Re: Comparative Homeland Security: Global Lessons (Wiley Series on Homeland Defense and Security) by Nadav Morag (available at
http://www.amazon.com/Comparative-Homeland-Security-Lessons-Defense/dp/0470497149/ref=sr_1_1?s=books&ie=UTF8&qid=1325305479&sr=1-1)
Homeland security has been ill-defined, misconstrued, conflated, and confounded, all the more easily for its susceptibility to taking on the appearance of whatever background any exponent elects to use on this slippery chameleon. Until now, that is. John Le Carré once observed that, for an intelligence officer, nothing exists without a context. Such a context is precisely the missing element that Nadav Morag supplies the reader of Comparative Homeland Security: Global Lessons. This work is invaluable to any serious practitioner likely to one day face a policy maker asking the question, "Why can't we do in America what they do in______?" Why not introduce an American equivalent of Britain's MI5, for example? Why not adapt the French system of having special prosecutors who make entire careers in counter-terrorism?
Dr. Morag, proves a first-rate, analytical teacher in giving the reader the means to answer just such questions, whether the country in the blank is Britain, Canada, France, Germany, Israel, or Australia. Resisting the temptation to serve up easy answers, Morag gives the reader details and examples and context to enable arriving at one's own answer depending on the circumstances. Thus, the book follows a logical order of exposition, beginning with drawing comparative distinctions among select countries to illustrate how their laws and institutions affect the range of feasible options for defending against terrorist attack. The author reveals how counter-terrorism strategy aligns along a continuum, ranging from a law-enforcement to a war-fighting approach (p. 63) where the larger situation dictates which approach is most likely to emerge or avail. Similarly, some countries find it useful to go to great lengths to categorize and define terrorism (pp. 68, 77), while others eschew such detail in order to retain flexibility for implementing ad hoc solutions under rapidly changing conditions (p. 69). Variation in national approaches that heretofore appeared impenetrable or head-shakingly idiosyncratic become demystified and rational to the reader benefiting from the arcane details of government, history, law, and geopolitical imperatives affecting the different countries Dr. Morag analyzes in the 388 pages of this book. To unearth and consolidate such detail otherwise, the reader would have to undertake a research expedition through hundreds of texts and archives, facing a near eternity of sifting through extraneous or confusing information.
The policy analyst who wants a feeling for checks and balances in free countries like Britain, for example, need only to turn to page 85 to find that emergency regulations enacted for safeguarding life must be "geographically specific, cannot amend basic guarantees of human rights, and must be limited in time." What about ticking-bomb situations in countries like Israel, where saving lives and defending human rights may come into conflict? Morag explains the technical exemptions that theoretically protect defenders who save lives only to face prosecution for harsh interrogations (p. 119), but he does not stop there. He also reveals ambiguities in relevant law that ultimately have the effect of telling interrogators that they use harsh measures only at their own risk - no matter how many lives get saved as a result.
Continuing his unvarnished presentations, he often notes what once worked but no longer avails. For example, Morag explains how a once effective approach of destroying the homes of terrorists' family members has, over time, lost much of its deterrent value (p. 129).
Morag's analysis of comparative approaches to terrorist-induced calamaties goes beyond the immediately obvious, touching such areas as emergency medical response, and how the "scoop and run" principle evolved out of fears of secondary terrorist strikes (p. 292).
Wrapping up the discussion, the author again leaves the reader with cogent insights, such as
- Terrorism ... is in its own category because terrorist threats ... are a direct challenge to the government through their attempt to disrupt and produce a lack of confidence in the ability of government to provide stability and security (p. 360).
- Adopting a successful foreign model requires understanding and analyzing the differences in legal frameworks, institutional frameworks, culture/mentality (in terms of what is and what is not publically acceptable), and a range of other variables (p. 361).
- The difficulties ... in adopting strategic-level foreign practices are...considerable but not unbridgeable (p. 361).
Overall, Nadav Morag has made a significant contribution to the field with this book whose value is indisputable in general and priceless in the event one encounters demands for action and consideration of other models of terrorism defense in the immediate aftermath of the next attack.
-- Nick Catrantzos
Friday, December 30, 2011
Wednesday, December 21, 2011
Loyal Opposition Beats In-House Sabotage
In a world of hype, the idea of enabling or ennobling a loyal opposition must appeal to institutions as much as modern fashion welcomes spats, corsets, or chivalry – all emblems of a bygone age as popular today as affirmations like groovy, far out, and hubba-hubba. Consider, however, whether a defender would rather contend with a saboteur or with a declared member of a loyal opposition, and whether the suppression of the latter might not nourish the rise of the former.
What is a loyal opposition anyway? In countries with parliamentary government, it is parties or members of parties who, having lost the contest to seat a prime minister or form a cabinet which will take up the reins of legitimate power, nevertheless recognize the legitimacy of ruling competitors in the shared interest of mutually discharging the responsibilities of government. A loyal opponent, a loyal opposition, maintains differences of opinion and belief and approach, challenging the ruling office-holders or ascendant coalition, but without turning every disagreement into an epic battle. A proper loyal opposition works within the system, recognizing the enlightened self-interest of accepting a weaker position in graceful stride, with the anticipation of one day expecting equivalent courtesy when the tables turn and power shifts in the opposite direction. At its best, then, loyal opposition keeps the dominant power in check while respecting common ground and shared objectives. In government, as in any gathering of mortals, the theory outshines the practice. Thus, what may purport to be a loyal opposition may easily descend into a thinly veiled cabal of cutthroats espousing unified effort only when on parade before the news media. Otherwise, this opposition may well give itself over to plot and demonizing of adversaries. As long as the opposition maintains even a modicum of regard for appearances, evincing an interest in keeping at least an outward semblance of ostensible interest in honoring fiduciary obligations, it remains more likely to defend the institution than any outright saboteur.
Let us shift gears, now, to see how popular sources of likely insider threats would identify their camp within an institution. Saboteur or loyal opposition? I suspect that even the most virulent thorns in the side of any institution would hesitate to call themselves saboteurs. The union representatives whose rise to power follows serial victories in negotiating more privileges for less work invariably characterize themselves as advocates who care just as much for the employer as anyone else. How does management see them? Officially, of course, wise managers concede that their union counterparts offer a beneficial advocacy. Unofficially? Most see the union as an inveterate saboteur more interested in perquisites than in performance. What about whistleblowers? They see themselves as unsung, lone heroes out for justice in a harsh, callous world. Their bosses see them as malcontents who favor the tantrum as an alternative to doing a job they dislike. The same may be said of internal watchdogs, including ombudsmen, auditors, ethics, and other compliance officers. One side interprets the adversary position as appropriate or even altruistic, while the other sees it as obstructive and invariably self-serving. Which is right? Both and neither.
In the context of insider threat defense, the desired end state arrives when both camps can view each other as members of a loyal opposition. There is no precise formula for making this happen, but a No Dark Corners approach to greater transparency and a shared stake in the success and survival of the institution certainly can’t hurt. In order for such an approach to work best, it must be inculcated at the start of employment and be integral to the institution, rather than an appliqué. Otherwise, elements of artificiality intrude, and the shared stake never quite builds on a sound foundation of trust. The appliqué technique fuels suspicions. Each side suspects the other of ulterior motives and at least one side withholds information or chooses to advance its members’ personal interests at the expense of others. Put everyone in the same boat, with the same view of gale force winds, however, and gone is the debate about whether to paddle for shore. Achieving this shared state takes bold leadership, but not uncharted excursions. Robert Townsend achieved such a state in turning around Avis over a generation ago, revealing his methods in Up the Organization. The pre-Fiorina, pre-Hurd, pre-me-too, committee-driven Hewlett Packard (HP) operated this way in its early years as well. HP was famous for inspiring the kind of loyalty that left its former employees misty and nostalgic about working for that Silicon Valley pioneer and being happier though less compensated (to the tune of $20,000 lower salary than competitors might pay for professionals in the 1980s).
Loyal opposition gives proper vent to the irreducible rascality of humans in any shared environment. If there is a channel for expressing contrary notions, getting attention to problems, and still feeling like part of the team with an equal share in advancing with the larger organization, there become fewer reasons and soon fewer places to hide in dark corners to plot ways to sabotage the institution. But loyal opposition takes loyalty, and loyalty means trust. Trust and loyalty, then, inoculate the organization against insider sabotage. Old notions though they may be, such things may yet resurface, like the tendency of fashions to reabsorb old elements every 30 years. How should the defender against insider threats react to such phenomena? Hubba-hubba.
— Nick Catrantzos
What is a loyal opposition anyway? In countries with parliamentary government, it is parties or members of parties who, having lost the contest to seat a prime minister or form a cabinet which will take up the reins of legitimate power, nevertheless recognize the legitimacy of ruling competitors in the shared interest of mutually discharging the responsibilities of government. A loyal opponent, a loyal opposition, maintains differences of opinion and belief and approach, challenging the ruling office-holders or ascendant coalition, but without turning every disagreement into an epic battle. A proper loyal opposition works within the system, recognizing the enlightened self-interest of accepting a weaker position in graceful stride, with the anticipation of one day expecting equivalent courtesy when the tables turn and power shifts in the opposite direction. At its best, then, loyal opposition keeps the dominant power in check while respecting common ground and shared objectives. In government, as in any gathering of mortals, the theory outshines the practice. Thus, what may purport to be a loyal opposition may easily descend into a thinly veiled cabal of cutthroats espousing unified effort only when on parade before the news media. Otherwise, this opposition may well give itself over to plot and demonizing of adversaries. As long as the opposition maintains even a modicum of regard for appearances, evincing an interest in keeping at least an outward semblance of ostensible interest in honoring fiduciary obligations, it remains more likely to defend the institution than any outright saboteur.
Let us shift gears, now, to see how popular sources of likely insider threats would identify their camp within an institution. Saboteur or loyal opposition? I suspect that even the most virulent thorns in the side of any institution would hesitate to call themselves saboteurs. The union representatives whose rise to power follows serial victories in negotiating more privileges for less work invariably characterize themselves as advocates who care just as much for the employer as anyone else. How does management see them? Officially, of course, wise managers concede that their union counterparts offer a beneficial advocacy. Unofficially? Most see the union as an inveterate saboteur more interested in perquisites than in performance. What about whistleblowers? They see themselves as unsung, lone heroes out for justice in a harsh, callous world. Their bosses see them as malcontents who favor the tantrum as an alternative to doing a job they dislike. The same may be said of internal watchdogs, including ombudsmen, auditors, ethics, and other compliance officers. One side interprets the adversary position as appropriate or even altruistic, while the other sees it as obstructive and invariably self-serving. Which is right? Both and neither.
In the context of insider threat defense, the desired end state arrives when both camps can view each other as members of a loyal opposition. There is no precise formula for making this happen, but a No Dark Corners approach to greater transparency and a shared stake in the success and survival of the institution certainly can’t hurt. In order for such an approach to work best, it must be inculcated at the start of employment and be integral to the institution, rather than an appliqué. Otherwise, elements of artificiality intrude, and the shared stake never quite builds on a sound foundation of trust. The appliqué technique fuels suspicions. Each side suspects the other of ulterior motives and at least one side withholds information or chooses to advance its members’ personal interests at the expense of others. Put everyone in the same boat, with the same view of gale force winds, however, and gone is the debate about whether to paddle for shore. Achieving this shared state takes bold leadership, but not uncharted excursions. Robert Townsend achieved such a state in turning around Avis over a generation ago, revealing his methods in Up the Organization. The pre-Fiorina, pre-Hurd, pre-me-too, committee-driven Hewlett Packard (HP) operated this way in its early years as well. HP was famous for inspiring the kind of loyalty that left its former employees misty and nostalgic about working for that Silicon Valley pioneer and being happier though less compensated (to the tune of $20,000 lower salary than competitors might pay for professionals in the 1980s).
Loyal opposition gives proper vent to the irreducible rascality of humans in any shared environment. If there is a channel for expressing contrary notions, getting attention to problems, and still feeling like part of the team with an equal share in advancing with the larger organization, there become fewer reasons and soon fewer places to hide in dark corners to plot ways to sabotage the institution. But loyal opposition takes loyalty, and loyalty means trust. Trust and loyalty, then, inoculate the organization against insider sabotage. Old notions though they may be, such things may yet resurface, like the tendency of fashions to reabsorb old elements every 30 years. How should the defender against insider threats react to such phenomena? Hubba-hubba.
— Nick Catrantzos
Friday, December 2, 2011
Bad Tradecraft Still Kills
Tradecraft, as an old case officer instructor once confided, is really about personal security, hence it serves as the case officer's staff of life. If recent news reports are accurate (as at http://apnews.myway.com/article/2011http://www.blogger.com/img/blank.gif1121/D9R53CD80.html), this lesson is being forgotten, to the peril of Western intelligence assets, viz. spies. It needs to be relearned.
As the article suggests, the rush to gather useful operational intelligence shows signs of conflicting with the traditional mandates of tradecraft. The latter include placing a premium on avoiding patterns, eluding detection by hostile surveillance, and maintaining one's cover by leaving no detectable trace of clandestine activity. If your life depends on it, then you don't twice use the same phone or call your handler from the same location. Such actions may be convenient and expeditious, but they leave a trail -- the kind that conscientious counterintelligence staff can and will pursue at length. This appears to be precisely the kind of patient, meticulous counterintelligence work that took Hezbollah two years to uncover and shut down American and Israeli espionage networks in Lebanon.
Why was this allowed to happen? There are no easy answers. Even seasoned professionals will take shortcuts when grown complacent or pressed for time. And tradecraft takes time, as the half-day or more it may require to wind through a surveillance detection route before meeting an agent or servicing a dead drop. Under the lash of urgency, though, people who know better may skip such preliminaries, particularly if their bosses are screaming for results. Alternatively, in the absence of any recent signs of danger, a case officer may also conclude that the inconvenience imposed by tradecraft is an anachronism no longer necessary in the present milieu. Until his recruited agent disappears one day, that is.
Notwithstanding Hollywood depictions of those who practice the art of espionage as thrill seekers and life takers, one of the case officer's essential skills is the matter-of-fact instructing of his or her agent -- spy, in popular terms -- in proper tradecraft. It is not a glamorous undertaking. The case officer must teach the agent how to move, act, and talk in ways that elude scrutiny and enhance personal security. To manage this instruction credibly, however, the case officer must first begin by modeling the desired behaviors, by practicing sound tradecraft. When dealing with the likes of Hezbollah, doing anything less is a forced march to abbreviated life expectancy and, by extension, to a sharp decline in future agent recruitment. This is why there are no substitutes for good tradecraft in espionage.
-- Nick Catrantzos
As the article suggests, the rush to gather useful operational intelligence shows signs of conflicting with the traditional mandates of tradecraft. The latter include placing a premium on avoiding patterns, eluding detection by hostile surveillance, and maintaining one's cover by leaving no detectable trace of clandestine activity. If your life depends on it, then you don't twice use the same phone or call your handler from the same location. Such actions may be convenient and expeditious, but they leave a trail -- the kind that conscientious counterintelligence staff can and will pursue at length. This appears to be precisely the kind of patient, meticulous counterintelligence work that took Hezbollah two years to uncover and shut down American and Israeli espionage networks in Lebanon.
Why was this allowed to happen? There are no easy answers. Even seasoned professionals will take shortcuts when grown complacent or pressed for time. And tradecraft takes time, as the half-day or more it may require to wind through a surveillance detection route before meeting an agent or servicing a dead drop. Under the lash of urgency, though, people who know better may skip such preliminaries, particularly if their bosses are screaming for results. Alternatively, in the absence of any recent signs of danger, a case officer may also conclude that the inconvenience imposed by tradecraft is an anachronism no longer necessary in the present milieu. Until his recruited agent disappears one day, that is.
Notwithstanding Hollywood depictions of those who practice the art of espionage as thrill seekers and life takers, one of the case officer's essential skills is the matter-of-fact instructing of his or her agent -- spy, in popular terms -- in proper tradecraft. It is not a glamorous undertaking. The case officer must teach the agent how to move, act, and talk in ways that elude scrutiny and enhance personal security. To manage this instruction credibly, however, the case officer must first begin by modeling the desired behaviors, by practicing sound tradecraft. When dealing with the likes of Hezbollah, doing anything less is a forced march to abbreviated life expectancy and, by extension, to a sharp decline in future agent recruitment. This is why there are no substitutes for good tradecraft in espionage.
-- Nick Catrantzos
Friday, November 18, 2011
What Gets Stolen with Stolen Valor
Pulitzer-prize winning conservative columnist George Will raised an eyebrow in recently caviling with the Stolen Valor Act because, after all, falsely claiming to have been decorated for gallantry does not really steal from a true hero, so doesn't this fuss fly in the face of free speech? Details at http://www.jewishworldreview.com/cols/will111311.php3
The anti-Stolen Valor Act argument appeared to be making the case that Xavier Alvarez's misrepresenting of himself as a Medal of Honor recipient might in some way deserve protected speech insulation normally afforded expression of political views and that it was, after all, a victimless offense that did not rise to the seriousness of obscenity, fraud, incitement, or speech integral to criminal conduct (Will's criteria for seriousness). Allow me to offer an alternative perspective.
