Investigative & Security Professionals for Legislative Action

Security Related Topics

 
<< First  < Prev   1   2   Next >  Last >> 
  • 04 Nov 2013 9:34 PM | Anonymous member (Administrator)

    ISPLA is pleased to post the item below by Jeff Larson of November 4, 2013 with

    the permission of ProPublica:

    The federal institute that sets national standards for how government, private citizens and business guard the privacy of their files and communications is reviewing all of its previous recommendations [1].

    The move comes after ProPublica, The Guardian and The New York Times disclosed [2] that the National Security Agency had worked to secretly weaken standards to make it easier for the government to eavesdrop.

     The review, announced late Friday afternoon by the National Institute for Standards and Technology, will also include an assessment of how the institute creates encryption standards.

    The institute sets national standards for everything from laboratory safety to high-precision timekeeping. NIST’s cryptographic standards are used by software developers around the world to protect confidential data. They are crucial ingredients for privacy on the Internet, and are designed to keep Internet users safe from being eavesdropped on when they make purchases online, pay bills or visit secure websites.

    But as the investigation by ProPublica, The Guardian and The New York Times in September revealed, the National Security Agency spends $250 million a year on a project called “SIGINT Enabling [3]” to secretly undermine encryption. One of the key goals, documents said, was to use the agency’s influence to weaken the encryption standards that NIST and other standards bodies publish.

    “Trust is crucial to the adoption of strong cryptographic algorithms,” the institute said in a statement [1] on their website. “We will be reviewing our existing body of cryptographic work, looking at both our documented process and the specific procedures used to develop each of these standards and guidelines.”

    The NSA is no stranger to NIST’s standards-development process. Under current law, the institute is required to consult with the NSA when drafting standards. NIST also relies on the NSA for help with public standards because the institute doesn’t have as many cryptographers as the agency, which is reported to be the largest employer of mathematicians [4] in the country.

    “Unlike NSA, NIST doesn’t have a huge cryptography staff,” said Thomas Ptacek, the founder of Matasano Security [5], “NIST is not the direct author of many of most of its important standards.”

    Matthew Scholl, the deputy chief at the Computer Security Division of the institute, echoed that statement, "As NIST Director Pat Gallagher has said in several public settings, NIST is designed to collaborate and the NSA has some of the world’s best minds in cryptography." He continued, "We also have parallel missions to protect federal IT systems, so we will continue to work with the NSA."

    Some of these standards are products of public competitions among academic cryptography researchers, while others are the result of NSA recommendations. An important standard, known as SHA2, was designed by the NSA and is still trusted by independent cryptographers and software developers worldwide.

    NIST withdrew one cryptographic standard, called Dual EC DRGB, after documents provided to news organizations by the former intelligence contractor Edward Snowden raised the possibility that the standard had been covertly weakened by the NSA.

    Soon after, a leading cryptography company, RSA, told software writers to stop using the algorithm in a product it sells. The company promised to remove the algorithm in future releases.

    Many cryptographers have expressed doubt about NIST standards since the initial revelations were published. One popular encryption library changed its webpage [6] to boast that it did not include NIST-standard cryptography. Silent Circle [7], a company that makes encryption apps for smartphones, promised to replace the encryption routines in its products with algorithms not published by NIST.

    If the NIST review prompts significant changes to existing encryption standards, consumers will not see the benefit immediately. “If the recommendations change, lots of code will need to change,” said Tanja Lange, a cryptographer at the University of Technology at Eindhoven, in the Netherlands. “I think that implementers will embrace such a new challenge, but I can also imagine that vendors will be reluctant to invest the extra time.”

    In Friday’s announcement, NIST pointed to its long history of creating standards, including the role it had in creating the first national encryption standard in the 1970s — the Data Encryption Standard, known as DES. “NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard,” the bulletin said. But even that early standard was influenced by the NSA. [8]

    During the development of DES, the agency insisted that the algorithm use weaker keys than originally intended — keys more susceptible to being broken by super computers. At the time, Whitfield Diffie, a digital cryptography pioneer, raised serious concerns about the keys. [9] “The standard will have to be replaced in as few as five years,” he wrote.

    The weakened keys in the standard were not changed. DES was formally withdrawn [10] by the institute in 2005.

    The announcement is the latest effort by NIST to restore the confidence of cryptographers. A representative from NIST announced in a public mailing list, also on Friday, that the institute would restore the original version of a new encryption standard, known as SHA3, that had won a recent design competition but altered by the institute after the competition ended. Cryptographers charged that NIST’s changes to the algorithm had weakened it.

    The SHA3 announcement referred directly to cryptographers’ concerns. “We were and are comfortable with that version on technical grounds, but the feedback we’ve gotten indicates that a lot of the crypto community is not comfortable with it,” wrote John Kelsey, NIST’s representative. There is no evidence the NSA was involved in the decision to change the algorithm.

    The reversal took Matthew Green, a cryptographer at Johns Hopkins University, by surprise. “NIST backed down! I’m not sure they would have done that a year ago,” he said.

    Update: A NIST spokesperson responded on Monday afternoon (this story initially stated that NIST declined to comment).

  • 10 Jan 2013 11:10 AM | Anonymous member (Administrator)

    Intelligence and Human Networks

    Stratfor Global Intelligence By Tristan Reed January 10, 2013

    Stratfor views the world through the lens of geopolitics, the study of hard, physical constraints on man's ability to shape reality. Political decisions are limited by the geography in which they take place, eliminating many of the options concocted by ideologues and making their human decisions easier to predict. But the study of geopolitics only takes the understanding of global affairs so far: It identifies the geographical constraints but leaves an array of options open to human actors. So when forecasting on a shorter time frame, analysis must go beyond geographical constraints to more specific, temporal constraints. For this reason, predicting the short-term activities of human actors requires an understanding of the constraints they face in the human terrain within which they operate.

    As a result, one task common to any intelligence organization is defining the human network of a state, criminal organization, militant movement or any other organization to better determine and understand a group's characteristics and abilities. A human network in this sense is a broad term used to describe the intricate web of relations existing in an organization and within a specific region. For anyone or any organization with interests in a given geographic area, understanding the networks of individuals with influence in the region is critical.

    Intelligence and Analysis

    People use human networks to organize the control of resources and geography. No person alone can control anything of significance. Presidents, drug lords and CEOs rely on people to execute their strategies and are constrained by the capabilities and interests of the people who work for them. Identifying these networks may be a daunting task depending on the network. For obvious reasons, criminal organizations and militant networks strive to keep their membership secret, and it is not always apparent who gives the orders and who carries out the orders in a political body. To discern who's who in a group, and therefore whether an individual matters in a group, requires both intelligence and analysis to make sense of the intelligence.

    How intelligence is acquired depends on the resources and methods available to an intelligence organization, while the analysis that follows differs depending on the intent. For example, International Security Assistance Force military operations aimed at disrupting militant networks in   

    Afghanistan would require the collection of informants and signals intelligence followed by analysis to pinpoint the exact location of individuals within a network to enable targeted operations. Simply knowing who belongs to a militant network and their location is not enough; the value lies in the significance and capabilities of an individual in the group. Detaining an individual who lays improvised explosive devices on a road may result in short-term disruptions to the target's area of operations, but identifying and detaining a bombmaker with exclusive experience and training will have a far greater impact.

    The true value of analysis lies in understanding the significance of a particular individual in a network. Mapping out a human network begins with the simple question of who belongs to a particular network. Next, identify and define relationships with other known individuals and organizations. For some, this process takes the form of link analysis, which is a visual representation of a network where each individual is represented in a diagram. Links between the individuals who interact with one another are then depicted. These links show an individual's significance in a group and establish whether he is a lowly scout within a transnational criminal organization who may only interact with his paymaster. The paymaster, by contrast, could be linked to dozens of other group members. Examining how many links within a group an individual has, however, is just scratching the surface of understanding the network.

    Every individual within a given human network has reasons to be tied to others within the network. Understanding what unites the individuals in an organization provides further depth of understanding. Whether it be ideology, mutual interests, familial ties or paid services, why a relationship exists will help determine the strength of such bonds, the motives of the network and the limitations to what a network can accomplish. For example, when assessing the strength of the Syrian regime, it is imperative to identify and examine the inner circle of President Bashar al Assad. Analyzing these members can indicate which factions of the Syrian population and which political and familial groupings support or reject the al Assad regime. That key posts within the government are now occupied primarily by Alawites indicates a combination of regime distrust of the Sunnis and dwindling levels of support from even high-ranking Sunnis. Similarly, examining the once-strong ties of inner circle members who have defected indicates which factions no longer support the regime and points toward other groups that might also have doubts about remaining loyal.

    Rarely is there a completely isolated human network. Human relations typically span multiple regions or even continents. Politicians can have their own business interests, drug traffickers may have counterparts in another country and militant groups may have the sympathy of other groups or even members in a state's government. There are no limits on how separate networks may interact with one another. Understanding a group's ties to other groups further defines the original group's influence. For example, a political leader at odds with the powerful military of his state may find significant constraints in governing (due to the limitations within the human network on figures linking the military assets to political leaders). A drug trafficker with a law enforcement officer on his payroll will likely find less resistance from authorities when conducting illicit business (due to the capabilities that a police officer would provide to the network).

    The reasons for, and methods of, defining a human network will vary depending on the intelligence organization. A nation with vast resources like the

    United States has an exceptionally large focus on human networks around the world and a full array of intelligence disciplines to gather the necessary information. At Stratfor, our reasons to map the intricate web of human relations within an organization differ as we look to understand the constraints that human networks place on actors.

    Challenges of Tracking Human Networks

    The individuals in an organization are constantly changing. This means the job of mapping the driving forces in an organization never ends, since relations shift, roles change and individuals often are taken out of the picture altogether. As a result, intelligence collectors must continually task their intelligence assets for new information, and analysts must continually update their organizational charts.

    Logically, the more fluid the membership of an organization, the more difficult it is for an intelligence organization -- or rival organization -- to follow it. As an example, take Los Zetas, who dominate the Mexican border town of

    Nuevo Laredo. The group always will have individuals in the city in charge of running daily criminal operations, such as coordinating gunmen, drug shipments, money laundering and retail drug sales. Within a Mexican transnational criminal organization, the person filling this role is typically called a "plaza boss." Several alleged Zetas plaza bosses of Nuevo Laredowere killed or captured during 2012 in Mexican military operations. With each kill or capture, an organization must replace the former plaza boss. This frequent succession of plaza bosses obviously reshapes the human network operating in Nuevo Laredo.

    It is no simple matter for a collector to ask his informants about, or to eavesdrop through surveillance, for information about the personnel changes. It takes time for a new plaza boss to assume his new responsibilities. A new office manager must get to know his employees and operations before making critical decisions. Additionally, an intelligence collector's assets may not be able to provide updates right away. In the case of an informant, does the informant have the same access to the new plaza boss as the former? Roles are more constant within an organization and can be split up among individuals. Thus, a person who had handled both gunmen and drug shipments may be replaced by two people to break up the responsibilities. Therefore, collectors and analysts must seek to understand the roles of the new plaza boss and whether he has the same influence as the prior one.

