Ed Clark, a long time reader of, and commenter on, this blog re-made an interesting observation the other day in a discussion on the Pipelines Security Group on LinkedIn® about the use of night vision cameras for pipeline security. He opined that:
“Detecting and assessing is always critical. The ongoing challenge is response. Watching the crime unfold is of little value if you cannot get to the site in time to stop it, or at a minimum shut it in, to limit the consequence.”
Ed has made this point before, frequently and loudly. I have chimed in in support of the comment on almost as many occasions, but it is something that cannot be said enough times. So, having said that, I will use this new version of his observation as a launching point for a restatement of my own about some basic security principles.
No Absolute Security
There is no such thing as a “SECURE Facility”. Any security system devised by man can be overcome by man; this is a basic tenant of life. All it takes to overcome any security system is an adequate amount of manpower and force. The trick of establishing a security program for any facility is to provide enough security to make the facility an unappealing target; one that would appear to take more effort to overcome that security than it is worth to the attacker. This is what Risk-Based security is all about.
Given that, it is obvious that the main point of a security system is to deter an attack. An attacker looking at the visible portions of the security system must believe that it would take more effort to attack the facility than he would gain by the attack. This means that significant portions of the security measures must be obvious to the attacker.
Deterrence is Fallible
Unfortunately, the security manager can not accurately read the mind of the attacker to determine how much effort in the attack is justifiable to that attacker. This means that the security planners must assume that the deterrence will not work. This means that there needs to be additional security measures beyond those that are visible that would be able to prevent some level of attack from succeeding. Deciding what level of attack to be able to actually prevent from succeeding is one of those things that security managers get the big bucks for (okay just a little bit of sarcasm there).
Detecting an attack at the earliest possible moment provides for the largest amount of time for the security apparatus to respond. Ideally, an attack should be detected during the planning/reconnaissance phase (and the FBI has been very successful at this since 9/11) so that there is little or no actual physical threat to the facility. Detection outside of the facility perimeter is almost as good. Anytime the perimeter is breached it is not a good thing, but the closer to the fence that the intruders are detected the better.
Once the intruder has breached the perimeter the security apparatus must be able to stop the intruder from carrying out the end-game of their attack. Allowing an 80-year old nun to spray paint anti-war graffiti on the wall of a weapon storage building is bad for the facility’s (and security manager’s) image. Allowing a terrorist to emplace an IED at a toxic chemical storage tank is going to get people killed. Intruders must be stopped before they get to the critical areas of a facility.
What will it take to interdict an intruder? The anti-war nun will probably be stopped by a uniformed security officer with a clipboard. Stopping the terrorist with the IED will probably take lethal force or at least the threat of lethal force. Determine what you need to stop and select your force appropriately.
Respond to Successful Attack
The thing that most security planners forget is the consequence of my first point; there is no absolute security. That means that you cannot guarantee that there will be no successful attacks. This means that the security plan must also address how to respond to the consequences of a successful attack; both within and without the facility perimeter.
High-risk chemical facilities should already have approached this consequence management drill as part of their accidental-release response planning. Just remember that a deliberate attack is likely to involve a more serious release than the EPA’s ‘worst-case scenario’. Multiple release points will be the likely aim of a serious attack. Multiple chemical releases, especially incompatible chemicals, will likely be the objective of professional terrorists.
And remember, many terrorist organizations have executed secondary attacks on emergency response personnel just to make the problems worse.
Keep it Up-to-Date
Finally, the security plan, like any plan, must be a living document. It needs to be reviewed, exercised and revised on a regular basis. As terrorist groups develop new techniques and adopt new weapons, the plan must be revised accordingly. As the political landscape changes, there will be new types of terrorist groups that may become interested in the facility. And changes in the facility layout, operations and personnel will require appropriate adjustments to the security plan.