Argument #1 is that Alvarez, and anyone else claiming honors falsely, is committing fraud akin to misrepresenting credentials and expertise on a resume in order to qualify for a job. Most employers find such fraud not only reprehensible but also actionable, stating it as grounds for termination or withdrawal of an offer of employment. Viewed through this lens, a questioning observer would ask why Alvarez and his like would misrepresent themselves as having earned honors they did not deserve. Manifestly, there has to be some anticipated return for risking humiliating exposure. What is that return? Well, in the case of a political appointment such as to a public agency's board of directors, you can bet that fraudulent credentials that bear testimony to altruism and service of others over self count for something. In other words, Alvarez did not falsify objective proofs of courage and selflessness just to fill in gaps in conversation. No, such a recitation would stand him apart from competitors and lend panache to an otherwise anemic history of exploits one might expect from the kind of wretch who sails through the mainstream of life without making a ripple. By Mr. Will's gauge, however, are we to understand that fraud doesn't count unless it directly victimizes an identifiable person, as in the case of identity theft? If so, then that would mean that every impostor since Ferdinand Demarra would deserve a pass for misrepresenting himself until after someone got hurt. Alas for the patient under the scalpel of a lab tech posing as a surgeon or for the defendant represented by an egomaniacal law student who never passed the bar. Don't they and we deserve better protection against instrumental fraud executed to advance the predatory impulses of its perpetrator? In any case, don't Alvarez's competitors for that board seat qualify as having been disadvantaged by his stolen valor? Of course they do. His self-styled heroics no doubt set him apart and even above co-equals whose unspectacular resumes would in all probability have outshone Alvarez's if the latter's had not been seasoned by proclamations of apparent courage and resolve under fire.
Argument #2 concerns a larger, societal merit in expressing disapprobation for fraud in some way that counts. As Dennis Prager has it, society expresses its attitude on any offense solely by the punishment it metes out. To dismiss the Stolen Valor Act is to grant a societal imprimatur to falsifying acts of heroism as long as they are not specifically those of another, i.e., not literally "stolen" from someone in particular, in the sense of identity theft once again. What about the dilution effect likely to result when a horde of poltroons invades the small stage of respect and admiration reserved for true -- and few -- heroes? There is a reason that Medal of Honor winners are not as numerous as locusts: a high mortality rate, with honors often conferred posthumously. If it becomes expedient and socially acceptable to lie about decorations for gallantry, including this highest of the high, how does this not cheapen the medal for the truly deserving? The net effect becomes to commoditize medals, with medal-mills soon offering them up along with coin collections from the Franklin Mint or velvet wall hangings of Elvis, ultimately resulting in the denial of public respect and honor -- already evanescent in a jaded society -- to the few remaining heroes. Leaving aside that laws like Stolen Valor often get tagged with labels that are imperfect in order for them to be distinguishable from one another, the Stolen Valor Act does appear, on balance, to meet Will's criteria of defending against loss-causing action such as fraud on this larger, societal scale.
Would George Will be willing to reconsider his case against the Stolen Valor Act or at least on the philosophical merits of expressing society's rejection of fraudulent claims of heroism which inflate individual resumes and egos, in effect growing forests to hide the few tall trees of worthy exemplars who deserve our respect and thanks?
-- Nick Catrantzos
The anti-Stolen Valor Act argument appeared to be making the case that Xavier Alvarez's misrepresenting of himself as a Medal of Honor recipient might in some way deserve protected speech insulation normally afforded expression of political views and that it was, after all, a victimless offense that did not rise to the seriousness of obscenity, fraud, incitement, or speech integral to criminal conduct (Will's criteria for seriousness). Allow me to offer an alternative perspective.
Argument #1 is that Alvarez, and anyone else claiming honors falsely, is committing fraud akin to misrepresenting credentials and expertise on a resume in order to qualify for a job. Most employers find such fraud not only reprehensible but also actionable, stating it as grounds for termination or withdrawal of an offer of employment. Viewed through this lens, a questioning observer would ask why Alvarez and his like would misrepresent themselves as having earned honors they did not deserve. Manifestly, there has to be some anticipated return for risking humiliating exposure. What is that return? Well, in the case of a political appointment such as to a public agency's board of directors, you can bet that fraudulent credentials that bear testimony to altruism and service of others over self count for something. In other words, Alvarez did not falsify objective proofs of courage and selflessness just to fill in gaps in conversation. No, such a recitation would stand him apart from competitors and lend panache to an otherwise anemic history of exploits one might expect from the kind of wretch who sails through the mainstream of life without making a ripple. By Mr. Will's gauge, however, are we to understand that fraud doesn't count unless it directly victimizes an identifiable person, as in the case of identity theft? If so, then that would mean that every impostor since Ferdinand Demarra would deserve a pass for misrepresenting himself until after someone got hurt. Alas for the patient under the scalpel of a lab tech posing as a surgeon or for the defendant represented by an egomaniacal law student who never passed the bar. Don't they and we deserve better protection against instrumental fraud executed to advance the predatory impulses of its perpetrator? In any case, don't Alvarez's competitors for that board seat qualify as having been disadvantaged by his stolen valor? Of course they do. His self-styled heroics no doubt set him apart and even above co-equals whose unspectacular resumes would in all probability have outshone Alvarez's if the latter's had not been seasoned by proclamations of apparent courage and resolve under fire.
Argument #2 concerns a larger, societal merit in expressing disapprobation for fraud in some way that counts. As Dennis Prager has it, society expresses its attitude on any offense solely by the punishment it metes out. To dismiss the Stolen Valor Act is to grant a societal imprimatur to falsifying acts of heroism as long as they are not specifically those of another, i.e., not literally "stolen" from someone in particular, in the sense of identity theft once again. What about the dilution effect likely to result when a horde of poltroons invades the small stage of respect and admiration reserved for true -- and few -- heroes? There is a reason that Medal of Honor winners are not as numerous as locusts: a high mortality rate, with honors often conferred posthumously. If it becomes expedient and socially acceptable to lie about decorations for gallantry, including this highest of the high, how does this not cheapen the medal for the truly deserving? The net effect becomes to commoditize medals, with medal-mills soon offering them up along with coin collections from the Franklin Mint or velvet wall hangings of Elvis, ultimately resulting in the denial of public respect and honor -- already evanescent in a jaded society -- to the few remaining heroes. Leaving aside that laws like Stolen Valor often get tagged with labels that are imperfect in order for them to be distinguishable from one another, the Stolen Valor Act does appear, on balance, to meet Will's criteria of defending against loss-causing action such as fraud on this larger, societal scale.
Would George Will be willing to reconsider his case against the Stolen Valor Act or at least on the philosophical merits of expressing society's rejection of fraudulent claims of heroism which inflate individual resumes and egos, in effect growing forests to hide the few tall trees of worthy exemplars who deserve our respect and thanks?
-- Nick Catrantzos
Thursday, November 10, 2011
Attention Span's Broken Gauge
A world of sound-bite news and increasingly compressed attention spans is great for adventurers. They find themselves unfettered by having their ideas and initiatives gauged by results. For those of us who inhabit a more responsible world that obliges us to pay for results and live with consequences, this situation is more curse than blessing. Consider the serial misfires of national intelligence that have informed debates on America's security. They hardly inspire confidence.
Exhibit 1: As expressed by the 9/11 Commission, a constipated intelligence bureaucracy failed to connect detectable dots that painted a pointillist picture of the impending 9/11 attacks. Ten years later, the national intelligence apparat superimposes new organs and jargon. Fusion centers abound in an intelligence sharing enterprise -- structures from which occupants of old silos now peer at each other and occasionally wave while perpetuating old resentments and insularity. How do we react to the original criticisms? Do we overhaul or purge failed functions and entities? No, we enlarge them and invite more participants onto the playing field, so as to diffuse accountability and blame next time. The net result routinely surfaces in pre-holiday warnings about vague, unverified, "possible" terrorist threats. What value do such trite, nonspecific alerts offer? To the public, none. To their purveyors, however, they offer the comforting insulation of being able to answer future criticisms with, "You can't accuse us of not warning our citizens."
Exhibit 2: CIA Director Tenet, evoking a National Intelligence Estimate calling on the best analytical minds and supporting data, told the President that it was a slam dunk that Iraq possessed weapons of mass destruction. What consequences attached to him and his analysts for inaccuracy? None, or none to rival the public backlash against the President who relied on these experts.
Exhibit 3: A 2007 National Intelligence Estimate, again calling on the best intelligence and great minds of intelligence analysts, concluded that Iran was not pursuing the path of developing nuclear weapons. Today, with Iran on the brink of agonizing over the wording of its press release to announce entry into the province of global nuclear weapons bearers, that 2007 analysis appears more than a little flawed. After all, arriving at this capability is a marathon, not a sprint. Are there any consequences for missing the mark on such an important assessment, however? No, unless the consequences are latent, classified, unmuttered -- for reasons of national security. Indeed.
Hypothesis: Hit-and-miss strategies are unacceptable to business and alien to personal responsibility. Your business plan wins over no investors if the best you can offer is to try and then see what happens. Nor can you keep your house, cars, and recreational equipment if you promise to pay for them but don't quite manage to actually meet your obligations consistently. Why? Somebody on the other end, whose risk and livelihood are tied to these investments, notices and gauges viability. Constantly. Unrelentingly. Only in the large bureaucratic sanctuaries of government-supported experts does it appear that promises outweigh results. Attention spans there are short, and there are no readily identifiable consequences for serial failures. So, getting it wrong becomes not only commonplace. It threatens to become a default setting. Some things won't change until they have to change, it seems, particularly where mediocrity reigns. Are these factors conspiring to give mediocre intelligence a bad name? The next debacle will tell us more than the next analytical intelligence estimate.
Hopeful Sign
Then again ... battlefield commanders have certainly managed to harness tactical intelligence to produce results, as might concede the late bin Laden and any number of drone targets. Their metrics aren't so vague or nuanced, however. Striking the target is what counts. All else is effort, not progress. Is this lesson communicable, one wonders?
-- Nick Catrantzos
Exhibit 1: As expressed by the 9/11 Commission, a constipated intelligence bureaucracy failed to connect detectable dots that painted a pointillist picture of the impending 9/11 attacks. Ten years later, the national intelligence apparat superimposes new organs and jargon. Fusion centers abound in an intelligence sharing enterprise -- structures from which occupants of old silos now peer at each other and occasionally wave while perpetuating old resentments and insularity. How do we react to the original criticisms? Do we overhaul or purge failed functions and entities? No, we enlarge them and invite more participants onto the playing field, so as to diffuse accountability and blame next time. The net result routinely surfaces in pre-holiday warnings about vague, unverified, "possible" terrorist threats. What value do such trite, nonspecific alerts offer? To the public, none. To their purveyors, however, they offer the comforting insulation of being able to answer future criticisms with, "You can't accuse us of not warning our citizens."
Exhibit 2: CIA Director Tenet, evoking a National Intelligence Estimate calling on the best analytical minds and supporting data, told the President that it was a slam dunk that Iraq possessed weapons of mass destruction. What consequences attached to him and his analysts for inaccuracy? None, or none to rival the public backlash against the President who relied on these experts.
Exhibit 3: A 2007 National Intelligence Estimate, again calling on the best intelligence and great minds of intelligence analysts, concluded that Iran was not pursuing the path of developing nuclear weapons. Today, with Iran on the brink of agonizing over the wording of its press release to announce entry into the province of global nuclear weapons bearers, that 2007 analysis appears more than a little flawed. After all, arriving at this capability is a marathon, not a sprint. Are there any consequences for missing the mark on such an important assessment, however? No, unless the consequences are latent, classified, unmuttered -- for reasons of national security. Indeed.
Hypothesis: Hit-and-miss strategies are unacceptable to business and alien to personal responsibility. Your business plan wins over no investors if the best you can offer is to try and then see what happens. Nor can you keep your house, cars, and recreational equipment if you promise to pay for them but don't quite manage to actually meet your obligations consistently. Why? Somebody on the other end, whose risk and livelihood are tied to these investments, notices and gauges viability. Constantly. Unrelentingly. Only in the large bureaucratic sanctuaries of government-supported experts does it appear that promises outweigh results. Attention spans there are short, and there are no readily identifiable consequences for serial failures. So, getting it wrong becomes not only commonplace. It threatens to become a default setting. Some things won't change until they have to change, it seems, particularly where mediocrity reigns. Are these factors conspiring to give mediocre intelligence a bad name? The next debacle will tell us more than the next analytical intelligence estimate.
Hopeful Sign
Then again ... battlefield commanders have certainly managed to harness tactical intelligence to produce results, as might concede the late bin Laden and any number of drone targets. Their metrics aren't so vague or nuanced, however. Striking the target is what counts. All else is effort, not progress. Is this lesson communicable, one wonders?
-- Nick Catrantzos
Monday, October 31, 2011
Piracy and Permission
In 2005 the International Maritime Organization recognized that Somali pirate hijacking of ships and holding of vessel and crew for ransom was becoming a serious problem. In October 2011, BBC News reported that the British Prime Minister has signed into law the limited authorization for British-flagged ships to carry defensive weapons -- only in defined areas where Somali pirates threaten maritime commerce. What is wrong with this picture?
The onus in such matters remains with the party best able to adapt to the exigencies of circumstance. Small wonder, then, that the pirates retain the adaptive edge. They extort millions for return of ship and crew, and do this so consistently as to now attract the equivalent of venture capital financiers to buy in advance AK-47 assault rifles and rocket-propelled grenades from Yemeni arms dealers in exchange for a share in the pirates' profits.
This situation shows how nimble rogues governed by boldness and a sense of market forces outmaneuver government bureaucracies constrained by regulatory impulses and fundamental distaste for allowing unauthorized people to take the lead in their own defense. Perhaps some of the abductees, like a British couple held for 388 days before being ransomed, might prefer an alternative approach.
What if armed passage became the default, and every unrecognized Somali skiff racing towards a freighter or tanker met with warning shots and the possibility of being outgunned by return fire? Then the likely outcome would be what the security industry knows as displacement. The pirates would have little alternative but to seek other prey or to enter a less risky line of business.
There are precedents for such security victories, but success favors bold strokes over bureaucratic hand-wringing. In the same time between recognition of the pirate problem and the anemic recognition of a right to self-defense, a more robust British administration eradicated a 300-year-old menace similarly affecting commerce. This involved the Thugs in India, who combined thievery, murder, religion, and secrecy to get away with victimizing travelers for centuries and leaving no trace. Slow to come to grips with the situation, the British eventually realized the problem and their own self-imposed limitations in a legal system that discounted evidence of informants. This favored the Thugs, for whom killing of witnesses had both religious and practical merits. So the British modified their laws to meet the threat. They rounded up Thugs and their families, encouraged informants, imposed severe penalties. In six years, the British effectively eradicated Thugs as a 300-year-old plague. More impressively, once the problem was over, the British restored a more permissive legal system that was in place before draconian measures were imposed.
There are lessons, here, for those who would harvest them. A bold enemy finds little incentive to succumb to feeble deliberations. Getting tough can be focused on a time and situation, then reversed once its purpose is served. It need not be a sentence to living under irreversible martial law. Finally, pirates, rogues, and thugs of all stripes do follow business rules and obey market forces -- even if they don't realize it. They favor activities where the risk is lower for them than for their targets, and they don't stick to what no longer pays.
Have we learned this ourselves?
-- Nick Catrantzos
The onus in such matters remains with the party best able to adapt to the exigencies of circumstance. Small wonder, then, that the pirates retain the adaptive edge. They extort millions for return of ship and crew, and do this so consistently as to now attract the equivalent of venture capital financiers to buy in advance AK-47 assault rifles and rocket-propelled grenades from Yemeni arms dealers in exchange for a share in the pirates' profits.
This situation shows how nimble rogues governed by boldness and a sense of market forces outmaneuver government bureaucracies constrained by regulatory impulses and fundamental distaste for allowing unauthorized people to take the lead in their own defense. Perhaps some of the abductees, like a British couple held for 388 days before being ransomed, might prefer an alternative approach.
What if armed passage became the default, and every unrecognized Somali skiff racing towards a freighter or tanker met with warning shots and the possibility of being outgunned by return fire? Then the likely outcome would be what the security industry knows as displacement. The pirates would have little alternative but to seek other prey or to enter a less risky line of business.
There are precedents for such security victories, but success favors bold strokes over bureaucratic hand-wringing. In the same time between recognition of the pirate problem and the anemic recognition of a right to self-defense, a more robust British administration eradicated a 300-year-old menace similarly affecting commerce. This involved the Thugs in India, who combined thievery, murder, religion, and secrecy to get away with victimizing travelers for centuries and leaving no trace. Slow to come to grips with the situation, the British eventually realized the problem and their own self-imposed limitations in a legal system that discounted evidence of informants. This favored the Thugs, for whom killing of witnesses had both religious and practical merits. So the British modified their laws to meet the threat. They rounded up Thugs and their families, encouraged informants, imposed severe penalties. In six years, the British effectively eradicated Thugs as a 300-year-old plague. More impressively, once the problem was over, the British restored a more permissive legal system that was in place before draconian measures were imposed.
