SSC Security Matters Newsletter

January 2009

IN THIS ISSUE:
• In the Spotlight, by David A. Linsky
• Protecting Facilities after Mumbai,
by David A. Linsky
• SSC News!

QUICK LINKS:
• www.sscintel.com
• www.securessc.com

"In the Spotlight" by David A. Linsky, CEO, SSC, Inc.

Outperforming Our Industry

Clients and client needs drive SSC. Keeping security costs under control is what I hear most often in my conversations with business and government leaders throughout the Northeast. Spurred by the challenges of hard economic times, our clients are looking at every supplier for new ways to accelerate their business and create profits. They are not waiting for the economy to improve. They cannot wait and either can SSC.

Security Industry >

Speaking Programs

Our new speaker's forum, In the Lawyer's Toolbox is being presented to legal associations and law firms throughout the Northeast. If you or a colleague is interested in having our professionals speak to your group or association for 15 minutes or more, please contact me.

We can provide an important overview of electronic evidence collection (computer forensics) and/or due diligence in 15 to 30 minutes. Our litigation support services help lawyers win cases.

You can view the flyer on this subject by clicking on the following link: Lawyers

For more information, call Beth Gabriel at (203) 925-6148.

Protecting Facilities after Mumbai
by David A. Linsky

The attacks on the Mumbai hotels in November 2008 left more than 170 people dead. Hotel guests and visitors were trapped in this deadly scenario. Militants used assorted weaponry, including guns and grenades, to create as much carnage as they possibly could. The attack on Mumbai directs our attention to insider threats as a very real problem for corporate facilities. The only survivor, one of the Mumbai attackers, reported that at least five people, in the Mumbai area, aided the militants in their preparations for the attack. There is some evidence that a chef at the Taj Hotel was a key informant to the preparations of the attack. There are also unconfirmed reports that some of the attackers wore Taj Hotel uniforms and this would indicate potential staff collusion. Although there are reports of the use of GPS devices and high tech communications being used by the militants this was a decidedly low-tech attack in which access and response were key failure points.

Can it happen here? It certainly can. In July 1993, U.S. counter terrorism agents arrested eight individuals, which were later convicted of plotting an elaborate, multistage attack on key locations in Manhattan. Linked to Osama bin Laden, the militants’ then relatively new group, al Qaeda, planned to storm Manhattan armed with automatic rifles, grenades and improvised explosive devices. Those involved in the planning had conducted extensive surveillance both inside and outside their targets using human probes, hand-drawn maps, and video surveillance. Detailed notes were taken on the layout and design of the buildings, including stairwell positions, police and security patrols, security cameras and personnel were all surveyed. As recently as the middle of December 2008, five immigrants scheming to massacre U.S. soldiers at Fort Dix were convicted. This particular event highlights the reality of the threat here at home. The New Jersey case is particularly notable because it involved an apparently homegrown group of angry immigrants who had no known contact with foreign terrorist organizations. Instead, they found motivation from jihadist propaganda culled from the Internet.

The investigation into how the militants (that attacked Mumbai) planned and executed this deadly mission is underway. A key lesson to be learned is how militants’ attempt to infiltrate corporations and high value industry and how they are able to garner information and details that might be used to launch future attacks. While the investigation into how the attackers planned their mission is still ongoing, we need to use the lessons we have learned from Mumbai to protect ourselves from similar events. If one supposes that the goal of the militants was to generate terror, then this was a very effective attack. The resultant non-lethal effects that followed this attack are still being considered but include incalculable lost tourist dollars, business investment, and citizen confidence.

A critical challenge for corporate America is to defend against attacks by limiting legitimate access to our organizations and by identifying potential sources of insider threats. Insiders are not only employees but are also contractors, business partners, and visitors. Some insiders may be malicious while others are simply pawns of malevolent actors. One thing is clear, both from Mumbai and from good corporate security governance; we have to know who our employees are, who is in our buildings, and to be able to monitor actions in order to prevent bad outcomes and maximize rapid and appropriate response to threats.

Some key points:

• The alignment of a facilities strong pre-employment background check program with its physical access control program is most important.

• The facility protection plan has to maximize the ability to deter and detect adversarial surveillance of the facility.

• Due to known practices of Al Qaeda and affiliated organizations, it is critical that security professionals collaborate and share information with similar facilities and law enforcement to best synergize security efforts.

• Protecting our facilities and infrastructure requires an integrated plan addressing the components at the highest risk.

Working together in 2009, we can help you mitigate the unthinkable consequences of possible gaps in facility protection programs.

Experienced, pro-active, and dedicated to your business. Contact SSC for a confidential Security Consultation. Our e-Newsletter: SSC Security Matters.