Crisis mitigation is often too much theory and too little application. The challenge is “like taking a dictionary and turning it into a language,” says crisis management specialist Ken Brady. Brady is one of the many experts who will be helping ASIS 50th Annual Seminar and Exhibits attendees become fluent in the language of security solutions.
The following sneak preview—which highlights a few of the 133 educational sessions—gives readers a glimpse into the extensive range of security issues that will be addressed.
A detailed crisis management plan consists of several steps, says Brady. These include obtaining executive buy-in, conducting a risk analysis, recognizing key issues and preventing them from becoming a crisis, and effectively implementing and maintaining the plan once it has been developed.
To achieve buy-in, security managers can present to executives several justifications that will outline the importance of a crisis management plan and its impact on the company’s bottom line, says Brady. But first, executives must understand that a crisis plan is essential to the reputation of the company, he says. Comprehensive plans send a signal to employees and customers that the company cares about their well-being and is committed to their safety.
The second justification that can be used to convince management to develop a plan is that, according to Brady, “A good crisis management program will get you back to business faster so that you avoid disruptions to your customers.” In other words, it makes good business sense and will translate to bottom-line dollars in the event of an emergency.
The third justification is that crisis management plans help avoid complications like lawsuits and federal health and safety regulation fines that may arise from negligence, potentially saving thousands of dollars.
Once management has approved the need for a plan, the second step in the development process is a complete risk analysis. This analysis should determine what risks are likely and how these risks are being handled. For example, if a business is near a potential terrorist target, the analysis should cite this risk and the information should be used to develop methods to mitigate its negative effects.
Brady says that there is a very tight link between a good risk analysis and a successful crisis management plan: “The risk analysis is the foundation that you will build your plan [upon]. If you don’t conduct a risk analysis, you’re building your house on sand.” The risk analysis is an assessment of what you have already and what you need in the future, he says.
The third step involves recognizing potential problems and preventing them from becoming a crisis down the road. For example, a food manufacturing company should have a procedure in place that would allow line workers to stop production if they notice evidence of contamination. Developing procedures that stop the risk at its source will help prevent more costly and potentially more hazardous complications like a recall.
The fourth step in the process is the implementation and maintenance of the crisis management plan. This step includes methods for taking a plan from theory to practice. Brady says that often companies create a plan but fail to properly implement it, and it becomes useless.
Once a plan has been developed, it is important that all staff members be trained in its procedures. Training may differ for each employee based on the level of knowledge each would need to be effective in a crisis. Typically, most employees may need training only in evacuation procedures. Brady stresses that the training level should be tiered and tailored to each employee’s needs.
Plans must also be updated regularly. Brady recommends that, at the very least, each year the information in the plan be updated to reflect changes in company staffing or contact information. He also suggests that the plan be reviewed each time a drill or actual event occurs. This will allow the company to evaluate how successful the plan was and make changes that will make it more effective in the future.
(This session will be held Monday, September 27, at 11 a.m.)
To fully understand the risk inside a company or organization, management must know how to identify the potentially violent or aggressive employees among their ranks, says James Cawood, who will be discussing advanced violence assessment at the seminar.
Underlying all violence against other human beings is a loss of control, explains Cawood. Although other motivating factors such as media attention or revenge are often blamed, Cawood maintains that to fully understand and diagnose potential violence, we must first understand control as a psychological driver.
During this educational session, Cawood will outline what he refers to as the “control vector.” This vector is indispensable for predicting future violent behavior in subjects who may or may not have been violent in the past.
The control vector judges how desperately a person needs control, what they have done in the past to seek control, and what they are willing to do currently to maintain or regain that control. Signs that an employee could become violent include an unhealthy dependence on routine and a sense of narcissism that reflects a fragile ego.
These tendencies do not alone cause a violent act to occur, however. Cawood says that three factors must line up to serve as a catalyst for a violent act. The first element necessary for an act of violence to occur is that the person has reached the point where he or she is seeking to achieve or reestablish control and is so desperate that violence is seen as an option. The second necessary element is that the individual must identify a target population. For example, an employee may blame upper management for the loss of control and direct anger toward that group. The third element in the violence equation is that the company or organization must create an environment where the employee believes he or she could commit the violent act without being punished. “They have to perceive that they could succeed, or they won’t even start,” Cawood says.
Violence assessment can also be used in the preemployment process. Cawood suggests that companies craft behavioral-based questions that can be worked into the selection process. For example, employees could be asked to identify a past employment experience in which they became angry; the response could help reveal how they handle emotional or stressful situations and whether they are likely to commit violent acts.
Identifying violent employees can improve company morale by eliminating stressful situations. This can directly influence a company’s bottom line by reducing situations that may lead employees to seek time off or to file workers’ compensation claims.
Cawood says that violence is possible in any group; and all companies, regardless of size, need to have a program for addressing the problem. “It’s a human problem,” he says, “not a scale problem.”
