Fiascoes excite the greatest remark when tied to reputational risk, and the knee-jerk response to the worst case comes with a witch-hunt as surely as a dog comes with fleas. When the fiasco involves a very public security breach, however, attending expressions of outrage reach a firing-squad crescendo. In the frenzy to aim at blame and to give one's audience the drama of an execution as proof of swift action, the players in such proceedings too often make matters worse for defenders. How so? They issue cascading demands which begin reasonably enough with facts on the ground but soon launch beyond terrestrial orbits into the ether of unverifiable conditions and impossible timelines.
Example? Look no further than the security breach at the Y-12 Oak Ridge nuclear facility at the hands of an 83-year-old nun and her hippy-era peacenik cohorts (with details and regulatory reaction noted at http://www.knoxnews.com/news/2012/aug/14/bad-cameras-non-responsive-guards-part-of-y-12s/ ). According to media reports, three slow-moving, unremarkable geriatrics penetrated a secure area protected by state-of-the-art technology and armed-to-the-teeth guard patrols. So what did the government overseer of this site do? Point the accusing finger of blame, create additional insulation between itself and the likely scapegoat, and launch into expressions of outrage, with proclamations of demands for action that appear more calculated to dodge responsibility than to remedy security shortfalls.
Consider: The overseer, the National Nuclear Security Agency (NNSA) issued a very public letter to the engineering company operating the site, Babcock and Wilcox. This letter directed the engineering company to show cause within 30 days of why NNSA should not terminate the lucrative contract to operate the facility because of the foregoing security breach. NNSA's show cause letter cited not only the lapses in security but also an "inappropriate cultural mindset" as the flaws that require immediate attention. Meanwhile, NNSA shut down the plant's operations because of the security breach. NNSA also found fault with the guard force, a Wackenhut operation that was rebranded as G4S Government Solutions and known locally as WSI-Oak Ridge. Most interestingly, this security service was a prime contractor working directly for NNSA at the time of the breach -- just as Babcock and Wilcox was an NNSA prime contractor for operating the facility. However, with a stroke of the pen, NNSA seconded the guard service to the engineering company after-the-fact and is now holding B&W responsible for correcting G4's security performance.
To the trained security and management observer, this NNSA move is an artful dodge not only of immediate responsibility for any contributing role in the security fiasco but of future security misfires as well. Passing the blame to the engineering contractor by making this entity suddenly responsible for security actually undermines whatever original management value that the separation of contracting responsibilities between operations and security was first created to deliver. In theory, the previous state of affairs put security management and operational management on an equal footing with the NNSA customer, since both were prime contractors. Thus, whenever a plant manager might incline to economizing on security in favor of making working conditions better for his or her engineers, the organizational mechanism in place would have allowed senior engineering and security managers to raise the matter to their shared NNSA customer for the customer to resolve such a debate at a higher level. By ending that peer-level relationship, NNSA does two things: 1) Increase the chance of an engineering contractor's override of future security concerns once the immediate attention to site security has gone from the limelight, and 2) Relieve NNSA from any responsibility for making tough calls on future conflicts between the engineering contractor and the security contractor, since the second will now be working under the first. This is as bureaucratically elegant a maneuver as it is bereft of managerial and security accountability. To the astute practitioner, it begs the question, What else is NNSA eager to hide, such as contributory negligence or leadership failure that may have contributed to the "inappropriate mindset" that it now lays at the hands of the engineering company to repair?
So much for setting context. Part 2 will look at a realistic approach to answering the kinds of demands made in NNSA's show cause witch-hunt.
-- Nick Catrantzos
Subscribe Now
AddThis
Nick Catrantzos + Tom Goff
- All Secure
- NICK CATRANTZOS is the lead author of the All Secure website and is the emeritus security director for a large public organization. He has also managed security aspects of corporate takeovers, response to international hostage situations, and finding and keeping secrets. He has been board certified in security management, licensed as a private investigator, and certified as an incident commander. He worked as a case officer for a discreet branch of public service. He protected stealth technology at Lockheed and, later, as a consulting security director for both Kroll and Control Risks, he assisted executives with workplace violence cases and with protecting VIPs and critical assets globally in volatile areas. Nick's partner, TOM GOFF, was a captain in the Military Police Corps, U.S. Army Reserve and has a law degree from the University of California at Davis. He is a former reporter for Fortune Magazine, was senior editor at New York Magazine and Esquire, and has provided crisis and communications counsel to senior executives at Fortune 500 companies, including Lockheed, ARCO, Microsoft, Nissan, and Sony Pictures.