    What We Do

    Understanding that the players within organizations change frequently, but that the roles and constraints of an organization transform far more slowly, is key to how Stratfor approaches human networks. For the leader of a nation, the geopolitical imperatives of the nation serve as impersonal forces directing the decisions of a rational individual. For a criminal or insurgent leader, there is only so much that can be done while attempting to avoid notice by law enforcement and the military, and the organization's imperatives will likely remain in place. In determining the constraints and imperatives, we can better identify the significance and courses of actions of an organization without necessarily knowing the details about the individuals serving specific roles.

    Particularly with more clandestine human networks, we continually examine the external effects of known personnel changes. For example, how has the death of a Taliban leader in

    Pakistanaffected the operations of the Tehrik-i-Taliban Pakistanas a whole, such as in the case of the Jan. 3 death of Taliban leader Maulvi Nazir in South Waziristan? Nazir commanded a relatively benign faction of the Pakistani Taliban that kept more aggressive, anti-government factions out of South Waziristan. His removal, and the nature of his removal, could invite militants waging an active fight against the Pakistani government to return to South Waziristan. Ultimately, Nazir was a distinct figure in the Pakistani militant network due to his alliance with Islamabad. While his removal won't change the fact that militants will thrive on the Pakistani-Afghan border (which geography dictates), it does marginally tilt the balance away from Islamabadand toward the militants.

    With the example of Los Zetas in Nuevo Laredo, we know

    Nuevo Laredois a critical location for the transnational criminal organization. As a border town with one of the highest volumes of cross-border commercial shipping to the United States , the city serves as one of the principal sources of revenue for Zetas drug traffickers. For this reason, Los Zetas will certainly continue to replace figures who are removed by military and law enforcement.

    Using this known behavior and the imperatives, we can learn about Los Zetas elsewhere in

    Mexico : By observing the group at a broader geographic level, we can deduce the significance of a capture or death in a specific locale. If the losses of personnel in Nuevo Laredo have had a significant impact on the organization, operations would likely suffer in other geographic areas as the group accommodates its losses in Nuevo Laredo.

    In forecasting the political, economic or security climate of a geographic region, understanding human networks must be incorporated into any analysis. Areas such as

    Mexicoand Syria have geographic elements that define conflicts. Mexico's location between the cocaine producers of the northern Andes and cocaine consumers in the United States ensures that groups will profit off the cocaine flow from south to north. The Sierra Madre Occidental and Sierra Madre Oriental divide trafficking corridors between the east and west coasts of Mexico . But geography alone can't be used to predict how groups will organize and compete with each other within those trafficking corridors. Predicting the spread and scope of violence depends on knowledge of the human network and of who controls the resources and terrain. Similarly, the geographic significance of the Levant to Iranand Iraqdetermines the importance of Syriaas an access point to the Mediterranean, but that alone doesn't determine the future of al Assad's regime. Understanding who his most trusted confidants are, what their relationships are based on and watching their moves enables us to filter the constant news of death and destruction coming out of Syria and to focus on the individuals who directly support al Assad and determine his immediate fate. 

    Inasmuch that humans can overcome geography, they can do so through organizations that control terrain and resources. Understanding the nature of those organizations and how they control those assets requires knowledge of the human network.

    "<a href="http://www.stratfor.com/weekly/intelligence-and-human-networks">Intelligence and Human Networks</a> is republished with permission of Stratfor."

  • 13 Oct 2011 2:04 PM | Anonymous member (Administrator)

    Growing Concern Over the New York City Police Department's Counterterrorism Methods is Repudiated

     

    By Scott Stewart

    In response to the 9/11 attacks, the New York Police Department (NYPD) established its own Counter-Terrorism Bureau and revamped its Intelligence Division. Since that time, its methods have gone largely unchallenged and have been generally popular with New Yorkers, who expect the department to take measures to prevent future attacks.

    Preventing terrorist attacks requires a very different operational model than arresting individuals responsible for such attacks, and the NYPD has served as a leader in developing new, proactive approaches to police counterterrorism. However, it has been more than 10 years since the 9/11 attacks, and the NYPD is now facing growing concern over its counterterrorism activities. There is always an uneasy equilibrium between security and civil rights, and while the balance tilted toward security in the immediate aftermath of 9/11, it now appears to be shifting back.

    This shift provides an opportunity to examine the NYPD’s activities, the pressure being brought against the department and the type of official oversight that might be imposed.

    Under Pressure

    Reports that the NYPD’s Intelligence Division and Counter-Terrorism Bureau engage in aggressive, proactive operations are nothing new. STRATFOR has written about them since 2004, and several books have been published on the topic. Indeed, police agencies from all over the world travel to New York to study the NYPD’s approach, which seems to have been quite effective.

    Criticism of the department’s activities is nothing new, either. Civil liberties groups have expressed concern over security methods instituted after 9/11, and Leonard Levitt, who writes a column on New York police activities for the website NYPD Confidential, has long been critical of the NYPD and its commissioner, Ray Kelly. Associated Press reporters Adam Goldman and Matt Apuzzo have written a series of investigative reports that began on Aug. 24 detailing “covert” NYPD activities, such as mapping the Muslim areas of New York. This was followed by the Aug. 31 publication of what appears to be a leaked NYPD PowerPoint presentation detailing the activities of the Intelligence Division’s Demographics Unit.

    In the wake of these reports, criticism of the NYPD’s program has reached a new level. Members of the New York City Council expressed concern that their constituents were being unjustly monitored. Six New York state senators asked the state attorney general to investigate the possibility of “unlawful covert surveillance operations of the Muslim community.” A group of civil rights lawyers also asked a U.S. district judge in Manhattan to force the NYPD to publicize any records of such a program and to issue a court order to prevent their destruction. In response to the AP investigation, two members of Congress, Reps. Yvette Clarke, D-N.Y., and Rush Holt, D-N.J., asked the Justice Department to investigate. The heat is on.

    After an Oct. 7 hearing regarding NYPD intelligence and counterterrorism operations, New York City Council Public Safety Committee Chairman Peter Vallone said, “That portion of the police department’s work should probably be looked at by a federal monitor.”

    Following Vallone’s statement, media reports cited Congressional and Obama administration officials saying they have no authority to monitor the NYPD. While Vallone claims the City Council does not have the expertise to oversee the department’s operations, and the federal government says that it lacks the jurisdiction, it is almost certain that the NYPD will eventually face some sort of new oversight mechanisms and judicial review of its counterterrorism activities.

    New York City and the Terrorist Threat

    While 9/11 had a profound effect on the world and on U.S. foreign policy, it had an overwhelming effect on New York City itself. New Yorkers were willing to do whatever it took to make sure such an attack did not happen again, and when Kelly was appointed police commissioner in 2002, he proclaimed this as his primary duty (his critics attributed the focus to ego and hubris). This meant revamping counterterrorism and moving to an intelligence-based model of prevention rather than one based on prosecution.

    The NYPD’s Intelligence Division, which existed prior to 9/11, was known mainly for driving VIPs around New York, one of the most popular destinations for foreign dignitaries and one that becomes very busy during the U.N. General Assembly. Before 9/11, the NYPD also faced certain restrictions contained in a 1985 court order known as the Handschu guidelines, which required the department to submit “specific information” on criminal activity to a panel for approval to monitor any kind of political activity. The Intelligence Division had a very limited mandate. When David Cohen, a former CIA analyst, was brought in to run the division, he went to U.S. District Court in Manhattan to get the guidelines modified. Judge Charles Haight modified them twice in 2002 and 2003, and he could very well review them again. His previous modifications allowed the NYPD Intelligence Division to proactively monitor public activity and look for indications of terrorist or criminal activity without waiting for approval from a review panel.

    The Counter-Terrorism Bureau was founded in 2002 with analytical and collection responsibilities similar to those of the Intelligence Division but involving the training, coordination and response of police units. Differences between the two units are mainly bureaucratic and they work closely together.

    As the capabilities of the NYPD’s Intelligence Division and Counter-Terrorism Bureau developed, both faced the challenges of any new or revamped intelligence organization. Their officers learned the trade by taking on new monitoring responsibilities, investigating plots and analyzing intelligence from plots in other parts of the United States and abroad. One of their biggest challenges was the lack of access to information from the federal government and other police departments around the United States. The NYPD also believed that the federal government could not protect New York. The most high-profile city in the world for finance, tourism and now terrorism, among other things, decided that it had to protect itself.

    The NYPD set about trying to detect plots within New York as they developed, getting information on terrorist tactics and understanding and even deterring plots developing outside the city. In addition to the challenges it also had some key advantages, including a wealth of ethnic backgrounds and language skills to draw on, the budget and drive to develop liaison channels and the agility that comes with being relatively small, which allowed it to adapt to changing threat environments. The department was creating new organizational structures with specific missions and targeted at specific threats. Unlike federal agencies, it had no local competitors, and its large municipal budget was augmented by federal funding that has yet to face cyclical security budget challenges.

    Looking for Plots

    STRATFOR first wrote about the NYPD’s new proactive approach to counterterrorism in 2004. The NYPD’s focus moved from waiting for an attack to happen and then allowing police and prosecutors to “make the big case” to preventing and disrupting plots long before an attack could occur. This approach often means that operatives plotting attacks are charged with much lower charges than terrorism or homicide, such as document fraud or conspiracy to acquire explosives.

    The process of looking for signs of a terrorist plot is not difficult to explain conceptually, but actually preventing an attack is extremely difficult, especially when the investigative agency is trying to balance security and civil liberties. It helps when plotters expose themselves prior to their attack and ordinary citizens are mindful of suspicious behavior. Grassroots defenders, as we call them, can look for signs of pre-operational surveillance, weapons purchasing and bombmaking, and even the expressed intent to conduct an attack. Such activities are seemingly innocuous and often legal undefined taking photos at a tourist site, purchasing nail-polish remover, exercising the right of free speech undefined but sometimes these activities are carried out with the purpose of doing harm. The NYPD must figure out how to separate the innocent act from the threatening act, and this requires actionable intelligence.

    It is for this reason that the NYPD’s Demographics Unit, which is now apparently called the Zone Assessment Unit, has been carrying out open observation in neighborhoods throughout New York. Understanding local dynamics, down to the block-by-block level, provides the context for any threat reporting and intelligence that the NYPD receives. Also shaping perceptions are the thousands of calls to 911 and 1-888-NYC-SAFE that come in every day, partly due to the city’s “If you see something, say something” campaign. This input, along with observations by so-called rakers (undercover police officers) allows NYPD analysts to “connect the dots” and detect plots before an attack occurs. According to the AP reports, these rakers, who go to different neighborhoods, observe and interact with residents and look for signs of criminal or terrorist activity, have been primarily targeting Muslim neighborhoods.