There are lessons, here, for those who would harvest them. A bold enemy finds little incentive to succumb to feeble deliberations. Getting tough can be focused on a time and situation, then reversed once its purpose is served. It need not be a sentence to living under irreversible martial law. Finally, pirates, rogues, and thugs of all stripes do follow business rules and obey market forces -- even if they don't realize it. They favor activities where the risk is lower for them than for their targets, and they don't stick to what no longer pays.
Have we learned this ourselves?
-- Nick Catrantzos
Sunday, October 2, 2011
Trust Is Overrated
Due diligence is more reliable.
Ask Hewlett-Packard, a Silicon Valley titan of technology that has struggled to find a chief executive to match the leadership qualities of its founders. Instead, the American company with roots and profits anchored in high technology hardware, from calculators to printers to personal computers, hired a European functionary away from a financial software house, SAP, to take the helm and run the HP ship aground by selling off profitable core business and sending stock prices plummeting by 40%. A $25-million severance package eased the inelegant position that HP’s board found itself in when recently terminating this executive, Leo Apotheker, whom HP had trusted to lead the company into growth rather than convulsions. (Details in http://money.cnn.com/2011/09/22/technology/hp_ceo_fired/index.htm.) What were they thinking when they hired him?
Or ask the Swiss bank, UBS, whose London office allowed a British citizen, Kweku Adoboli, to lose over $2 billion in speculative trades, recalling a similar fiasco that rogue British trader Nick Leeson caused more than a decade earlier, to the demise of Barings Bank. When Leeson took down Barings with high-risk trades in complex derivatives, covering losses through creative bookkeeping and account juggling, his bosses grudgingly conceded that they trusted him and had difficulty understanding the new financial arena where Leeson was operating unchecked. Now Adoboli, under the impressively impenetrable title of Director of Global Synthetic Equities Trading, appears to be treading in Leeson’s footsteps with only a few differences. These are: better educational credentials (Adoboli is a university graduate.), self-confessed fraud in covering his unauthorized risk-taking, and an extra billion or so in money lost through speculative trades. Even though UBS remained in a stronger position to recover than Barings, the scandal attending this loss still cost a chief executive his job. (Details in http://www.nytimes.com/2011/09/25/business/ubs-chief-oswald-grubel-resigns-over-trading-scandal.html?pagewanted=all.)
Or, shifting gears, ask paramedic Richard Senneff, who responded to the scene of a dying Michael Jackson and tried to revive the performer without result. Senneff had no time to do anything but trust Jackson’s resident physician, who chose this moment to become selective in disclosing critical information. Specifically, the doctor said he had given Jackson only a mild sedative, and neglected to mention the http://www.blogger.com/img/blank.gifsurgical anesthetic, propofol, that had a hand in Jackson’s death. (Details in http://latimesblogs.latimes.com/lanow/2011/09/conrad-murray-lied-about-drugs-paramedic-says.html.)
What do these situations all have in common? Each fiasco involved trust – and its abuse. Bruised from a checkered history of negative press attaching to ethically questionable practices of previous CEOs Fiorina and Hurd, HP needed a new face of leadership and trusted to a lack of evident vices in Apotheker to make up for tarnished top management. Similarly, UBS trusted to a young rising star’s savvy in trading to realize impressive profits that proved too good to be true. Finally, the paramedic trusted to the information he received from a physician on site.
There were two significant differences in these cases, however, and both involved the paramedic. First, life-or-death decisions made the Michael Jackson case the most time-critical. Under the circumstances, the paramedic had no real choice but to take a medical professional at his word. At the same time, however, the paramedic was the only one to show signs of performing rudimentary due diligence even as events were unfolding. In particular, Senneff could not help noticing how what he was hearing was inconsistent with what he was seeing. The presence of intravenous apparatus connected to Michael Jackson and of a personal physician on site by no means corresponded to what the physician was saying about Jackson having no underlying medical conditions and receiving no drugs other than a mild sedative to facilitate sleep. The time-sensitive urgency of the medical response left no opportunity for debate. Still, responding paramedics found no pulse despite Jackson’s physician insisting he still felt one in the singer’s thigh.
What makes paramedics better able to perform elementary due diligence under stress while larger institutions like HP and UBS, with collective minds and IQs as great as the relative time they have to ponder significant decisions, do worse? Are they all trusting to their instincts under stress? If so, the paramedics’ instincts are superior. They are rooted in observation and rapid cognition, part of which includes a talent for spotting hazards and asking, “What is wrong with this picture?” It is precisely this absence of observation and cognition that either catalyzes or accelerates fiascoes of the HP and UBS variety.
What lessons may be learned from responders and applied by executives lacking in fiasco-insulating talent?
· Never turn a blind eye to hazard.
· Assume that all is not necessarily as it is being presented.
· When time allows, probe and play devil’s advocate.
· Remember that trust is earned and no substitute for due diligence – when there is time to perform it.
· Finally, in all matters involving mortals, take into account the likely presence of human rascality in all its manifestation. As political economist Stephen Leacock observed in a different century, “Men trust each other, knowing the exact amount of dishonesty to expect.”
- Nick Catrantzos
Ask Hewlett-Packard, a Silicon Valley titan of technology that has struggled to find a chief executive to match the leadership qualities of its founders. Instead, the American company with roots and profits anchored in high technology hardware, from calculators to printers to personal computers, hired a European functionary away from a financial software house, SAP, to take the helm and run the HP ship aground by selling off profitable core business and sending stock prices plummeting by 40%. A $25-million severance package eased the inelegant position that HP’s board found itself in when recently terminating this executive, Leo Apotheker, whom HP had trusted to lead the company into growth rather than convulsions. (Details in http://money.cnn.com/2011/09/22/technology/hp_ceo_fired/index.htm.) What were they thinking when they hired him?
Or ask the Swiss bank, UBS, whose London office allowed a British citizen, Kweku Adoboli, to lose over $2 billion in speculative trades, recalling a similar fiasco that rogue British trader Nick Leeson caused more than a decade earlier, to the demise of Barings Bank. When Leeson took down Barings with high-risk trades in complex derivatives, covering losses through creative bookkeeping and account juggling, his bosses grudgingly conceded that they trusted him and had difficulty understanding the new financial arena where Leeson was operating unchecked. Now Adoboli, under the impressively impenetrable title of Director of Global Synthetic Equities Trading, appears to be treading in Leeson’s footsteps with only a few differences. These are: better educational credentials (Adoboli is a university graduate.), self-confessed fraud in covering his unauthorized risk-taking, and an extra billion or so in money lost through speculative trades. Even though UBS remained in a stronger position to recover than Barings, the scandal attending this loss still cost a chief executive his job. (Details in http://www.nytimes.com/2011/09/25/business/ubs-chief-oswald-grubel-resigns-over-trading-scandal.html?pagewanted=all.)
Or, shifting gears, ask paramedic Richard Senneff, who responded to the scene of a dying Michael Jackson and tried to revive the performer without result. Senneff had no time to do anything but trust Jackson’s resident physician, who chose this moment to become selective in disclosing critical information. Specifically, the doctor said he had given Jackson only a mild sedative, and neglected to mention the http://www.blogger.com/img/blank.gifsurgical anesthetic, propofol, that had a hand in Jackson’s death. (Details in http://latimesblogs.latimes.com/lanow/2011/09/conrad-murray-lied-about-drugs-paramedic-says.html.)
What do these situations all have in common? Each fiasco involved trust – and its abuse. Bruised from a checkered history of negative press attaching to ethically questionable practices of previous CEOs Fiorina and Hurd, HP needed a new face of leadership and trusted to a lack of evident vices in Apotheker to make up for tarnished top management. Similarly, UBS trusted to a young rising star’s savvy in trading to realize impressive profits that proved too good to be true. Finally, the paramedic trusted to the information he received from a physician on site.
There were two significant differences in these cases, however, and both involved the paramedic. First, life-or-death decisions made the Michael Jackson case the most time-critical. Under the circumstances, the paramedic had no real choice but to take a medical professional at his word. At the same time, however, the paramedic was the only one to show signs of performing rudimentary due diligence even as events were unfolding. In particular, Senneff could not help noticing how what he was hearing was inconsistent with what he was seeing. The presence of intravenous apparatus connected to Michael Jackson and of a personal physician on site by no means corresponded to what the physician was saying about Jackson having no underlying medical conditions and receiving no drugs other than a mild sedative to facilitate sleep. The time-sensitive urgency of the medical response left no opportunity for debate. Still, responding paramedics found no pulse despite Jackson’s physician insisting he still felt one in the singer’s thigh.
What makes paramedics better able to perform elementary due diligence under stress while larger institutions like HP and UBS, with collective minds and IQs as great as the relative time they have to ponder significant decisions, do worse? Are they all trusting to their instincts under stress? If so, the paramedics’ instincts are superior. They are rooted in observation and rapid cognition, part of which includes a talent for spotting hazards and asking, “What is wrong with this picture?” It is precisely this absence of observation and cognition that either catalyzes or accelerates fiascoes of the HP and UBS variety.
What lessons may be learned from responders and applied by executives lacking in fiasco-insulating talent?
· Never turn a blind eye to hazard.
· Assume that all is not necessarily as it is being presented.
· When time allows, probe and play devil’s advocate.
· Remember that trust is earned and no substitute for due diligence – when there is time to perform it.
· Finally, in all matters involving mortals, take into account the likely presence of human rascality in all its manifestation. As political economist Stephen Leacock observed in a different century, “Men trust each other, knowing the exact amount of dishonesty to expect.”
- Nick Catrantzos
Tuesday, September 13, 2011
See More Nails? Get More Hammers.
Specialists see the world in terms of their specialty, and every time an attorney specializing in litigation or a vendor specializing in camera sales opines about the relative merits or perils of security surveillance, their natural bias competes against respective areas of ignorance to limit the value of their attending pronouncements. Either may have colorful things to say. Both omit points important for a deeper understanding of the issue.
Beginning with the lawyerly lament about too many cameras not only impinging on individual privacy but potentially leading to profligate spending in a time of fiscal constraint, the useful analytical point submerged in this hackneyed observation needs only a little more digging to unearth. The unstated point is that any flawed implementation is likely to waste money and produce unintended consequences undermining its desired benefits. Too much of a good thing can kill, hence the double-edged sword of elemental boons like fire and water, which await only arson or storm surge to turn from life-savers to life-extinguishers. So, yes, too many cameras multiply the potential for abuse, for someone using them to nefarious purposes, whether in adjusting fields of view to look not at the parking lot where assaults occur at night but at a nearby residence in whose yard a teenager is sunbathing immodestly during the day. Waste is also likely, particularly if the absence of intelligent oversight means that a security camera vendor receives carte blanche to clear the warehouse of every high-end, pan-tilt-zoom, infrared, weatherized camera in an installation where three quarters of the cameras could have easily been fixed-position devices costing a fraction of the price and requiring significantly less maintenance. The vendor gets a bonus for exceeding sales targets, while the customer gets an impressive quantity of modern devices to demonstrate how serious the end user is about security. Win-win, or lose-lose? More on this soon.
Maslow’s hammer refers to what the psychologist and founder of the hierarchy of needs once observed when noting that if one’s only tool is a hammer, one sees every problem as a nail. Rare is the special product vendor who can see or propose any solution other than his or her stock in trade. Thus, to the average security camera vendor, there is no security problem that cannot be solved without the addition of another surveillance camera. By comparison, an average purveyor of guard services tends to do precisely the same, only with services instead of products. Thus, to the latter, every security problem is just another guard assignment away from being solved. Each provider is selling only a hammer, therefore each sees the security problem only as a nail.
What is the real solution to this institutionalized myopia borne either of over specialization or limited range of implements in one’s tool chest? The answer is the kind of infusion of mind into the swirl of events that requires a seasoned managerial or security perspective, and preferably both. What do seasoned professionals do when facing security surveillance as a management issue? They begin with objectives, focus on the results their organizations need to achieve, and defend against scope creep or one-off distractions that enfeeble the chances of attaining identified objectives. This approach, incidentally, applies equally to technology implementations unrelated to security. Why? Because champions of new systems invariably oversell and continue to offer product and service extensions, often with little regard for whether their initial offerings have satisfied original criteria. If your security camera implementation has done nothing to limit parking lot assaults, for example, the vendor may well propose adding more cameras to more places, including hidden cameras outside of reception areas and extra ones at entrances and exits. Similarly, if your guard force contractor has failed to deliver on advertised loss reductions, he or she may suggest more guard posts and patrols, and even using uniformed guards as lobby ambassadors in reception areas. See more nails? Get more hammers.
Here is why this cycle of repetitive failures turns into a lose-lose situation. Both provider and beneficiary have lost sight of original objectives and, quite often, neither had thought these objectives through in the first place. What needs to happen instead? Begin by deciding the larger objective. Are the security cameras intended to prevent loss or to apprehend adversaries after the fact? A serious answer to this question guides the entire scope and investment of the surveillance camera implementation effort, and it is only a fool who will ask the hammer seller for a tool selection that also includes screwdrivers, pliers, and saws. Of course the vendor will offer to do it all. Turn on the blue light; the man wants a blue suit. But the reality is that attempts to do it all invariably end up diffusing effort, overextending systems, budgets, and schedules, and delivering flawed implementations, resulting in strained customer-provider relations. You can do one thing well or all things badly. What does your organization need?
Assume your organization is more interested in prevention than apprehension. This is the private sector security model as contrasted with the public safety model. The latter has a societal objective of chasing down offenders to capture and punish them and, by doing so, demonstrate to society at large that crime does not pay. [Incidentally, this public safety bias limits the ability of most police to operate surveillance cameras solely for prevention. Their invariable tendency is to use them more for investigation. Also, because they hired on to chase malefactors, watching cameras or defending assets are unattractive to cops in their prime.] In the context of running a business or even a public institution, however, few organizations can afford the resources for this hunt. Instead, their security functions earn their keep by preventing losses – which cost significantly less in time and staffing than trying to shadow the responsibilities of a police force without the same powers of arrest or investigation.
How does this assumption affect security camera implementation? First and foremost, if you are interested mainly in prevention, then you optimize your surveillance system for intrusion detection, period. This means that you place cameras along perimeters and entry points, and reduce to an absolute minimum the impulse to stockpile data unrelated to intrusion. This means you do not warehouse video images for months or years at a time because they may come in handy in some event reconstruction or one-off investigation into something at some point in time. Someone in the organization will always make the case that such capabilities are nice to have. But that someone will be an individual or department that has no idea of or responsibility for the burden of keeping such data, in terms of staff hours and capital investment. Absent a regulatory requirement that compels you to do otherwise, you must decide whether you are in the prevention business or in the monitoring-to-help-everyone-else-out business. If in the first, you overwrite your video files at the first logical opportunity – perhaps a week or two – and keep only what you flag for retention – perhaps within a few days of a loss or suspicious incident. This protocol puts you squarely in the prevention business rather than in the internal snooping business. It limits the audit trails that institutionalized snooping occasionally seeks, however. This means that the supervisor too inept to monitor or discipline an underperforming employee will not be able to look to your surveillance system to say, “Aha, Harry isn’t showing up on time and is always leaving early on days when I have to go out of the office.” What will such supervisors have to do if the surveillance system is unavailable to supply evidence to back disciplinary action? They will have to do the same thing they had to do in the days before such a system was around: supervise. Indeed, an employee relations manager told me that any time a supervisor wants to rely on security audit trails to catch an employee in some kind of routine performance deficiency, this proclivity signals a lack of supervision.
It is no surprise that specialists seeing the world in terms of their specialty offer up flawed solutions, without necessarily doing so in bad faith. They have hammers, so they see nails. The finesse in vaulting over this common hurdle, when it comes to security surveillance cameras, is in looking past the myopic vision of the hammer sellers to understand the bigger picture. Although it is rare to find this capacity in specialists, it is not entirely absent. I have worked with the occasional security systems vendor – usually a seasoned one who is secure in tenure and sufficiently senior in the organization to be insulated from sales quotas – who can and will advise against more cameras than anyone can usefully monitor. Such advice benefits the client and serves the enlightened self-interest of the provider, because every customer appreciates a hammer seller with the nerve to refuse to sell you another mallet when you clearly need a screwdriver.
