Tuesday, May 10, 2011

Friend or Foe & How to Know?

               The woods were as silent as they were dark.  A gentle breeze stirred through the leaves rustling and whispering quietly through the treetops.  A lone figure stood as still as the tree he was leaning against, virtually invisible in the dark.  He was bored and could feel his eyes getting heavy, but struggled to stay alert.  He shifted his weight and looked up at the starry sky above the canopy of leaves.  Based on the movement of the stars, he judged that he had about another hour before being relieved. 
               As he looked, he noticed that the leaves were no longer rustling in the trees and the breeze had stopped, but he could still hear a faint whispering from the woods in front of him.  His grip tightened on the musket in his hands as he tried to peer into the darkness.  Suddenly, he heard a branch snap loudly just yards away.  He knew it was time to act and to warn the other sentries if necessary.  The musket swung in the direction of the sound and he stepped behind the tree for protection and shouted out, “Who goes there?  Friend or foe?” 
               For a moment, the silence hung in the darkness, then a voice cried out, “Friend.  I’m a courier from General MacAllister with a message for General Winters.”  The sentry called him forward and then escorted him back to the picket line and ultimately to the fort to deliver his message.
               In high school history classes, we learned about stories of sentries calling out simply, “Hark!  Who goes there?”  I’ve often wondered how honest the replies were.  After all, it is a war and answering friend while really a foe seemed an obvious tactic.  Perhaps it was a more civilized time and one where even enemies had more honor.  Although I do recall one history lesson about the attack on Quebec during the French and Indian War when a sentry called out the challenge and the attacking British or American force answered back deceptively in French and ultimately won the decisive battle.
               Somehow, in our modern society it seems much harder to know who is friend or foe.  For most businesses, there is (hopefully) a steady flow of customers or visitors.  But along with those we want in our businesses, there are those trying to steal or harm.  Retail outlets and shoplifters are the obvious example.  There are other reasons for keeping out unwanted individuals or groups, such as loss of proprietary information.  You can bet that KFC does not let just anyone into the room with the list of 11 secret herbs and spices!
               So what is the modern equivalent?  There are no more sentries standing guard, per se.  The key is in access control – limiting who has the right of entry.  It is one of the basic principles of a security plan, one each of us employs every day.  When you leave your house, do you lock your doors and windows?  Most burglaries occur through unlocked, open doors, or windows.  By taking the simple precaution of locking doors, you are limiting access to unwanted persons. 
               For both homeowners and organizations, other tools can be used to help with access control.  Deadbolts, strike plates and alarms are examples.  Larger businesses with more employees may use card access and ID badges to limit access to authorized individuals and can better control who has access to what areas and also create an audit trail to see what doors someone entered.
               So far, each of these methods restricts entry to those who have been authorized or who have permission.  The last element is to decide who will have that right of entry.  This is something that starts at right at the application process for a new employee.  The screening of potential employees and ultimately checking work history, references and experience helps business make sure that they are bringing the right people into the fold. 
               The trickier part is granting access to non-employees.  Depending on your organization, this may be a very critical part of the security process.  The U.S. Secret Service routinely does this.  Whenever the President attends an event or holds a speech, the attendees have to go through a screening process.  For more intimate events that could include a background check.  Often, it is a matter of screening what is being brought to the event; i.e., metal detectors to restrict the access of weapons. 
               Even airport security is based on tight access control principles.  Only passengers who have bought tickets and who have passed through metal detectors are allowed into the terminals.  Names of fliers are checked against the no-fly list to restrict known terror suspects from accessing the airlines.
               Most places will not have that high of a level of access control.  The next option is to then develop a means to clearly identify who should be there from who should not be.  Issuing visitor passes or badges to non-employees helps identify who has been “screened” from someone who has bypassed or curtailed your screening.  A visitor management program allows you to deny access to someone who has been a problem in the past and to record who is coming in, as well as the visible badge worn shows to all that they have been ‘approved.’ 
               Every business is different and how you build an access control for your business will be based on your circumstances.  What is the level of security that you need?  Is it based on the market place (proprietary info that needs protection)?  Or, it could be based on compliance issues, such as Sarbanes-Oxley or The Joint Commission for healthcare.  More often, it will be the level of security expected in your industry or in your neighborhood.  A retail store will have a very different level of access control than a defense contractor.
               There are four key parts to building an access control plan for your situation.
1.      Limit entry to clearly identified points or doors.  The front door of a store could be open to the public, while the back stock room door is kept locked.  This directs your flow to the areas that you have determined as appropriate.
2.     Use the right equipment, such as locks, alarms or card readers to keep out unauthorized persons.
3.     Identify the ‘good’ guys from the bad.  Employee ID cards, visitor passes, background checks, metal detectors combined with security personnel are ways to screen who is entering your facility.
4.     Enforce your process.  If you issue visitor passes and someone refuses to wear the pass, do you let them in?  The lack of consistency will ultimately undermine the best of security processes.
Following these basic steps and adjusting them to your specific needs will be the first and perhaps the most important part of your security plan.  Then you will really be on your way to knowing who is a friend and who is a foe.
For more information on access control and visitor management, read the special report, “Healthy Access to Healthcare: Visitor Management for Hospitals” based on a case study where visitor management was successfully implemented in an extremely tough setting – a hospital.  The report is available on Amazon.com – just click here to learn more.

