06 September 2010

Protective Security: Discovery Lessons Learned...

Operational Risks at Discovery Communications are on the agenda for the next Board of Directors Meeting. The lessons learned are being discussed and there are many legal considerations after a gun man strapped with explosive devices held hostages in the lobby of the Silver Spring, Maryland company on September 1, 2010.

A security guard who called 911 after a gunman entered Discovery Channel's headquarters calmly told the operator: "You're probably going to need a sniper."

The call, released Friday, was one of several placed minutes after a gunman entered the lobby and took three hostages. Other callers described the propane tanks strapped to the gunman's body, and a blinking device in his left hand.

After hours of negotiating with James Lee, 43, police shot him to death as the hostages were preparing to make a break for it, police said.

Even in the first minutes after the siege began, Discovery security had an idea of who they were dealing with. A security employee told a 911 operator that they believed the man was in the lobby was Lee. He told the operator Lee appeared disoriented, had propane tanks strapped to his chest and at least one person on the ground.

"It looks like he's got an IED. He looks like he's setting up an explosive device in the lobby, you're probably going to need a sniper," he tells the operator. "You gotta move fast."

In police radio transmissions, an officer described the suspect as an "Asian male following the do-not-admit sign Discovery has."

Since the attack on the Holocaust Museum in Washington, DC where another lone gun man walked into the lobby with a rifle there has been hours and hours of debriefing. There has been presentations on the protective security measures that worked. There are lessons learned on those measures and policies that failed. Yet one thing is certain in both of these incidents. The protective security strategy for an active shooter scenario is still up for debate.

The Holocaust Museum and Discovery Communications have differing philosophies about the design of a layered defense as it pertains to this type of threat. Discovery did not have protective security that was able to disarm and prevent Mr. Lee from entering their facility and taking hostages.

This blog has discussed the vulnerability that exists in every facility or digital network in terms of how attackers will exploit the vulnerability of Design, Implementation or Configuration. It is obvious in the case of Discovery that the attacker had done his homework and knew in advance that they do not have "Armed Guards" in the lobby. The larger lesson to both Discovery and to others is not so much about the decision of "Armed" vs. "Unarmed", as much as it might be on how and where visitors are allowed to access the building itself. The design of the Discovery Protective Security Process and design of the facility is a major Operational Risk.

Perhaps this message also needs to be sent to the commercial architects and the developers of buildings about why it is important to design protective security measures into the physical engineering of the facility to begin with. Making decisions about whether to arm your guard force with weapons however may not even need to be discussed, if the process and design of your building security is done correctly.

  • First, the visitors entrance and lobby area shall not be the same for employees. Ideally, the employees enter the building from the parking garage directly, that is also secured. Or even a secure side entrance if they commute to work. It is never good design to have employees entering in the same space with visitors.
  • Second, design the building so that the visitors entrance is set back a minimum of 75 yards from the main facility, detached or connected only through a covered walkway or enclosed hallway. Ideally, the visitor screening and registration all occurs in this detached building with the first layer of the protective security team.
  • Third, once visitors are screened and given the green light, they may proceed to the secondary waiting lobby in the main facility. This again, is a holding area until the visitor is greeted and escorted into the building with the company employee.

As good as the Discovery guards were at describing the situation unfolding before them, the fact remains that the attacker should never had the opportunity to take any hostages. The Board of Directors may be taking into consideration many new ideas and digesting the lessons learned from Corporate Security. One can only wonder if they will increase the budget to be commensurate with the threat before them. The legal teams will be gearing up for a number of attempts to use this event as a platform for adversarial plaintiff suits.

Domestic Extremism is not just about a lone wolf who has a history of psychological issues. Violent activist groups who are active in the international movement to use animals, "The Earth" or other religious causes to fuel their justification are a growing threat, here and abroad.

Until last month, the small market town of Langnau in the rolling Swiss hills had two claims to fame: it was a centre for the production of Emmental cheese and one of the sunniest places in Switzerland.

Now, thanks to a routine police traffic inquiry, it has the dubious honour of being the location where one of Europe's biggest alleged acts of eco-terrorism was foiled.

On the night of April 15, 2010, local officers pulled over a car on one of the town's quiet streets.

Inside the vehicle they found a large cache of explosives, primed and ready to detonate.

The three people in the car are alleged to have been members of the murky Italian anarchist group Il Silvestre, who were reportedly on a mission to blow up the unfinished £55 million ($118 million) IBM nanotechnology facility.

The apparent attack is believed to be part of a new co-ordinated wave of eco-terror on the continent.

The IBM site is due to be opened next year and will be the most advanced centre for nanotech and biological scientific research in Europe. The group, formed in Tuscany, is considered by some to be one of the rising "eco-terror" groups in Europe, with a rigid cell structure, access to explosives, and a membership that supposedly has no qualms about killing to achieve its goals.

Protective Security measures to mitigate Operational Risks such as these require a comprehensive yet adaptive strategy. What may be most disturbing on the Discovery Channel incident is that the attacker all but announced his attentions on his website in advance. If you don't currently monitor the digital domains for your organizations benefit, then start this soon. You may be amazed at the "Open Source Intelligence" (OSINT) that exists on what Domestic Extremists are saying and planning for your company.

Even after the Twin Towers fell, environmental extremism was seen as a severe threat and, in 2006, Congress passed legislation - the Animal Enterprise Terrorism Act - which classified certain acts of civil disobedience, such as blockades, trespassing, property damage and the freeing of animals, as acts of terrorism.

An FBI assessment continued to reinforce fear of environmental radicals when it stated "together eco-terrorists and animal rights extremists are one of the most serious domestic terrorist threats in the US".

It warned that tactics were "becoming increasingly violent, with threats to life, not just to property".

No comments:

Post a Comment