    These undercover officers make the same observations that any citizen can make in places where there is no reasonable expectation of privacy. Indeed, law enforcement officers from the local to the federal level across the country have been doing this for a long time, looking for indicators of criminal activity in business, religious and public settings without presuming guilt.

    Long before the NYPD began looking for jihadists, local police have used the same methods to look for mafia activity in Italian neighborhoods, neo-Nazis at gun shows and music concerts, Crips in black neighborhoods and MS-13 members in Latino neighborhoods. Law enforcement infiltration into white hate groups has disrupted much of this movement in the United States. Location is a factor in any counterterrorism effort because certain targeted groups tend to congregate in certain places, but placing too much emphasis on classifications of people can lead to dangerous generalizations, which is why STRATFOR often writes about looking for the “how” rather than the “who.

    Understanding New Threats and Tactics

    As the NYPD saw it, the department needed tactical information as soon as possible so it could change the threat posture. The department’s greatest fear was that a coordinated attack would occur on cities throughout the world and police in New York would not be ramped up in time to prevent or mitigate it. For example, an attack on transit networks in Europe at rush hour could be followed by an attack a few hours later in New York, when New Yorkers were on their way to work. This fear was almost realized with the 2004 train attacks in Madrid. Within hours of the attacks, NYPD officers were in Madrid reporting back to New York, but the NYPD claims the report they received from the FBI came 18 months later. There was likely some intelligence sharing prior to this report, but the perceived lack of federal responsiveness explains why the NYPD has embarked on its independent, proactive mission.

    NYPD officers reportedly are located in 11 cities around the world, and in addition to facilitating a more rapid exchange of intelligence and insight, these overseas operatives are also charged with developing liaison relationships with other police forces. And instead of being based in the U.S. Embassy like the FBI’s legal attache, they work on the ground and in the offices of the local police. The NYPD believes this helps the department better protect New York City, and it is willing to risk the ire of and turf wars with other U.S. agencies such as the FBI, which has a broader mandate to operate abroad.

    Managing Oversight and Other Challenges

    The New York City Council does not have the same authority to conduct classified hearings that the U.S. Congress does when it oversees national intelligence activity. And the federal government has limited legal authority at the local level. What Public Safety Committee Chairman Vallone and federal government sources are implying is that they are not willing to take on oversight responsibilities in New York. In other words, while there are concerns about the NYPD’s activities, they are happy with the way the department is working and want to let it continue, albeit with more accountability. As oversight exists now, Kelly briefs Vallone on various NYPD operations, and even with more scrutiny from the City Council, any operations are likely be approved.

    The NYPD still has to keep civil rights concerns in mind, not only because of a legal or moral responsibility but also to function successfully. As soon as the NYPD is seen as a dangerous presence in a neighborhood rather than a protective asset, it will lose access to the intelligence that is so important in preventing terrorist attacks. The department has plenty of incentive to keep its officers in line.

    Threats and Dimwits

    One worry is that the NYPD is overly focused on jihadists, rather than other potential threats like white supremacists, anarchists, foreign government agents or less predictable “lone wolves.”

    The attack by Anders Breivik in Oslo, Norway, reminded police departments and security services worldwide that tunnel vision focused on jihadists is dangerous. If the NYPD is indeed focusing only on Muslim neighborhoods (which it probably is not), the biggest problem is that it will fail in its security mission, not that it will face prosecution for racial profiling. The department has ample incentive to think about what the next threat could be and look for new and less familiar signs of a pending attack. Simple racial profiling will not achieve that goal.

    The modern history of terrorism in New York City goes back to a 1916 attack by German saboteurs on a New Jersey arms depot that damaged buildings in Manhattan. However unlikely, these are the kinds of threats that the NYPD will also need to think about as it tries to keep its citizens safe. The alleged Iranian plot to carry out an assassination in the Washington area underscores the possibility of state-organized sabotage or terrorism.

    That there have been no successful terrorist attacks in New York City since 9/11 cannot simply be attributed to the NYPD. In the Faisal Shahzad case, the fact that his improvised explosive device did not work was just as important as the quick response of police officers in Times Square. Shahzad’s failure was not a result of preventive intelligence and counterterrorism work. U.S. operations in Afghanistan and other countries that have largely disrupted the al Qaeda network have also severely limited its ability to attack New York again.

    The NYPD’s counterterrorism and intelligence efforts are still new and developing. As such, they are unconstrained compared to those of the larger legacy organizations at the federal level. At the same time, the department’s activities are unprecedented at the local level. As its efforts mature, the pendulum of domestic security and civil liberties will remain in motion, and the NYPD will face new scrutiny in the coming year, including judicial oversight, which is an important standard in American law enforcement. The challenge for New York is finding the correct balance between guarding the lives and protecting the rights of its people.

    ISPLA is grateful for the permission granted by STRATFOR to republish this article. www.stratfor.com

     

  • 28 Apr 2011 1:38 PM | Anonymous member (Administrator)

    The Kapersky Kidnapping – Lessons Learned – Scott Stewart

    On April 24, officers from the anti-kidnapping unit of Moscow’s Criminal Investigation Department and the Russian Federal Security Service (FSB) rescued 20-year-old Ivan Kaspersky from a dacha in Sergiev Posad, a small town about 40 miles northeast of Moscow. Kaspersky, the son of Russian computer software services billionaire Eugene Kaspersky (founder of Kaspersky Lab), was kidnapped on April 19 as he was walking to work from his Moscow apartment. A fourth-year computer student at Moscow State University, Kaspersky was working as an intern at a software company located near Moscow’s Strogino metro station.

    Following the abduction, Kaspersky was reportedly forced to call his father and relay his captors’ demands for a ransom of 3 million euros ($4.4 million). After receiving the ransom call, the elder Kaspersky turned to Russian law enforcement for assistance. On April 21, news of the abduction hit the Russian and international press, placing pressure on the kidnappers and potentially placing Kaspersky’s life in jeopardy. In order to defuse the situation, disinformation was leaked to the press that a ransom had been paid, that Kaspersky had been released unharmed and that the family did not want the authorities involved. Kaspersky’s father also contacted the kidnappers and agreed to pay the ransom. Responding to the ruse, four of the five members of the kidnapping gang left the dacha where Kaspersky was being held to retrieve the ransom and were intercepted by Russian authorities as they left. The authorities then stormed the dacha, arrested the remaining captor and released Kaspersky. The five kidnappers remain in custody and are awaiting trial.

    According to Russia’s RT television network, Russian officials indicated that the kidnapping was orchestrated by an older couple who were in debt and sought to use the ransom to get out of their financial difficulties. The couple reportedly enlisted their 30-year-old son and two of his friends to act as muscle for the plot. Fortunately for Kaspersky, the group that abducted him was quite unprofessional and the place where he was being held was identified by the cell phone used to contact Kaspersky’s father. Reports conflict as to whether the cell phone’s location was tracked by the FSB, the police anti-kidnapping unit or someone else working for Kaspersky’s father, but in any case, in the end the group’s inexperience and naivete allowed for Kaspersky’s story to have a happy ending.

    However, the story also demonstrates that even amateurs can successfully locate and abduct the son of a billionaire, and some very important lessons can be drawn from this case.

    The Abduction

    According to the Russian news service RIA Novosti, Kaspersky’s abductors had been stalking him and his girlfriend for several months prior to the kidnapping. This pre-operational surveillance permitted the kidnappers to determine Kaspersky’s behavioral patterns and learn that he did not have any sort of security detail protecting him. Media reports also indicate that the kidnappers were apparently able to obtain all the information they required to begin their physical surveillance of the victim from information Kaspersky himself had posted on Vkontakte.ru, a Russian social networking site. According to RT, Kaspersky’s Vkontakte profile contained information such as his true name, his photo, where he was attending school, what he was studying, who he was dating, where we was working for his internship and even the addresses of the last two apartments where he lived.

    Armed with this cornucopia of information, it would be very easy for the criminals to establish physical surveillance of Kaspersky in order to gather the additional behavioral information they needed to complete their plan for the abduction. Kaspersky also appears to have not been practicing the level of situational awareness required to detect the surveillance being conducted against him undefined even though it was being conducted by amateurish criminals who were undoubtedly clumsy in their surveillance tradecraft. This lack of awareness allowed the kidnappers to freely follow him and plot his abduction without fear of detection. Kaspersky made himself an easy target in a dangerous place for high net worth individuals and their families. While kidnapping for ransom is fairly rare in the United States, Russian law enforcement sources report that some 300 people are kidnapped for ransom every year in Russia.

    Denial

    In terms of being an easy target, Kaspersky was not alone. It is not uncommon for the children of high net worth families to want to break free of their family’s protective cocoon and “live like a regular person.” This means going to school, working, dating and living without being insulated from the world by the security measures in place around their parents and their childhood homes. This tendency was exemplified by the well-publicized example of George W. Bush’s twin daughters “ditching” their Secret Service security details so they could go out and party with their friends when they were in college.

    Having personally worked as a member of an executive protection detail responsible for the security of a high net worth family, I have seen firsthand how cumbersome and limiting an executive protection detail can be undefined especially a traditional, overt-security detail. A low-key, “bubble-type” detail, which focuses on surveillance detection and protective intelligence, provides some space and freedom, but it, too, can be quite limiting and intrusive undefined especially for a young person who wants some freedom to live spontaneously. Because of the very nature of protective security, there will inevitably be a degree of tension between personal security and personal freedom.

    However, when reacting to this tension, those protected must remember that there are very real dangers in the world undefined dangers that must be guarded against. Unfortunately, many people who reject security measures tend to live in a state of denial regarding the potential threats facing them, and that denial can land them in trouble. We have seen this mindset most strongly displayed in high net worth individuals who have recently acquired their wealth and have not yet been victimized by criminals. A prime example of this was U.S billionaire Eddie Lampert, who at the time of his abduction in 2003 did not believe there was any threat to his personal security. His first encounter with criminals was a traumatic kidnapping at gunpoint. But this mindset can also appear in younger members of well-established families of means who have not personally been victimized by criminals.

    It is important to realize, however, that the choice between security and freedom does not have to be an either/or equation. There are measures that can be taken to protect high net worth individuals and children without employing a full protective security detail. These same measures can also be applied by people of more modest means living in places such as Mexico or Venezuela, where the kidnapping threat is pervasive and extends to almost every strata of society, from middle-class professionals and business owners to farmers.

    In this type of environment, the threat also applies to mid-level corporate employees who serve tours as expatriate executives in foreign cities. Some of the cities they are posted in are among the most crime-ridden in the world, including such places as Mexico City, Caracas, Sao Paulo and Moscow. When placed in the middle of an impoverished society, even a mid-level executive or diplomat is, by comparison, incredibly rich. As a result, employees who would spend their lives under the radar of professional criminals back home in the United States, Canada or Europe can become prime targets for kidnapping, home invasion, burglary and carjacking in their overseas posts.

