Wednesday, March 23, 2016

You've Been Shot

You were going about your normal business when suddenly you got shot. Here's what you find at hand as you hit the ground and take cover: a gun, a bullhorn, a radio, a first-aid kit, and a bottle of whiskey. What do you do?

If a Politically Correct Progressive or Millennial

... you use the bullhorn to communicate to your attackers that you pose them no threat and are on their side. You throw out the gun to show you mean it. You fumble with the first-aid kit but, not having used one before and not being responsible for this anyway, you forget that and try to radio for help. Since you haven't used a radio before either, can't figure it out, and aren't responsible for this anyway, you give up on this, too. So, you crack open the bottle of whiskey, content that you have done your best and sure that everyone will see this was a mistake and take care of you before you finish the bottle.

If a Member of the News Media

... you use the bullhorn to announce that you are a member of the free press and, as such, have a right to be there and should not have been shot in the first place. Then you offer to trade the remaining items for better treatment and access to the attackers' side of the story, throwing out the gun first to demonstrate your good faith, with the radio coming right after. You think about the first-aid kit but reason that you may need it for trading value, too. Besides, either attackers or defenders will surely have a medic, and your superior interpersonal skills will win them over. And you sneak a shot of whiskey before adding that to your stock of items to trade for preferred treatment by your attackers. You're special. Once they realize that, it will all work out. What a story this will make!

If an Old School, Self-Reliant American

... you patch yourself up with the first-aid kit, saving the whiskey to disinfect any wound you can't easily reach with a bandage. You radio for help and then turn down the volume to avoid giving away your position. You leave the bullhorn alone. You figure you're on your own, at least for awhile. And you do one more thing. You pick up that gun and shoot back.

Nick Catrantzos

Erstwhile security director, intelligence officer, and homeland security instructor. Author of No Dark Corners approach to insider threat defense.

Thursday, December 3, 2015

Learning to Thwart, Not Just Watch Barbarians

Yesterday's carnage in San Bernardino makes one wonder whether in the battle between civilization and barbarism the latter is not getting the upper hand. Historian Will Durant once observed that civilization begins where chaos and insecurity end ( Yet for Seyd Farook, the shooter identified as principal antagonist, the blandishments of a good-paying public sector job and an environment where co-workers had recently given him a baby shower and were apparently enjoying his company in a Christmas party moments before he started shooting them -- this was not enough.

A focused enemy amplifies his lethality when his targeting, unambiguous to him, remains to his targets a question of doubt, debate, denial, and convoluted navel-gazing about grievances and moral equivalences. Expect the discussion in the aftermath to highlight all these things as the inevitable search for root causes takes a winding path to blaming American society for this tragedy. To the rest of the world, however, the contest between shooters and victims showcases certain contrasts. The adversary wants you dead. The target wants to talk about it. If you're impressionable, young enough to want more but frustrated with a world that refuses to serve it up to you -- right now -- which group would you rather join: focused attacker or dithering target?

Fusion of Grudge and Jihad

Welcome to Barbarian Outreach 101. The best recruiting tool is the prospect of spoils, success, and palpable payoff in, at the very least, notoriety, hence the GoPro cameras packed by the shooters to document their slaughter of the undefended. And in the absence of civilizing constraints to keep savage behaviors in check, then few things can compete with the siren call of jihad. The allure is as powerful as it is timeless: instant gratification combined with settling of scores.

The San Bernardino attacks differed markedly from workplace violence cases and, at the same time, from the kind of terrorist attacks that recently consumed Paris. The odd thing about affixing a workplace violence label on this is that eruptions don't come this way, with a planned assault and a team vs. one lone individual who feels beleaguered, isolated, and at a breaking point. Early accounts that the main shooter was affiliated with the targeted group and somehow dropped his daughter off on the way to the shooting but brought his wife and brother to join into the fray are inconsistent with the way workplace violence incidents tend to unfold. Indeed anyone worried about the potential for such violence to erupt at the hands of one volatile individual usually takes comfort on learning that that person is married and even has a young child. Those circumstances point to a reason for living rather than for going out guns blazing. This is why most shooters in workplace violence cases tend to raise more concern; they have no one to go home to, no one to offer perspective and balance in circumstances where they may be overreacting to perceived or actual insults to personal dignity. Nor does the typical workplace violence case involve high-powered rifles and body armor. Nor, an escape, either. More than half of such shootings end on the spot with the shooter taking his own life. Otherwise, the shooter succumbs to police gunfire or gets captured. Rarely do they elude capture or even have an escape plan, unlike yesterday's shooters.

Age is also a factor. People of the shooter's age, 28, typically don't develop the same kind of work-related resentments as someone 20 years older. At that age, they just move on to another job. Only later in a career, when they feel trapped and at the same time incapable of finding comparable employment elsewhere, do they develop more obsessive and alarming tendencies that surface on the job.

If it is an act of terror instead, questions arise about target selection and object sought. The curious will always ask why, seeking answers that may be impossible to produce to anyone's total satisfaction. Defenders want to understand the pattern, the rationale -- however illogical or convoluted -- behind target selection and perceived value of attacking one particular group versus another, and at this particular venue. The venue certainly offered an abundance of escape routes, being near an unusually high number of major freeways. The site itself and the group were hardly iconic, however. This suggests attacker favoring of ready access over symbolism. If you're just looking for a high body count, hitting a Disneyland or a Las Vegas casino would seem better choices, particularly if also seeking to magnify public terror. Otherwise, the act loses some of its impact if target selection is based on a personal grudge instead of something that has a more random, it-could-happen-to-you character.

