disorbocaps600.weebly.comdisorbocaps600.weebly.com/uploads/2/6/5/2/...homeland_security_m… · web...

Running Head: MSA575 Final Examination

Final Examination

Brian Disorbo

Southwestern College

Prepared For:

Professor Fred Newell

29 September 2013

MSA575 MIDTERM EXAMINATION

Abstract

Best practices are defined as those that are most effective. Whether it is a traffic control

plan, the manner in which your office carries out a specific task or the way a Special Forces unit

executes its mission against a high value target. Each method has been tried, honed, and whittled

down until the actions are carried out with relative ease and the least amount of friction possible.

Whether its document control or exercising a major incident response plan, best practices play a

major role in disaster response. A designated “Best Practice” is going to the most efficient, cost

effective and most importantly; safest way for any organization to carry out operation regardless

of the situation they are faced with. The purpose of this mid-term is to outline six “best

practices” as they relate to security, and show how they can be interlaced into the private,

government, and/or public sector.

Introduction

At some point in our history the words, homegrown, domestic, Middle Eastern (ME),

Italian, Irish, and Greek, have been proceeded by the word “Terrorist” in the U.S. media.

Whether it be ME actors suicide bombing a bazaar in Baharain, the IRA throwing hand grenades

during a funeral, or Al Qaeda carrying out the haneious acts of September 11, 2001, the word

terrorism defense of the homeland have taken on new meaning over the last decade and a half.

Born from those acts is robust domestic security environment adopted by the United States in an

effort to contain and protect citizens. As we are some 13 years in the post 9/11 era we’ve (the

U.S.) have been able develop, test, exercise, refine and deem a myriad of security processes as

“Best Practices”, or those that are the absolute most effective for a given situation. Best

practices, sometimes called “benchmarks”, can refer to something as simple as key control and

1


can run the gammut all the way to a “best practice” involving another 9/11 type scenario. In

order for something to be a best practice, in this authors humble opinion, it must meet a few

simple, yet complex, criteria. Those criteria are that it’s the most efficient, cost effective and

most importantly the safest way for any organization to carry out operations regardless of the

situation they are faced with. They are also directives that are simple (relatively speaking), easy

to coordinate with other agencies if necessary, and have flexibility built into them to allow for

deviation if the situation begins to deteriate or suddenly changes. Let’s face it, most of the

situations involving homeland security are fluid, if flexibility isn’t built into best practices can it

really be considered a best practice?

1. Department Of Homeland Security’s, Screening Of Passengers By Observation

Techniques (SPOT) Program.

Behavior Detection Officers (BDOs) “are trained to detect behaviors that one exhibits in

response to the fear of being discovered. In layman’s terms, BDOs look for behaviors that show

you’re trying to get away with something you shouldn’t be doing” (The TSA Blog, 2010). I

learned from my time in law enforcement that there are certain signs that people put off before

they decide to do something they shouldn’t. It could be something as simple as their eyes shifting

about, an increase in their rate of breathing, looking around incessantly…etc. Regardless of what

subtlety is being displayed, there are always signs.

I believe BDOs are a “Best Practice” for a couple of reasons. First, I consider BDOs

congruent with the overall security architecture TSA has employed through the United States,

and an excellent force multiplier, if you will. They are trained to do something no piece of

machinery (with the exception of a polygraph) can, observe and detect changes in human

behavior. This is an effective way, if officers are well trained, to add another layer of protection

2


to the air travel industry. In a world where security professionals rely so heavily on technology, I

believe the human factor is often overlooked. We train our people to read and interpret the

responses from the machines we purchase, which ultimately make us feel better about our

facility, or airport in this case. But are we really teaching the officers the job? No! They rely on

the technology we give them and carry on about their day mostly oblivious to the people around

them. Bringing in a specific group of people that are trained to detect those subtle changes in

human behavior again is a great force multiplier.

I thought about this for a little bit and wondered if behavior detection could really be

effective. While I understand that it all ultimately ends up coming back to the quality of training

and the individual officer’s detection capability, I believe it can be extremely effective, cover the

gap mechanical detection devices may have and be that extra set of eyes within the

terminal. There has been some controversy over whether SPOTs are effective, I believe 100%

that if they are well trained and vigilant they can be highly effective tools within the DHS/TSA

arsenal.

2. Three Phase Planning And Management For Large-Scale Events.

I think one of the reasons I chose this is because I live do live so close to the District of

Columbia and there always seems to some type of large-scale event taking place. For example,

today is the March on Washington, a 50-year commemoration of the MLK, “I have a Dream

Speech”. The largest scale event I’ve ever worked was the base airshow and we’d usually have

somewhere between 25,000-50,000 visitors to the base on a given day (depending on whether the

Blue Angels or Thunderbirds were performing). For this portion of the assignment I visited the

Police Chief, The Professional Voice of Law Enforcement, website and found an article titled,

“Planning and Managing Security for Major Special Events: Best Practices for Law Enforcement

3


Administrators”. That article, among many other things pointed out a three-phase approach for

planning and managing a large-scale event. The three-phase approach is broken down like this:

Phase I: Pre-Event Planning. What I found to be pretty amazing was that Phase I typically

begins at least a year to a year and a half before the event! From my personal experience nothing

ever got planned that far out in advance, and there’s no way you could get stakeholders to show

up to a monthly, or even quarterly meeting that far before the event were to take place. I believe

this relates to the fact the events I was involved with always took place on a military installation

and there’s a certain sense of security that comes along with hosting an event on a base. Also

occurring within Phase I is, “...the lead agency receiving authorization from its local governing

body, establishing its mission, reaching out to collaborate with partners to help secure the event,

meeting regularly with team members and partners, and developing detailed security plans and

contingency plans” (Bickel, N.D.). There’s a lot of coordination that needs to be accomplished

within the local community and I like the fact The Police Chief website advocates for getting

involvement from all facets the community to include creating a strong partnership with private

security firms.

Phase II: Managing Security during the Event: Phase II begins prior to the first spectators are set

to arrive. For an event like the March on Washington I know the news has been reporting since

Monday that participants were already starting to show up. So in this particular case I believe

having a police/security presence in the area at the onset of the event helps quell the potential for

pre-event rowdiness. In the case of the March on Washington, I can see where this is beneficial,

especially with what’s been happening around the country over the last couple of months with

the Martin case, the Australian that was shot in Oklahoma, and the WWII veteran that was

beaten to death last week. The fact is tensions are high and at an event like the March on

4


Washington security and police need to be hyper-cautious, firm but not overbearing, and

maintain positive control of the crowd. As I wrote this last statement, I can now see the

importance of beginning Phase I 12 -18 months out from the actual start of the event. I know the

Martin case has been out in the news for at least a year, and with the verdict still being somewhat

fresh, the folks doing the planning of the March on Washington should have accounted for

potential tensions running over. “Phase II also involves checking the readiness of field and

support areas such as mobile field forces to deal with crowd control, intelligence support, arrest

processing, emergency medical services (EMS)/medical support, and more (Bickel,

N.D.). Again, all critical resources that need to be familiar with the other’s response tactics,

techniques and procedures to ensure that if a critical incident response is necessary it goes off as

smooth as possible. I will say that I hope this done on a operational level with the actual

responders and not on a that involves only managers sitting around a table talking about what

capabilities they have to offer and how their organization operates.

Phase III: Post-event Activities: Two words...”hot wash”. Phase III is the phase where everyone

get together post bacchanal and reviews performance, lessons learned, and how follow up event

security can be better managed. “It also involves accounting for all equipment and other

resources and paying bills for the security” (Bickel, N.D.).

I don’t think there’s a “magic bullet” format as each and every event will certainly have

it’s own “life”. I do however think that the more events that are held the better the organization

and response plans. Getting police, fire, EMT, intelligence, DHS...etc., consistently participating

in large scale events in one locality, such as D.C., tends to forge bonds of professional

cooperation, in the long run those bonds ensure that each element of the overall event staff will

succeed should an incident occur. On the reverse side, I can see where the skill that comes with

5


constant planning and managing of large-scale events can perish if plans aren’t exercised on a

recurring basis. When I think of this I think of a small city like the one I live in. Nothing really

ever happens here with the exception of maybe the annual state fair. Comparing the response

services in D.C. with the response services here is kind of like comparing apples and oranges. I

suppose we can chalk it up to different cities with different mission.

3. Security For The Aviation Industry.

I was able to find a really great list on the National Business Aviation Association’s

webpage titled, “Best Practices for Business Aviation Security”. The article outlines post 9/11

security measures that the airline industry should be following, while the list is way to lengthy to

copy/paste into this weeks assignment, I wanted to take a few key points I found to be the most

germane and run with them. I think that in light of the fact the U.S. is probably going to conduct

surgical strikes on Syria in the next couple of weeks doing an evaluation industry-wide probably

isn’t a bad idea. Here are a few of the highlights I took away from the Best Practice webpage:

1) Remain diligent to changes in emotional well-being and health of all crewmembers,

ground personnel and passengers (National Business Aviation Association, 2013).

As a security professional this is probably the most difficult part of the job. Working in

an intelligence driven organization there are things that members are required to “self-report”.

There are the obvious things like being arrested, contact with foreign nationals and foreign

travel, but there are also things like excessive use of alcohol, abuse of prescription/non-

prescription drugs/narcotics, criminal behavior...etc. I’ll say that the employee base has the

“self”-reporting portion of it down, and until I became a security manager never thought about

the fact that I was supposed to also be keeping an eye on my coworkers. Once that clicked, I

realized that I needed to start putting out the fact that self-reporting guidelines didn’t just apply

6


to the individual; they also applied to things the individual employee may observe in their

coworkers.

When the furlough hit I made it a point to brief the self-reporting topics again not just to

cover the annual requirement, but because one of the top three reasons people turn to espionage

is financial gain. Losing up to 25% of your monthly gross pay has the potential to make people

do the unthinkable in order to take care of their family. I’m definitely not//not condoning the

behavior, but I do understand that a person will do just about anything to ensure the wellbeing of

their family. We are around our coworkers for the better part of eight hours a day and are in a

good position to notice if they are doing things that are outside of their normal character, to judge

whether or not their attitude has changed and whether or not they are in a good mood. If a long-

term change of behavior is noted it should be reported to the persons supervisor or security team

out of due diligence. Airline employees have access to the aircraft at large and if in the wrong

state of mind are in a position to make a good flight go bad relatively quickly. Flight attendants

can tamper with food/beverages, I don’t even want to begin to think what the mechanics can do,

and the pilots, well we need to look no further than 9/11. Bottom line is that we each have the

ability and responsibility to keep an eye out for the unusual and report it. That one report can

make the difference between something happening and something being avoided.

2) Escort all visitors on the ramp and in the hangar area (National Business Aviation

Association, 2013).

I find this to be a very simple, yet effective method of maintaining positive control over a

controlled area. An active flight line is a crazy place to work!! Through my active duty service I

can say that I’ve been on A LOT of flight lines and from a military standpoint I can say they are

pretty secure. There are typically entry controllers that control access to the physical area, and

7


everyone within that area has to display a restricted area badge. On top of that there are security

personnel that actively patrol the area and keep an eye out for those not displaying a badge, look

out of place, or are caught in a place they shouldn’t be. It’s a time-tested system that simply

works.

With that said, I also went on a temporary duty to San Juan, Puerto Rico where I worked

a counter-narcotic mission with the U.S. Customs Service at Luis Munoz Marin International

Airport and saw how the civil aviation industry worked. It’s not as secure as an Air Force flight

line, but there is an entry control point that badges were checked. We were all issued an airport

I.D. that allowed “swipe” access into certain areas of the airport, but more importantly, after

completing the flight line driver’s safety course, we were issued badges that allowed us out onto

the taxiways and aprons so we could transit from area to area to search. The only thing lacking

was an armed guard presence, but then again they aren’t securing multi-mission fighters. I

believe the badging system in and of itself serves as a form of mitigation in that those without

badges are normally challenged by those internal to the area, and look more out of place than

anyone else.

4. Center For Disease Control Puts Out Excellent Information For The General Public And

First Responders In Relation To A Bio-Terror Attack.

When I stumbled across this I had an epiphany! This is the type of information I am

ALWAYS on the look out for because it’s something I can train the staff on and they can carry it

forward to their friends and family. I find no greater joy in my job than putting out relevant and

practical information the can be used by EVERYONE! I typically break my training down into

two categories, “inside the office”, or that which is specifically relevant to the office. These

topics usually cover annual security training requirements and aren’t really applicable to the

8


employee’s family, and then there’s the training I know they will all pay attention to. I call this

these the “ear perkers” because when you mention the topic people tend to perk up in their chairs

and pay attention. I categorize identity theft, minimizing your personal on-line footprint, and the

nuances associated with locking down your credit in this category. The “ear perkers” typically

yield the most questions, requests for me to e-mail the slides out en masse, and a ton of “side-

bar” conversations after the training is complete. I consider this topic to be one of those “ear

perkers”.

The CDC has taken the time to break down the categories of bio-toxins by mortality,

mutation rate and method, and how they affect the public at large. The following is taken

straight from the CDC website:

Category A

These high-priority agents include organisms or toxins that pose the highest risk to the public

and national security because:

• They can be easily spread or transmitted from person to person

• They result in high death rates and have the potential for major public health impact

• They might cause public panic and social disruption

• They require special action for public health preparedness (Center for Disease Control, N.G.).

Category B

These agents are the second highest priority because:

• They are moderately easy to spread

• They result in moderate illness rates and low death rates

They require specific enhancements of CDC's laboratory capacity and enhanced disease

monitoring (Center for Disease Control, N.G.).

9


Category C

These third highest priority agents include emerging pathogens that could be engineered for mass

spread in the future because:

• They are easily available

• They are easily produced and spread

They have potential for high morbidity and mortality rates and major health

impact (Center for Disease Control, N.G.).

As I look over the categories I can see how any of them would create a complete drain on

the healthcare system. Further, “...the waits in medical offices are too long, and in addition to

the millions who have no health insurance, millions more live in areas where there are physician

shortages and poor access to care in general” (Redlener 19). In a state of pandemic, hospitals

would be flooded by sick patients. Doctors and physicians would be overwhelmed, and in areas

where the number of trained professionals is low, the sick would suffer. Even where there is a

sufficient amount of doctors and physicians, the number of patients would be so large that they

would have to begin prioritizing patients, which will also result in many others suffering”

(Dockter).

To be honest, before I researched this particular topic I hadn’t even thought about the

current shortage of doctors, or smaller municipalities that simply have no large scale emergency

capabilities. I was simply thinking about this from a personal/practical perspective. After doing

the research I’m pretty positive that if a chem/bio attack were to occur in any part of the nation

there would be no recourse other than for the military (or more to the point the government or

CDC) to dedicate robust amount of resources to the response. The real questions here is the

American public prepared for the government to come into their respective town in a manner

10


suitable to contain and arrest the spread of chem/bio agents. By the way, I’m not talking about a

response like in the movie “Outbreak”; I’m talking about a “real-world” chem/bio environment.

I’m not sure the answer to that question is an unequivocal “Yes”.

5. Personnel Security Begins During The Staffing Process.

I gave my dissertation on personnel security with my week three assignment. It is a

discipline I hold near and dear to my heart because it is where the protection of classified

information begins. The nomination process sees a candidate selected by his supervisor/manager

for access to classified information, that decision should be based on a bona fide need for that

employee to materially contribute to the company’s overall mission and require access to that

information on a regular and persistent basis. With that said, a manager should nominate only

those that have demonstrated trustworthiness, reliability and responsibility throughout their

employment. This can occur during the hiring process with something as simple as vetting a

candidates educational records. There are several costly cases from both the past, Robert

Hannsen, Aldrich Ames, and Chi Mak to name a few, and the present, Bradley (or now Chelsea)

Manning, and SNOWDEN, that should serve as constant reminders of the importance of the

security clearance vetting process, and that each and every person in the chain serves as a link in

chain that protects our nation’s most intimate secrets.

Personnel security “Best practices suggest that two general principles should be followed

in defining a position: separation of duties and least privilege. Separation of duties refers to

dividing roles and responsibilities so that a single individual cannot subvert a critical process.

For example, separate responsibility should be given for requesting a personal identification

number and for authorizing a personal identification number. Least privilege refers to granting a

user only those accesses that they need to perform their official duties. For example, a data entry

11


clerk may not need to run analysis reports against the entire VCCS shared database. As part of

the process to fill a position, best practices also suggest that testing and background screening

should be used as appropriate to help validate and/or access a candidate’s qualifications, past

performance and appropriateness for a particular position” (Thomas, N.G.).

To offer a counterpoint with regard to Edward Snowden, “The background checkers

failed to verify Mr. Snowden's (SNOWDEN) account of a past security violation and his work

for the Central Intelligence Agency, they didn't thoroughly probe an apparent trip to India that he

had failed to report, and they didn't get significant information from anyone who knew him

beyond his mother and girlfriend, according to the review (Kendall, 2013). Knowing that

SNOWDEN had access to databases and I.T. systems he had no business accessing tells me a

couple of things, namely SNOWDEN’s supervisors at the National Security Agency (the

Agency) weren’t properly vetting candidates, attempting to limit and compartmentalize access to

their sensitive I.T. systems and definitely not exercising the theory of “least privilege”.

I can write an entire novel on the personnel security process and the important role it

plays in our nation’s long-term survival. But in the spirit of this assignment I will close by

saying that the very best practice in the personnel security process is simple and very simply

stated; it requires those charged to carry out the mission of protecting the process to do their job!

6. Security Specialist Competences

At the core of every occupation is a set of core competencies in which each employee

must master in order to progress to the next highest level. I am a multi-discipline security

specialist meaning I am multi-hatted in my position. I manage the personnel, physical,

industrial, and information security functions of my office as well as managing OPSEC and also

serve as the organizational Anti-Terrorism Officer. On any given day I can cycle through each

12


discipline several times and simultaneously carry on several functions at once. It’s a great job

that keeps my engaged, interested and constantly thinking. What I found when I first got into

this job was that there seemed to be no set standard in what I was doing, no target to keep my eye

on. I was basically given an office, a set of operating instructions and inspection checklists and

turned loosed to make things “right”. It was a bumpy road at the beginning but I eventually

learned from trial and a lot of errors, and made an excellent security program that was not just

“inspection ready”, it was functional, flexible and easily understandable.

The Defense Security Service (DSS) has been making a run at setting a core curriculum

for both government security specialist (holding the GS designation code of 0080) and industry

partner Facility Security Officer’s. It’s called the SPēD (speed) program. SPēD is an acronym

for the Security Professional Education Development Program. The SPēD Certification Program

is part of the Department of Defense's (DoD) initiative to professionalize the security workforce.

This initiative is intended to ensure that there is a common set of competencies among security

practitioners that promotes interoperability, facilitates professional development and training,

and develops a workforce of certified security professionals” (Defense Security Service, N.G.).

This hits home for me because there have been many times in my career that I’ve called

person “A” and asked a question, asked person “B” the same question and spoke with person

“C” to see if either of the other answer I got sounded right. There seemed to be no set standard

in how two organizations with similar missions carried out their day-to-day security operations.

The knowledge taken from DSS courses comes together in a series of tests. Tests range from

Security Fundamental Professional Certification to Security Asset Protection Professional and

Security Enterprise Professional Certification. Once an exam is taken and passed the security

professional is considered “certified” in the given discipline and required to accumulate a

13


specific continuing education credits over a period of two years, and then retest to maintain the

certification.

All in all I believe this is an excellent program that will help standardize the security

profession across the board and more importantly add a layer of legitimacy to budding security

professionals across the community. I applaud the efforts of DSS and look forward to taking the

Security Fundamental Professional Certification exam in about a month. I’ve also signed up to

take the BETA test for the physical security assessment. While the certification process is not

mandatory for DoD 0080s now, there is a push to make it mandatory. What the certification

does now is gives those (both DoD and contractor) certified professionals a proverbial “leg-up”

when it comes to competing for jobs, it shows they’ve gone the extra mile in attaining a

certification getting on the road to security discipline mastery. This can only be explained as a

best practice for the entire security profession, and may not pay dividends today or tomorrow,

but eventually we will all be on the same page and those that aren’t quite up to doing the job to

the best of their ability will be weeded out strengthening the career field wholly.

7. Criminal Justice System as a Counterterrorism Tool.

Such an easy concept, but one I didn’t readily identify until I saw it. There are a couple of

different facets to this program as the Department of Justice (DOJ) webpage points out. The first

is using the DOJ as an intelligence gathering organization. I thought this sounded a little weird

too, until I read the context in which the intelligence is collected. It is not a traditional (or maybe

it is) method of collecting intelligence; it’s face to face conversations with known terrorists, or

collaborators/associates of terrorists that are arrested in the United States. The DOJ website

further states, “The criminal justice system provides powerful incentives for suspects to provide

accurate, reliable information, and the Department of Justice and FBI work closely with the rest

14


of the intelligence community to maximize information and intelligence obtained from each

cooperator” (Department of Justice, 2010).

I’ll be honest; I’ve never been a fan of promising leniency in favor of receiving

information. In my humble opinion, it leaves too much to chance; people will say just about

anything to get a lesser sentence or to give the appearance they are “helping”. Terrorist cells

have traditionally been kept compartmented so that if one cell is caught they have no knowledge

of what other cells are doing. It’s actually a smart way of conducting business, but also leaves

the door wide open for creative stories that probably have some measure of truth, no matter how

slight, but gives investigators the overall appearance of “cooperation”. I’m not saying that the

information “sharing” angle can’t be fruitful, what I am saying is that if the U.S. is cutting

punishment for information, I personally don’t like it. It’s something that I’ve never agreed with

going back to the days Mafioso began rolling on each other for lessor sentences. If we take a

character like Sammy “The Bull” Gravano, he admits to murdering 19 people, cuts a deal with

federal prosecutors and ends up serving less than five years in prison. But since his testimony led

to the successful prosecution of over 30 members of organized crime Gravano’s sentence was

considered, “Fair”? I get the whole, “let the little fish go to catch the bigger fish” concept, but he

admitted to murdering 19 people!! Justice? I am not so sure.

It would be counter productive to defeat a best practice I chose for the week. Just

because I’m not a fan of letting people go that give up information doesn’t mean it’s not an

effective tool in the collection of counterintelligence information. The I.C. has done it, at least,

since the days of the Cold War with spies and it happened to be a pretty fruitful enterprise. The

CIA for example, would catch a spy, flip them and in return for them giving up info and working

15


for the U.S., the government would allow them to keep their diplomatic status and wouldn’t kick

them out of the country.

8. NYPD Transit Bureau Anti Terrorism Unit

After reading about the NYPD Transit Bureau Anti Terrorism Unit I have to admit that

my curiosity was piqued. I actually struck out to see if I could find out how they were conducting

their searches of suspicious packages but couldn’t really find much about it. I did learn that the

Transit Bureau has dedicated K-9 teams. I will say that when I was handling an explosive

detector dog we never searched suspicious packages! There were simply too many unknowns

and variables; besides, that’s why we had EOD units! They can take out their robot and inspect a

suspicious package from a safe distance without ever placing a human life in danger.

What I was able to find out about the NYPD is that they actually have several anti-

terrorism units. There’s the counterterrorism division that has the following subunits:

• The Technology and Construction Section designs and implements large scale

counterterrorism projects, such as the Lower Manhattan Security Initiative and Operation

Sentinel, bringing them from initial concepts to deployable operations;

• The Training Section develops and delivers counterterrorism training to the patrol force and to

other law enforcement agencies and private sector entities;

• The Threat Reduction Infrastructure Protection Section (TRIPS) identify critical

infrastructure sites throughout the City and develop protective strategies for these sites;

• The Chemical, Biological, Radiological, Nuclear, and Explosives (CBRNE) Section

researches and tests emerging technologies used to detect and combat chemical, biological,

radiological, nuclear and explosive weapons and develops plans and policies for their use;

16


• The Maritime Team is responsible for researching and developing systems and programs to

increase harbor security. The Maritime Team uses the Tactical Radiological Acquisition

Characterization System for proactive deployments and mapping of background radiation in the

Port of New York/New Jersey. This is the only waterborne deployment of TRACS equipment in

the nation.

• The NYPD SHIELD Unit manages the Department's public-private security partnership,

providing training and information to the private sector and addressing concerns from the private

sector (Police Department City of New York, 2013).

I enjoy the fact that since 9/11 the NYPD has taken on a robust infrastructure of

antiterrorism professionals. I am actually great friends with a Detective that works for the

NYPDs Joint Terrorism Task Force. What I can say is that it’s closely modeled after other

JTTFs, and they work VERY close with DHS in accomplishing their mission. Again, I like the

fact the NYPD has these units at their disposal, and can only imagine that other large cities

around the U.S. have adopted a similar AT infrastructure.

As I have spent a fair amount of the last two classes talking about information sharing

with the intelligence community, I can say that the one single area of greatest improvement in

the way of information sharing has to be between the civilian and federal law enforcement

communities. Where joint meetings used to be few and far between we are seeing the

relationship between the two blossom into a strong, fruitful partnership that will no doubt

strengthen the law enforcement community wholly. Personally, I see only see things getting

better over time.

There is also a great relationship with federal law enforcement and our defense industry

partners! When I worked for Boeing we actually had a counterintelligence unit that worked very

17


close with several of the “Alphabet Soup” organizations (CIA, FBI, NSA, DIA, NGA...etc.). The

mission was to ensure Boeing assets were being well protected and threat data was making its

way back to the company for dissemination in a timely manner. Obviously the moneymaker for

Boeing is the commercial aircraft facility in Washington State, but Boeing facilities around the

world house critical information/infrastructure and develop/manufacture critical parts for both

military and commercial aircraft, not to mention the Boeing Future Combat System offices.

9. Proper Execution of the Standard Form 312.

This one may be a little outside of the box with respect to being a “Best Practice”, but I

believe it fits the true definition of a best practice. I’ve spent the semester going on and on about

protecting and sharing information with the intelligence community because I truly believe the

reform is there but the Cold War mentality, no matter how slight, is still there. If we look at the

Director of National Intelligence (DNI) and the heads of each and every I.C. agency, it doesn’t

take much to see that they are began their career in the era of the Soviet Bear. It was a time when

classified information was regarded as important, and actually protected in accordance with the

Executive Order that governs its protection (now, Executive Order 13526- Classified National

Security Information).

I pose this question, what good is holding people to a standard to protect our secrets if

we don’t have it down on paper? Good news everyone...we do! It’s the Standard Form 312,

Classified Information Nondisclosure Agreement, and if you have a security clearance, whether

or not you want to believe, you’ve signed one. I don’t ever recall signing one but would have to

guess that it happened sometime when I was in basic training, and I’m sure it went something

like this, “AIRMAN!!! SIGN THIS, NOW!” I probably said, “Yes, Sir!” and inked my name on

the line and carried on with my day happy to have survived another encounter with an angry

18


Sergeant. Little did I know that the SF312 was my binding contract with the government that

stated, “Intending to be legally bound, I hereby accept the obligations contained in this

Agreement in consideration of my being granted access to classified information” (U.S.

Government, N.G.).

So what does it mean? Lets look at paragraph 4 for the answer, “I have been advised that

any breach of this Agreement may result in the termination of any security clearances I hold;

removal from any position of special confidence and trust requiring such clearances; or

termination of my employment or other relationships with the Departments or Agencies that

granted my security clearance or clearances. In addition, I have been advised that any

unauthorized disclosure of classified information by me may constitute a violation, or violations,

of United States criminal laws, including the provisions of sections 641, 793, 794, 798, *952 and

1924, title 18, United States Code; *the provisions of section 783(b}, title 50, United States

Code; and the provisions of the Intelligence Identities Protection Act of 1982. I recognize that

nothing in this Agreement constitutes a waiver by the United States of the right to prosecute me

for any statutory violation” (U.S. Government, N.G.).

Bottom line: divulge classified information to someone that shouldn’t have it, to include

not verifying Need-To-Know, and you’ll lose your eligibility, be fired, and quite possibly go to

jail for the better part of the rest of your life. For those of you that have a security clearance and

want to see the SF-312 up close and personal I would recommend going here,

http://www.archives.gov/isoo/security-forms/sf312.pdf and really take the time to read the

language.

So how is this a best practice? I say the best practice isn’t in simply screaming at

someone to sign the form. The best practice lies in the way the form is executed! There have

19

http://www.archives.gov/isoo/security-forms/sf312.pdf


been cases that have been thrown out of court because security professionals failed to execute the

SF-312 properly, i.e. putting it down in front of someone and telling them to just sign it. There is

an entire handbook out there that explains the importance and responsibility of properly

executing the document. It’s a method of protection for the government that ultimately helps

solidifies litigation for those that fail to properly protect our nation’s secrets. With regard to

Homeland Security, I know that DHS, like the DoD has classified information and a security

clearance process the department calls, “suitability”. My understanding is that it’s the same as a

DoD clearance, just by a different name. By executing out duties and ensuring we’re doing

things right, should one of our “own” ever decide to start handing over classified information we

can sleep at night knowing that the case won’t be thrown out because we failed to exercise our

due diligence.

I once got a great piece of advice from another security professional regarding the SF-

312 only after showing him the training module I had set up for executing the form. He looked

through the training, rubbed his a chin a little bit and then said, “This is a great brief. Have you

run it through the legal beagles?” I replied with a “No” and told him I took everything straight

out of the 312-training handbook. He stopped and me said, “That’s great, but you know if you

changed the meaning of anything contained in the 312 and a case goes to court more than likely

the government will lose.” Point taken. 45 minutes later I was on the second floor of the building

making an appointment to see the organization’s SJA. Come to find out, I hadn’t change the

meaning of the language, but according the SJA, there were some place that needed to have the

language a little less ambiguous. He gave me some suggestions, we batted a couple of e-mail’s

back and forth and I continue to use that training guide to this day!

10. Use of Ethnic profiling to Prevent Terrorism

20


I am a staunch supporter of any methodology that can be used to keep our nation, and

more importantly, my family safe. My personal feeling on the subject is that the U.S. can

reasonably expect the next attack to come from a Middle Eastern (ME) actor. As such, we

should take the measures necessary to ensure we are keeping a cautious eye on that cross section

of society. I don’t see it being any different than knowing that the drug problem in the United

States is being fueled in large part by the Mexican drug cartels. The southern U.S. boarder is

watched closely by the brave men and women of the U.S. Border Patrol (and I do mean brave, I

don’t think there’s enough money in the world that could entice me to work a single shift

running a border protection mission). Boarder patrol obviously knows that the drugs, more than

likely, are being brought across by Mexican cartel members or associates, and keep an out for

those fitting the description and take action as appropriate.

When it comes to our airports I’m not saying TSA should take each and every ME male

between the ages of 16-30 out of the line for additional screening, what I am saying is that

profiling can be effective when used in conjunction with other methods, like Behavior Detection

Officers. Since TSA didn’t exist on 9/11, it’s impossible to know whether or not BDOs would

have played a meaningful role in detecting what the terrorists were about to do, but I’m positive

the hijackers were putting off signals that would have been easy enough for a BDO to detect and

just maybe react to. Remember, they are trained to detect subtle changes in body language that

can point to the fact someone may be getting ready to do something wrong, or are carrying

prohibited items either on their person or in their luggage.

I know that there are those folks out there that believe profiling is wrong, and I

completely respect their opinion, as I would expect they would respect mine. I am simply saying

that profiling is a tool in the box that can be used to help protect our nation when used in

21


conjunction with other detection methods. I don’t think I’ve ever shadowed how I feel when it

comes to my civil liberties being “infringed” upon when it comes to protecting the United

States. My personal feelings are that if you want to pull me out of the line at the airport for

secondary screening (which has happened about a half dozen times to date), I’m okay with

that. If you want to put a UAV over my house and monitor my personal conversations, telephone

calls and Internet traffic…fine. Perhaps I’ve just defeated my own argument; maybe what I’m

saying is that I think everyone should be profiled...

People are upset over the fact Snowden exposed the NSAs monitoring program, I laugh

because it’s those same people that say the government is monitoring them. I hate to be the

bearer of bad news, but if a FISA judge issued a FISA warrant for NSA to monitor phone calls

and e-mails, then the NSA went to the FISA court with a ready agenda and very specific criteria

that the warrant is issued against. The average government-complaining citizen is probably

nowhere close to making it onto the NSAs monitoring “Radar”.

11. Accomplishing Active Shooter Training with the Workforce

After what happened at the Washington Navy Yard...which is literally 15 minutes away

from where I work, I decided that I would cover “Active Shooter” training for our employees as

a best practice. I’ll be completely honest, I haven’t accomplished active shooter training for the

workforce since about 2010, looking back on it now I know it’s a topic that I need to work into

my annual training plan. “An active shooter is an individual actively engaged in killing or

attempting to kill people, most often in populated areas. In most cases, active shooters use

firearms and there is no pattern or method to their selection of victims. In some cases, active

shooters use improvised explosive devices to create additional victims and to impede first

responders (U.S. Air Force, N.G.).

22


Now, on to why I consider this a best practice. I can’t really fluff this one up and give it

a pretty reason...I will simply say that I owe it to my employees to give them the tools necessary

to protect themselves in the event someone comes to work and starts shooting. Moreover, this

practice has the potential to save lives. I am semi-fortunate in that I worked in law enforcement

for the better part of 15 years, so the actions to take are pretty automatic for me. BUT, I do

recognize that there is that cross-section of the organization that absolutely zero military or law

enforcement training and have never given a single thought to what they would or how they

would react if an incident ever occurred. Moreover, they’ve probably never given thought on

how to even exit the facility during a real world emergency much less trying to get out in the

event someone came in with weapons and started shooting.

This may sound a bit parochial, but I honestly liken it to showing my daughter a new

task. I can’t simply tell her to go and do it, she needs to be shown the first time, and have the

lesson reinforced from time to time. This same principal applies here, I will train on them on the

basic principals of what to do and more importantly WALK them through it! I have no problem

admitting that I’m a tactile learner, which means that I learn more effectively through doing

rather than reading. There’s no doubt I could stand up in front of the staff for two hours and give

a great presentation with a bunch of slides and maps with neat little arrows, but until they run the

route with a little stress will the lessons really sink in? I honestly don’t think it will. As such, as

security professionals, we should all do our part to ensure we are training our people on how to

deal with this particular situation. People do strange things when they are under stress of any

kind, and with a potential government shutdown on the horizon and contracts getting canceled

left and right, I am not going to rule out the possibility that active shooter scenarios won’t start

23


cropping up a little more frequently that what we’re currently seeing. I’m going to do my best, as

I’m sure you already have, that my people are given the best information and training possible.

12. “Hardening” A Facility Through Teaching Employees What “Physical Security”

Means and Why They Are Considered Critical To The Success Of The Program

I could definitely launch into a long tirade on how hardening a “soft” target would take

months of up front planning, vulnerability assessments, and in a fiscally ideal world a couple

hundred thousand dollars, a plus-up in man power or at the least the employment of Crime

Prevention Through Environmental Design. Which, in all honest it really does. Fail to properly

plan, organize, assess and execute and you have potentially just wasted a bunch of money and

have little to show for return on investment. With that said I want to focus on a different piece of

the physical security, or target-hardening puzzle, the employees. Most of us realize that

assessment, contracting, and shopping for the physical security equipment is ¾ of the fun that

goes into a good physical security program. I’m going to peel the onion back a little further and

say that before a single cent is spent on any of that, there’s an up front and immediate need to

train employees on what exactly the Enterprise requires of them from a security standpoint. We

could put the cart before the horse and assess and purchase/install, but if our employees have no

earthly idea about what the threat is and how they can about either avoiding falling into the

pitfalls or contributing to threat mitigation what are we really doing? I know that I would feel

semi-safe because of the physical equipment I had installed, but have I really done any good?

Did I relay to my employees that the current overarching threat comes in the form of a recent

rash of unauthorized people entering facilities in the area? Have I told them that “piggybacking”

on someone else’s badge swipe is a no-no? Have I told them to challenge people in the building

that aren’t displaying the appropriate credential? Have I gotten with my local counterintelligence

24


cell and passed on germane information for our installation/unit? If I can’t answer those

questions with an unequivocal “yes”, then I have failed the unit commander that has delegated

the security responsibility to me, and more importantly, I have failed to properly execute my

duties as a security professional.

I’m not saying that I need to give the unabridged history of physical security dating back

to the Praetorian Guard, but I do think explaining the general principals that make the program

work and bolstering it with the how it’s employed within the facility gives them the insight

needed to help make the program successful. The Air Force, “Eagle Eyes program is an Air

Force anti-terrorism initiative that enlists the eyes and ears of Air Force members and citizens in

the war on terror. Eagle eyes teaches people about the typical activities terrorists engage in to

plan their attacks. Armed with this information, anyone can recognize elements of potential

terror planning when they see it” (Air Force Office of Special Investigation, N.G.).

I think the premise of programs like this is to engage people at every level to become

more in tune with their surroundings and teaches them to recognize what “out of the ordinary”

really is. It also takes it a step further and lets them know that it’s okay to call the base police if

they feel they’ve found something out of place. When I was working the road we would go 11

months and two weeks without a single call for a suspicious package. Then the I.G. inspectors

would roll into town for two weeks and we would get five response calls a DAY! We were

getting calls for people that had branches caught around their tires because they thought it was

the I.G. planting det cord on their vehicles, we’d get calls from the gym because someone taking

a shower left their gym bag on the bench, and my personal favorite, the call from the clinic

stating that someone “rigged” an oxygen bottle outside the bathroom, only be followed up with

an embarrassing call two minutes later when the owner of the oxygen bottle walked out of the

25


bathroom and claimed it. I believe if that type of enthusiasm were translated into everyday life

with a bit of common sense and training (like the Eagle Eye program) we’d definitely be a more

secure nation. Bottom line, before we spend the money we need to ensure we’re training our

people on how they can help harden the facility before any money is spent. What good are the

physical systems we put in place if the people using them are oblivious to the threat, and how the

equipment is designed to work?

Conclusion

There are a million best practices out there to choose from. The six I chose for the

assignment are ones that I hold close either because I learned something completely new, am

passionate about a certain topic, or deeply believe in the cause behind the methodology. For

example, I make no bones about the fact I am extremely passionate about personnel security. I

am a certified Tier II review official for those candidates requiring access to DoD special access

programs. I take that responsibility very seriously! I have earned two nicknames in the office,

“Pitbull” and “The Goalie”. I’m not crazy about “Pitbull” but earned that name because I am not

afraid to go into the boss’ office and tell him what I think about a candidate based on the

adjudication I performed. I give him my insight and perspective based on what the candidate

presented. Sometimes I have to argue to get my point across and sometimes he sees things my

way. Bottom line is that I hold a very firm line if I feel the candidate may pose a threat to the

overall security of the program.

“The Goalie” was earned because I use every resource within the scope of adjudicating

candidates to ensure only those meeting the adjudication standards make it through the process.

I’ve conducted background research on people and found glaring differences between what they

claimed on their paperwork and what public records tell me. It’s a part of the job where errors

26


cannot occur! If errors occur the potential for another SNOWDEN case can present itself and

compromising program information to the general public is something I don’t want to show up

on my resume. As I originally stated, “Best Practices” are those practices that are defined as

practices that the most effective. In this case I believe the twelve presented here, are germane to

today’s security operating environments.

References

Air Force Office of Special Investigation. (N.G.). Air Force Office of Special Investigation. Retrieved September 25, 2013, from U.S. Air Force Eagle Eye: http://www.osi.af.mil/eagleeyes/

27


Bickel, K. C. (N.D.). Planning and Managing Security for Major Special Events: Best Practices for Law Enforcement Administrators. Retrieved August 27, 2013, from The Police Chief The Professional Voice of Law Enforcement: http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=1347&issue_id=122007

Center for Disease Control. (N.G.). Bioterrorism. Retrieved 2013 03-August from Center for Disease Control: http://emergency.cdc.gov/bioterrorism/

Defense Security Service. (N.G.). Defence Security Service. Retrieved September 05, 2013, from Learn About SPeD Certification: http://www.cdse.edu/certification/sped_what.html

Department of Homeland Security. (2011). Implementing 9/11 Commission Recommendations. Washington , D.C., USA.

Dockter, D. H. (2012). Who’s Ready for a Bioterrorist Attack? Preparation, Biosurveillance, and Response. Davis: University of California Davis.

Kendall, B. N. (2013, August 27). Leaker's Security Check Faulted. Retrieved August 27, 2013, from Wall Street Journal: http://online.wsj.com/article/SB10001424127887324906304579039381125706104.html

National Business Aviation Association. (2013). Best Practices for Business Aviation Security. Retrieved September 02, 2013, from National Business Aviation Association: http://www.nbaa.org/ops/security/best-practices/

Police Department City of New York. (2013). Counterterrorism Units. Retrieved September 11, 2013, from NYPD: http://www.nyc.gov/html/nypd/html/administration/counterterrorism_units.shtml

The TSA Blog. (2010 24-May). TSA Spot Program: Still Going Strong. Retrieved 2013 20-August from The TSA Blog: http://blog.tsa.gov/2010/05/tsa-spot-program-still-going-strong.html

Thomas, T. (N.G.). Personnel Security Standard. Retrieved September 03, 2013, from Personnel Security Standard: http://system.vccs.edu/its/standards/PersonnelSecurityStandard.htm

U.S. Air Force. (N.G.). Air Force Be Ready. Retrieved September 26, 2013, from Active Shooter: http://www.beready.af.mil/disasters&emergencies/activeshooter.asp

U.S. Government. (N.G.). Classified Information Nondisclosure Agreement. Retrieved September 22, 2013, from Archives.gov: http://www.archives.gov/isoo/security-forms/sf312.pdf

28

http://www.nbaa.org/ops/security/best-practices/

http://online.wsj.com/article/SB10001424127887324906304579039381125706104.html

http://www.cdse.edu/certification/sped_what.html

http://emergency.cdc.gov/bioterrorism/

disorbocaps600.weebly.comdisorbocaps600.weebly.com/uploads/2/6/5/2/...homeland_security_m… · web...

Documents