    The Basics

    Before anything else can be done to address the criminal threat, like any other issue, the fact that there is indeed a threat must first be recognized and acknowledged. As long as a potential target is in a state of denial, very little can be done to protect him or her.

    Once the threat is recognized, the next step in devising a personal protection system is creating a realistic baseline assessment of the threat undefined and exposure to that threat. This assessment should start with some general research on crime and statistics for the area where the person lives, works or goes to school, and the travel corridors between these places. The potential for natural disasters, civil unrest undefined and in some cases the possibility of terrorism or even war undefined should also be considered. Based on this general crime-environment assessment, it might be determined that the kidnapping risk in a city such as Mexico City or Moscow will dictate that a child who has a desire to attend university without a protective security detail might be better off doing so in a safer environment abroad.

    Building on these generalities, then, the next step should be to determine the specific threats and vulnerabilities by performing some basic analyses and diagnostics. In some cases, these will have to be performed by professionals, but they can also be undertaken by the individuals themselves if they lack the means to hire professional help. These analyses should include:

    • In-depth cyberstalking report. Most of the people for whom we have conducted such reports have been shocked to see how much private information analysts are able to dig up on the Internet. This information is available for free (or for a few dollars) to anyone, including criminals, who might be targeting people for kidnapping, extortion or other crimes. The problem of personal information being available on the Internet is magnified when potential targets gratuitously post personal information online, as in the Kaspersky case. Even in cases where personal information is available only to online “friends,” it is quite easy for savvy Internet users to use a false social networking account with an attractive photo to social engineer their way into a circle of friends using common pretexting tactics. Therefore, potential targets need to be extremely careful what they post online, and they also must be aware of what information about them is publicly available on the Internet and how that information may make them vulnerable to being targeted. If it is determined that the information available makes them too vulnerable, changes may have to be made.
    • Baseline surveillance diagnostics. Surveillance diagnostics is a blend of surveillance-detection techniques that are designed to determine if an individual is under systematic criminal surveillance. This can be conducted by the potential targets themselves, if they receive the necessary training, or by a specialized professional surveillance-detection team. As the name suggests, this diagnostic level helps establish a baseline from which to plan future security and surveillance-detection operations.
    • Route analysis. This type of analysis examines the regular travel routes of a potential target in order to identify locations such as choke points that can be used by criminals for surveillance or to conduct an attack. Route analysis can be performed by the same team that conducts surveillance diagnostics, or even by a potential target if the person will thoughtfully examine his or her daily travel routes. Such an analysis allows the potential target to be cognizant of such locations and of the need to increase situational awareness for signs of surveillance or a potential attack as he or she passes through them undefined especially during a highly predictable move like the morning home-to-work commute.
    • Physical security surveys. Such surveys are performed for the home, workplace or school of the potential target. While individuals can effectively conduct such surveys using common sense, a professional assessment can be useful and will often be performed for free by alarm companies. Obviously, any security upgrades required at a workplace or school will require coordination with the security managers for these locations.
    • Response capability assessment. This is a realistic assessment of the capabilities and responsiveness of the local police and security forces as well as fire and medical first-responders. In some places, security personnel themselves may be involved in criminal activity, or prove to be generally unresponsive or incompetent. Knowing their true capabilities is necessary to create a realistic security plan.

    There are some very good private training facilities that can provide individuals with training in things like attack recognition/avoidance, surveillance detection and route analysis as well hands-on skills like tactical driving.

    Guns Alone Are Not the Answer

    Even if a potential target is being afforded a protection detail, it must be remembered that guards with guns are not in and of themselves a guarantee of security. If a group is brazen enough to undertake a kidnapping, they will in many cases and many places not hesitate to use deadly force in the commission of their crime. If they are given free rein to conduct pre-operational surveillance, they will be able to make plans to overcome any security measures in place, including the neutralizing of armed security personnel.

    After recognizing that a threat indeed exists, the next key concept that potential targets need to internalize is that criminals are vulnerable to detection as they plan their crimes, and that ordinary people can develop the skills required to detect criminal activity and take measures to avoid being victimized. The fact is, most criminals practice terrible surveillance tradecraft. They are permitted to succeed in spite of their lack of skill because, for the most part, people simply do not practice good situational awareness.

    The good news for potential targets is that being aware of one’s surroundings and identifying potential threats and dangerous situations is more a mindset or attitude than a hard skill. Because of this, situational awareness is not something that can be practiced only by highly trained government agents or specialized surveillance detection teams undefined it is something that can be practiced by anyone with the will and the discipline to do so. In the Kaspersky case, it is very likely that had the young man been practicing good situational awareness, he would have been able to note the criminals conducting surveillance on him and to take appropriate action to avoid being kidnapped.

    Armed guards, armored vehicles and other forms of physical security are all valuable protective tools, but they can all be defeated by kidnappers who are allowed to form a plan and execute it at the time and place of their choosing. Clearly, a way is needed to deny kidnappers the advantage of striking when and where they choose or, even better, to stop a kidnapping before it can be launched. This is where the intelligence tools outlined above come into play. They permit the potential target, and any security officers working to protect them, to play on the action side of the action/reaction equation rather than passively waiting for something to happen.

    ISPLA is grateful to Stratfor in granting permission to republish this article. www.stratfor.com

  • 26 Nov 2010 4:04 PM | Anonymous member (Administrator)

    Aviation Security Threats and Realities – Stratfor Global Intelligence - By Scott Stewart

    Over the past few weeks, aviation security undefined specifically, enhanced passenger-screening procedures undefined has become a big issue in the media. The discussion of the topic has become even more fervent as we enter Thanksgiving weekend, which is historically one of the busiest travel periods of the year. As this discussion has progressed, we have been asked repeatedly by readers and members of the press for our opinion on the matter.

    We have answered such requests from readers, and we have done a number of media interviews, but we’ve resisted writing a fresh analysis on aviation security because, as an organization, our objective is to lead the media rather than follow the media regarding a particular topic. We want our readers to be aware of things before they become pressing public issues, and when it comes to aviation-security threats and the issues involved with passenger screening, we believe we have accomplished this. Many of the things now being discussed in the media are things we’ve written about for years.

    When we were discussing this topic internally and debating whether to write about it, we decided that since we have added so many new readers over the past few years, it might be of interest to our expanding readership to put together an analysis that reviews the material we’ve published and that helps to place the current discussion into the proper context. We hope our longtime readers will excuse the repetition.

    We believe that this review will help establish that there is a legitimate threat to aviation, that there are significant challenges in trying to secure aircraft from every conceivable threat, and that the response of aviation security authorities to threats has often been slow and reactive rather than thoughtful and proactive.

    Threats

    Commercial aviation has been threatened by terrorism for decades now. From the first hijackings and bombings in the late 1960s to last month’s attempt against the UPS and FedEx cargo aircraft, the threat has remained constant. As we have discussed for many years, jihadists have long had a fixation with attacking aircraft. When security measures were put in place to protect against Bojinka-style attacks in the 1990s undefined attacks that involved modular explosive devices smuggled onto planes and left aboard undefined the jihadists adapted and conducted 9/11-style attacks. When security measures were put in place to counter 9/11-style attacks, the jihadists quickly responded by going to onboard suicide attacks with explosive devices concealed in shoes. When that tactic was discovered and shoes began to be screened, they switched to devices containing camouflaged liquid explosives. When that plot failed and security measures were altered to restrict the quantity of liquids that people could take aboard aircraft, we saw the jihadists alter the paradigm once more and attempt the underwear-bomb attack last Christmas.

    In a special edition of Inspire magazine released last weekend, al Qaeda in the Arabian Peninsula (AQAP) noted that, due to the increased passenger screening implemented after the Christmas Day 2009 attempt, the group’s operational planners decided to employ explosive devices sent via air cargo (we have written specifically about the vulnerability of air cargo to terrorist attacks).

    Finally, it is also important to understand that the threat does not emanate just from jihadists like al Qaeda and its regional franchises. Over the past several decades, aircraft have been attacked by a number of different actors, including North Korean intelligence officers, Sikh, Palestinian and Hezbollah militants and mentally disturbed individuals like the Unabomber, among others.

    Realities

    While understanding that the threat is very real, it is also critical to recognize that there is no such thing as absolute, foolproof security. This applies to ground-based facilities as well as aircraft. If security procedures and checks have not been able to keep contraband out of high-security prisons, it is unreasonable to expect them to be able to keep unauthorized items off aircraft, where (thankfully) security checks of crew and passengers are far less invasive than they are for prisoners. As long as people, luggage and cargo are allowed aboard aircraft, and as long as people on the ground crew and the flight crew have access to aircraft, aircraft will remain vulnerable to a number of internal and external threats.

    This reality is accented by the sheer number of passengers that must be screened and number of aircraft that must be secured. According to figures supplied by the Transportation Security Administration (TSA), in 2006, the last year for which numbers are available, the agency screened 708,400,522 passengers on domestic flights and international flights coming into the

    United States . This averages out to over 1.9 million passengers per day.

    Another reality is that, as mentioned above, jihadists and other people who seek to attack aircraft have proven to be quite resourceful and adaptive. They carefully study security measures, identify vulnerabilities and then seek to exploit them. Indeed, last September, when we analyzed the innovative designs of the explosive devices employed by AQAP, we called attention to the threat they posed to aviation more than three months before the Christmas 2009 bombing attempt. As we look at the issue again, it is not hard to see, as we pointed out then, how their innovative efforts to camouflage explosives in everyday items and hide them inside suicide operatives’ bodies will continue and how these efforts will be intended to exploit vulnerabilities in current screening systems.

    As we wrote in September 2009, getting a completed explosive device or its components by security and onto an aircraft is a significant challenge, but it is possible for a resourceful bombmaker to devise ways to overcome that challenge. The latest issue of Inspire magazine demonstrated how AQAP has done some very detailed research to identify screening vulnerabilities. As the group noted in the magazine: “The British government said that if a toner weighs more than 500 grams it won’t be allowed on board a plane. Who is the genius who came up with this suggestion? Do you think that we have nothing to send but printers?”

    AQAP also noted in the magazine that it is working to identify innocuous substances like toner ink that, when X-rayed, will appear similar to explosive compounds like PETN, since such innocuous substances will be ignored by screeners. With many countries now banning cargo from Yemen, it will be harder to send those other items in cargo from Sanaa, but the group has shown itself to be flexible, with the underwear-bomb operative beginning his trip to Detroit out of Nigeria rather than Yemen. In the special edition of Inspire, AQAP also specifically threatened to work with allies to launch future attacks from other locations.