- Nick Catrantzos
Beginning with the lawyerly lament about too many cameras not only impinging on individual privacy but potentially leading to profligate spending in a time of fiscal constraint, the useful analytical point submerged in this hackneyed observation needs only a little more digging to unearth. The unstated point is that any flawed implementation is likely to waste money and produce unintended consequences undermining its desired benefits. Too much of a good thing can kill, hence the double-edged sword of elemental boons like fire and water, which await only arson or storm surge to turn from life-savers to life-extinguishers. So, yes, too many cameras multiply the potential for abuse, for someone using them to nefarious purposes, whether in adjusting fields of view to look not at the parking lot where assaults occur at night but at a nearby residence in whose yard a teenager is sunbathing immodestly during the day. Waste is also likely, particularly if the absence of intelligent oversight means that a security camera vendor receives carte blanche to clear the warehouse of every high-end, pan-tilt-zoom, infrared, weatherized camera in an installation where three quarters of the cameras could have easily been fixed-position devices costing a fraction of the price and requiring significantly less maintenance. The vendor gets a bonus for exceeding sales targets, while the customer gets an impressive quantity of modern devices to demonstrate how serious the end user is about security. Win-win, or lose-lose? More on this soon.
Maslow’s hammer refers to what the psychologist and founder of the hierarchy of needs once observed when noting that if one’s only tool is a hammer, one sees every problem as a nail. Rare is the special product vendor who can see or propose any solution other than his or her stock in trade. Thus, to the average security camera vendor, there is no security problem that cannot be solved without the addition of another surveillance camera. By comparison, an average purveyor of guard services tends to do precisely the same, only with services instead of products. Thus, to the latter, every security problem is just another guard assignment away from being solved. Each provider is selling only a hammer, therefore each sees the security problem only as a nail.
What is the real solution to this institutionalized myopia borne either of over specialization or limited range of implements in one’s tool chest? The answer is the kind of infusion of mind into the swirl of events that requires a seasoned managerial or security perspective, and preferably both. What do seasoned professionals do when facing security surveillance as a management issue? They begin with objectives, focus on the results their organizations need to achieve, and defend against scope creep or one-off distractions that enfeeble the chances of attaining identified objectives. This approach, incidentally, applies equally to technology implementations unrelated to security. Why? Because champions of new systems invariably oversell and continue to offer product and service extensions, often with little regard for whether their initial offerings have satisfied original criteria. If your security camera implementation has done nothing to limit parking lot assaults, for example, the vendor may well propose adding more cameras to more places, including hidden cameras outside of reception areas and extra ones at entrances and exits. Similarly, if your guard force contractor has failed to deliver on advertised loss reductions, he or she may suggest more guard posts and patrols, and even using uniformed guards as lobby ambassadors in reception areas. See more nails? Get more hammers.
Here is why this cycle of repetitive failures turns into a lose-lose situation. Both provider and beneficiary have lost sight of original objectives and, quite often, neither had thought these objectives through in the first place. What needs to happen instead? Begin by deciding the larger objective. Are the security cameras intended to prevent loss or to apprehend adversaries after the fact? A serious answer to this question guides the entire scope and investment of the surveillance camera implementation effort, and it is only a fool who will ask the hammer seller for a tool selection that also includes screwdrivers, pliers, and saws. Of course the vendor will offer to do it all. Turn on the blue light; the man wants a blue suit. But the reality is that attempts to do it all invariably end up diffusing effort, overextending systems, budgets, and schedules, and delivering flawed implementations, resulting in strained customer-provider relations. You can do one thing well or all things badly. What does your organization need?
Assume your organization is more interested in prevention than apprehension. This is the private sector security model as contrasted with the public safety model. The latter has a societal objective of chasing down offenders to capture and punish them and, by doing so, demonstrate to society at large that crime does not pay. [Incidentally, this public safety bias limits the ability of most police to operate surveillance cameras solely for prevention. Their invariable tendency is to use them more for investigation. Also, because they hired on to chase malefactors, watching cameras or defending assets are unattractive to cops in their prime.] In the context of running a business or even a public institution, however, few organizations can afford the resources for this hunt. Instead, their security functions earn their keep by preventing losses – which cost significantly less in time and staffing than trying to shadow the responsibilities of a police force without the same powers of arrest or investigation.
How does this assumption affect security camera implementation? First and foremost, if you are interested mainly in prevention, then you optimize your surveillance system for intrusion detection, period. This means that you place cameras along perimeters and entry points, and reduce to an absolute minimum the impulse to stockpile data unrelated to intrusion. This means you do not warehouse video images for months or years at a time because they may come in handy in some event reconstruction or one-off investigation into something at some point in time. Someone in the organization will always make the case that such capabilities are nice to have. But that someone will be an individual or department that has no idea of or responsibility for the burden of keeping such data, in terms of staff hours and capital investment. Absent a regulatory requirement that compels you to do otherwise, you must decide whether you are in the prevention business or in the monitoring-to-help-everyone-else-out business. If in the first, you overwrite your video files at the first logical opportunity – perhaps a week or two – and keep only what you flag for retention – perhaps within a few days of a loss or suspicious incident. This protocol puts you squarely in the prevention business rather than in the internal snooping business. It limits the audit trails that institutionalized snooping occasionally seeks, however. This means that the supervisor too inept to monitor or discipline an underperforming employee will not be able to look to your surveillance system to say, “Aha, Harry isn’t showing up on time and is always leaving early on days when I have to go out of the office.” What will such supervisors have to do if the surveillance system is unavailable to supply evidence to back disciplinary action? They will have to do the same thing they had to do in the days before such a system was around: supervise. Indeed, an employee relations manager told me that any time a supervisor wants to rely on security audit trails to catch an employee in some kind of routine performance deficiency, this proclivity signals a lack of supervision.
It is no surprise that specialists seeing the world in terms of their specialty offer up flawed solutions, without necessarily doing so in bad faith. They have hammers, so they see nails. The finesse in vaulting over this common hurdle, when it comes to security surveillance cameras, is in looking past the myopic vision of the hammer sellers to understand the bigger picture. Although it is rare to find this capacity in specialists, it is not entirely absent. I have worked with the occasional security systems vendor – usually a seasoned one who is secure in tenure and sufficiently senior in the organization to be insulated from sales quotas – who can and will advise against more cameras than anyone can usefully monitor. Such advice benefits the client and serves the enlightened self-interest of the provider, because every customer appreciates a hammer seller with the nerve to refuse to sell you another mallet when you clearly need a screwdriver.
- Nick Catrantzos
Friday, September 9, 2011
A Beslan or Mumbai Strike on Churches
If al Qaeda, weaker yet anxious to carry out a 9/11 anniversary attack to remain credible and viable, felt obliged to seek high impact with limited resources, what better way than to stage a Beslan-style attack at a megachurch on a Sunday, 9/11/11? To the terrorists, such a target has attractive features, yet also obstacles and risk not necessarily anticipated.
First, what makes the megachurch an attractive target for this occasion? A weakened al Qaeda may not be able to replicate aircraft hijackings and see them through to the devastation of the 9/11 of a decade ago. Even if their operatives managed to commandeer passenger aircraft, the element of surprise is no longer with them. Gone are the days when accepted wisdom and security advice encouraged passengers to sit it out and await negotiations with hijackers to bring matters to a nonviolent close. Instead, the new expectation is what the passengers of United Flight 93 figured out for themselves: go down fighting. Thus, weaponizing passenger aircraft is not as likely to meet no passenger resistance as before. This makes it more attractive to strike from the ground. Megachurches assemble large numbers of people at arguably their most exposed condition: acceptance of strangers out of Christian benevolence. Entering this kind of environment is easier than, say, going into a federal courthouse or state capitol. Such targeted institutions also have to have parking facilities, which offer options for bringing weapons and improvised explosives closer and closer to intended victims. Finally, even those churches with armed security guards hardly have the number of defenders and kinds of weaponry sufficient to prevail in a firefight with a handful of purposeful, assault-rifle-equipped attackers. Few churches can tolerate a Gestapo image to contrast with their fundamentally open, welcoming embrace of their flock and any sinners in search of inner peace. So, given the right weapons and steeped in homicidal resolve, terrorists could turn a megachurch's spiritual gathering into a bloodbath. Besides, 9/11 falls on a Sunday this year, and turnout at a megachurch offers a greater concentration of potential victims and attending media coverage than, say, targeting a shopping mall or the kinds of public facilities that are closed on weekends. So much for the advantages.
Now for the disadvantages. Americans, even those animated by Christian benevolence, still have enough pioneer spirit and self-determination coursing through their cardio-vascular systems to go down fighting where others may not. Unlike Beslan, where Russians had to call on the Spetsnaz to respond to the Beslan suicide attack on a school and its defenseless children, most megachurches fall within reasonable proximity to a competent SWAT team. Moreover, as American law enforcement has learned from the Colombine tragedy, today's active shooter protocol no longer advises the nearest police responders to hold back and leave the situation to SWAT. Instead, the prevailing wisdom is to enter and engage, something all responders understand, especially the FDNY firefighters who perished in unmatched number while responding to the World Trade Center attacks ten years ago. In other times and places, victims shocked by a brutal attack fail to engage. The Mumbai attacks, for example, came with stories of how surprised local police officers refused to draw their weapons and went cowering in the face of determined attackers who outgunned them. Don't expect that phenomenon to rule the day if a megachurch comes under fire.
In ten years, our world has changed. Attacks thought too horrific to ponder have become scenarios in contingency plans. Terrorists may pick any target and, not necessarily being rational actors in their schemes, they may not think through their assumptions about American weakness, resolve, or capacity to adapt and fight back. May they not further their understanding at our expense, however.
- Nick Catrantzos
First, what makes the megachurch an attractive target for this occasion? A weakened al Qaeda may not be able to replicate aircraft hijackings and see them through to the devastation of the 9/11 of a decade ago. Even if their operatives managed to commandeer passenger aircraft, the element of surprise is no longer with them. Gone are the days when accepted wisdom and security advice encouraged passengers to sit it out and await negotiations with hijackers to bring matters to a nonviolent close. Instead, the new expectation is what the passengers of United Flight 93 figured out for themselves: go down fighting. Thus, weaponizing passenger aircraft is not as likely to meet no passenger resistance as before. This makes it more attractive to strike from the ground. Megachurches assemble large numbers of people at arguably their most exposed condition: acceptance of strangers out of Christian benevolence. Entering this kind of environment is easier than, say, going into a federal courthouse or state capitol. Such targeted institutions also have to have parking facilities, which offer options for bringing weapons and improvised explosives closer and closer to intended victims. Finally, even those churches with armed security guards hardly have the number of defenders and kinds of weaponry sufficient to prevail in a firefight with a handful of purposeful, assault-rifle-equipped attackers. Few churches can tolerate a Gestapo image to contrast with their fundamentally open, welcoming embrace of their flock and any sinners in search of inner peace. So, given the right weapons and steeped in homicidal resolve, terrorists could turn a megachurch's spiritual gathering into a bloodbath. Besides, 9/11 falls on a Sunday this year, and turnout at a megachurch offers a greater concentration of potential victims and attending media coverage than, say, targeting a shopping mall or the kinds of public facilities that are closed on weekends. So much for the advantages.
Now for the disadvantages. Americans, even those animated by Christian benevolence, still have enough pioneer spirit and self-determination coursing through their cardio-vascular systems to go down fighting where others may not. Unlike Beslan, where Russians had to call on the Spetsnaz to respond to the Beslan suicide attack on a school and its defenseless children, most megachurches fall within reasonable proximity to a competent SWAT team. Moreover, as American law enforcement has learned from the Colombine tragedy, today's active shooter protocol no longer advises the nearest police responders to hold back and leave the situation to SWAT. Instead, the prevailing wisdom is to enter and engage, something all responders understand, especially the FDNY firefighters who perished in unmatched number while responding to the World Trade Center attacks ten years ago. In other times and places, victims shocked by a brutal attack fail to engage. The Mumbai attacks, for example, came with stories of how surprised local police officers refused to draw their weapons and went cowering in the face of determined attackers who outgunned them. Don't expect that phenomenon to rule the day if a megachurch comes under fire.
In ten years, our world has changed. Attacks thought too horrific to ponder have become scenarios in contingency plans. Terrorists may pick any target and, not necessarily being rational actors in their schemes, they may not think through their assumptions about American weakness, resolve, or capacity to adapt and fight back. May they not further their understanding at our expense, however.
- Nick Catrantzos
Saturday, August 27, 2011
Etiquette as Insider Threat Defense
In a world of instant intimacy, one of the safest ways to keep adversaries away is an old device returned to modern service: etiquette. How so? Consider. All mortals need community and a chance to exchange ideas and share experiences. Where do they turn increasingly for business or social connections? Today’s popular alternatives are social networking sites. Many of these sites facilitate propagation of personal information and unguarded communications that may compromise participants. Opposing attorneys in child custody cases, for example, have recently taken to searching social networking sites for evidence that supports their client’s case against a former spouse based on the latter’s posted remarks and photographs or videos indicating irresponsibility or infidelity. (See J. Ruzich, “What you post can come back to haunt you: Attorneys in divorce, child custody cases increasingly searching online for evidence,” Chicago Tribune, June 15, 2011, at http://articles.chicagotribune.com/2011-06-15/news/ct-x-0615-divorce-facebook-20110615_1_divorce-social-networking-evidence-attorneys for details.)
If adversarial lawyers can exploit such revelations, so can savvy adversaries. Not only do such revelations open the discloser to extortion in flagrant cases, they also offer information that gives adversaries the means to influence or recruit the injudicious discloser who is too free with personal details. What is behind such impetuous self-revelations? Perhaps it is just a natural byproduct of people falling prey to instant intimacy at their own and at their employer’s expense. In professional and personal relationships, as a journalist and long term observer of the social scene concluded, “There is no such thing as instant intimacy.” (Per J. Martin, Miss Manners’ Guide to Excruciatingly Correct Behavior, New York: W.W. Norton & Company, 2005, p. 107.)
Indeed, as a student of violent victimizations found in uncovering methods common for attackers when attempting to get close to their victims, this effort to establish instant intimacy presents in the form of forced teaming, a technique whereby the assailant creates a false bond with the victim by making common cause and saying “we” in referring to self and victim before launching attacks from rape to abduction. (See G. de Becker, The Gift of Fear, New York: Dell Publishing, 1998, p. 64.) To the defender, whether on a personal or professional level, attempts at instant intimacy deserve more suspicion than receptivity.
Always remember that trust is earned, and earning trust is something that takes time, hence traditions based in etiquette that reflect this classic insight:
-- Nick Catrantzos
If adversarial lawyers can exploit such revelations, so can savvy adversaries. Not only do such revelations open the discloser to extortion in flagrant cases, they also offer information that gives adversaries the means to influence or recruit the injudicious discloser who is too free with personal details. What is behind such impetuous self-revelations? Perhaps it is just a natural byproduct of people falling prey to instant intimacy at their own and at their employer’s expense. In professional and personal relationships, as a journalist and long term observer of the social scene concluded, “There is no such thing as instant intimacy.” (Per J. Martin, Miss Manners’ Guide to Excruciatingly Correct Behavior, New York: W.W. Norton & Company, 2005, p. 107.)
Indeed, as a student of violent victimizations found in uncovering methods common for attackers when attempting to get close to their victims, this effort to establish instant intimacy presents in the form of forced teaming, a technique whereby the assailant creates a false bond with the victim by making common cause and saying “we” in referring to self and victim before launching attacks from rape to abduction. (See G. de Becker, The Gift of Fear, New York: Dell Publishing, 1998, p. 64.) To the defender, whether on a personal or professional level, attempts at instant intimacy deserve more suspicion than receptivity.
Always remember that trust is earned, and earning trust is something that takes time, hence traditions based in etiquette that reflect this classic insight:
Human nature does not change. It still takes a while to get to know and trust people, and the phony use of the manners of friendship by strangers and mere acquaintances only misleads people into thinking that instant intimacy is pleasant and safe. (A useful reminder from J. Martin, Miss Manners’ Guide for the Turn of the Millennium, New York: Fireside, 1990, p.4.)
-- Nick Catrantzos
Tuesday, August 9, 2011
Flash Robs: When "Guidance" Says Nothing
Why does perceived need to say something -- anything -- about a topic of moment for one's constituency so often result in products devoid of substance? A retail association's rush to issue "guidelines" on what to do about flash mob looters makes this point. While it is available at http://www.nrf.com/modules.php?name=News&op=viewlive&sp_id=1167, the download is a disappointment to a shopkeeper looking for useful insight into how to prevent loss or mitigate damage at the hands of a flash mob mobilized for mayhem. Instead, eight of the ten pages of the report delve into preambles and refer to a retailer survey -- all interesting matters in a different context -- yet more than a little divergent from the stated point of the "guidance" document. The remaining two pages are equally superficial.
In a show of erudition, this retail group's white paper even eschews mention of "flash mob" on its cover, preferring a title with the more arcane but technically correct "Multiple Offender Crimes" label. At least the subtitle hints at something more useful: Preparing for and Understanding the Impact of their Tactics. Yet it also disappoints, in the end.
