons concert at a stadium – not enough is being done to address this new focus of keeping loved ones safe.
Further, the attack method and the perpetrator have changed. The rise of crowd-sourced terrorism has led to readily accessible means for an attack. Firearms, vehicles and home-made explosives are within reach as adversaries shift their focus from high-profile locations to anywhere people gather.
Raising the Current on New Security Technology
While attackers have focused in on specific venues, security screening technology has been largely unchanged. Today when you go to a see a show at a theatre, you’ll likely wait in line for sometimes 30-45 minutes before approaching a metal detector for which you have to empty your pockets or divest personal items before walking through. Many stadium and arena operators no longer even allow visitors to bring backpacks or other bags into their venues to improve the efficiency of screening.
Advancements in technology are changing this status quo, providing higher throughput and improved threat detection with less disruption. Some combine personnel and bag screening to help minimize removal of personal items and speed up the process. These technologies are using the latest sensors, software and user experience design principles to provide an improved level of security with a better visitor experience.
A Well-Orchestrated Defense
While technology is an important component to an effective security plan for a performing arts center, it’s just one piece of the puzzle. When building a security plan, facility managers should work to understand their threat vectors, vulnerabilities, and mitigation plans. They should incorporate the following components into a comprehensive security plan.
- Intelligence: Understand and identify the threats to the area, building, and people in it. Work with various federal, state, and local enforcement agencies and leverage the facility team’s network of contacts. Threats are constantly changing; therefore, intelligence must be ongoing.
- People and Training: Guards and officers serve as the frontline, they know the facility and the people in it. They should be trained on an ongoing basis in security protocols as well as identifying suspicious behavior.
- Processes and Protocols: Facility managers can no longer use a “one-size-fits-all” approach to security. They need tailored systems and well thought out processes and protocols – like risk-based security – to ensure security layers are properly deployed throughout a venue.
- Technology: As mentioned above, new technologies can provide threat prevention beyond the capabilities of guards to significantly improve screening operations. CCTV and access control expand the reach of the team on the ground. Further, facial recognition technology can be employed to recognize and authorize employees in an employee screening application or to adjust screening for VIPs.
- Visitor Experience: With new technology and processes, it’s important that customer experience is not a secondary consideration – especially at a performing arts center. A security experience can maintain a level of calm and unobtrusiveness.
By employing a holistic approach, security guards and facility managers at performing arts centers can be armed with the information they need to quickly and confidently assure a safe environment for their visitors. With the right technology, they can effectively screen and adjust layers of security in response to changing threat levels without impacting visitors and their normal pace of life. In fact, when selecting new technologies, facility managers should look for solutions that provide a balance between improved security and a better visitor experience.
While related issues like the gun control debate may divide us, cultural experiences like seeing a show or going to a concert unite us. We can all agree that we deserve to feel safe in all the places we gather. At Evolv, we will continue to innovate to bring intelligence and security at the perimeter of soft targets to keep people safe – at performing arts centers and beyond.
Read more here about safeguarding against soft target attacks.
In the first episode of his new show “Who Is America,” comedian Sacha Baron Cohen did a surreal bit in which he persuaded three U.S. Congressmen and former Senator Trent Lott to support his character’s desire to train children as young as four years old to carry guns to help stop school shootings. “Kinder Guardians,” he called them.
Well, how’s this for surreal? On July 10, five days before the episode aired, it became legal for anyone in most parts of this country — convicted murderers, known terror suspects and, yes, even children — to easily and legally make a gun in their own basement. And not just any gun, mind you. An untraceable gun.
This development is the result of the U.S. State Department’s decision to settle a lawsuit brought by Austin, Texas-based Defense Distributed, which sued the government in 2015 for the right to publish plans to 3D print a handgun, along with other designs including milling instructions to program a desktop 3D CNC machine to create guns and gun parts. Today was the day Defense Distributed had planned to relaunch the company’s online repository of files, which is calls DefCad.