    Drug couriers have been transporting narcotics hidden inside their bodies aboard aircraft for decades, and prisoners frequently hide drugs, weapons and even cell phones inside body cavities. It is therefore only a matter of time before this same tactic is used to smuggle plastic explosives or even an entire non-metallic explosive device onto an aircraft undefined something that would allow an attacker to bypass metal detectors and backscatter X-ray inspection and pass through external pat-downs.

    Look for the Bomber, Not Just the Bomb

    This ability to camouflage explosives in a variety of different ways, or hide them inside the bodies of suicide operatives, means that the most significant weakness of any suicide-attack plan is the operative assigned to conduct the attack. Even in a plot to attack 10 or 12 aircraft, a group would need to manufacture only about 12 pounds of high explosives undefined about what is required for a single, small suicide device and far less than is required for a vehicle-borne improvised explosive device. Because of this, the operatives are more of a limiting factor than the explosives themselves; it is far more difficult to find and train 10 or 12 suicide bombers than it is to produce 10 or 12 devices.

    A successful attack requires operatives who are not only dedicated enough to initiate a suicide device without getting cold feet; they must also possess the nerve to calmly proceed through airport security checkpoints without alerting officers that they are up to something sinister. This set of tradecraft skills is referred to as demeanor, and while remaining calm under pressure and behaving normally may sound simple in theory, practicing good demeanor under the extreme pressure of a suicide operation is very difficult. Demeanor has proved to be the Achilles’ heel of several terror plots, and it is not something that militant groups have spent a great deal of time teaching their operatives. Because of this, it is frequently easier to spot demeanor mistakes than it is to find well-hidden explosives. Such demeanor mistakes can also be accentuated, or even induced, by contact with security personnel in the form of interviews, or even by unexpected changes in security protocols that alter the security environment a potential attacker is anticipating and has planned for.

    There has been much discussion of profiling, but the difficulty of creating a reliable and accurate physical profile of a jihadist, and the adaptability and ingenuity of the jihadist planners, means that any attempt at profiling based only on race, ethnicity or religion is doomed to fail. In fact, profiling can prove counterproductive to good security by blinding people to real threats. They will dismiss potential malefactors who do not fit the specific profile they have been provided.

    In an environment where the potential threat is hard to identify, it is doubly important to profile individuals based on their behavior rather than their ethnicity or nationality undefined what we refer to as focusing on the “how” instead of the “who.” Instead of relying on physical profiles, which allow attack planners to select operatives who do not match the profiles being selected for more intensive screening, security personnel should be encouraged to exercise their intelligence, intuition and common sense. A Caucasian U.S. citizen who shows up at the U.S. Embassy in Nairobi or

    Dhaka claiming to have lost his passport may be far more dangerous than some random Pakistani or Yemeni citizen, even though the American does not appear to fit the profile for requiring extra security checks.

    However, when we begin to consider traits such as intelligence, intuition and common sense, one of the other realities that must be faced with aviation security is that, quite simply, it is not an area where the airlines or governments have allocated the funding required to hire the best personnel. Airport screeners make far less than FBI special agents or CIA case officers and receive just a fraction of the training. Before 9/11, most airports in the

    United States relied on contract security guards to conduct screening duties. After 9/11, many of these same officers went from working for companies like Wackenhut to being TSA employees. There was no real effort made to increase the quality of screening personnel by offering much higher salaries to recruit a higher caliber of candidate.

    There is frequent mention of the need to make

    U.S. airport security more like that employed in Israel . Aside from the constitutional and cultural factors that would prevent American airport screeners from ever treating Muslim travelers the way they are treated by El Al, another huge difference is simply the amount of money spent on salaries and training for screeners and other security personnel. El Al is also aided by the fact that it has a very small fleet of aircraft that fly only a small number of passengers to a handful of destinations.

    Additionally, airport screening duty is simply not glamorous work. Officers are required to work long shifts conducting monotonous checks and are in near constant contact with a traveling public that can at times become quite surly when screeners follow policies established by bureaucrats at much higher pay grades. Granted, there are TSA officers who abuse their authority and do not exhibit good interpersonal skills, but anyone who travels regularly has also witnessed fellow travelers acting like idiots.

    While it is impossible to keep all contraband off aircraft, efforts to improve technical methods and procedures to locate weapons and IED components must continue. However, these efforts must not only be reacting to past attacks and attempts but should also be looking forward to thwart future attacks that involve a shift in the terrorist paradigm. At the same time, the often-overlooked human elements of airport security, including situational awareness, observation and intuition, need to be emphasized now more than ever. It is those soft skills that hold the real key to looking for the bomber and not just the bomb.

    "Aviation Security Threats and Realities is republished with permission of STRATFOR." <ahref="http://www.stratfor.com/weekly/20101123_aviation_security_threats_and_realities">.

  • 29 Oct 2010 12:46 PM | Anonymous member (Administrator)

    The 2010/2011 Annual Edition of the Kroll Global Fraud Report

    NEW YORK - October 18, 2010 – Theft of information and electronic data at global companies has overtaken physical theft for the first time, according to the latest edition of the Kroll Annual Global Fraud Report. This year’s study shows that the amount lost by businesses to fraud rose from $1.4m to $1.7m per billion dollars of sales in the past 12 months – an increase of more than 20%. The findings are the result of a study commissioned by Kroll with the Economist Intelligence Unit of more than 800 senior executives worldwide.

    While physical theft of cash, assets and inventory has been the most widespread fraud by a considerable margin in previous Global Fraud Reports, this year’s findings reveal that theft of information or assets was reported by 27.3% of companies over the past 12 months, up from 18% in 2009. In contrast, reported incidences of theft of physical assets or stock declined slightly from 28% in 2009 to 27.2% in 2010.

    According to the 2010 survey, 88% of companies said they had been the victim of at least one type of fraud during the past year. Of the specific countries analyzed,

    China is the top market in which companies suffered fraud with 98% of businesses operating there affected. Colombia ranked second with a 94% incidence of fraud in 2010, followed by Brazil with 90%.

    Robert Brenner, vice president of Kroll’s

    Americas region said: “Theft of confidential information is on the rise because data is increasingly portable and perpetrators – often departing or disgruntled employees – can remove it with ease absent sufficient controls. At the same time, there is a growing awareness among thieves of the increasing intrinsic value of an organization’s intellectual property. The results of the survey do not suggest other types of fraud are decreasing but merely that the rise in theft of intellectual capital has outstripped other fraudulent activity that has remained constant. Companies need to regularly evaluate how they are controlling access to information within their organization to ensure they are keeping pace with technological advancement and the imperative for collaboration in the workplace.”

    Information-based industries reported the highest incidence of theft of information and electronic data over the past 12 months. These include financial services (42% in 2010 versus 24% in 2009), professional services (40% in 2010 versus 27% in 2009) and technology, media and telecoms (37% in 2010 versus 29% in 2009).

    The speed of technological developments poses new challenges in the fight against fraud. Nearly one-third (28%) of respondents cited information infrastructure complexity as the single most important factor in raising their exposure to fraud. However, despite the increased risks, only 48% of companies are planning to spend more on information security in the next 12 months, down from 51% last year.

    Other key findings include:

    *                      Fear of fraud dissuades nearly half of companies surveyed from becoming more global: 48% of respondents indicated that fraud had dissuaded them from pursuing business opportunities in at least one foreign country. The biggest impact has been on emerging economies, with fraud deterring 11% of businesses operating in

    China and similar percentages of businesses operating in Africa (11%) and Latin America (10%). Respondents claimed they managed risk in these countries simply by avoiding the regions, even though they may offer attractive investment opportunities.

    *                      Companies are unprepared for regulation: Increased regulation through the Foreign Corrupt Practices Act (FCPA) and the introduction of the

    UK ’s new Bribery Act has created new challenges for companies. According to the survey, nearly two-thirds (63%) of businesses with operations in the US or UK believe the laws do not apply to them or are unsure. As a result, many are unprepared to deal with the regulatory risks: less than one-half (47%) are confident that they have the controls in place to prevent bribery at all levels of the operation, compared with 42% who say they have assessed the risks and put in place the necessary monitoring and reporting procedures.

    *                      Fraud is usually an ‘inside job’: For those companies who have been affected by fraud over the past year, junior employees and senior management were the most likely perpetrators at 22% each, followed by agents or other intermediaries at 11%. The proportion of fraud carried out by these employees ranged from 50% to 60% in North America, Europe and Asia-Pacific to 71% in the Middle East and

    Africa . The number dropped to 42% in Latin America where customers are the primary fraudsters.

    Tom Hartley, vice president of Kroll’s Eurasia region, said: “Some of the most concerning findings from the report this year were that challenges faced by corporates investing in unfamiliar territories in search of growth are dissuading them from expansion. This is a combination of opportunity lying where fraud risk is highest and at the same time, the penalties for regulatory failure and likelihood of prosecution increasing. Companies can manage these risks but need to think broadly about the appropriate steps taken to minimize exposure and investigate suspicious actions.”

    The fourth Kroll Annual Global Fraud Report includes a full detailed industry analysis across a range of fraud categories and regions. To obtain a copy please visit www.kroll.com/fraud.

    Methodology

    Kroll commissioned The Economist Intelligence Unit to conduct a worldwide survey on fraud and its effect on business during 2010. A total of 801 senior executives took part in this survey. Nearly a third (29%) of the respondents were based in North America, 25% in Europe, just under a quarter from Asia-Pacific region and 11% each from Latin America and the Middle East and

    Africa .

    Ten industries were covered, with no fewer than 50 respondents drawn from each industry. The highest number of respondents came from the financial services industry (13%). A total of 51% of the companies polled had global annual revenues in excess of $500m

  • 07 Sep 2010 9:01 PM | Anonymous member (Administrator)

    Anthrax War 2014 the Malaysian Connection by Bob Coen and Eric Nadler, Special to ProPublica 

    Fears about bioterrorism have prompted new efforts by corporations and governments worldwide to build defenses against germ attacks. But some of these arrangements themselves raise security issues. Consider the spirited global contest to corner the franchise on providing halal inoculations against anthrax and other deadly pathogens to the world's 1.7 billion Muslims. Devout Muslims have an understandable aversion to being injected with vaccines grown in pig cells or alcohol, the methods traditionally used by the world's leading pharmaceutical firms to manufacture such drugs. The reluctance of Muslims to accept non-halal polio injections has been linked to the re-emergence of polio in 27 countries that had been free of the debilitating disease, including Pakistan and Afghanistan.