The bulk of what purports to be guidance is a statistical compilation of losses followed by references to recent cases of looting by flash mobs. What value does this offer to anyone on the front lines of exposure? Perhaps it is akin to seeing one's shop in the news with pictures of it vandalized or burnt to the ground if one happened to be out of the country and incommunicado at the time of incident. But surely this amounts to telling Noah about the flood. After eight pages of reworking the obvious, what do two pages of "Suggested Guidance and Sample Response Protocol" offer? Nothinhttp://www.blogger.com/img/blank.gifg more than worn platitudes along the lines of be a good witness, observe and report, stay alert to any signs of groups converging, keep in close touch with mall security and local law enforcement, follow corporate policy on loss prevention -- the obvious made patronizing by being warmed up, over cooked, and served up as though some special dish never before tasted.
How did this retail "guidance" surface in the first place? A news article(http://apnews.myway.com/article/20110809/D9P0I3AG0.html) took at face value the purported aim of this white paper to offer "steps stores can take to ward off the robberies." A closer examination, indeed any examination, would have revealed that such steps were nowhere to be found.
In security as in any worthy field of endeavor, guidance has to say something useful and relevant. Rewarming platitudes in the zeal to appear topical and responsive is a disservice, not a plus. Flash robbers have nothing to fear from retailers who rely on such"guidance." Isn't that a shame?
- Nick Catrantzos
In a show of erudition, this retail group's white paper even eschews mention of "flash mob" on its cover, preferring a title with the more arcane but technically correct "Multiple Offender Crimes" label. At least the subtitle hints at something more useful: Preparing for and Understanding the Impact of their Tactics. Yet it also disappoints, in the end.
The bulk of what purports to be guidance is a statistical compilation of losses followed by references to recent cases of looting by flash mobs. What value does this offer to anyone on the front lines of exposure? Perhaps it is akin to seeing one's shop in the news with pictures of it vandalized or burnt to the ground if one happened to be out of the country and incommunicado at the time of incident. But surely this amounts to telling Noah about the flood. After eight pages of reworking the obvious, what do two pages of "Suggested Guidance and Sample Response Protocol" offer? Nothinhttp://www.blogger.com/img/blank.gifg more than worn platitudes along the lines of be a good witness, observe and report, stay alert to any signs of groups converging, keep in close touch with mall security and local law enforcement, follow corporate policy on loss prevention -- the obvious made patronizing by being warmed up, over cooked, and served up as though some special dish never before tasted.
How did this retail "guidance" surface in the first place? A news article(http://apnews.myway.com/article/20110809/D9P0I3AG0.html) took at face value the purported aim of this white paper to offer "steps stores can take to ward off the robberies." A closer examination, indeed any examination, would have revealed that such steps were nowhere to be found.
In security as in any worthy field of endeavor, guidance has to say something useful and relevant. Rewarming platitudes in the zeal to appear topical and responsive is a disservice, not a plus. Flash robbers have nothing to fear from retailers who rely on such"guidance." Isn't that a shame?
- Nick Catrantzos
Thursday, July 21, 2011
Terror and Ugliness
So there I was, spooning Tabasco into my porridge to make it taste like food, when all of a sudden this jumped out of the bushes at me: Being ugly makes a difference to your security. Well, mine, anyway. How do I figure? Two ways.
First, as my bud Big Steve would say, “In poker, they call it a tell.” (Now Big Steve is a good ole boy, does a lot of thinkin’. He was the first to let on that the sign Wet Paint is not an instruction.) See, if the bad guys really are prone to being uglier than not… — sorta gives a guy a leg up on ’em, help see ’em comin’. Far-fetched? Maybe, maybe not. Some really smart professors who get people to pay ’em for what Big Steve and me keep studyin’ Thursday nights across the green felt – well, these birds reckon real good liars do a whole lot better if they’re good lookin’ too (Aldert Vrij, Par Anders Granhag, and Samantha Mann, “Good liars,” in Open Access Journal of Forensic Psychology, Vol. 1, 2009. Retrieved July 20, 2011 from http://web.me.com/gregdeclue/Site/Volume_1__2009_files/2009-excerpt-Vrij.pdf )
Now, stay with my train of logic, here. If they’re real good, we don’t see ’em. That means they get away with it. Why? According to the professors’ research, folks just plain tend to buy what attractive people are pitchin’ and it helps even more if the liars don’t talk too fast or act jumpy while making the sale. OK, fine. That part don’t help a whole lot … till you get this politically incorrect news flash: How come so many of the death-to-America chuckleheads are plain butt-ugly? Now I mean by our standards, of course. Sure, there’s somewhere where scraggily bin Laden, al-Zawahiri, shoe bomber Richard Reid, Ft. Hood shooter Nidal Makil Hassan, and underwear bomber Farouk Abdulmutallab qualify for rock star status with their roadies. I just ain’t seen it here. And even the guys that may not be so ugly like skivvy-slinging Farouk, let on about being socially isolated – feelin’ like a turd in a punchbowl (E. Andrews, “Lonely bomber in his own words: What Umar Farouk Abdulmutallab wrote about his family, sex ... and his love of Liverpool FC,” Mail Online, December 30, 2009. Retrieved July 20, 2011 from http://www.dailymail.co.uk/news/article-1239162/Umar-Farouk-Abdulmutallabs-charred-underwear-hid-explosives-Christmas-day-airline-bomb-plot.html). That’s right. Skivvy slinger bellyached about havin’ no friends and someone who went to the same school said, “he was pretty quiet and didn’t socialize much or have a girlfriend (ibid).” Duh. Clue or what?
So, here’s Point #1: The bad guys haven’t broke the code on this tell. A lot of ’em started out ugly and stay ugly or get uglier over time. As in not getting’ better lookin’ each day. Why do we miss out on this tell? Well, this article from a Canadian magazine, of all places, calls it “the curse of the indelicate obvious. (N. Catrantzos, “Defending Against the Threat of Insider Financial Crime,” Frontline Security, October 2010, (pp. 17-19). Retrieved July 20, 2011 from http://www.frontline-security.org/publications/10_SEC2_Money.php
I don’t need fancy words like that to cover up a smart way to be stupid. We do it all the time. Old lady sees the elevator door open and a big nasty guy in there droolin’ and smellin’ ripe. Does she stay out? Nope. She steps right into that box to get mugged by him ’cause she don’t want to cast aspersions or some such. You see it all the time (as noted in Gavin DeBecker’s Gift of Fear, New York: Little, Brown & Company, 1997, available at http://www.amazon.com/Gift-Fear-Survival-Signals-Violence/dp/0316235024/ref=tmm_hrd_title_0 ) Smart folks making theirselves stupid and missin’ obvious clues on account of not wantin’ to hurt somebody’s feelins. So, if Point #1 is to pick up on the easy tell that the bad guys don’t realize they’re puttin’ out there, what’s Point #2?
It’s that maybe acts of terrorism attract ugly perps. Why? What else they got to do? It’s not like they got to skip out on a lot of dates on a Saturday night to pencil in jihad on their dance card. Hell, I may have seen one of these guys in his early stages my own self but didn’t know it at the time. His name was Omar and he actually fought with the Taliban against the commies as a kid. Used to hurt his feelings in 2000 when someone in the office called the Taliban terrorists. “Please, freedom fighters,” Omar said, real respectful-like. Now Omar wasn’t exactly ugly. He was presentable. But somethin’ about him turned off the girls in the office. Can you feature where this is goin’? No dates on Saturday night – just like the skivvy slinger. So, next thing you know, Omar takes to talking a lot of politics in Urdu on the phone instead of doin’ his job in finance. The company lets him go. Word was, before 9/11/01, Omar had hightailed it back to Pakistan and had been fixin’ to find hisself a bride there in an arranged marriage. Sure.
Point #2 is that ugly people, or people who see theirself as a social outcast – ugly or not – what they got to lose? You can sneak up on this point another way. Ask a Secret Service agent looking into a threat how to get a handle on the subject. Chances are he’ll be talkin’ about “looking into how the person has dealt with unbearable stress … examining past traumatic events in his life (such as) feeling humiliated or being rejected, especially in public (R. A. Fein and B. Vossekuil, Protective Intelligence and Threat Assessment Investigations, U.S. Department of Justice, July 1998, p. 17. Fein is a psychologist for the Secret Service and Vossekuil was a Deputy Special Agent in Charge.)” That sort of academo cop talk they use in formal situations— not like when you break out the kitchen whisky after bustin’ some caps at the range, if you get my drift.
Bottom Line: Keep your powder dry and keep your head on swivel when the next suspicious character is ugly, too.
-- Lamar Bodine, guest columnist and old school world watcher
First, as my bud Big Steve would say, “In poker, they call it a tell.” (Now Big Steve is a good ole boy, does a lot of thinkin’. He was the first to let on that the sign Wet Paint is not an instruction.) See, if the bad guys really are prone to being uglier than not… — sorta gives a guy a leg up on ’em, help see ’em comin’. Far-fetched? Maybe, maybe not. Some really smart professors who get people to pay ’em for what Big Steve and me keep studyin’ Thursday nights across the green felt – well, these birds reckon real good liars do a whole lot better if they’re good lookin’ too (Aldert Vrij, Par Anders Granhag, and Samantha Mann, “Good liars,” in Open Access Journal of Forensic Psychology, Vol. 1, 2009. Retrieved July 20, 2011 from http://web.me.com/gregdeclue/Site/Volume_1__2009_files/2009-excerpt-Vrij.pdf )
Now, stay with my train of logic, here. If they’re real good, we don’t see ’em. That means they get away with it. Why? According to the professors’ research, folks just plain tend to buy what attractive people are pitchin’ and it helps even more if the liars don’t talk too fast or act jumpy while making the sale. OK, fine. That part don’t help a whole lot … till you get this politically incorrect news flash: How come so many of the death-to-America chuckleheads are plain butt-ugly? Now I mean by our standards, of course. Sure, there’s somewhere where scraggily bin Laden, al-Zawahiri, shoe bomber Richard Reid, Ft. Hood shooter Nidal Makil Hassan, and underwear bomber Farouk Abdulmutallab qualify for rock star status with their roadies. I just ain’t seen it here. And even the guys that may not be so ugly like skivvy-slinging Farouk, let on about being socially isolated – feelin’ like a turd in a punchbowl (E. Andrews, “Lonely bomber in his own words: What Umar Farouk Abdulmutallab wrote about his family, sex ... and his love of Liverpool FC,” Mail Online, December 30, 2009. Retrieved July 20, 2011 from http://www.dailymail.co.uk/news/article-1239162/Umar-Farouk-Abdulmutallabs-charred-underwear-hid-explosives-Christmas-day-airline-bomb-plot.html). That’s right. Skivvy slinger bellyached about havin’ no friends and someone who went to the same school said, “he was pretty quiet and didn’t socialize much or have a girlfriend (ibid).” Duh. Clue or what?
So, here’s Point #1: The bad guys haven’t broke the code on this tell. A lot of ’em started out ugly and stay ugly or get uglier over time. As in not getting’ better lookin’ each day. Why do we miss out on this tell? Well, this article from a Canadian magazine, of all places, calls it “the curse of the indelicate obvious. (N. Catrantzos, “Defending Against the Threat of Insider Financial Crime,” Frontline Security, October 2010, (pp. 17-19). Retrieved July 20, 2011 from http://www.frontline-security.org/publications/10_SEC2_Money.php
I don’t need fancy words like that to cover up a smart way to be stupid. We do it all the time. Old lady sees the elevator door open and a big nasty guy in there droolin’ and smellin’ ripe. Does she stay out? Nope. She steps right into that box to get mugged by him ’cause she don’t want to cast aspersions or some such. You see it all the time (as noted in Gavin DeBecker’s Gift of Fear, New York: Little, Brown & Company, 1997, available at http://www.amazon.com/Gift-Fear-Survival-Signals-Violence/dp/0316235024/ref=tmm_hrd_title_0 ) Smart folks making theirselves stupid and missin’ obvious clues on account of not wantin’ to hurt somebody’s feelins. So, if Point #1 is to pick up on the easy tell that the bad guys don’t realize they’re puttin’ out there, what’s Point #2?
It’s that maybe acts of terrorism attract ugly perps. Why? What else they got to do? It’s not like they got to skip out on a lot of dates on a Saturday night to pencil in jihad on their dance card. Hell, I may have seen one of these guys in his early stages my own self but didn’t know it at the time. His name was Omar and he actually fought with the Taliban against the commies as a kid. Used to hurt his feelings in 2000 when someone in the office called the Taliban terrorists. “Please, freedom fighters,” Omar said, real respectful-like. Now Omar wasn’t exactly ugly. He was presentable. But somethin’ about him turned off the girls in the office. Can you feature where this is goin’? No dates on Saturday night – just like the skivvy slinger. So, next thing you know, Omar takes to talking a lot of politics in Urdu on the phone instead of doin’ his job in finance. The company lets him go. Word was, before 9/11/01, Omar had hightailed it back to Pakistan and had been fixin’ to find hisself a bride there in an arranged marriage. Sure.
Point #2 is that ugly people, or people who see theirself as a social outcast – ugly or not – what they got to lose? You can sneak up on this point another way. Ask a Secret Service agent looking into a threat how to get a handle on the subject. Chances are he’ll be talkin’ about “looking into how the person has dealt with unbearable stress … examining past traumatic events in his life (such as) feeling humiliated or being rejected, especially in public (R. A. Fein and B. Vossekuil, Protective Intelligence and Threat Assessment Investigations, U.S. Department of Justice, July 1998, p. 17. Fein is a psychologist for the Secret Service and Vossekuil was a Deputy Special Agent in Charge.)” That sort of academo cop talk they use in formal situations— not like when you break out the kitchen whisky after bustin’ some caps at the range, if you get my drift.
Bottom Line: Keep your powder dry and keep your head on swivel when the next suspicious character is ugly, too.
-- Lamar Bodine, guest columnist and old school world watcher
Tuesday, July 12, 2011
Exclamatory Inflation
The phenomenon is long standing and pervasive. In retail, "Ours is the best in town!" may be the claim. In security? Look for service providers with names like Total Security or, as in other hackneyed hustling of hype, A1, First This, or Best That. If not in the name itself, the exaggeration may find its way into the slogan: When Only the Best is Good Enough. For slightly more subtle variants, look in brochures and proposals where the seller characterizes the offering as Best in Class or its employees as Top-Notch. Finally, to remove any doubt that over-promotion is in progress -- whatever the field or discipline -- count exclamation marks. A single exclamation point in an otherwise declarative statement of capabilities is the mark of the sales team starting to overtake operations. As exclamation points multiply, however, credibility diminishes. When every paragraph has a sentence ending with such punctuation, the literature has turned into more pitch than substance. When multiple exclamation points come in a row (!!!), there is no point in reading further to be informed. The only more certain sign of fluff and hype is the added annoyance of INSERTING CAPITAL LETTERS TO CALL ATTENTION WHERE THERE IS NO GRAMMATICAL REASON FOR DOING SO, as if screaming from the page.
In security, the principal value of all this exclamatory inflation comes from noticing its absence. Serious people doing serious business eschew the vulgar, the needlessly showy, and the kinds of exaggerations that create unreasonably high expectations which are impossible to satisfy absent some miracle. The genuinely capable providers of security products and services recognize their limitations and avoid generating misleading sales pitches or, worse still, misleading sales pitches in bold type with weasel-worded disclaimers in microscopic footnotes. In some parts of the security business, the net result has been a sober tuning down of rhetorical flourishes, which is why protective glazing is now called "bullet-resistant," but seldom any longer marketed as "bullet-proof."
The credible vendors and contractors of security wares make their marketing pitches more subtle. Thus an alarm contractor may emphasize 24-hour monitoring and armed dispatch, showing an advertisement which features a command center with sophisticated video displays and a large staff suitable for monitoring intercontinental missile launches. In reality, the operation may be run out of a leased basement with old telephones and last generation computer monitors, and the armed response consists not of a dispatched patrol of contract guards in an imposing vehicle with even more imposing firearms, as shown in the ad, but of a call to local police who show up when they can with whatever equipment they carry on duty. Similarly, otherwise reliable guard services showcase in their advertisements the kind of good looking, imposing officers who only look good in their uniforms because they are professional models, and whose apparent ability to respond to dangerous situations and to reassure worried clients never quite matches up to the illusion fostered by a glossy advertising campaign.
While the best firms will not overtly misrepresent their actual capabilities, they will airbrush blemishes and avoid circulating collateral marketing handouts that show real employees and equipment, warts and all -- no matter how competent they may be. Why? As Niccolo Machiavelli observed, people "judge more by the eye than the hand, for all men can see a thing, but few come close enough to touch it (1981, The Prince, translated by Daniel Donno, New York: Bantam Books, pp. 63-63).
What does all this mean for consumers of security goods and services? There are indeed times when less is more, and when it pays to remark what a provider is not saying, underscoring, or shouting via exclamatory inflation. The serious, credible offerors know what they can legitimately advertise and confine their sales hype to the milder illusions created by imagery -- not the exclamatory inflation of promises no one can ever keep. Watch for what they are not saying.