Fortunately, a Federal judge in Seattle issued a temporary restraining order yesterday in a case brought by eight states, preventing the distribution of the CAD files, pending the trial. While it turns out Defense Distributed had already started distributing the files, the website relaunch was sure to attract the attention of people who our society has decided should not have access to guns. As the blurb on Defense Distributed’s website (now turned upside down, in protest of the restraining order) proclaimed: “The age of the downloadable gun formally begins.” Rarely has the phrase “dodging a bullet” rung so true.
Defense Distributed’s vision is a big deal. While there’s been a DIY gun movement for years, you needed some expertise in metal-working and a hobbyist’s passion for guns, manufacturing or both. Not anymore. Defense Distributed has made making a real gun at home as easy as buying a home-brew kit to make your first batch of beer. Say you want to build your own AR-15 without the government having any knowledge. There are just four simple steps. First, put down a $250 deposit to get one of Defense Distributed’s Ghost Runner metal milling machines (while the full price isn’t listed on the website, this excellent article in Wired says the machine costs $1,200.) Second, buy legally-available gun parts, such as the muzzle and the grip of an AR-15, as well as a slightly-unfinished “lower-receiver” from Defense Distributed or another gun supplies website. (The sale of finished “lowers” for all guns has been regulated until now, as the lower contains the trigger mechanism and therefore is the part that controls whether a gun is single-shot, semi-automatic or automatic). When the “80%” complete lower arrives in the mail, follow the instructions to set it properly in the Ghost Gunner. Fourth, download the file for the part you want to make from Defense Distributed’s website, and then drag and drop the file onto the icon for your Ghost Gunner on your PC. With the push of a button, the machine will complete the milling of the lower, so it can be combined with other AR-15 parts you’ve purchased legally.
Note that the news today is not just about plastic guns. Defense Distributed became well known back in 2013 when it unveiled designs for a handgun called the Liberator that could be printed with a 3D-printer. While a technical milestone of sorts, this and other plastic firearms are only capable of a limited number of shots before they self-destruct. The real threat is the ability to make your own high-quality, fully functional mil-spec semi-automatic weapon.
As an American citizen, I am concerned that the State Department’s decision nullifies the one thing that everyone from the NRA to Parkland student activist Emma Gonzalez could agree on: that people who are known to be dangerous to the public should not be able to get a gun capable of inflicting mass casualties. Suddenly, every Federal measure put in place to make life difficult for mass shooters—the disgruntled teenage boy tired of being bullied at school, the furious ex-husband with a jealous grudge, the radicalized religious zealot—is rendered ineffective. Unless there are state or local laws in place, would-be murderers will not need to submit to background checks, or take the chance that a sharp-eyed gun shop owner will notify authorities of suspicious behavior. They’ll also have an easier time skirting “Red Flag” laws, such as the one passed by Massachusetts on July 3, that gives family members and house-mates the right to request confiscation of guns from people they consider to be dangers to themselves or others.
No doubt, some state and local laws will provide legal checks on Defense Distributed’s “guns-on-tap” vision. On July 30, two days before it planned to relaunch distribution of its CAD files, the company agreed to block access to the site in Pennsylvania to avoid legal action by the state’s Attorney General. It’s also illegal to sell guns and gun parts made with a Ghost Gunner to others without a Federal Firearms License, and in some cases may be illegal to even let someone else use their Ghost Gunner, according to Defense Distributed’s website.
Regardless of what happens with the lawsuit filed by the eight states and the District of Columbia, some checks on Defense Distributed’s “guns-on-tap” vision will remain. The State Department’s decision to allow distribution of the CAD files did not lift Federal prohibitions on the use of DIY milling machines for commercial purposes, without a Federal Firearms License. The machines are supposed to be only for personal use. Defense Distributed warns would-be customers on its website that it may be illegal to even let someone else use your Ghost Gunner in some jurisdictions. Many states and municipalities also have laws regulating use of DIY gun technology–and that will no doubt rise now that the topic has become front-page news.
Contact your elected officials and ask them not to lower the bar.
Read more here about today’s threat vectors and tomorrow’s security threats.