    Enter Emergent BioSolutions, a Rockville, Md., firm with expanding multinational operations that sells a vaccine against anthrax to the U.S. government. In January 2008, in a little-noticed deal, Emergent, or EBS, announced a joint venture with a firm funded by the Malaysian Health Ministry to build 52,000 square feet of "vaccine development and manufacturing infrastructure" on a 62-acre site in an industrial park just outside of Kuala Lumpur. "It is our belief that this joint venture will not only expand the use of our anthrax vaccine in this market, but will also serve as a platform for joint product development and manufacturing activities," Fuad El-Hibri, chief executive of Emergent (the majority partner), said of the deal with Ninebio Sdn Bhd. "It is anticipated that the joint venture will also supply such products and services to certain member countries of the Organization of the Islamic Conference ("OIC") and other countries within Asia," an  href="http://investors.emergentbiosolutions.com/phoenix.zhtml?c=202582&amp;p=irol-newsArticle&amp;ID=1099450&amp;highlight=">EBS press release said. The facility was originally scheduled to open this year, but is now set to begin operations in 2013.  href="http://www.merrick.com/images/uploads/project_sheets/2795.pdf">Web page describing architectural plans</a> for the Malaysian venture is a sentence that has raised some eyebrows. It says the companies plan to build a "biocontainment R&amp;D facility that includes BSL ... 3 and 4 laboratories."

    Biosafety Level 3 ("high-containment") labs are for disease-causing organisms that can cause death in humans, such as anthrax, plague and SARS. Malaysia already has three BSL-3 labs, and there are several thousand worldwide (1,356 in the U.S. alone). Biosafety Level 4 (BSL-4) labs are for diseases that are one step up in the pathogen chain -- invariably fatal, highly contagious and for which no known vaccine or cure exists. Within these labs, the most-dangerous "select agents" -- Ebola virus, Marburg virus, Lassa fever and other hemorrhagic fevers -- are used in countermeasure research, including vaccines, to thwart 21st-century delivery systems and genetic manipulation of these natural horrors. BSL-4's have special safety features, including the use of full-body suits equipped with life support systems.


    These would be Malaysia's first BSL-4 labs. Proliferation experts note that these high-security laboratories -- fewer than three dozen are currently operating worldwide -- are themselves valuable items. The  href="http://hpac.com/ventilation-iaq/biosafety_level_labs/">specialized engineering</a> that allows scientists to safely handle such deadly germs is coveted by terrorists as much as the pathogens within carefully secured walls.

    Geography also counts. In March, Assistant Secretary of State Vann H. Van Diepen told the House Foreign Affairs Subcommittee on Terrorism that one key component of the new "biological threat" is "the growing biotechnology capacity in areas of the world with a terrorist presence." Malaysia, where six in 10 citizens are Muslims, was tied to several terrorist plots earlier in the decade. Al-Qaida leaders used Kuala Lumpur as the "primary operational launch pad" for the 9/11 attacks, the FBI says. An organization known as Jemaah Islamiyah operating out of Malaysia bombed a disco in neighboring Bali in 2002, killing 202 people; the group's leaders were subsequently arrested and executed by Indonesian authorities. More disturbing are recent revelations that Kuala Lumpur was a crucial base of operations in the lucrative black-market nuclear centrifuge network put together by Pakistani scientist A.Q. Khan. For some experts, this raises a question of whether it is wise to encourage the creation of a BSL-4 lab there. Building such a facility in Malaysia does have benefits for American interests in the region.

    Security analysts see the development of an advanced biotech sector in the developing world as inevitable. A U.S. partner allows the American government to have some measure of influence and control on foreign "biodefense" efforts. Malaysian officials say they want the advanced labs to deal with local outbreaks of SARS, dengue, Japanese encephalitis and the lethal Nipah virus, as well as to develop possible bioterrorism vaccines. Such regional self-sufficiency is embraced by the World Health Organization. "The question for (U.S. officials) is, 'How can we ensure a 'responsible' biotech sector in places like Malaysia, which are Muslim and are cranking out capable and well-educated scientists and have the money to build state-of-the-art facilities?'" says Edward Hammond, who used to head the Sunshine Project, which monitors biosecurity efforts. Hammond has long criticized lax U.S. government oversight of facilities handling dangerous bio-agents. He said strategic imperatives have, by and large, trumped security concerns about new overseas labs.

    In Malaysia, says Hammond, U.S. officials are especially wary of China's biotech industries (Chinese vaccine exports to the developing world shot up 20 percent last year.): "The argument is, of course we have the best technology, but the Chinese can make respectable vaccines ... We certainly don't want budding Malaysian biotech companies to turn to China for equipment and expertise." Instead, the Malaysian government turned to EBS -- which holds the exclusive U.S. government contract to supply the controversial anthrax vaccine to the military and the National Strategic Stockpile. Despite FDA approval, health complaints about the vaccine, called BioThrax, persist among those vaccinated. From a modest $24 million investment in 1998, EBS, formerly known as BioPort, has signed U.S. government vaccine contracts worth almost $1 billion, and today operates subsidiaries in 15 countries. Its BioThrax vaccine sets the pace in the expanding anthrax market.

    Customers include the military, first responders, mail carriers and, potentially, the general public under threat scenarios now being drafted on the local, state, federal and international levels. Booster shots of BioThrax are recommended every year during possible exposure to anthrax. EBS can claim a special feel for the Muslim world. El-Hibri, its CEO, is a prominent Muslim businessman born of a Lebanese father and a German mother. He grew up in Lebanon and Europe before coming to the U.S. and earning a bachelor's degree in economics from Stanford and a master's in public and private management from Yale. In addition to his biotech labors, he has worked for Citigroup in New York and Saudi Arabia and in telecommunications in Russia and Venezuela. His British holding -- Porton International -- provided the anthrax vaccine to Saudi Arabia during the first Persian Gulf War.

     
    El-Hibri brought his vaccine operations to America in the late 1990s, cultivating U.S. military, intelligence and political support. One of the original investors/partners in BioPort was the late Adm. William J. Crowe, chairman of the Joint Chiefs of Staff under Ronald Reagan and later Bill Clinton's ambassador to Britain. Today, EBS directors include Louis Sullivan, the Health and Human Services secretary under President George H.W. Bush, and Jerome Hauer, the emergency preparedness czar under former New York Mayor Rudolph Giuliani.

    In the anxious days after 9/11, Michigan Gov. John Engler ordered the National Guard to surround BioPort's anthrax vaccine plant in Lansing because anthrax bacteria were present there. There have been persistent reports that al-Qaida has an interest in producing bioweapons. In 2003, coalition forces raiding a safe house believed to be used by al-Qaida in Iraq discovered a copy of the 1997 environmental assessment of renovations to BioPort's anthrax manufacturing plant in Lansing. Malaysia has promised to be vigilant, which would set it apart from some Asian counterparts. In 2006, Sandia National Laboratories surveyed Asian scientists, including some from Malaysia, and half of them reported that they had no guards at the entrances of their facilities. Only half said there was restricted access to laboratories, and just 54 percent kept a current inventory of toxins and infectious agents they handled. To its credit, the Malaysian government has begun crafting new biosecurity rules and regulations in line with U.S. standards, with the help of Sandia and the encouragement of the State Department.

    We asked EBS if it had begun the application process for licensing the transfer of sensitive biological commodities administered by the Departments of Commerce, State and Defense. The Export Control Act and the International Trafficking in Arms Regulations require companies to get permission when exporting material useful for biowarfare and bioterrorism. We also asked the company some questions about what will be happening in its BSL-3 and BSL-4 labs in Malaysia: What biological agents will be handled? How will the pathogens get on site? Will the work include genetic manipulation or DNA recombination of select agents? Will any of that work be classified? EBS hasn't responded to written questions and phone messages. Its Malaysian partner, Ninebio, likewise refused to answer inquiries. The U.S. government also declined to comment.

    The State Department redirected our inquiry to the Commerce Department, which wouldn't say anything about the EBS-Malaysia deal: "Pursuant to Section 12(c) of the Export Administration Act, the Department of Commerce does not publicly release any information on export license applications, including whether any particular transactions were the subject of license applications." Arms control experts in Europe and the United States are pushing for more effective oversight on deals like the Malaysia project. These include: tougher export controls; a "harmonizing" of international guidelines for securing dangerous pathogens; and international inspection of biological production facilities under the Biological Weapons Convention. The latter is opposed by the U.S. and Russia on commercial as well as effectiveness grounds. The prospects for such reforms are uncertain, and approvals for potentially dangerous deals apparently keep on coming.

    Why the rush? Well, there's the money of course -- $70 billion in U.S. government money alone this past decade for programs for battlefield defense, civilian preparedness and response, and countermeasures including vaccines. Francis Boyle, a law professor at the University of Illinois, suspects that more than just commercial considerations may be at play. Professor Boyle helped to draft the Biological Weapons Anti-Terrorism Act of 1989, which makes it a federal crime to develop or produce biological weapons. He wonders if projects like the Malaysian lab could be used to circumvent U.S. rules against biological projects with offensive applications. Since the 9/11 attacks, the government, via the USA Patriot Act (2001) and the Bioterrorism Preparedness and Response Act (2002), tightened controls over dangerous pathogens and toxins stored, used and transferred within the United States. "It seems to me that this could be a very dangerous end-run by EBS and its government funders around the numerous legal restrictions now put in place since 9/11 making it difficult to research, develop and test bioweapons domestically," says Boyle. Boyle says it's reasonable to ask if the Kuala Lumpur operation will be part of the U.S. government's controversial "laboratory threat characterization research" programs, under which scientists are charged with developing and testing newly bioengineered pathogens under the rubric of developing medical countermeasures for a potential threat. This type of research, mandated by a presidential directive in April 2004, is conducted within classified "Black Projects" sponsored by the Pentagon and the CIA and carried out by private contractors. For its part, the Defense Department says it's not ruling anything out. Asked if such efforts could take place in these Malaysian BSL-4 labs, a spokesman said, "We currently do not have labs in Malaysia but we would be happy to collaborate with the government of Malaysia on bio surveillance, safety and security in the future."

    Suspicions are further fueled by the addition of Ronald Richard to the EBS board of directors. Richard used to head a href="http://www.iqt.org">In-Q-Tel (IQT), the high-tech venture capital arm of the CIA. IQT, started by the CIA in 1999 as an independent, not-for-profit private company, has a unique mission, according to its website, to "attract and build relationships with technology startups outside the reach of the Intelligence community." All of this could be coincidental. But until the government lifts some of the limits imposed by trade laws and national security rules, the risks and benefits of this project remain difficult to assess. In this instance, a little transparency would go a long way. 

    Filmmakers Bob Coen and Eric Nadler's documentary "Anthrax War," <a href="http://www.anthraxwar.com">www.anthraxwar.com</a>, will be broadcast on the ARTE Network in Europe Tuesday night. </em></p><script type="text/javascript" src="http://pixel.propublica.org/pixel.js" async></script>

    Permission has been granted to ISPLA by ProPublica to post this investigative report.

  • 19 Jul 2010 11:09 AM | Anonymous member (Administrator)

    “Top Secret” Homeland Security by The Washington Post

    A comprehensive investigative report by Washington Post reporters Dana Priest and William M. Arkin on U.S Homeland Security is worth reviewing by investigative and security professionals.