-- Nick Catrantzos
In security, the principal value of all this exclamatory inflation comes from noticing its absence. Serious people doing serious business eschew the vulgar, the needlessly showy, and the kinds of exaggerations that create unreasonably high expectations which are impossible to satisfy absent some miracle. The genuinely capable providers of security products and services recognize their limitations and avoid generating misleading sales pitches or, worse still, misleading sales pitches in bold type with weasel-worded disclaimers in microscopic footnotes. In some parts of the security business, the net result has been a sober tuning down of rhetorical flourishes, which is why protective glazing is now called "bullet-resistant," but seldom any longer marketed as "bullet-proof."
The credible vendors and contractors of security wares make their marketing pitches more subtle. Thus an alarm contractor may emphasize 24-hour monitoring and armed dispatch, showing an advertisement which features a command center with sophisticated video displays and a large staff suitable for monitoring intercontinental missile launches. In reality, the operation may be run out of a leased basement with old telephones and last generation computer monitors, and the armed response consists not of a dispatched patrol of contract guards in an imposing vehicle with even more imposing firearms, as shown in the ad, but of a call to local police who show up when they can with whatever equipment they carry on duty. Similarly, otherwise reliable guard services showcase in their advertisements the kind of good looking, imposing officers who only look good in their uniforms because they are professional models, and whose apparent ability to respond to dangerous situations and to reassure worried clients never quite matches up to the illusion fostered by a glossy advertising campaign.
While the best firms will not overtly misrepresent their actual capabilities, they will airbrush blemishes and avoid circulating collateral marketing handouts that show real employees and equipment, warts and all -- no matter how competent they may be. Why? As Niccolo Machiavelli observed, people "judge more by the eye than the hand, for all men can see a thing, but few come close enough to touch it (1981, The Prince, translated by Daniel Donno, New York: Bantam Books, pp. 63-63).
What does all this mean for consumers of security goods and services? There are indeed times when less is more, and when it pays to remark what a provider is not saying, underscoring, or shouting via exclamatory inflation. The serious, credible offerors know what they can legitimately advertise and confine their sales hype to the milder illusions created by imagery -- not the exclamatory inflation of promises no one can ever keep. Watch for what they are not saying.
-- Nick Catrantzos
Wednesday, June 29, 2011
Stupidity the Next Pandemic?
Events on the world or national stage must surely cast doubt over educator Ken Robinson’s assertion that we should not so much be asking how intelligent people are as how they are intelligent (K. Robinson, The Element, NY: Viking, 2009, p.43). Look at Greece’s economic meltdown accompanied with strikes and entitlement protests only making matters worse. Or consider sports fans like those rioting in the streets of otherwise sedate Vancouver because their team lost the Stanley Cup (not as in misplacing the trophy but as in being decisively outplayed by Detroit). Then turn to the TSA’s latest ham-handed faux pas in a screener’s browbeating of an ailing, 95-year-old passenger who had to surrender her Depends undergarment or miss her flight. How is this intelligent, indeed? Perhaps the better questions to ponder are, “How are we stupid? Or how are we this stupid?”
Next look at how TSA managed damage control on the foregoing story by crowing that they did not actually strip-search the woman or take away her undergarment. No, they just gave her options like not being able to make her flight unless she abandoned it (per CNN’s June 27 account at http://www.cnn.com/2011/TRAVEL/06/27/florida.tsa.incident/index.html). This public relations statement makes things better? Now the questions become, “How stupid are we? Or, how stupid are we supposed to be?”
Toleration for stupidity is growing in proportion to its global spread, and there are common threads running through active practitioners of such stupidity. One of the threads is the tie between this kind of hostile behavior against innocuous targets and the power and status of those responsible for the stupidity in question. [For illumination on this subject, see J. C. Magee and A. D. Galindky, “Social Hierarchy: The Self-Reinforcing Nature of Power and Status, The Academy of Management Annals, Volume 2, August 2008, pp. 351-398.] It is a safe bet to infer that the agents of stupidity have relatively little status in their respective worlds. Jobless anarchists, drunken sports fans, and even the vast majority of hard-working but eternally vilified TSA inspectors enjoy the relative status of whale droppings – which must be at the bottom of the ocean. Having no status in the public eye, some nevertheless retain a certain power to compensate. It is the power of the small to take out their frustrations on people or objects unable to defend themselves. If you can’t win the game, you upset the checkerboard.
So these displays of maleficence, or stupidity, linger and proliferate, absent an injection of adult mind into the swirl of adolescently botched events. The situation recalls the favorite aphorism of my business law professor in an MBA program:
This life’s hard, but it’s harder if you’re stupid.
--George V. Higgins: The Friends of Eddie Coyle
But wait. There is more. Could things actually be getting worse? One New Yorker, in subtle refutation of the title of a New York Times reporter’s faith in The Wisdom of Crowds (J. Surowiecki, NY: Anchor Books, 2004) recently drew attention to the subtle trend for the benefit of responders. Writing in Watchline (Issue 06.23.11), a weekly one-pager created for enhancing fire fighter situational awareness in New York that has since gone quietly viral in the response community, FDNY’s Captain Sean Newman had this to say about the phenomenon:
Researcher Determines that Stupidity is Contagious
An Austrian psychologist has released a study in the journal Media Psychology (http://www.tandfonline.com/doi/abs/10.1080/15213269.2011.573461)claiming that being exposed to “stupid” behavior, in this case reading a story about soccer hooligans, lowered a test groups’ average test score compared to a control group, according to the Wall Street Journal (http://online.wsj.com/article/SB10001424052702304319804576387660130445524.html). Students who read the hooligan story, and did not have mechanisms to distance themselves from the protagonist, scored 5-7 percent less than the control group on a “difficult” test covering geography, science and arts.
Assessment: Scientists have proposed the infectiousness of behavior (and ideas)since at least the late 19th Century. Gustave LeBon introduced the concept of contagion theory to describe crowd behavior, which he postulated was driven by the unconscious mind. Later, convergence theory took hold, claiming that participants share a common disposition in close proximity. These theories suggest that the crowd collectively accepts a new norm, which justifies behavior that they would not normally practice. Today, crowd mitigation efforts focus on the Elaborated Social Identity Model(ESIM), stating that temporary identity with the crowd becomes “salient,” or prominent. ESIM has caused a shift in crowd management away from aggressive police tactics, such as challenging mobs with riot gear, which may provoke the group, to more subtle forms of behavior modification such as crowd “self-policing,” identity transfer, and police/crowd education efforts.
What do all these events communicate to a security professional? Two things:
-- Job security, for the essence of stupidity is that it will always stimulate the demand for protection from its expression.
-- A rueful nod to this wisdom seen in Pike’s Place Market, Seattle, on a T-shirt for sale among tourist trinkets:
Stupid kills – But not near enough.
-- Nick Catrantzos
Next look at how TSA managed damage control on the foregoing story by crowing that they did not actually strip-search the woman or take away her undergarment. No, they just gave her options like not being able to make her flight unless she abandoned it (per CNN’s June 27 account at http://www.cnn.com/2011/TRAVEL/06/27/florida.tsa.incident/index.html). This public relations statement makes things better? Now the questions become, “How stupid are we? Or, how stupid are we supposed to be?”
Toleration for stupidity is growing in proportion to its global spread, and there are common threads running through active practitioners of such stupidity. One of the threads is the tie between this kind of hostile behavior against innocuous targets and the power and status of those responsible for the stupidity in question. [For illumination on this subject, see J. C. Magee and A. D. Galindky, “Social Hierarchy: The Self-Reinforcing Nature of Power and Status, The Academy of Management Annals, Volume 2, August 2008, pp. 351-398.] It is a safe bet to infer that the agents of stupidity have relatively little status in their respective worlds. Jobless anarchists, drunken sports fans, and even the vast majority of hard-working but eternally vilified TSA inspectors enjoy the relative status of whale droppings – which must be at the bottom of the ocean. Having no status in the public eye, some nevertheless retain a certain power to compensate. It is the power of the small to take out their frustrations on people or objects unable to defend themselves. If you can’t win the game, you upset the checkerboard.
So these displays of maleficence, or stupidity, linger and proliferate, absent an injection of adult mind into the swirl of adolescently botched events. The situation recalls the favorite aphorism of my business law professor in an MBA program:
This life’s hard, but it’s harder if you’re stupid.
--George V. Higgins: The Friends of Eddie Coyle
But wait. There is more. Could things actually be getting worse? One New Yorker, in subtle refutation of the title of a New York Times reporter’s faith in The Wisdom of Crowds (J. Surowiecki, NY: Anchor Books, 2004) recently drew attention to the subtle trend for the benefit of responders. Writing in Watchline (Issue 06.23.11), a weekly one-pager created for enhancing fire fighter situational awareness in New York that has since gone quietly viral in the response community, FDNY’s Captain Sean Newman had this to say about the phenomenon:
Researcher Determines that Stupidity is Contagious
An Austrian psychologist has released a study in the journal Media Psychology (http://www.tandfonline.com/doi/abs/10.1080/15213269.2011.573461)claiming that being exposed to “stupid” behavior, in this case reading a story about soccer hooligans, lowered a test groups’ average test score compared to a control group, according to the Wall Street Journal (http://online.wsj.com/article/SB10001424052702304319804576387660130445524.html). Students who read the hooligan story, and did not have mechanisms to distance themselves from the protagonist, scored 5-7 percent less than the control group on a “difficult” test covering geography, science and arts.
Assessment: Scientists have proposed the infectiousness of behavior (and ideas)since at least the late 19th Century. Gustave LeBon introduced the concept of contagion theory to describe crowd behavior, which he postulated was driven by the unconscious mind. Later, convergence theory took hold, claiming that participants share a common disposition in close proximity. These theories suggest that the crowd collectively accepts a new norm, which justifies behavior that they would not normally practice. Today, crowd mitigation efforts focus on the Elaborated Social Identity Model(ESIM), stating that temporary identity with the crowd becomes “salient,” or prominent. ESIM has caused a shift in crowd management away from aggressive police tactics, such as challenging mobs with riot gear, which may provoke the group, to more subtle forms of behavior modification such as crowd “self-policing,” identity transfer, and police/crowd education efforts.
What do all these events communicate to a security professional? Two things:
-- Job security, for the essence of stupidity is that it will always stimulate the demand for protection from its expression.
-- A rueful nod to this wisdom seen in Pike’s Place Market, Seattle, on a T-shirt for sale among tourist trinkets:
Stupid kills – But not near enough.
-- Nick Catrantzos
Thursday, June 16, 2011
Hurricane Lesson: Riot Watch
In the pantheon of devastating events, hurricanes rank high. One of the few handles a hurricane offers defenders for at least mitigating loss if not taking charge is that you can see it coming, hence the benefit of hurricane watch and hurricane warning. Indeed, official sites exist to explain the difference between the two (such as www.nhc.noaa.gov/HAW2/english/basics.shtml). Why not apply similar lessons to riots, such as the sore loser Stanley Cup riot that Vancouver experienced yesterday?
Some fundamental differences compel attention, however. First, a hurricane is a natural disaster. A riot is an induced catastrophe. (Mayer Nudell first breathed life into this distinction for me in his classic Handbook for Effective Emergency and Crisis Management, available at www.amazon.com/Handbook-Effective-Emergency-Management-Low-Intensity.) Consequently, there are fewer political impediments to declaring a hurricane warning, an announcement that a hurricane is imminent, than to declaring a riot warning. After all, to declare a riot warning is to admit to failures of planning and prevention -- something that Vancouver's (or any jurisdiction's) leadership would hesitate to do for fear of inspiring lawsuits and removal from office. But what about a riot watch? Wouldn't this be more benign and easier for a police agency or merchant's association to announce every time a public event is likely to produce crowds, the sine qua non for mobs and riots?
Assuming this to be the case, what is a merchant to do? Again, transferring a lesson from hurricanes to riots may avail. Everyone has seen certain supplies run out as people prepare for hurricanes, including plywood and duct tape. If I were a merchant in downtown Vancouver, I would anticipate the destructive impact of a possible riot the same way a Floridian counterpart would try to minimize damage to the store in the face of an approaching hurricane. Seal off the shop. Affix plywood panels to cover the display windows, under the likely assumption that if any crowd is transiting the area in large numbers after being stoked on high emotions, liquor, or drugs, the best of glass-break sensors and intrusion alarms will never summon any response force that will be able to arrive in time to defend your property and source of livelihood. Private security will not be able to reach your store and police will have other, life safety priorities taking precedence over protecting your inventory. So, if you do not see to your own defenses, looters and vandals will likely face no impediment to stealing and destroying your shop and any others in their path. Under the circumstances, making access to your business just a little more difficult than to the next shop may make all the difference between staying in business and going broke.
Here is where I would veer a bit off the hurricane preparations, though. Paint the plywood in the colors of the local sports team, whatever it might be, and then stencil across these plywood window protectors a message of support for the local team. In Vancouver's case, the message would be, "Go Canucks!" Then, affix a small sign on your front door saying, "Closed for the game. Go Canucks, go." What does this do? For rioters whose inspiration or pretense for mayhem retains even the thinnest connection to the sporting event that drew them to congregate in the first place, your sign is the equivalent of a metaphorical cross before a vampire. Attacking your shop so adorned takes on the symbolic appearance of attacking one's own team -- sacrilege to even a drunken sports fan. Best of all, this serves your interests equally regardless of whether the home team wins or loses. Remember that riots increasingly break out among exuberant crowds even when they are celebrating home team victories as much as when they are lamenting home team defeats.
Do I have research-supported data guaranteeing this defense will work? Not at all. But compared to the high cost of insurance and potential exclusion of coverage for riot-related damage, a business owner may well feel there is more to gain than lose by trying it out.
-- Nick Catrantzos
Some fundamental differences compel attention, however. First, a hurricane is a natural disaster. A riot is an induced catastrophe. (Mayer Nudell first breathed life into this distinction for me in his classic Handbook for Effective Emergency and Crisis Management, available at www.amazon.com/Handbook-Effective-Emergency-Management-Low-Intensity.) Consequently, there are fewer political impediments to declaring a hurricane warning, an announcement that a hurricane is imminent, than to declaring a riot warning. After all, to declare a riot warning is to admit to failures of planning and prevention -- something that Vancouver's (or any jurisdiction's) leadership would hesitate to do for fear of inspiring lawsuits and removal from office. But what about a riot watch? Wouldn't this be more benign and easier for a police agency or merchant's association to announce every time a public event is likely to produce crowds, the sine qua non for mobs and riots?
Assuming this to be the case, what is a merchant to do? Again, transferring a lesson from hurricanes to riots may avail. Everyone has seen certain supplies run out as people prepare for hurricanes, including plywood and duct tape. If I were a merchant in downtown Vancouver, I would anticipate the destructive impact of a possible riot the same way a Floridian counterpart would try to minimize damage to the store in the face of an approaching hurricane. Seal off the shop. Affix plywood panels to cover the display windows, under the likely assumption that if any crowd is transiting the area in large numbers after being stoked on high emotions, liquor, or drugs, the best of glass-break sensors and intrusion alarms will never summon any response force that will be able to arrive in time to defend your property and source of livelihood. Private security will not be able to reach your store and police will have other, life safety priorities taking precedence over protecting your inventory. So, if you do not see to your own defenses, looters and vandals will likely face no impediment to stealing and destroying your shop and any others in their path. Under the circumstances, making access to your business just a little more difficult than to the next shop may make all the difference between staying in business and going broke.
Here is where I would veer a bit off the hurricane preparations, though. Paint the plywood in the colors of the local sports team, whatever it might be, and then stencil across these plywood window protectors a message of support for the local team. In Vancouver's case, the message would be, "Go Canucks!" Then, affix a small sign on your front door saying, "Closed for the game. Go Canucks, go." What does this do? For rioters whose inspiration or pretense for mayhem retains even the thinnest connection to the sporting event that drew them to congregate in the first place, your sign is the equivalent of a metaphorical cross before a vampire. Attacking your shop so adorned takes on the symbolic appearance of attacking one's own team -- sacrilege to even a drunken sports fan. Best of all, this serves your interests equally regardless of whether the home team wins or loses. Remember that riots increasingly break out among exuberant crowds even when they are celebrating home team victories as much as when they are lamenting home team defeats.
Do I have research-supported data guaranteeing this defense will work? Not at all. But compared to the high cost of insurance and potential exclusion of coverage for riot-related damage, a business owner may well feel there is more to gain than lose by trying it out.
-- Nick Catrantzos
Saturday, May 28, 2011
Is Water Boarding Worth It?
Interrogation and torture remain poorly aligned. Proficient interrogators eschew torture for the same reason that modern physicians no longer use leeches and advertise their expertise by wearing blood-stained scrubs into the surgical suite. These things just don't work. Perhaps there is some highfalutin philosophical summit from which to look down on bloodletting as a primitive form of medical treatment. But the effectiveness argument surely casts any sanctimonious argument aside as inconsequential in light of the current understanding of medicine. Similarly, good interrogators don't torture not so much out of affronts to their fine sentiments about slippery slopes and moral high ground as out of the ineffectiveness of approach. Torture does not work because the person tortured will say anything to make the torture stop, thereby casting into doubt the credibility of the intelligence so gleaned.