One quick scan of violent public attacks in the headlines in recent years will convince even the most casual observer that society needs an improved approach to security. Lone gunman kills 58 and wounds more than 500 in Las Vegas. Former student kills 14 students and three staff members at Parkland, Fla., high school. Coordinated terrorist attacks murder 130 in Paris. Three drivers ram pedestrians on London Bridge, killing 8 and injuring 48.
Each incident is alarming and horrific in its own right. When we take a step back, what is also alarming is that these attacks vary in style, type of target and choice of weapon. Adversaries are getting more innovative, less predictable and, thus, more dangerous – underscoring society’s need to stay one step ahead of them.
Identifying the five threat vectors
One critical aspect of combatting adversaries is more clearly defining their motivations. Motivation can range from an ideologically driven, well-planned attack to a targeted release of emotional rage. With this range of motivations in mind, we identified the five threat vectors that incorporate the range of motivations that would produce violence against soft targets:
- Terrorism: Homegrown or instigated from abroad, driven by ideological, religious or political perspectives. Think Paris shootings, London car attacks.
- Active shooter: Irrational decision to kill or injure as many people as possible. Think Las Vegas shootings.
- Workplace (or institutional) violence: Retribution for perceived harm to the perpetrator. Think Florida school shooting.
- Gang-related: Result of planned or spontaneous conflagration.
- One-on-one, spontaneous event: Spontaneous explosion of emotion – rage – by weaponed person.
By incorporating these motivations into a threat assessment, risk managers and security professionals can better recognize adversaries’ strategies and design security plans with a multi-layered security approach that deploys tools that cover the five threat vectors.
Adversaries are innovating…
A major change visible in today’s adversaries is the number and nature of individuals carrying out mass casualty/violent events. Terrorists are no longer trained just at specialized training camps and directed from central locations. Today, the free flow of information and communication across internet and social channels makes it substantially easier for individuals to radicalize, organize and procure weapons.
Perpetrators of mass violence are also able to build improvised explosive devices that contain no metallic content and create easily constructed homemade devices. Newer non-metallic weapons, such as 3D printed guns, pose yet another new threat that traditional security technology cannot detect – which points to the fact that perpetrators of mass murder are much more knowledgeable about the types of countermeasures defenders are deploying.
… So we, too, must innovate
To combat adversaries’ tactics, defenders need to create more versatile and aggressive security plans. Plans need to include intelligence, physical security infrastructure, weapons detection technologies and trained guards or law enforcement professionals. These components form a comprehensive counter violence plan based on both a threat assessment and a vulnerability assessment.
The elements of a new, more innovative approach to security can be found in a “risk-based security” (RBS) methodology. The RBS methodology – the opposite of a one-size-fits-all approach – promotes flexibility and adaptability. This approach helps security leaders evaluate different threats based on a variety of risk factors, plan for the threats and continually revise them as new information becomes available.
Incorporating the right technology
A successful new approach to security must also include a strong focus on weapons detection. Plans should include the ability to detect person-borne weapons including firearms, explosives and other threats. New detection technologies with multiple types of sensors are capable of detecting non-metallic threats as well as more traditional metallic weapons. Ultimately, the weapons detection technologies must be able to change over time with new sensors and improved algorithms.
Security also needs to identify known individuals who may do harm to people or facilities. These may be individuals on a BOLO (be on the lookout) list, former disgruntled employees, individuals previously removed from the premises, or others known to cause trouble. Facial recognition technology can be used to identify these individuals as they enter a facility and provide an alert to the guards or the security operations center. Moving intelligence to the front line is a key enabler to address evolving threats.
The steady flow of horrifying events in newspaper headlines hammers home the point that security threats are not going away nor are they any more predictable over time. Different situations will require different tactics, and tomorrow’s evolving threats will push defenders to exercise new levels of innovation to fend off increasingly dangerous attacks – and the only way to combat the threats is to adopt a new, more holistic approach to security.
Read more here about risk-based security.
About the author
David Cohen is one of the world’s leading authorities on intelligence analysis and operations, with expertise developed over a nearly five-decade career with the Central Intelligence Agency (CIA) as well as with the world’s largest metropolitan law enforcement organization, the City of New York Police Department (NYPD). He served for 12 years as the NYPD Deputy Commissioner for Intelligence, a position established in the wake of the 9/11 attacks. He revolutionized the way the NYPD collected, analyzed and used intelligence, and leveraged traditional intelligence methods and relationships abroad to successfully protect New York City from another terrorist attack.
If you’re coaching a soccer team in the World Cup this summer, you’re going to want to adapt your defensive strategies for each opponent. To stop an aggressive, high-scoring offense, you’ll keep your defenders back and play cautiously. To beat a cagey, clever foe, you’ll apply some pressure to try to force turnovers.
Successful strategists in the security arena face the same kind of tactical issues. The stakes are much higher, of course, but security pros need to deal with their own group of “attackers” who are skillful, resourceful, and motivated to succeed. Soccer coaches can’t deploy a “one-size-fits-all” strategy, and neither can today’s security strategists.
In security, this strategy has a name. It’s called “Risk-Based Security,” RBS for short. If this sounds like a simple, common-sense approach to a serious, complicated issue, it is – sort of. At its core, RBS defines a commitment to flexibility and adaptability to deal with ever-changing threats. It also values the use of “tailored” systems that are designed to mitigate risk, evoke a sense of safety for users, and not present an undue burden on the user population.
The traditional, one-size-fits-all approach to security is cumbersome. It usually involves having security officers physically inspect every person entering a facility, relying heavily on the limited capability of metal detection. This approach provides a service, deflecting obvious traditional threats. But it is costly and slow, and often ineffective without additional capabilities to screen more aggressively.
Security systems that implement a risk-based approach to screening, for example, tend to be more accepted by the public than those that don’t provide any differentiation. A good example of this practice is the TSA PreCheck program. TSA PreCheck leverages a preliminary vetting process that separates “low-risk” passengers from those who are unknown or may require additional screening. By extending the process beyond the airport, TSA has significantly increased the throughput of its PreCheck screening lanes for passengers while mitigating risks and reducing staffing and equipment costs.
A risk-based approach recognizes that while there are no perfect security solutions, those that strategically balance security, access, usability, and cost can ultimately provide the best long- term protection against an evolving adversary.
An effective RBS strategy considers changes in the environment over time, and changes in the risk profile of different groups of people – employees, visitors, and dignitaries – over time. It also puts equal emphasis on technology solutions and more people-focused factors like organizational, managerial, and operational capabilities.
It relies primarily on a short list of components: gauging threats; understanding vulnerabilities; vetting users; identifying users and attaching risk assessments to them and their belongings; routing high-, low- and unknown-risk users through the appropriate security channels; and using equipment to screen personnel and belongings.
A successful risk-based security strategy is reliant on an enterprise approach that not only provides excellent technology to perform physical screening but also ensures that the personnel performing the screening are using the technology appropriately, that people presenting themselves for screening have already been assessed, and those vetted to a higher standard are provided a screening process that is not unduly burdensome.
There is no “silver bullet” or “cookie cutter” enterprise approach. What might work particularly well in office buildings and places of worship, where it is possible to learn more about the regular user, will be different than in public venues where most people presenting themselves may be unknown, and this may present a different threat.
As attackers have expanded their focus, major sporting and public events have become more of a target. The challenge commercial entities have in implementing a risk-based program is two-fold. First, a “known patron” program must be established along with a quick way to validate membership in that program at the entry to the screening system of a facility. Second, a program must tailor the screening process to account for the different risk levels of those entering the venue.
The potential benefits to implementing a risk-based screening program are significant. This approach can create a better experience for known, repeat customers. A risk-based screening program can also improve overall brand perception of a venue by implementing “smart” security solutions. These risk-based solutions help make entering a venue easier while maintaining a level of safety, allowing faster throughput, and thereby mitigating the risk of long queues. Overall security costs can potentially be decreased since people can be screened at a faster rate, requiring less security staff.
Further, while people want the safety that screening systems provide, they do not want to lose the culture, openness, and sense of welcome that make their venue, stadium, or house of worship special. Implementing a risk-based security program provides the best option and allows an organization to tailor a program that fits their culture, so they do not have to sacrifice what they represent for safety.