    Below are some of the findings of a two-year investigation by The Washington Post that discovered “what amounts to an alternative geography of the United States, a Top Secret America hidden from public view and lacking in thorough oversight. After nine years of unprecedented spending and growth, the result is that the system put in place to keep the United States safe is so massive that its effectiveness is impossible to determine.” The investigation's other findings include:

     

    -  Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States.

    - An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.

    -  In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings - about 17 million squa* Many security and intelligence agencies do the same work, creating redundancy and waste. For example, 51 federal organizations and military commands, operating in 15 U.S. cities, track the flow of money to and from terrorist networks.

    - Analysts who make sense of documents and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year - a volume so large that many are routinely ignored.

    - These are not academic issues; lack of focus, not lack of resources, was at the heart of the Fort Hood shooting that left 13 dead, as well as the Christmas Day bomb attempt thwarted not by the thousands of analysts employed to find lone terrorists but by an alert airline passenger who saw smoke coming from his seatmate.

    - They are also issues that greatly concern some of the people in charge of the nation's security.

    For more information, visit:http://link.email.washingtonpost.com/r/HXJVEI/1B1KU/4ZCZDZ/0X7XP9/9QUWL/4O/t

  • 10 Jun 2010 6:38 PM | Anonymous member (Administrator)

    A Primer on Situational Awareness

    Scott Stewart – Stratfor Global Intelligence – June 10, 2010

    The world is a wonderful place, but it can also be a dangerous one. In almost every corner of the globe militants of some political persuasion are plotting terror attacks undefined and these attacks can happen in London or New York, not just in Peshawar or Baghdad. Meanwhile, criminals operate wherever there are people, seeking to steal, rape, kidnap or kill.

    Regardless of the threat, it is very important to recognize that criminal and terrorist attacks do not materialize out of thin air. In fact, quite the opposite is true. Criminals and terrorists follow a process when planning their actions, and this process has several distinct steps. This process has traditionally been referred to as the “terrorist attack cycle,” but if one looks at the issue thoughtfully, it becomes apparent that the same steps apply to nearly all crimes. Of course, there will be more time between steps in a complex crime like a kidnapping or car bombing than there will be between steps in a simple crime such as purse-snatching or shoplifting, where the steps can be completed quite rapidly. Nevertheless, the same steps are usually followed.

    People who practice situational awareness can often spot this planning process as it unfolds and then take appropriate steps to avoid the dangerous situation or prevent it from happening altogether. Because of this, situational awareness is one of the key building blocks of effective personal security undefined and when exercised by large numbers of people, it can also be an important facet of national security. Since situational awareness is so important, and because we discuss situational awareness so frequently in our analyses, we thought it would be helpful to discuss the subject in detail and provide a primer that can be used by people in all sorts of situations.

    Foundations

    First and foremost, it needs to be noted that being aware of one’s surroundings and identifying potential threats and dangerous situations is more of a mindset than a hard skill. Because of this, situational awareness is not something that can be practiced only by highly trained government agents or specialized corporate security countersurveillance teams. Indeed, it can be exercised by anyone with the will and the discipline to do so.

    An important element of the proper mindset is to first recognize that threats exist. Ignorance or denial of a threat undefined or completely tuning out one’s surroundings while in a public place undefined makes a person’s chances of quickly recognizing the threat and avoiding it slim to none. This is why apathy, denial and complacency can be (and often are) deadly. A second important element is understanding the need to take responsibility for one’s own security. The resources of any government are finite and the authorities simply cannot be everywhere and cannot stop every criminal action. The same principle applies to private security at businesses or other institutions, like places of worship. Therefore, people need to look out for themselves and their neighbors.

    Another important facet of this mindset is learning to trust your “gut” or intuition. Many times a person’s subconscious can notice subtle signs of danger that the conscious mind has difficulty quantifying or articulating. Many people who are victimized frequently experience such feelings of danger prior to an incident, but choose to ignore them. Even a potentially threatening person not making an immediate move undefined or even if the person wanders off quickly after a moment of eye contact undefined does not mean there was no threat.

    Levels of Awareness

    People typically operate on five distinct levels of awareness. There are many ways to describe these levels (“Cooper’s colors,” for example, which is a system frequently used in law enforcement and military training), but perhaps the most effective way to illustrate the differences between the levels is to compare them to the different degrees of attention we practice while driving. For our purposes here we will refer to the five levels as “tuned out;” “relaxed awareness;” “focused awareness;” “high alert” and “comatose.”

    The first level, tuned out, is like when you are driving in a very familiar environment or are engrossed in thought, a daydream, a song on the radio or even by the kids fighting in the backseat. Increasingly, cell phone calls and texting are also causing people to tune out while they drive. Have you ever gotten into the car and arrived somewhere without even really thinking about your drive there? If so, then you’ve experienced being tuned out.

    The second level of awareness, relaxed awareness, is like defensive driving. This is a state in which you are relaxed but you are also watching the other cars on the road and are looking well ahead for potential road hazards. If another driver looks like he may not stop at the intersection ahead, you tap your brakes to slow your car in case he does not. Defensive driving does not make you weary, and you can drive this way for a long time if you have the discipline to keep yourself at this level, but it is very easy to slip into tuned-out mode. If you are practicing defensive driving you can still enjoy the trip, look at the scenery and listen to the radio, but you cannot allow yourself to get so engrossed in those distractions that they exclude everything else. You are relaxed and enjoying your drive, but you are still watching for road hazards, maintaining a safe following distance and keeping an eye on the behavior of the drivers around you.

    The next level of awareness, focused awareness, is like driving in hazardous road conditions. You need to practice this level of awareness when you are driving on icy or slushy roads undefined or the roads infested with potholes and erratic drivers that exist in many third-world countries. When you are driving in such an environment, you need to keep two hands on the wheel at all times and have your attention totally focused on the road and the other drivers. You don’t dare take your eyes off the road or let your attention wander. There is no time for cell phone calls or other distractions. The level of concentration required for this type of driving makes it extremely tiring and stressful. A drive that you normally would not think twice about will totally exhaust you under these conditions because it demands your prolonged and total concentration.

    The fourth level of awareness is high alert. This is the level that induces an adrenaline rush, a prayer and a gasp for air all at the same time undefined “Watch out! There’s a deer in the road! Hit the brakes!” This also happens when that car you are watching doesn’t stop at the stop sign and pulls out right in front of you. High alert can be scary, but at this level you are still able to function. You can hit your brakes and keep your car under control. In fact, the adrenalin rush you get at this stage can sometimes even aid your reflexes. But, the human body can tolerate only short periods of high alert before becoming physically and mentally exhausted.

    The last level of awareness, comatose, is what happens when you literally freeze at the wheel and cannot respond to stimuli, either because you have fallen asleep, or, at the other end of the spectrum, because you are petrified from panic. It is this panic-induced paralysis that concerns us most in relation to situational awareness. The comatose level of awareness (or perhaps more accurately, lack of awareness) is where you go into shock, your brain ceases to process information and you simply cannot react to the reality of the situation. Many times when this happens, a person can go into denial, believing that “this can’t be happening to me,” or the person can feel as though he or she is observing, rather than actually participating in, the event. Often, the passage of time will seem to grind to a halt. Crime victims frequently report experiencing this sensation and being unable to act during an unfolding crime.

    Finding the Right Level

    Now that we’ve discussed the different levels of awareness, let’s focus on identifying what level is ideal at a given time. The body and mind both require rest, so we have to spend several hours each day at the comatose level while asleep. When we are sitting at our homes watching a movie or reading a book, it is perfectly fine to operate in the tuned-out mode. However, some people will attempt to maintain the tuned-out mode in decidedly inappropriate environments (e.g., when they are out on the street at night in a third-world barrio), or they will maintain a mindset wherein they deny that they can be victimized by criminals. “That couldn’t happen to me, so there’s no need to watch for it.” They are tuned out.

    Some people are so tuned out as they go through life that they miss even blatant signs of pending criminal activity directed specifically at them. In 1992, an American executive living in the Philippines was kidnapped by a Marxist kidnapping gang in Manila known as the “Red Scorpion Group.” When the man was debriefed following his rescue, he described in detail how the kidnappers had blocked off his car in traffic and abducted him. Then, to the surprise of the debriefing team, he said that on the day before he was abducted, the same group of guys had attempted to kidnap him at the exact same location, at the very same time of day and driving the same vehicle. The attackers had failed to adequately box his car in, however, and his driver was able to pull around the blocking vehicle and proceed to the office.

    Since the executive did not consider himself to be a kidnapping target, he had just assumed that the incident the day before his abduction was “just another close call in crazy Manila traffic.” The executive and his driver had both been tuned out. Unfortunately, the executive paid for this lack of situational awareness by having to withstand an extremely traumatic kidnapping, which included almost being killed in the dramatic Philippine National Police operation that rescued him.

    If you are tuned out while you are driving and something happens undefined say, a child runs out into the road or a car stops quickly in front of you undefined you will not see the problem coming. This usually means that you either do not see the hazard in time to avoid it and you hit it, or you totally panic and cannot react to it undefined neither is good. These reactions (or lack of reaction) occur because it is very difficult to change mental states quickly, especially when the adjustment requires moving several steps, say, from tuned out to high alert. It is like trying to shift your car directly from first gear into fifth and it shudders and stalls. Many times, when people are forced to make this mental jump and they panic (and stall), they go into shock and will actually freeze and be unable to take any action undefined they go comatose. This happens not only when driving but also when a criminal catches someone totally unaware and unprepared. While training does help people move up and down the alertness continuum, it is difficult for even highly trained individuals to transition from tuned out to high alert. This is why police officers, federal agents and military personnel receive so much training on situational awareness.

    It is critical to stress here that situational awareness does not mean being paranoid or obsessively concerned about your security. It does not mean living with the irrational expectation that there is a dangerous criminal lurking behind every bush. In fact, people simply cannot operate in a state of focused awareness for extended periods, and high alert can be maintained only for very brief periods before exhaustion sets in. The “flight or fight” response can be very helpful if it can be controlled. When it gets out of control, however, a constant stream of adrenaline and stress is simply not healthy for the body or the mind. When people are constantly paranoid, they become mentally and physically burned out. Not only is this dangerous to physical and mental health, but security also suffers because it is very hard to be aware of your surroundings when you are a complete basket case. Therefore, operating constantly in a state of high alert is not the answer, nor is operating for prolonged periods in a state of focused alert, which can also be overly demanding and completely enervating. This is the process that results in alert fatigue. The human body was simply not designed to operate under constant stress. People (even highly skilled operators) require time to rest and recover.