If one accepts this operational axiom about interrogation and torture, then why would water boarding work, regardless of whether it really is torture or not? Consider: the best interrogation techniques involve uncertainty and exploiting the prisoner's own fears and imagination while stopping short of realizing them. Perhaps what made water boarding effective is that the enemy had no idea of what it was or where it would stop, thereby reducing the value of his training on how to resist standard interrogation techniques.
My own experience under interrogation would tend to support this hypothesis, as I had no trouble resisting standard techniques but found extended periods of sitting blindfolded and handcuffed on a concrete slab surprisingly more enervating than being manhandled and questioned aggressively. In the age of You Tube and perpetual questioning of our own national motives and resolve during political contests, do we leave any doubts for our adversaries about to expect, even if water boarding were to resurface to unprecedented levels? Forewarned, they have no reason to magnify their own fears, hence no way of helping us psychologically by according more mystery and success to our tactics than the tactics alone merit. Consequently, the greater the debate and description of water boarding, the easier it will be to resist and the less value it will have as an interrogation tool.
-- Nick Catrantzos
If one accepts this operational axiom about interrogation and torture, then why would water boarding work, regardless of whether it really is torture or not? Consider: the best interrogation techniques involve uncertainty and exploiting the prisoner's own fears and imagination while stopping short of realizing them. Perhaps what made water boarding effective is that the enemy had no idea of what it was or where it would stop, thereby reducing the value of his training on how to resist standard interrogation techniques.
My own experience under interrogation would tend to support this hypothesis, as I had no trouble resisting standard techniques but found extended periods of sitting blindfolded and handcuffed on a concrete slab surprisingly more enervating than being manhandled and questioned aggressively. In the age of You Tube and perpetual questioning of our own national motives and resolve during political contests, do we leave any doubts for our adversaries about to expect, even if water boarding were to resurface to unprecedented levels? Forewarned, they have no reason to magnify their own fears, hence no way of helping us psychologically by according more mystery and success to our tactics than the tactics alone merit. Consequently, the greater the debate and description of water boarding, the easier it will be to resist and the less value it will have as an interrogation tool.
-- Nick Catrantzos
Saturday, May 21, 2011
Torture vs. Interrogation: Agendas or Answers
Torture and interrogation are not synonyms, and even less likely to become so in countries where interrogation is an actual means of collecting intelligence, such as ours. This may not be as self-evident as the lay observer imagines. Why? Anyone who has practiced HUMINT collection internationally and been trained in interrogation soon discovers that, for many authoritarian regimes, intelligence collection is often a secondary or even tertiary objective of interrogation. In much of the world, two objectives routinely trump intelligence collection: suppression of political adversaries through intimidation or advance of nationalist propaganda through parading of the enemy defector. The latter is the more benign. Even in friendly and ostensibly democratic countries, however, the national propaganda objective finds its expression at the expense of intelligence collection. This is why a high-profile defector may be lionized and showcased by an ally for a year before anyone is allowed to actually ask a useful intelligence question. Why? Country A wants to show the world and its historical rival, Country B, that B's defector came to A for a better life and in obvious recognition of Country B's societal failures, in contrast to Country A's clear advantages. Meanwhile, time-sensitive intelligence goes stale and even Country A's intelligence collectors grind their molars waiting for the day their political leaders will deign to allow them to interrupt the propaganda tour with a question or two about Country B's military capabilities and intent.
For tyrant-controlled milieux, it's worse. There the purpose of interrogation is to beat and defeat. Questions are unnecessary, because no one is interested in the answers. Look at Michener's account of AVO interrogations to suppress the 1956 Hungarian Rebellion to see that glass shards and brutalization had less to do with true interrogation than with dispensing and magnifying fear. True interrogation is about getting answers to questions (also called EEIs, or Essential Elements of Information in war, or intelligence requirements at other times). Which brings us to the next question.
Are we getting productive yield out of intelligence interrogations? Of course we are. Else why do it? If our objectives were to brutalize or propagandize interrogation, we're certainly doing neither at a journeyman level. All the legal analysis and executive branch deliberations that preceded water boarding were hardly consistent with the Dirty Harry-style rush to expedite Q&A that some appear to perceive.
More importantly, we know that HUMINT yield against Bin Laden was made all the more valuable because of the dearth of SIGINT and other INTs that failed to produce much on him. How do we know? His actions -- which bear mute testimony to NSA in a backhanded way. Since his days in the Sudan, Bin Laden began practising communications security to a nearly obsessive level, hence his chronic reliance on couriers while the rest of the world came to rely increasingly on cell phone and Internet. He knew what audit trails modern telecommunications produce and how they can be exploited. The more he denied us these traditional means of discerning his intentions and whereabouts, the more he increased the value of HUMINT and, by extension, of interrogation of his cohorts. To claim that we just don't know whether any of the product of interrogations could have helped find Bin Laden because we lack the necessary clearance or esoteric briefing on the particulars, or to argue that all such details must somehow forever remain beyond our grasp is to argue against our own ability to reason, discern, and analyze. Why, it is tantamount to arguing that any form of interrogation that an adversarial press or an opponent labels as torture must necessarily be torture, regardless of whether this is true.
-- Nick Catrantzos
For tyrant-controlled milieux, it's worse. There the purpose of interrogation is to beat and defeat. Questions are unnecessary, because no one is interested in the answers. Look at Michener's account of AVO interrogations to suppress the 1956 Hungarian Rebellion to see that glass shards and brutalization had less to do with true interrogation than with dispensing and magnifying fear. True interrogation is about getting answers to questions (also called EEIs, or Essential Elements of Information in war, or intelligence requirements at other times). Which brings us to the next question.
Are we getting productive yield out of intelligence interrogations? Of course we are. Else why do it? If our objectives were to brutalize or propagandize interrogation, we're certainly doing neither at a journeyman level. All the legal analysis and executive branch deliberations that preceded water boarding were hardly consistent with the Dirty Harry-style rush to expedite Q&A that some appear to perceive.
More importantly, we know that HUMINT yield against Bin Laden was made all the more valuable because of the dearth of SIGINT and other INTs that failed to produce much on him. How do we know? His actions -- which bear mute testimony to NSA in a backhanded way. Since his days in the Sudan, Bin Laden began practising communications security to a nearly obsessive level, hence his chronic reliance on couriers while the rest of the world came to rely increasingly on cell phone and Internet. He knew what audit trails modern telecommunications produce and how they can be exploited. The more he denied us these traditional means of discerning his intentions and whereabouts, the more he increased the value of HUMINT and, by extension, of interrogation of his cohorts. To claim that we just don't know whether any of the product of interrogations could have helped find Bin Laden because we lack the necessary clearance or esoteric briefing on the particulars, or to argue that all such details must somehow forever remain beyond our grasp is to argue against our own ability to reason, discern, and analyze. Why, it is tantamount to arguing that any form of interrogation that an adversarial press or an opponent labels as torture must necessarily be torture, regardless of whether this is true.
-- Nick Catrantzos
Friday, May 20, 2011
A Lingering Disconnect
Safety vs. Security: The conflating flourishes. The certified security vulnerability analyst (CSVA) and like certifications championed by Chemical Facility Anti-Terrorism Standards (also known as CFATS and periodically the subject of full-throated debate among lawmakers) in its original state trace directly to a source of revenue created by the American Institute of Chemical Engineers (AIChE) between 2002 and 2003. While these creations offer value if one is approaching security from zero, as presumed for the chemical sector, in the more mature areas of protection they quickly reveal some serious flaws. Nothing better begins to illustrate this disconnect than the requirement for anyone seeking this certification to begin to qualify for it by necessarily being a process safety engineer for at least five years. (Ironically, one or two of the three individuals who created the body of training material that went into preparing applicants for this certification numbered among my former subcontractors who possessed neither an engineering nor a safety pedigree, thereby making them unqualified to sit for the exam and certification they helped create.)
The fundamental point of cognitive dissonance between safety and security when dealing with anti-terrorism is that the two disciplines see the world differently. Safety, for the most part, is concerned with avoiding self-inflicted wounds. Inherent in this mind set is the notion that most hazards are avoidable if properly communicated, hence the absolutely supreme importance of communicating everything to everyone to the fullest possible extent.
To the security professional, however, the concern is not with minimizing self-inflicted wounds. It is with defending against the focused attack of adversaries bent on one’s annihilation. In this world, over communicating means exposing one’s vulnerabilities to the point of inviting attack. Consequently, security professionals board certified in security management cannot even qualify to sit for the Certified Protection Professional exam until they have demonstrated a good 10 years of having served in responsible charge in a security capacity, namely, of being the main person held accountable for the protection of people, property, or some kind of operation. The level of security expertise on tap from a CPP is thus significantly more substantive than that of a CSVA who lacks any requirement for direct security experience but, instead, qualifies for the CSVA certification by virtue of a safety pedigree plus successful completion of a coin-operated program for manufacturing instant security experts. Moreover, by embracing the process safety language and bias of AIChE, CFATS aligns its stated security function with a safety function which, in the world of asset protection is a one-off endeavor. Safety and security are not the same. To the extent that CFATS continues to reflect a process safety bias that is oblivious to traditional security focus on protection against hostile forces and instead accords greater priority to communicating hazards or OSHA-style compliance, the safety-security disconnect ultimately performs a disservice not only if extended to the water sector but even to the chemical sector. Only the chemical sector, inured as it is to risk management process-intensive protocols and compliance orientation, finds the familiar in this safety bias, in other words, its comfort zone. Sadly, this approach offers little anti-terrorism protective value in and of itself.
-- Nick Catrantzos
The fundamental point of cognitive dissonance between safety and security when dealing with anti-terrorism is that the two disciplines see the world differently. Safety, for the most part, is concerned with avoiding self-inflicted wounds. Inherent in this mind set is the notion that most hazards are avoidable if properly communicated, hence the absolutely supreme importance of communicating everything to everyone to the fullest possible extent.
To the security professional, however, the concern is not with minimizing self-inflicted wounds. It is with defending against the focused attack of adversaries bent on one’s annihilation. In this world, over communicating means exposing one’s vulnerabilities to the point of inviting attack. Consequently, security professionals board certified in security management cannot even qualify to sit for the Certified Protection Professional exam until they have demonstrated a good 10 years of having served in responsible charge in a security capacity, namely, of being the main person held accountable for the protection of people, property, or some kind of operation. The level of security expertise on tap from a CPP is thus significantly more substantive than that of a CSVA who lacks any requirement for direct security experience but, instead, qualifies for the CSVA certification by virtue of a safety pedigree plus successful completion of a coin-operated program for manufacturing instant security experts. Moreover, by embracing the process safety language and bias of AIChE, CFATS aligns its stated security function with a safety function which, in the world of asset protection is a one-off endeavor. Safety and security are not the same. To the extent that CFATS continues to reflect a process safety bias that is oblivious to traditional security focus on protection against hostile forces and instead accords greater priority to communicating hazards or OSHA-style compliance, the safety-security disconnect ultimately performs a disservice not only if extended to the water sector but even to the chemical sector. Only the chemical sector, inured as it is to risk management process-intensive protocols and compliance orientation, finds the familiar in this safety bias, in other words, its comfort zone. Sadly, this approach offers little anti-terrorism protective value in and of itself.
-- Nick Catrantzos
Thursday, April 14, 2011
Gouging in the Big Easy?
Say it isn't so. In explaining the etymology of the newly coined "spillionaire " though, a Washington Post article reveals just how New Orleans and local area citizens "raped" BP with inflated and bogus claims incidental to the corporation's catastrophic oil spill (in http://mobile.washingtonpost.com/c.jsp?item=http%3a%2f%2fwww.washingtonpost.com%2fnational%2fspillionaires-are-the-new-rich-after-bp-oil-spill-payouts%2f2011%2f04%2f11%2fAFjaqsWD_mobile.xml&cid=578815&spf=1). According to findings of the ProPublica reporters probing into this case, the villains are crony contractors, public officials with finely tuned profit motives, and average citizens looking to cash in at the first sign of anyone else's cash being dispensed in exchange for a hard-luck story -- all lusty participants in the swindling competition to see who can take away the most money in the shortest time. Even a municipal homeland security director -- perhaps a misapplied title, since true managers seldom draw overtime pay -- managed to secure over $20,000 in BP-funded OT for doing his job for a few weeks.
The aggressive and predatory impulse runs free when unchecked by leadership or countervailing example. While the stories of the spillionaires would appear to reaffirm Louisiana's reputation for leading edge hospitality in all matters dealing with pecuniary embroidery, the really interesting part of the story for security practitioners is that a county executive was the one to give voice to misgivings. He feels bad about the abusive claims, and this is the essential starting point for any corrective audit or redress.
And so a ray of light pierces through the pogonip of crooks and cronies otherwise bottling swamp water and selling it as champagne.
-- Nick Catrantzos
The aggressive and predatory impulse runs free when unchecked by leadership or countervailing example. While the stories of the spillionaires would appear to reaffirm Louisiana's reputation for leading edge hospitality in all matters dealing with pecuniary embroidery, the really interesting part of the story for security practitioners is that a county executive was the one to give voice to misgivings. He feels bad about the abusive claims, and this is the essential starting point for any corrective audit or redress.
And so a ray of light pierces through the pogonip of crooks and cronies otherwise bottling swamp water and selling it as champagne.
-- Nick Catrantzos
Thursday, April 7, 2011
Technological Aikido
News of Israel's apparently successful deployment of its Iron Dome defense against indiscriminate rocket attacks on civilians is the kind of good news only a terrorist would oppose. While the new device was not officially finished and ready to enter service, real-world need took priority. When mace, sword,or axe are being swung against your head, it is no time to quibble over holding up any shield available -- no matter how much more work you would like to do on it under ideal conditions. If the success of the Iron Dome continues as now reported (in, for example, http://www.ynetnews.com/articles/0,7340,L-4053837,00.html), then Iron Dome becomes to citizen defense what aikido is to martial arts: the kind of defense so nonaggressive as to even be accepted in hospital settings.
Why is this the case with aikido? Aikido is purely defensive. It teaches no aggressive moves, not even the grunt or shout that other martial disciplines insist on combining with strikes and kicks. Since there are no strikes or kicks in aikido, practitioners seldom feel themselves at a loss. Moreover, aikido has no tournaments nor most of the other aggressive trappings of the disciplines which, under the banner of self-defense, happen to include a fair dollop of tactical incapacitation of adversaries. Indeed, in aikido, one is supposed to take care to avoid needlessly inflicting pain even against an opponent who is unconstrained by similar thoughts. Aikidoists avoid, deflect,or neutralize an attack without trying to harm the attacker. They may immobilize an attacker but are ethically constrained from intentionally harming him. This is why aikido is reportedly the only martial art approved for use in restraining violent patients at psychiatric hospitals. Imagine boxing or karate being approved in similar settings.
What will the opponent's reaction be to Iron Dome's effect as technological aikido? Look for a cry of foul, precisely the same way one would expect a drunken aggressor who tried to punch out an aikidoist later claim that the defender was, in reality, the one who started it and caused the greater damage. Perhaps even self-inflicted wounds will surface to trumpet before a naive or receptive media to advance claims that a purely defensive system is somehow a first-strike weapon of mass destruction.
-- Nick Catrantzos
Why is this the case with aikido? Aikido is purely defensive. It teaches no aggressive moves, not even the grunt or shout that other martial disciplines insist on combining with strikes and kicks. Since there are no strikes or kicks in aikido, practitioners seldom feel themselves at a loss. Moreover, aikido has no tournaments nor most of the other aggressive trappings of the disciplines which, under the banner of self-defense, happen to include a fair dollop of tactical incapacitation of adversaries. Indeed, in aikido, one is supposed to take care to avoid needlessly inflicting pain even against an opponent who is unconstrained by similar thoughts. Aikidoists avoid, deflect,or neutralize an attack without trying to harm the attacker. They may immobilize an attacker but are ethically constrained from intentionally harming him. This is why aikido is reportedly the only martial art approved for use in restraining violent patients at psychiatric hospitals. Imagine boxing or karate being approved in similar settings.
What will the opponent's reaction be to Iron Dome's effect as technological aikido? Look for a cry of foul, precisely the same way one would expect a drunken aggressor who tried to punch out an aikidoist later claim that the defender was, in reality, the one who started it and caused the greater damage. Perhaps even self-inflicted wounds will surface to trumpet before a naive or receptive media to advance claims that a purely defensive system is somehow a first-strike weapon of mass destruction.