“One-size-fits-all” security can work in specific, limited situations. But it’s no match for today’s attackers. Successful security strategists, like World Cup contending soccer coaches, make sure they’re prepared. They have their tools, their plans, and their training intact, and they’re ready to defend.
We bet five years ago that soft-target attacks would become the favored tactic of terrorists, particularly if ISIS began to lose ground on the battlefield. Unfortunately, we were right.
Many stadium and arena operators no longer allow visitors to bring backpacks or other bags into their venues. Policies like these were instituted to ensure that the venue can balance the need for effective screening with the need to avoid miserably long security lines.
But there’s no getting around it: for anyone wanting to pack an extra sweater, a snack for the baby or raincoat just in case, this is a big deal–a serious degradation of the customer experience. Unfortunately, such are the compromises security professionals have had to make in this post-ISIS era. Soft-target attacks–everything from sophisticated assaults on iconic arenas to lethal “lone wolf” attacks on unsuspecting neighborhood nightclubs—are on the rise, forcing operators of public venues of all sizes to rethink their security strategies. All too often, venues have had to resort to the oldest, bluntest response: hire more security guards and request more police support and do more thorough physical searches.
We all know that’s not a sustainable response. Throwing labor at the problem is costly in the short-term and economically unsustainable in the long-term. It’s not sure to dissuade a determined terrorist, but may impact your brand. After all, your business is to provide a carefree, entertaining experience for your customer—not to turn a night out into what feels like a visit to a hardened military installation. And when customers complain, we all know who will bear the brunt of the pressure. You will.
Therefore, here are six ways that screening technology can protect soft targets from terrorist attacks:
1: Create an Enhanced Visitor Experience – Deliver security at the pace of life. Visitors are not asked to “pause and pose”. Because it uses high-speed millimeter imaging, the system can screen people at walking speed. Since we need to search for mass casualty weapons, there’s no need to empty one’s pockets and purses into “dog bowls”.
2: Don’t Treat All Threats Equal – Our industry responded impressively after 911, with powerful systems designed to find anything a highly trained terrorist could use to attempt a repeat of that infamous day. The unsophisticated lone wolves who carried out most of the more recent soft-target attacks needed powerful weapons and explosives to cause mass casualties. We’ll look for those—not screwdrivers, razor blades, or other everyday objects with minimal potential for terror.
3: Don’t Deploy Security That is All or Nothing. It’s Complicated. – In the past, the main question for many organizations was whether to deploy screening technology. Like it or not, ISIS has changed that calculation. Now, almost any place where crowds gather can be a target. Look into technology that improves your defenses at all your facilities – whether it is adding another layer of protection to a sports stadium or introducing one to a previously unprotected nightclub or corporate office.
4: Know that Flow Matters – Living in a free society means accepting some risks. Security cannot come at the cost of freedom of movement, freedom from intrusive searches and freedom from inconvenience.
5: Understand that Customer Experience Matters – Minimizing the unpleasantness of screening is not a secondary consideration—not for your customers and visitors, and not for your boss. Our working assumption is that if our technology hurts your ability to retain and attract business, you won’t use it for long. You need to protect your customers and help your business.
6: Consider Future-Proofing Through Software – Powerful software platforms help you easily adjust as new threats emerge. This is crucial to keep you prepared for today’s sophisticated terrorist networks, who use social networks and other tools to quickly share instructions for building more lethal bombs or executing new types of attacks.
It’s time the security industry stepped up with solutions for the reality of today’s world. Our technology is specifically designed to expose the threats behind mass casualty attacks that have become all too common to help your front-line personnel take quick action without inconveniencing your customers.
To learn more, read the three questions security directors need to ask before the next soft target event here.
Two years ago, Omar Mateen entered Pulse Nightclub in Orlando, Florida and started shooting. Today, we remember and honor the victims who lost their lives in this terrible act of violence. Here at Evolv, anniversaries such as this one serve as a constant reminder to why we are here and how critical it is to continue our mission to preserve everyone’s fundamental right to be safe in all the places people gather.