    Because of this, the basic level of situational awareness that should be practiced most of the time is relaxed awareness, a state of mind that can be maintained indefinitely without all the stress and fatigue associated with focused awareness or high alert. Relaxed awareness is not tiring, and it allows you to enjoy life while rewarding you with an effective level of personal security. When you are in an area where there is potential danger (which, by definition, is almost anywhere), you should go through most of your day in a state of relaxed awareness. Then if you spot something out of the ordinary that could be a potential threat, you can “dial yourself up” to a state of focused awareness and take a careful look at that potential threat (and also look for others in the area).

    If the potential threat proves innocuous, or is simply a false alarm, you can dial yourself back down into relaxed awareness and continue on your merry way. If, on the other hand, you look and determine that the potential threat is a probable threat, seeing it in advance allows you to take actions to avoid it. You may never need to elevate to high alert, since you have avoided the problem at an early stage. However, once you are in a state of focused awareness you are far better prepared to handle the jump to high alert if the threat does change from potential to actual undefined if the three guys lurking on the corner do start coming toward you and look as if they are reaching for weapons. The chances of you going comatose are far less if you jump from focused awareness to high alert than if you are caught by surprise and “forced” to go into high alert from tuned out. An illustration of this would be the difference between a car making a sudden stop in front of a person when the driver is practicing defensive driving, compared to a car that makes a sudden stop in front of person when the driver is sending a text message.

    Of course, if you know that you must go into an area that is very dangerous, you should dial yourself up to focused awareness when you are in that area. For example, if there is a specific section of highway where a lot of improvised explosive devices detonate and ambushes occur, or if there is a part of a city that is controlled (and patrolled) by criminal gangs undefined and you cannot avoid these danger areas for whatever reason undefined it would be prudent to heighten your level of awareness when you are in those areas. An increased level of awareness is also prudent when engaging in common or everyday tasks, such as visiting an ATM or walking to the car in a dark parking lot. The seemingly trivial nature of these common tasks can make it all too easy to go on “autopilot” and thus expose yourself to threats. When the time of potential danger has passed, you can then go back to a state of relaxed awareness.

    This process also demonstrates the importance of being familiar with your environment and the dangers that are present there. Such awareness allows you to avoid many threats and to be on the alert when you must venture into a dangerous area.

    Clearly, few of us are living in the type of intense threat environment currently found in places like Mogadishu, Juarez or Kandahar. Nonetheless, average citizens all over the world face many different kinds of threats on a daily basis undefined from common thieves and assailants to criminals and mentally disturbed individuals aiming to conduct violent acts to militants wanting to carry out large-scale attacks against subways and aircraft.

    Many of the steps required to conduct these attacks must be accomplished in a manner that makes the actions visible to the potential victim and outside observers. It is at these junctures that people practicing situational awareness can detect these attack steps, avoid the danger and alert the authorities. When people practice situational awareness they not only can keep themselves safer but they can also help keep others safe. And when groups of people practice situational awareness together they can help keep their schools, houses of worship, workplaces and cities safe from danger.

    And as we’ve discussed many times before, as the terrorist threat continues to devolve into one almost as diffuse as the criminal threat, ordinary citizens are also becoming an increasingly important national security resource.

    ISPLA gratefully acknowledges this report is republished with the permission of STRATFOR. www.stratfor.com

  • 09 Apr 2010 5:38 PM | Anonymous member (Administrator)

    Security Legislation News – New York

    From: Bruce Hulme, ISPLA Director of Government Affairs

    To: Contract Security Industry and Stakeholders

     

    We have been advised that the legislation offered below is at the request of SEIU, 32 BJ. Note provisions concerning NYS contracts for security services over $500K; OJT provisions increased to 40 hours within 90 days following employment; which shall cover observation, detection and reporting skills, coordination with local police, fire and emergency services skills, in working with advanced security technology including surveillance and access control procedures, and at least 3 hours of training devoted to terrorism awareness. The entity employing the security guard shall compensate security guard for all hours while in attendance at his or her regular hourly wage or, if applicable, overtime rate. Violation of provisions may result in revocation or suspension of license or fine not exceeding $10,000 per violation or occurrence, or reprimand or denial of license renewal.

    ISPLA is a singularly focused voice protecting our profession by proactively working with members of state and federal legislators, regulators, and other governmental agencies.  Its dues are used for the administration of its political action committee with the specific purpose of lobbying on legislative and regulatory issues – nothing else. Fighting ill-conceived legislation and regulation is our only mission! We invite you to join us. Go to: www.ISPLA.org

    April 9, 2010

    * * *

    A10554 Text:

                               S T A T E   O F   N E W   Y O R K
           ________________________________________________________________________
                                            10554
                                     I N  A S S E M B L Y
                                         April 7, 2010
                                          ___________
           Introduced by M. of A. LENTOL -- read once and referred to the Committee on Economic Development, Job Creation, Commerce and Industry
           AN  ACT  to amend the state finance law and the general business law, in relation to the purchase of security services
             THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEMBLY, DO ENACT AS FOLLOWS:
        1    Section 1. Section 165 of the state finance law is amended by adding a
        2  new subdivision 9 to read as follows:
        3    9. SPECIAL PROVISIONS REGARDING THE PURCHASING OF SECURITY SERVICES.
        4    A. WHENEVER THE STATE OR ANY GOVERNMENTAL AGENCY OR POLITICAL SUBDIVI-
        5  SION  OR  PUBLIC BENEFIT CORPORATION OF THE STATE ENTERS INTO A CONTRACT
        6  IN EXCESS OF FIVE HUNDRED THOUSAND DOLLARS TO PURCHASE SECURITY SERVICES
        7  FROM ANY PRIVATE INVESTIGATOR, OR WATCH,  GUARD  OR  PATROL  AGENCY,  OR
        8  SECURITY  GUARD  COMPANY,  THE  CONTRACT  SHALL  PROVIDE THAT THE ENTITY
        9  PROVIDING THE SECURITY SERVICES SHALL ENSURE THAT  EACH  SECURITY  GUARD
       10  WHO  PERFORMS  SERVICES  UNDER THE CONTRACT COMPLETES A TRAINING PROGRAM
       11  CERTIFIED BY THE DEPARTMENT OF HOMELAND SECURITY PURSUANT  TO  PARAGRAPH
       12  (R)  OF  SUBDIVISION  TWO OF SECTION SEVEN HUNDRED NINE OF THE EXECUTIVE
       13  LAW WITHIN NINETY WORKING  DAYS  FOLLOWING  EMPLOYMENT,  AND  THAT  SUCH
       14  TRAINING SHALL BE PROVIDED AT NO COST TO THE SECURITY GUARDS.
       15    B. EXCEPT IN THE CASE OF CONTRACTS IN THE AMOUNT OF FIVE HUNDRED THOU-
       16  SAND DOLLARS OR LESS, EVERY BID, PROPOSAL, OR OTHER RESPONSE TO A SOLIC-
       17  ITATION  FOR BID OR PROPOSAL FOR SECURITY SERVICES TO BE PROVIDED TO THE
       18  STATE OR ANY GOVERNMENTAL AGENCY  OR  POLITICAL  SUBDIVISION  OR  PUBLIC
       19  BENEFIT  CORPORATION  OF THE STATE SHALL BE DEEMED NON-RESPONSIVE UNLESS
       20  THE PERSON OR ENTITY SUBMITTING THE BID  ESTABLISHES  THAT  IT  HAS  THE
       21  CAPACITY  TO  PROVIDE  THE  NECESSARY  TRAINING TO EACH SECURITY OFFICER
       22  PERFORMING SERVICES UNDER THE CONTRACT.
       23    C. WHENEVER THE STATE OR ANY GOVERNMENTAL AGENCY OR POLITICAL SUBDIVI-
       24  SION OR PUBLIC BENEFIT CORPORATION OF THE STATE ENTERS INTO  A  CONTRACT
       25  IN EXCESS OF FIVE HUNDRED THOUSAND DOLLARS TO PURCHASE SECURITY SERVICES
       26  FROM  ANY  PRIVATE  INVESTIGATOR,  OR  WATCH, GUARD OR PATROL AGENCY, OR
       27  SECURITY GUARD COMPANY, THE  CONTRACT  SHALL  PROVIDE  THAT  THE  ENTITY
       28  PROVIDING  THE  SECURITY  SERVICES  SHALL  FURNISH  A  PERFORMANCE  BOND
            EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                                 [ ] is old law to be omitted.
                                                                      LBD16779-02-0
           A. 10554                            2
        1  EXECUTED BY A SURETY AUTHORIZED TO DO BUSINESS  IN  THE  STATE,  OR  THE
        2  EQUIVALENT  IN CASH. THE PERFORMANCE BOND SHALL BE IN AN AMOUNT ADEQUATE
        3  TO ENSURE THE PROTECTION OF THE GOVERNMENT, BUT SHALL BE  NO  LESS  THAN
        4  FIFTY PERCENT OF THE AMOUNT PAYABLE UNDER THE CONTRACT.
        5    S  2.  The  opening  paragraph  of  subdivision 1 of section 79 of the
        6  general business law, as amended by chapter 336 of the laws of 1992,  is
        7  amended to read as follows:
        8    The  department of state shall have the power to revoke or suspend any
        9  license, or in lieu thereof to impose a fine  not  exceeding  [one]  TEN
       10  thousand  dollars  PER VIOLATION OR OCCURRENCE payable to the department
       11  of state, or reprimand any licensee or deny an application for a license
       12  or renewal thereof upon proof:
       13    S 3. Paragraph b of subdivision 1 of section 89-n of the general busi-
       14  ness law, as amended by chapter 634 of the laws of 1994, is  amended  to
       15  read as follows:
       16    b. an on-the-job training course to be completed within ninety working
       17  days following employment, consisting of a minimum of [sixteen hours and
       18  a  maximum  of]  forty  hours,  [as determined by the council, generally
       19  relating to the security guard's specific duties, the nature of the work
       20  place and the requirements of the security guard  company]  WHICH  SHALL
       21  COVER  OBSERVATION,  DETECTION  AND  REPORTING SKILLS; COORDINATION WITH
       22  LOCAL POLICE, FIRE  AND  EMERGENCY  SERVICES  SKILLS;  IN  WORKING  WITH
       23  ADVANCED  SECURITY  TECHNOLOGY INCLUDING SURVEILLANCE AND ACCESS CONTROL
       24  PROCEDURES; AND AT LEAST THREE HOURS OF TRAINING  DEVOTED  TO  TERRORISM
       25  AWARENESS.  THE ENTITY EMPLOYING THE SECURITY GUARD SHALL COMPENSATE THE
       26  SECURITY GUARD FOR ALL HOURS OF ATTENDANCE AT THE TRAINING COURSE AT  NO
       27  LESS  THAN  THE  SECURITY  GUARD'S  REGULAR HOURLY WAGE, OR THE OVERTIME
       28  RATE, IF APPLICABLE;
       29    S 4. This act shall take effect immediately.

<< First  < Prev   1   2   Next >  Last >> 
 

                                                         ISPLA

Powered by Wild Apricot Membership Software