-- Nick Catrantzos
Friday, March 25, 2011
Rushing to Exploit Security Incidents
Why do agency bureaucrats with an agenda jump at the chance to offer it as a perfect solution to problems they cannot solve? Why, moreover, does the media rise to this bait like a healthy salmon swimming to the home waters? One need only look to this week’s story of an FPS guard’s actions in Detroit for a recent case in point. The sensational parts of the story surfaced in the usual news outlets, (including http://abcnews.go.com/Politics/active-bomb-sat-detroits-mcnamara-federal-building-weeks/story?id=13202135&page=2 ) with headlines like, “Bomb sat in Detroit’s McNamara Federal Building: Guard discovered bomb, then set it aside for three weeks.”
Evidently, a contract security guard working for the Federal Protective Service (FPS) – the government arm that provides basic security for federal buildings – found a suspicious bag. Then, instead of treating it as potentially dangerous, the guard placed it with lost-and-found items within a federal building housing FBI and other government employees. Three weeks later, it appears the same guard service being castigated for this mishandling brought attention to the bag, resulting in a bomb squad discovery that it contained explosives and an ultimate tracing of the bag to an individual bearing a grudge against the FBI. These things happen, perhaps more often than they should. As surely as a dog attracts fleas, though, such cases inevitably give rise to proposed solutions that bear little logical connection to solving the problem. Thus, FPS officials would “like to see fewer contract guards and more career FPS guards,” as though a change of uniform and paycheck issuer would instantaneously foreclose the possibility of a guard making a mistake. This is absolute nonsense. Guards come from the same employee segment and gene pool, regardless of whether their masters are public or private sector employers. Only you can’t easily fire the public sector guards once they have passed probation. Nor do they necessarily become smarter or more dedicated once they change employers.
Most performance deficiencies on the part of any guard force – whether public or private – trace to one or both of two things: training or supervision. Federalizing the contract guards would not necessarily address the shortcomings. Indeed, the reverse often happens, since government employees typically assume a proprietary right to their jobs and soon begin to concern themselves more with entitlements than responsibilities, particularly if the public system insulates them much more from disciplinary action than what happens to peers in the private sector. In the latter case, the guard contractor typically removes a guard from the given account – if he or she erred but is worth saving. Otherwise, termination is the other frequently exercised option. But what would happen if the same life form were judged at fault yet a federal employee? Progressive discipline, employee assistance, or any other combination of multiple second chances. Rushing to federalize FPS guards isn’t the answer, but that hardly impedes the knee-jerk presentation of this option as a panacea.
-- Nick Catrantzos
Evidently, a contract security guard working for the Federal Protective Service (FPS) – the government arm that provides basic security for federal buildings – found a suspicious bag. Then, instead of treating it as potentially dangerous, the guard placed it with lost-and-found items within a federal building housing FBI and other government employees. Three weeks later, it appears the same guard service being castigated for this mishandling brought attention to the bag, resulting in a bomb squad discovery that it contained explosives and an ultimate tracing of the bag to an individual bearing a grudge against the FBI. These things happen, perhaps more often than they should. As surely as a dog attracts fleas, though, such cases inevitably give rise to proposed solutions that bear little logical connection to solving the problem. Thus, FPS officials would “like to see fewer contract guards and more career FPS guards,” as though a change of uniform and paycheck issuer would instantaneously foreclose the possibility of a guard making a mistake. This is absolute nonsense. Guards come from the same employee segment and gene pool, regardless of whether their masters are public or private sector employers. Only you can’t easily fire the public sector guards once they have passed probation. Nor do they necessarily become smarter or more dedicated once they change employers.
Most performance deficiencies on the part of any guard force – whether public or private – trace to one or both of two things: training or supervision. Federalizing the contract guards would not necessarily address the shortcomings. Indeed, the reverse often happens, since government employees typically assume a proprietary right to their jobs and soon begin to concern themselves more with entitlements than responsibilities, particularly if the public system insulates them much more from disciplinary action than what happens to peers in the private sector. In the latter case, the guard contractor typically removes a guard from the given account – if he or she erred but is worth saving. Otherwise, termination is the other frequently exercised option. But what would happen if the same life form were judged at fault yet a federal employee? Progressive discipline, employee assistance, or any other combination of multiple second chances. Rushing to federalize FPS guards isn’t the answer, but that hardly impedes the knee-jerk presentation of this option as a panacea.
-- Nick Catrantzos
Thursday, March 3, 2011
Right Label: Guard or Officer?
The security industry, in deference to the popular American tradition of seeking inflation of perceived status as a sometime alternative to boosts in pay, likes to shy away from the old term, “security guard,” in favor of the more modern-sounding, “security officer.” On one level, this evolution makes a kind of sense. After all, police are not just police any more. They are police officers, as though to convey a higher status by mimicking military distinctions – until, that is, the police officer gets outranked by a police sergeant. So much for fidelity to the military structure as it crosses over into the civilian realm. Even the term “civilian” is transformed, or perverted, in this cross over. In the military, police are as much civilians as any other non-combatant member of the public unaffiliated with the military. Today’s police, however, see all non-police as “civilians.” So much for the definitional hopscotching that permeates our times. Now for the counter argument, the case for calling a guard a guard.
Guard is both a verb and a noun. As an action term, to guard means to defend, and to defend means to actually do something with positive protective value. Thus, applying the term to a function, that which a security sentinel carries out for the benefit of the people or property protected, represents an exercise in matching the label to the responsibility. A guard guards someone or something. This is a reputable thing to do and, at its best, even a noble one. So calling someone a guard is not pejorative but descriptive. It concisely tells what that person’s function is and leaves little to speculation. Moreover, even a police officer does not necessarily make a good guard. Why? Police carry out a public safety function, chasing and apprehending villains for a greater societal good. This frequently means that what they do best is increasingly removed from protecting people and property, including guard functions such as sentry duty. It is a different skill set. As one who has frequently interviewed law enforcement (another newspeak synonym for police) candidates for non-police, security positions, I have found that the average police officer’s experience with actually guarding a facility is limited to the occasion when he or she was in charge of securing a perimeter for a search or other temporary event counted in hours, certainly not in weeks, months, or years. There is nothing wrong with being a guard and no evidence that police make better guards, hence deserve perceived higher status that a guard company can only offset by calling its guards “security officers.”
What does the “officer” label convey? Does he or she officiate? No. Calling someone who is there to perform a guard function an “officer” draws attention away from the core duty of defending. The officer label shifts attention to who the person is, perhaps in contrast to others. An officer sounds like somebody. In the world of protection, however, what counts most is not what labels and trappings of status one accumulates but what one actually does and is prepared to do when bad things happen. Whom do you want protecting you in time of crisis, a guard or an officer? Which sounds more likely to step into harm’s way on your behalf, rather than to step back and just take a detached, “officer’s” view of events in order to properly observe and report them?
Let’s start calling people, functions, and things by names more representative of what we want them to do than what minor status we pretend to confer. Call a guard a guard and let him or her be proud of being seen as a defender rather than a wannabe functionary.
-- Nick Catrantzos (ironically, a former officer)
Guard is both a verb and a noun. As an action term, to guard means to defend, and to defend means to actually do something with positive protective value. Thus, applying the term to a function, that which a security sentinel carries out for the benefit of the people or property protected, represents an exercise in matching the label to the responsibility. A guard guards someone or something. This is a reputable thing to do and, at its best, even a noble one. So calling someone a guard is not pejorative but descriptive. It concisely tells what that person’s function is and leaves little to speculation. Moreover, even a police officer does not necessarily make a good guard. Why? Police carry out a public safety function, chasing and apprehending villains for a greater societal good. This frequently means that what they do best is increasingly removed from protecting people and property, including guard functions such as sentry duty. It is a different skill set. As one who has frequently interviewed law enforcement (another newspeak synonym for police) candidates for non-police, security positions, I have found that the average police officer’s experience with actually guarding a facility is limited to the occasion when he or she was in charge of securing a perimeter for a search or other temporary event counted in hours, certainly not in weeks, months, or years. There is nothing wrong with being a guard and no evidence that police make better guards, hence deserve perceived higher status that a guard company can only offset by calling its guards “security officers.”
What does the “officer” label convey? Does he or she officiate? No. Calling someone who is there to perform a guard function an “officer” draws attention away from the core duty of defending. The officer label shifts attention to who the person is, perhaps in contrast to others. An officer sounds like somebody. In the world of protection, however, what counts most is not what labels and trappings of status one accumulates but what one actually does and is prepared to do when bad things happen. Whom do you want protecting you in time of crisis, a guard or an officer? Which sounds more likely to step into harm’s way on your behalf, rather than to step back and just take a detached, “officer’s” view of events in order to properly observe and report them?
Let’s start calling people, functions, and things by names more representative of what we want them to do than what minor status we pretend to confer. Call a guard a guard and let him or her be proud of being seen as a defender rather than a wannabe functionary.
-- Nick Catrantzos (ironically, a former officer)
Wednesday, February 23, 2011
Risk Whisperer Rascality
I would rather consult a twice convicted Vegas bookie on the odds of a terrorist attack than any number of government- or industry-subsidized risk whisperer purveyors of formulae. Why? Because the latter -- whether they do this openly or subconsciously -- tailor their products to their masters, who increasingly call for risk assessments as a means of demonstrating how much more their given operation or jurisdiction merits funding over a lesser competitor, i.e., an entity not nearly facing so much risk of dire consequences. The same approach holds true regardless of whether the risk calculation involves the likelihood of terrorist attack or of natural disaster. The master wants as much of the pot of available money as can be won by legitimate wrangling and maneuvering, as for Urban Area Security Initiative funds. Hence the recent news from the New York Observer (details at http://www.observer.com/2011/politics/victory-new-york-receive-increase-anti-terrorism-funding) that an amendment has just passed the House that would enable New York City to receive more anti-terrorism funding. Where do calculations of risk come into play? This amendment proposes that only the 25 "highest-risk" cities would receive UASI funding. Alas for those cities that may actually be more vulnerable because they lack the resources to detect, counter, or mitigate an attack. One wonders if America's adversaries are sufficiently respectful of such maneuvering to heed the risk whisperers and to limit their attacks only to the 25 designated cities.
Now for a return to the Vegas bookie. Isn't he a little more palatable by contrast? Why? Because he has a vested interest in the results of his oddsmaking. If he is wrong, the bet that has to be paid off affects his bottom line. If he is right, the profits are what he has earned. Today's risk whisperers, by contrast, have everything to gain and nothing to lose by offering their dire predictions and calculations of relative risk. First, no public or private institution accords risk assessors executive decision-making authority. This is why the Department of Energy, despite generations of sponsoring Sandia and its computationally intensive risk assessment methodologies, does not look to its own in-house risk gaugers to decide budget priorities to counter leaks of nuclear secrets or security breaches. Second, risk whisperers have no skin in the game. They suffer no penalty for getting it wrong. Instead, they have the luxury of proclaiming that unknown variables came into play, or that their advice was imperfectly followed, or any other reasonable-sounding excuses. Imagine what would have happened if carnage experienced at Oklahoma City, Virginia Tech, or Fort Hood had to be anticipated through the same risk assessments that now determine which 25 cities are in greater danger than any others. Would any of these venues have made the list? Probably not. One can already hear the disclaimers being whispered: not the same kind of attack ... different situations ... other variables.
But the bookie would have to pay for getting it wrong and, so chastened, would be a little more careful in handicapping the next event. Give me the bookie any time.
-- Nick Catrantzos
Now for a return to the Vegas bookie. Isn't he a little more palatable by contrast? Why? Because he has a vested interest in the results of his oddsmaking. If he is wrong, the bet that has to be paid off affects his bottom line. If he is right, the profits are what he has earned. Today's risk whisperers, by contrast, have everything to gain and nothing to lose by offering their dire predictions and calculations of relative risk. First, no public or private institution accords risk assessors executive decision-making authority. This is why the Department of Energy, despite generations of sponsoring Sandia and its computationally intensive risk assessment methodologies, does not look to its own in-house risk gaugers to decide budget priorities to counter leaks of nuclear secrets or security breaches. Second, risk whisperers have no skin in the game. They suffer no penalty for getting it wrong. Instead, they have the luxury of proclaiming that unknown variables came into play, or that their advice was imperfectly followed, or any other reasonable-sounding excuses. Imagine what would have happened if carnage experienced at Oklahoma City, Virginia Tech, or Fort Hood had to be anticipated through the same risk assessments that now determine which 25 cities are in greater danger than any others. Would any of these venues have made the list? Probably not. One can already hear the disclaimers being whispered: not the same kind of attack ... different situations ... other variables.
But the bookie would have to pay for getting it wrong and, so chastened, would be a little more careful in handicapping the next event. Give me the bookie any time.
-- Nick Catrantzos
Tuesday, February 8, 2011
The Protective Sequence
Dilettantes and agenda-driven executives ignore this for reasons of naivete or self-dealing: Security at times needs to occur in a particular sequence to maximize protective value. Indeed, this sequence can be like a telephone number, where the only way to get through is to dial all the right digits in the right order. There is little value in getting the numbers right but the sequence wrong. Where do we see this phenomenon at work?
Bomb Threat Checklists
What is the first question a well crafted security checklist would have you ask the person calling in a bomb threat? If it is either of these, then the architect of the checklist is not a security professional:
- What is your name?
- Why are you doing this?
Such questions waste precious time, making the caller defensive or inviting a diatribe without arming defenders with any immediately actionable information. Instead, what a security professional wants asked right away are questions that lend themselves to meaningful response, like
- When is it going off?
- Where is it?
- What does it look like?
In fact, the answer to the first question may well dictate whether the person taking the call stays around long enough to wade through the entire checklist. If the bomb threat checklist begins with questions that are emotively charged or otherwise take the dialogue in a direction other than one that allows finding or assessing the immediate threat, you may safely bet that this checklist is the product of a committee or rear-echelon staffer far removed from real-time response.
Critical Asset Protection
The same phenomenon applies on a larger scale when taken to the prevention vs. prosecution debate. If your prime objective is to protect people and property, you soon learn that you earn your salary not by catching adversaries after they have inflicted losses but by preventing those losses from occurring in the first place. True enough, apprehension and prosecution remain important societal objectives, linking crime to punishment and serving to throttle the baser impulses that, unchecked, might give rise to a world dominated exclusively by predators and societies marching daily by starkly Darwinian notions of survival. But a public safety objective is not necessarily the same as a security objective -- particularly if the security objective is to protect a critical asset. In the latter case, the management decision boils down to this: Do I apply my resources to catching the people who annihilate my employees and cripple my operations, or do I focus those resources on preventing such consequences to the best of my abilities?
The obvious answer is the latter. The right answer is more nuanced, seeking out a hybrid approach that really amounts to getting the sequence right. First prevent. Then respond, to at least limit the damage to the extent possible. Then worry about apprehension and prosecution. To do otherwise may nevertheless deliver societal value and validate the existence of organizations optimized to chase more than to interdict, but their objectives are not security objectives -- at least not as far as concerns the people, assets, or operations targeted. The dead, bankrupt, and leveled find small comfort in the eventual revelation that the agent of their destruction did not get away with it.
-- Nick Catrantzos
Bomb Threat Checklists
What is the first question a well crafted security checklist would have you ask the person calling in a bomb threat? If it is either of these, then the architect of the checklist is not a security professional:
- What is your name?
- Why are you doing this?
Such questions waste precious time, making the caller defensive or inviting a diatribe without arming defenders with any immediately actionable information. Instead, what a security professional wants asked right away are questions that lend themselves to meaningful response, like
- When is it going off?
- Where is it?
- What does it look like?
In fact, the answer to the first question may well dictate whether the person taking the call stays around long enough to wade through the entire checklist. If the bomb threat checklist begins with questions that are emotively charged or otherwise take the dialogue in a direction other than one that allows finding or assessing the immediate threat, you may safely bet that this checklist is the product of a committee or rear-echelon staffer far removed from real-time response.
Critical Asset Protection
The same phenomenon applies on a larger scale when taken to the prevention vs. prosecution debate. If your prime objective is to protect people and property, you soon learn that you earn your salary not by catching adversaries after they have inflicted losses but by preventing those losses from occurring in the first place. True enough, apprehension and prosecution remain important societal objectives, linking crime to punishment and serving to throttle the baser impulses that, unchecked, might give rise to a world dominated exclusively by predators and societies marching daily by starkly Darwinian notions of survival. But a public safety objective is not necessarily the same as a security objective -- particularly if the security objective is to protect a critical asset. In the latter case, the management decision boils down to this: Do I apply my resources to catching the people who annihilate my employees and cripple my operations, or do I focus those resources on preventing such consequences to the best of my abilities?
The obvious answer is the latter. The right answer is more nuanced, seeking out a hybrid approach that really amounts to getting the sequence right. First prevent. Then respond, to at least limit the damage to the extent possible. Then worry about apprehension and prosecution. To do otherwise may nevertheless deliver societal value and validate the existence of organizations optimized to chase more than to interdict, but their objectives are not security objectives -- at least not as far as concerns the people, assets, or operations targeted. The dead, bankrupt, and leveled find small comfort in the eventual revelation that the agent of their destruction did not get away with it.
-- Nick Catrantzos
Subscribe to:
Posts (Atom)
