Wednesday, May 13, 2009

Reader Comments – 05-11-09 – Video Escort Continued

As promised, this is a continuation of yesterday’s blog about the use of video systems to monitor non-TWIC personnel in the secure area of an MTSA covered facility. This is functionally equivalent to tracking personnel that lack unaccompanied access in a high-risk chemical facility. Just a reminder that, under MTSA regulations, a person without a TWIC may be escorted by monitoring when in the facility secure area, but must have a side-by-side escort in designated restricted areas in the facility. In yesterday’s blog we talked about some definitions from 33 CFR §101.105 as well as my definitions of some terms that I am using in the discussion. I failed to specifically define the term ‘target’, but it should have been obvious that the term was used to describe a person being monitored or video escorted. I talked about some ways that the target could be identified to the surveillance system. We finished yesterday’s blog with a discussion of accidental and deliberate security breaches and the need to investigate to determine into which category a security breach fell. Accidental Security Breach An accidental security breach includes any instance where the security system looses track of a person that is not authorized unaccompanied access to the facility. There are a number of legitimate reasons why a person may temporarily disappear from observation. Dead spaces in the video coverage can be caused by poor camera placement, changes in weather or lighting conditions, vehicles or other objects moving through or into the field of view of security cameras. Known dead spaces should be carefully mapped and security personnel should be well aware of those areas and what is normally found in them. These locations should be checked by roving security personnel at random intervals at least once per shift. Dead zones near or within view of restricted areas should be checked more often. Every system, cyber or human based, will have a period of time for which the subject being out of view will not be a matter of concern. A well designed system will specify the allowable time period that a target can remain out of view without requiring an alarm. The length of time will be a judgment call based on a combination of size of known dead spaces, delay time for restricted area security measures, response times of security forces, and facility risk factors. The objective is to minimize the number of false alarms while detecting all significant deliberate security breaches. Any time that the maximum allowable disappearance time is exceeded, either system should provide an alarm for a potential security breach. If the target re-appears on the system and appears to be behaving innocuously before the security response arrives on scene, the security personnel should first investigate the area where the target was out of view. They should be looking for signs of tampering with facility equipment, emplacement of observation devices or employment of IEDs or other offensive weapons. The higher the facility threat status, the more thorough that investigation should be. Once that area is cleared a member of the security team should approach the target only if the target is behaving suspiciously or the target appears to be lost. In either case, the target should be provided side-by-side escort for the remainder of the time at the facility. Monitoring or video escort should still be maintained on the target. Deliberate Security Breaches When either the automated or human monitoring system completely looses track of a target individual the reason for concern is obvious; in a high-risk environment the assumption of nefarious activity is usually the first suspicion. Operationally, any time the target individual is not locatable on the video system by the time the security response arrives on the scene, there must be an assumption that this is a deliberate security breach. Facility security procedures will dictate what must be done when a deliberate security breach is detected. The response will depend on a number of factors; including facility threat status, types of chemicals on hand, and the proximity of off-site populations. Still the response procedures would typically include provisions for:
Notifying additional security response forces including police; Notifying emergency response personnel; Increasing security level at the facility; Shutting down safety critical processes; and Moving facility personnel to a secure location.
Most importantly the facility security procedures must include procedures for detention of suspects involved in potentially deliberate security breaches. Unless a facility is using sworn law enforcement personnel for security, security personnel are unlikely to be authorized to actually arrest suspects. Procedures for detaining personnel, securing potential crime scenes and turning both over to law enforcement personnel, must be documented, reviewed by legal personnel, and coordinated with law enforcement agencies. Needless to say, frequent training and evaluation of security personnel is also required. Multiple Accidental Breaches A well executed terrorist attack is always preceded by a reconnaissance of the intended target. The higher priority the target is for the organization planning the attack, the more likely it is that there will be attempts made to evaluate on-site security procedures. One effective method to do this would be for personnel with legitimate reasons to be on site (vendors, contractors, or delivery personnel for instance) to make seemingly innocent security breaches to track security response procedures. This is one of the reasons that it is important to keep track of apparent accidental security breaches. Multiple breaches by the same person should be regarded as suspicious activity. Off-site investigation of suspicious must be accomplished by law enforcement personnel, not facility security personnel. This means that suspicious activity needs to be reported to law enforcement as soon as it is identified. The facility should be prepared to share all available information when the report is made. Facility Security Plan The facility security plan needs to address all of these issues. The use of monitoring or video escort technology in place of side-by-side escorting of personnel not authorized unaccompanied access to the facility must be fully documented. Response procedures, including time limits for acceptable loss of target from observation, must be clearly delineated, trained and periodically evaluated in drills and exercises.

No comments:

/* Use this with templates/template-twocol.html */