Wednesday, May 4, 2011

The War on Terrorism: What Comes Next?

               Finally, the day we’ve long waited for has come.  Osama bin Laden (or Usama, if you prefer) is dead.  About that there is no doubt, no matter if, or really when, photos are released.  The U.S. government could not, and would not, be so adamant if there was any chance that Osama could show up in a video, obviously alive.
               The real question then is what does this mean in terms of global terrorism.  Since 9-11 we have lived under the threat of terrorist attacks.  Around the world, al-Qaida has coordinated attacks in London, Madrid and Indonesia.  With Osama gone, will the threat die out with him or will it continue?
               Osama has clearly had some communication with the outside world while in hiding in Pakistan.  He used couriers to relay messages, but apparently did not have a phone or even Internet access.  It is hard to imagine that he has been heavily involved in any planning of future attacks, at least not directly.
               What legacy will he leave behind and will anyone take up the leadership of al-Qaida and continue in his footsteps?  According to some of the information being released, Osama did spend a great deal of time and effort on succession planning.  If that is accurate, then it is almost certain that someone will be taking his spot, at least in the short term.  If he really did put that much effort into succession planning then we should assume that part of that would be giving the new leader some immediate successes.  He could have prepared a number of attacks to be carried out upon his death with the credit going to the new leader to build his reputation and standing amongst radical Muslims. 
               Some intelligence sources have indicated that there are 600-800 cells in the United States alone.  Any one of these could see the death of Osama as a trigger to attack.  However, I imagine that a large percentage of those cells have become comfortable in the new lives and may be reluctant to follow through.  Still, a number of recent arrests prove that there are those terrorists in this country ready and willing to follow through.  The attempted car bombing in Times Square is a glaring example.
               On the other hand, without a clear leader, al-Qaida could disintegrate in a wave of internal strife and fighting over the reins.  Perhaps, the information on the succession planning may be greatly exaggerated as part of a way for Osama to keep the Western world in fear.  Even if al-Qaida were to fall apart, it is no time to let down our guard or relax our vigilance.  Events in Egypt, Syria and even Libya, as well as Iran, clearly show the ongoing risk and anti-western thought by many radicals in the Middle East. 
               Whether or not al-Qaida survives or is replaced by another group, the answer is clearly that we cannot let down our guard.  Terrorism will survive and continue to be a real threat.  We cannot go back to the innocence or naivety of the 1980’s where terrorists were a somewhat comical character.
               Experts and analysts will make many predictions and some may be right.  The bottom line, though, is that the threats are very real and still with us.  We must continue to protect our infrastructures and our lives.
               The threat may not be over, but the death of Osama is certainly worthy of commendation.  Without doubt, Osama bin Laden was evil and responsible for the deaths of thousands, not just on 9-11.  Anytime the world is ridden of someone so evil, it is always a plus.  No matter what comes next, the world is a better place without Osama bin Laden.