No witness statements have yet surfaced about whether there where were any chants of "Allahu akbar" as the bullets were flying. That is another data point to ponder.

Defensive Strategies

From the point of view of one looking to enhance security of targeted people and affected assets, one focuses more on countering the threat than on theorizing about what societal antipathies may have let to it. Certain immediate concerns constitute the defender's challenge:

1. Forget traditional vetting.

It neither applies nor avails. Farook was a five-year public employee without a criminal record. The traditional background investigation would not have uncovered antisocial tendencies which were likely absent at his initial hire. Most people still come in through the door smiling, happy to be starting a new job. Only later do resentments and frustrations arise, and in the shooter's case there were probably no detectable signs of radicalization because the radicalization had not yet taken place, because background checks do not screen for such things, or both. So if vetting offers limited or only illusory value in denying access to threats, what is one to do?

2. Lengthen the odds in your favor.

This means either denying opportunity for attack or denying access, which can sometimes be the same thing. One method of opportunity denial is through instituting protocols for knowledgeable escort and timely intervention, about which more, below. Another method is to reconsider the kind of restrictions to many work spaces that once barred entry to Communists or identifiable members of a belief system that was avowedly not only resistant to but opposed to American traditions and laws. Yesterday's Communist fifth columnist has become today's radical Islamist.

3. Recognize and act on the indelicate obvious.

In line with the foregoing proposition, one must look at objective data and draw reasonable inferences. Existential attacks against innocents and, by extension, Western institutions and way of life are not coming at the hands of Jews, Buddhists, Catholics, Quakers, Amish, Mormons, or Native Americans -- all of whom at various times and to different extents have organized into affinity groups with some level of self-governance. What, instead, do today's antagonists have in common? By any objective measure, it is an adherence to an ideology inimical to America and Americans. Other faiths seem better able to arrive at an accommodation between their system of belief and the laws and culture of the land in which they find themselves practicing it. This is only obvious if one looks at the Tsarnaevs and Farooks who, despite enjoying the benefits of a generous American society, repay their benefactors by respectively bombing a marathon and shooting up a Christmas party. But what if an organization cannot close its doors to people with anti-American sympathies because, among other things, the organization lacks the means to detect them?

4. Rethink openness as a default setting.

If one cannot stop an attacker from infiltrating the organization because of any number of operating constraints or deficits in detecting threats, one can at least change one's own default settings when it comes to protection. Instead of being automatically open and instinctively unguarded, we must learn to be more circumspect. Just as the days of leaving doors unlocked are anachronistic in modern society, so, too, is the notion that everyone should be given unfettered access unless deemed to be a threat. The new normal is to reserve such openness only to people you trust and only for those who have earned that trust over time. And that trust will not only have to be earned once but refreshed from time to time. Thus, just because an individual appears to be one of the guys and a decent co-worker, this doesn't entitle him or her to perpetual free access to any and all parts of the organization. Does this mean that even Christmas parties will one day require advance clearance? No. But it may mean rethinking -- at least temporarily -- the merits of hosting optional group events if such events present would-be killers with a shooting gallery of victims in waiting.

5. Give thought to thwarting.

If you cannot vet to the point of trusting someone with your life, don't toss your life into his hands. This means instituting intelligent protocols for knowledgeable escort and timely intervention (topics covered at some length in Managing the Insider Threat: No Dark Corners, Boca Raton: CRC Press, 2012, available at We must learn anew hot to not just observe and report but to actively thwart those who would do us harm.

6. Abandon the fantasy of total reliance on experts.

In line with the need to actively intervene when attacks are imminent, defenders must at once acknowledge and overcome the responder's curse of L.I.T.E.

Ours is a society with a current penchant for assuming the lowest common denominator in the judging of capacities of the general public. Thus we advise LITE at every turn, namely, "Leave it to the experts." And this strategy works well enough -- until it doesn't. Under normal circumstances, when emergencies are rare and there may well be an over abundance of trained professionals on tap to respond to a single event, LITE seems perfectly reasonable. Moreover, given today's litigious world, it may even seem wise. But what happens when events overwhelm response resources? The chant "Leave it to the experts" rings on, in falsetto, long after it becomes clear that there just aren't enough experts to go around.

Finding Actionable Middle Ground

There is a reasonable compromise between a shoot-first, wild-West approach to robust personal defense and a hand-wringing, sitting-duck approach to outsourcing all personal security to experts. Rethinking draconian restrictions on law abiding citizens to carry defensive weapons is one approach. It need not extend to the point of passing out guns like candy. Nor will many responsible citizens necessarily feel qualified nor inclined to develop the proficiency it takes to use such weapons without endangering themselves and others out of all proportion to the defensive benefit sought.

This need not be an all-or-nothing defensive posture. Too often, we forget that there are many things that people can do under the banner of lawful disruption that can have the effect of disrupting attacks and complicating targeting efforts of would-be assassins. (The theme of lawful disruption as something within the grasp of average non-specialists takes up an entire chapter of Managing the Insider Threat: No Dark Corners, which readers may consult at their leisure for more ideas along these lines.)

There are resources to help people and organizations start taking a more active hand in their own protection. One consultant with real-world experience of such situations tracing to Israel offers such an example as in teaching people a last resort for dealing with active shooters, at

The bottom line, once again, is that we must learn anew how to not just observe but to thwart.

-- Nick Catrantzos