(This session will be held Monday, September 27, at 1:30 p.m.)
Anatomy of a Suicide Bomber
Understanding violent behavior can also help to protect against and prevent terrorist activities such as suicide bombings. Although it may be difficult for a security professional or business manager to adopt the bomber’s perspective, considering what makes these terrorists tick may be the key to thwarting an attack.
Drawing on information from an ex-Hamas leader, terrorism expert Joseph Autera will explore the evolution of suicide bombings and the tactical motivation behind these attacks during his session, “Suicide Bombings—Fanaticism, Extremism, or Tactical Imperative?” Autera will examine the myths and misconceptions surrounding suicide bombings and will also look at some of the pre-attack indicators that may provide important clues that a suicide attack is being planned against a specific target.
The Liberation Tigers of Tamil Eelam (LTTE) in Sri Lanka, a separatist terrorist group that seeks an independent state in areas inhabited by ethnic Tamils, was the first to use suicide bombing against what Autera refers to as “point targets,” which are specific targets like political leaders that hold high value and can create a significant impact if killed.
Other terrorist groups, like Hamas, have adapted the LTTE’s methods to suit their own organization’s mission. Although these missions are drastically different, all organizations that implement suicide bombers share similar motivating factors, says Autera.
“The use of suicide bombs is driven by the tactical imperative,” he says. Terrorists who use suicide bombs do so because they are typically under-funded when compared with their target, and lack access to heavy weaponry.
According to Autera, suicide bombings are almost always the last choice and are used because the terrorist group believes it has no other options. This was clearly the case with the LTTE, who were outgunned and outmanned and were looking for a way to assassinate specific leaders.
Another important step in the evolution of the suicide bomber is the selection of an “area target” that is meant to inflict terror by creating the most damage possible. The Madrid train bombing is an example of this type of attack, which is different from bombings against point targets because they are not focused on a specific person or organization.
The recent attack by a suicide bomber near a chemical plant in Israel leads Autera to believe that a third type of suicide bomber is evolving. This bomber aims for large targets that, if hit, could lead to mass casualties similar to the destruction wrought by a weapon of mass destruction.
Autera encourages security professionals to look at their security from the perspective of the terrorists and to try to anticipate threats. “Instead of looking at your capabilities, look at your vulnerabilities,” he says.
He warns, however, that heightening security to reduce those vulnerabilities may not discourage suicide bombers, as the Israeli experience has shown, though it could possibly minimize the damage they can cause.
(This session will be held Monday, September 27, at 4:30 p.m.)
In china there have been thousands of deaths over the last few years linked to the consumption of counterfeit drugs. That’s just one example of how the counterfeiting of drugs and food products can harm the general population. It can also be used to fund terrorist activities. For both reasons, counterfeiting is a growing safety concern, says Richard Widup, whose session will identify the scope, depth, and nature of this problem from both a national and global perspective
The World Heath Organization estimates that around 6 to 8 percent of the world pharmaceutical supply is counterfeit. In specific countries where drug controls are lax, the counterfeit drug supply is greater. For example, it is estimated that the Nigerian drug supply is more than 65 percent counterfeit.
Several factors make the global environment ripe for counterfeiting, says Widup. These include Internet drug sales, poor international controls, and a lack of global law enforcement resources devoted to this problem.
But perhaps the greatest factor is that counterfeiting offers criminals a huge potential payoff for a relatively low risk. “There are a lot of people who have left the business of smuggling coke and heroin because they can do this in an environment that is safer and more profitable,” says Widup. And, he adds, the criminals know that if they do get caught, the ramifications are “far less severe than they would be if they were doing anything along the illicit drug front.”
Greater punishments are key in curbing this threat, he says. Congress has recently introduced a bill that would dramatically increase the level of punishment for the sale and manufacture of counterfeit drugs in the U.S. While he hopes that this will help stem the threat, Widup says that state laws should increase licensing controls for drug wholesalers.
Widup notes that the first line of defense against counterfeit drugs is the pharmacist who supplies them to the public. He suggests that pharmacists should be better educated in identifying counterfeit products.
Consumer education is another vital part of the solution. Widup suggests a multipronged approach that would require drug companies to provide detailed and accurate information on their Web sites and in other venues. He advocates having the U.S. Food and Drug Administration and U.S. Drug Enforcement Administration sponsor public service announcements and other mass dissemination campaigns to educate consumers.
(This seminar session will be held Monday, September 28, at 11 a.m.)
These are but a sampling of the sessions to be offered at the ASIS 50th Annual Seminar and Exhibits September 27th through 30th in Dallas. Other sessions will focus on new security technologies, business practices, and federal regulations. In addition, the exhibit hall will present the latest products being brought to market. For more information or to register, go to www.asisonline.org.
Marta Roberts is staff editor at Security Management