Monday, April 18, 2011

Security Patrol Scheduling

There is an interesting article over at HomelandSecurityNewsWire.com about the theoretical basis for scheduling security patrols. Based upon research conducted at the University of Southern California, the article describes how a new software based technique is being used in places like Boston Harbor to define when and where routine security patrols will appear to ensure that they have the maximum effectiveness in deterring terrorist attacks.

Purpose of Security Patrols

To understand the reason some security managers may turn to patrol scheduling software you first have to understand the purpose of security patrols. The most obvious purpose of this manpower intensive operation is to detect intruders that have penetrated perimeter security. This purpose is based upon the recognition that there is no perimeter security that cannot be penetrated by a properly trained and informed adversary.

The second purpose of conducting security patrolling is less obvious, but probably more important; it is to deter attacks from being executed upon the facility. From a terrorist’s perspective this country is a target rich environment; there are many more targets available than they will ever have the opportunity to attack. The trained teams that will have the best chance of successfully executing a high-profile terror attack will select targets where they have the highest chance of success.

A facility with effective, randomized security patrols in place is much more difficult to successfully attack. An attacker wants to know where and when they would expect to encounter security patrols. This allows them to either avoid those patrols, or to ambush the patrols to neutralize them. If the attacker cannot tell in advance where these patrols can be found, it makes either of these counter-security operations much more difficult. It will be much easier to select a target with more predictable or non-existent patrols.

Randomizing Coverage and Timing

As one digs into the USC website describing their research and the tools they developed one discovers a counter-intuitive extension of this randomized patrol concept; the idea that the areas to be covered by a patrol. In discussing the use of their ARMOR software for scheduling security patrols within the LAX airport they discuss the selection of areas to be patrolled and areas to be avoided.

There are a couple of reasons for this. The most obvious is the fact that security manpower is always a limited resource. Since security is not a profit center for any facility management is always going to place constraints on cost and limiting manpower for security is a common cost management tool. Randomly selecting which areas will be covered by a particular patrol will ensure that the limited manpower available is able to provide maximum physical coverage.

Another common reason that an area might not receive patrol coverage on a particular set of rounds is that there might be non-security related constraints prohibiting patrolling at a particular place-time. At a high-risk chemical there may be chemical operations that make it unsafe for security patrols to operate. Line-breaks, loading or transfer operations frequently require personal protective equipment that is not routinely carried by patrolling personnel. These types of operations need to be taken into consideration when planning patrolling routes.

Use of Patrolling Software

The obvious question that comes to mind after looking at the USC web site and reading the multiple journal articles available on the subject is: do facilities need to use sophisticated software to ensure that their patrols are properly randomized? The answer is complicated. If the goal is to have a completely randomized patrol schedule, the answer is absolutely yes. The human mind does not handle randomness very well and to ensure that the human penchant for predictability does not intrude on randomness.

The problem is that it is not clear that true, mathematically verified randomness, is really necessary. The purpose of the exercise is to make it difficult for the terrorist attack planner to detect the patrolling pattern and plan accordingly. Mathematical randomness is probably not required as it is unlikely that the terrorist will use advanced pattern detection software that only true randomness can defeat.

Very large facilities, with complex patrolling requirements, managing multiple patrols might find the use of the software like that described on the USC web site a valuable tool. This would be done not so much to ensure randomness, but just to make sure that there is efficient use of the limited patrolling resource. Most facilities, however, will not have a complicate enough patrolling program to make the use of this kind of software necessary.

Patrolling Plan

This is not to say that some sort of patrol planning is not required. All facilities that use security patrols as part of their site security plan need to have some sort of formal patrol planning process. To ensure that there are no readily identifiable patrolling patterns someone needs to plan the schedule and route of security patrols and then check them for their predictability.

Another reason for a written patrol plan is to allow security personnel to avoid those areas of the facility where there are time limited safety considerations. Security personnel do not need to stumble upon a personal exposure situation that could have been avoided with a little advance planning. This of course pre-supposes that operations and security are in close and continuous communications.

No comments:

 
/* Use this with templates/template-twocol.html */