In reflecting on what has happened in the two years since Mateen entered Pulse Nightclub, it’s important to first understand the larger trend the physical security industry has been experiencing and how the incident in Orlando fits into that broader shift. We sat down with Evolv CEO and Co-founder, Mike Ellenbogen to discuss how the threat landscape has changed in the past two years and what the industry can learn from the shooting as we look to prevent
Q. Today marks the two-year anniversary of the active shooter incident at Pulse Nightclub. What have we learned?
A. Namely, there’s a need for active shooter security that did not exist 10-15 years ago here in the United States.
According to the FBI, since 2000 there have been 250 active shooter incidents in US with 2017 seeing 30 active shooter incidents – the highest in the past 18 years. The numbers don’t lie – and no matter how you break it down or what angle you look at it from, the fact of the matter is these incidents are not only becoming deadlier but also more frequent.
When Mateen opened fire on the evening of June 12, 2016, it went on record as being the deadliest single gunman mass shooting in United States history. That was until almost a year and a half later, when a gunman opened fire on a crowd of concertgoers at the Route 91 Harvest music festival in Las Vegas, leaving 58 people dead and 851 injured.
If we’ve learned anything in the past two years, it’s that the current security solutions and processes we have in place are not sufficient. Put simply, yesterday’s tools were not designed to address today’s threat landscape.
Q. Talk to me about the threat landscape that exists today.
A. Terrorist attacks and mass shootings have changed the threat landscape drastically. In the old-world paradigm, planes and government buildings were the target. However, in today’s new world paradigm, anything can be a target. We’ve increasingly noticed a shift in attacks that focus on public spaces – think concert venues, transportation hubs and open office campuses. The result is millions of people becoming vulnerable to attacks. The incident at Pulse Nightclub exemplifies this trend to a tee.
Q. What needs to change from a technology perspective to prevent incidents like the next Pulse Nightclub shooting from happening?
A. Despite the fact that attackers have expanded their focus beyond airplanes to include private facilities, public venues, and the transportation infrastructure, we often see the same legacy security technologies and procedures in place, or nothing at all since the old solutions just don’t work for so many locations. We are fighting modern day problems with legacy technologies and that needs to change. We need to fight modern day problems with modern technology and modern thinking.
The Millimeter Wave advanced imaging technology (AIT) systems we see at the airport and walk-through metal detectors serve their purpose in the environment they were built for; however, they were not designed to combat the threats we are encountering outside airports today. At a time when we should be focused on detecting explosives and firearms, old technology is still detecting pocket knives, car keys, and cell phones. We need to move our security response from reactive to proactive to enable an active shooter prevention system/process.
Today there are numerous technologies available at our fingertips that can do remarkable things – from AI to 3D printing. Harnessing these innovations, and applying them to the physical security space, will enable us to provide smarter physical threat detection. That means higher throughput technology, less disruption and expanding the security perimeter beyond the walls of a building.
Q. How can we go about leveraging technologies to combat this new world paradigm? What needs to change from an industry perspective?
A. We need to leverage technology that combines detection, identification and intelligence – not rely on one technology by itself. This functionality will enable night club owners, stadium operators and other professionals charged with keeping us safe to face these safety problems head on.
Machine learning – an advanced form of AI – is the underlying enabling technology to address today’s and tomorrow’s physical security needs in a way that’s reflective of how venues today operate. Machine learning helps the sensors in safety technology become smarter over time.
This enables us to screen more people, more quickly and makes facial recognition and anomaly detection increasingly more accurate. As a result, we can identify people of interest against a collection of millions of known threats. In the case of the Pulse Nightclub shooting, Mateen was known to authorities and his previous encounters with the law resulted in him being put on the terrorist watch list for a period of time. Had AI surveillance technologies been in place, there is a chance he could have been identified prior to entering the club. As the threat landscape continues to evolve, it is important society, and the industry, becomes more comfortable with the use of innovative identity data.
By combining the power of machine learning with smarter sensors and biometrics, we’re empowered to both identify and heighten security against adversaries in real-time. This proactive, technology-driven approach to security allows organizations to focus on what is most important, protecting people by providing security anywhere.
To learn more, read the three questions security directors need to ask before the next soft target event here.