Monday, May 2, 2011

ERM-BC-COOP: Osama is gone, but . . .


If you believe the White House, Osama bin Laden is dead.

Shot in the head and dumped over the side of a ship sailing somewhere in some sea.

Putting aside my skepticism of political "reality" I start thinking about "What if Osama really IS dead? What can we - the non-Muslim world in general and the U.S. in particular - expect?"

My best guess is retaliation, revenge on a grand scale.

Perhaps, however, not on a grandstand scale, although that, of course, always is possible.

The difference, as I perceive it, between "grand scale" and "grandstand scale" is that "grandstand" is along the lines of 9-11 (2001), e.g., a dirty bomb in San Francisco or a sarin attack on the New York City subway system, while "grand scale" implies many smaller, but none-the-less attention-getting, fear-instilling attacks on private and government facilities.

Most of my work is in the private - non-governmental - arena, and even when I do work for governments, the work is for agencies, rather than looking at the world from Emergency Management's Police/Fire/Rescue perspective.

There is not much that I, civilian Enterprise Risk Management practitioner, can do to protect Beautiful Downtown Burbank as they used to say on "Laugh-In," but there is a lot I can do to help private sector - and even some public sector - operations.

First and foremost, people in my business need to make sure everyone is aware of their surroundings.

Long before travelers in U.S. airports, train stations, and bus depots were told to guard their luggage and to report unattended - read "suspicious" - luggage, I lived in Israel where similar warnings date back not years but decades. I have, unfortunately, seen the results of left-behind luggage whose contents killed and maimed.

Being alert means more than just thinking about luggage - although I'm often left wondering what happens to my suitcases when they are both unlocked and out-of-sight.

Being alert means occasionally glancing out the office window to see if there are any vehicles parked alongside the building.

    The Alfred P. Murrah Federal Building in downtown Oklahoma City was brought down by an explosive-packed 20-foot rental truck on April 19, 1995; the blast took 168 lives, including 19 children under the age of 6, and injured more than 680 people.

    A truck bomb was detonated below the North Tower of the World Trade Center in New York City. The explosion was intended to knock the North Tower (Tower One) into the South Tower (Tower Two), bringing both towers down and killing thousands of people. While it failed to do so, six people were murdered and thousands were injured.

Having alert staff is only part of the mitigation equation.

Suspicious staff need to know how, and to whom, to report their observations.

The person(s) receiving the report needs to know how to react.

Finally, staff needs to know where to go in the event of a threat - outside to a parking lot that may be more dangerous than remaining inside against a opposite-to-the-threat wall.

All that needs to be considered in depth, preferably by all hands, and clearly defined in an organization's policies and procedures. It goes without saying that the policies and procedures must be known to, and understood by, all personnel.

One of the easiest ways to plant a device - be it explosive or gas - is to bring it inside on a vendor's cart.

Organization that want to protect their staff do a number of simple things to reduce this risk.

First, all employees are issued photo badges and the badges must be clearly displayed by the wearer. No hiding the badge on the belt or under a collar.

Temps, visitors, and vendors need to be issued brightly colored badges; different colors for different categories; e.g., temps have green badges, visitors wear orange badges, and vendors wear red badges. If the organization can afford it, all badges should have the wearer's photo.

    I recently visited a hospital and was issued a paper visitor's sticker/badge with my name, photo, and badging location on it; it took only a moment to prepare the sticky-backed document that I was instructed to display prominently while I was on premise. I missed a turn in the hospital's maze of halls and, asking how to go back to Square One, a guard read the badging location and pointed me in the right direction. The hospital has hundreds of visitors each day so the cost could not be all that great.

All visitors and vendors must be under escort at all times they are on site. Even Bill, the trusted junk food vendor, needs an escort. It pays to match a vendor's photo ID with the vendor before issuing a facility vendor badge.

Back to awareness: All personnel should be alert to unescorted strangers; if the unescorted person lacks a badge, Security should be quietly alerted.

Outside in the parking lot, are there any unusual trucks of any size? Does UPS normally deliver between 8 a.m. and 10 a.m.? Is there a UPS truck in the parking lot at 4 p.m.? Be suspicious; courier services typically deliver to business addresses in the morning and residential addresses in the evening.

A smart organization will "test" its personnel. Park a truck alongside the building or in a "to-close-to-the-building" spot at the wrong time in the parking lot. Reward the first two or three people spotting the suspicious vehicle.

Have a new hire or temp walk around the facility sans badge or even with the wrong type badge.

Ask a vendor, after returning his or her badge and exiting the building, to come back and try to go back to where they were before (e.g., the break room) without checking in and being badged and escorted again.

While I favor rewards - a coupon good at a Cold Stone Creamery works for me - I would NOT encourage punishments for failures to comply, at least on the first or second offense.

Then there is the mail room.

People are cautioned not to open email attachments or follow links unless they (a) know the email sender and (b) are expecting the attachment or link.

The same basic admonishment applies to incoming mail, especially packages.

It is worthwhile for staff to hand-scan (run their hands across) envelopes to detect grainy materials inside. For organizations where the mailroom opens all mail, this may not work; in that case, the mailroom needs to be segregated and securely closed when mail is opened.

That grainy white stuff in the envelope might be detergent, but then again . . .

No comments: