disorbocaps600.weebly.comdisorbocaps600.weebly.com/uploads/2/6/5/2/...homeland_security_m… · web...
TRANSCRIPT
Running Head: MSA575 Final Examination
Final Examination
Brian Disorbo
Southwestern College
Prepared For:
Professor Fred Newell
29 September 2013
MSA575 MIDTERM EXAMINATION
Abstract
Best practices are defined as those that are most effective. Whether it is a traffic control
plan, the manner in which your office carries out a specific task or the way a Special Forces unit
executes its mission against a high value target. Each method has been tried, honed, and whittled
down until the actions are carried out with relative ease and the least amount of friction possible.
Whether its document control or exercising a major incident response plan, best practices play a
major role in disaster response. A designated “Best Practice” is going to the most efficient, cost
effective and most importantly; safest way for any organization to carry out operation regardless
of the situation they are faced with. The purpose of this mid-term is to outline six “best
practices” as they relate to security, and show how they can be interlaced into the private,
government, and/or public sector.
Introduction
At some point in our history the words, homegrown, domestic, Middle Eastern (ME),
Italian, Irish, and Greek, have been proceeded by the word “Terrorist” in the U.S. media.
Whether it be ME actors suicide bombing a bazaar in Baharain, the IRA throwing hand grenades
during a funeral, or Al Qaeda carrying out the haneious acts of September 11, 2001, the word
terrorism defense of the homeland have taken on new meaning over the last decade and a half.
Born from those acts is robust domestic security environment adopted by the United States in an
effort to contain and protect citizens. As we are some 13 years in the post 9/11 era we’ve (the
U.S.) have been able develop, test, exercise, refine and deem a myriad of security processes as
“Best Practices”, or those that are the absolute most effective for a given situation. Best
practices, sometimes called “benchmarks”, can refer to something as simple as key control and
1
MSA575 MIDTERM EXAMINATION
can run the gammut all the way to a “best practice” involving another 9/11 type scenario. In
order for something to be a best practice, in this authors humble opinion, it must meet a few
simple, yet complex, criteria. Those criteria are that it’s the most efficient, cost effective and
most importantly the safest way for any organization to carry out operations regardless of the
situation they are faced with. They are also directives that are simple (relatively speaking), easy
to coordinate with other agencies if necessary, and have flexibility built into them to allow for
deviation if the situation begins to deteriate or suddenly changes. Let’s face it, most of the
situations involving homeland security are fluid, if flexibility isn’t built into best practices can it
really be considered a best practice?
1. Department Of Homeland Security’s, Screening Of Passengers By Observation
Techniques (SPOT) Program.
Behavior Detection Officers (BDOs) “are trained to detect behaviors that one exhibits in
response to the fear of being discovered. In layman’s terms, BDOs look for behaviors that show
you’re trying to get away with something you shouldn’t be doing” (The TSA Blog, 2010). I
learned from my time in law enforcement that there are certain signs that people put off before
they decide to do something they shouldn’t. It could be something as simple as their eyes shifting
about, an increase in their rate of breathing, looking around incessantly…etc. Regardless of what
subtlety is being displayed, there are always signs.
I believe BDOs are a “Best Practice” for a couple of reasons. First, I consider BDOs
congruent with the overall security architecture TSA has employed through the United States,
and an excellent force multiplier, if you will. They are trained to do something no piece of
machinery (with the exception of a polygraph) can, observe and detect changes in human
behavior. This is an effective way, if officers are well trained, to add another layer of protection
2
MSA575 MIDTERM EXAMINATION
to the air travel industry. In a world where security professionals rely so heavily on technology, I
believe the human factor is often overlooked. We train our people to read and interpret the
responses from the machines we purchase, which ultimately make us feel better about our
facility, or airport in this case. But are we really teaching the officers the job? No! They rely on
the technology we give them and carry on about their day mostly oblivious to the people around
them. Bringing in a specific group of people that are trained to detect those subtle changes in
human behavior again is a great force multiplier.
I thought about this for a little bit and wondered if behavior detection could really be
effective. While I understand that it all ultimately ends up coming back to the quality of training
and the individual officer’s detection capability, I believe it can be extremely effective, cover the
gap mechanical detection devices may have and be that extra set of eyes within the
terminal. There has been some controversy over whether SPOTs are effective, I believe 100%
that if they are well trained and vigilant they can be highly effective tools within the DHS/TSA
arsenal.
2. Three Phase Planning And Management For Large-Scale Events.
I think one of the reasons I chose this is because I live do live so close to the District of
Columbia and there always seems to some type of large-scale event taking place. For example,
today is the March on Washington, a 50-year commemoration of the MLK, “I have a Dream
Speech”. The largest scale event I’ve ever worked was the base airshow and we’d usually have
somewhere between 25,000-50,000 visitors to the base on a given day (depending on whether the
Blue Angels or Thunderbirds were performing). For this portion of the assignment I visited the
Police Chief, The Professional Voice of Law Enforcement, website and found an article titled,
“Planning and Managing Security for Major Special Events: Best Practices for Law Enforcement
3
MSA575 MIDTERM EXAMINATION
Administrators”. That article, among many other things pointed out a three-phase approach for
planning and managing a large-scale event. The three-phase approach is broken down like this:
Phase I: Pre-Event Planning. What I found to be pretty amazing was that Phase I typically
begins at least a year to a year and a half before the event! From my personal experience nothing
ever got planned that far out in advance, and there’s no way you could get stakeholders to show
up to a monthly, or even quarterly meeting that far before the event were to take place. I believe
this relates to the fact the events I was involved with always took place on a military installation
and there’s a certain sense of security that comes along with hosting an event on a base. Also
occurring within Phase I is, “...the lead agency receiving authorization from its local governing
body, establishing its mission, reaching out to collaborate with partners to help secure the event,
meeting regularly with team members and partners, and developing detailed security plans and
contingency plans” (Bickel, N.D.). There’s a lot of coordination that needs to be accomplished
within the local community and I like the fact The Police Chief website advocates for getting
involvement from all facets the community to include creating a strong partnership with private
security firms.
Phase II: Managing Security during the Event: Phase II begins prior to the first spectators are set
to arrive. For an event like the March on Washington I know the news has been reporting since
Monday that participants were already starting to show up. So in this particular case I believe
having a police/security presence in the area at the onset of the event helps quell the potential for
pre-event rowdiness. In the case of the March on Washington, I can see where this is beneficial,
especially with what’s been happening around the country over the last couple of months with
the Martin case, the Australian that was shot in Oklahoma, and the WWII veteran that was
beaten to death last week. The fact is tensions are high and at an event like the March on
4
MSA575 MIDTERM EXAMINATION
Washington security and police need to be hyper-cautious, firm but not overbearing, and
maintain positive control of the crowd. As I wrote this last statement, I can now see the
importance of beginning Phase I 12 -18 months out from the actual start of the event. I know the
Martin case has been out in the news for at least a year, and with the verdict still being somewhat
fresh, the folks doing the planning of the March on Washington should have accounted for
potential tensions running over. “Phase II also involves checking the readiness of field and
support areas such as mobile field forces to deal with crowd control, intelligence support, arrest
processing, emergency medical services (EMS)/medical support, and more (Bickel,
N.D.). Again, all critical resources that need to be familiar with the other’s response tactics,
techniques and procedures to ensure that if a critical incident response is necessary it goes off as
smooth as possible. I will say that I hope this done on a operational level with the actual
responders and not on a that involves only managers sitting around a table talking about what
capabilities they have to offer and how their organization operates.
Phase III: Post-event Activities: Two words...”hot wash”. Phase III is the phase where everyone
get together post bacchanal and reviews performance, lessons learned, and how follow up event
security can be better managed. “It also involves accounting for all equipment and other
resources and paying bills for the security” (Bickel, N.D.).
I don’t think there’s a “magic bullet” format as each and every event will certainly have
it’s own “life”. I do however think that the more events that are held the better the organization
and response plans. Getting police, fire, EMT, intelligence, DHS...etc., consistently participating
in large scale events in one locality, such as D.C., tends to forge bonds of professional
cooperation, in the long run those bonds ensure that each element of the overall event staff will
succeed should an incident occur. On the reverse side, I can see where the skill that comes with
5
MSA575 MIDTERM EXAMINATION
constant planning and managing of large-scale events can perish if plans aren’t exercised on a
recurring basis. When I think of this I think of a small city like the one I live in. Nothing really
ever happens here with the exception of maybe the annual state fair. Comparing the response
services in D.C. with the response services here is kind of like comparing apples and oranges. I
suppose we can chalk it up to different cities with different mission.
3. Security For The Aviation Industry.
I was able to find a really great list on the National Business Aviation Association’s
webpage titled, “Best Practices for Business Aviation Security”. The article outlines post 9/11
security measures that the airline industry should be following, while the list is way to lengthy to
copy/paste into this weeks assignment, I wanted to take a few key points I found to be the most
germane and run with them. I think that in light of the fact the U.S. is probably going to conduct
surgical strikes on Syria in the next couple of weeks doing an evaluation industry-wide probably
isn’t a bad idea. Here are a few of the highlights I took away from the Best Practice webpage:
1) Remain diligent to changes in emotional well-being and health of all crewmembers,
ground personnel and passengers (National Business Aviation Association, 2013).
As a security professional this is probably the most difficult part of the job. Working in
an intelligence driven organization there are things that members are required to “self-report”.
There are the obvious things like being arrested, contact with foreign nationals and foreign
travel, but there are also things like excessive use of alcohol, abuse of prescription/non-
prescription drugs/narcotics, criminal behavior...etc. I’ll say that the employee base has the
“self”-reporting portion of it down, and until I became a security manager never thought about
the fact that I was supposed to also be keeping an eye on my coworkers. Once that clicked, I
realized that I needed to start putting out the fact that self-reporting guidelines didn’t just apply
6
MSA575 MIDTERM EXAMINATION
to the individual; they also applied to things the individual employee may observe in their
coworkers.
When the furlough hit I made it a point to brief the self-reporting topics again not just to
cover the annual requirement, but because one of the top three reasons people turn to espionage
is financial gain. Losing up to 25% of your monthly gross pay has the potential to make people
do the unthinkable in order to take care of their family. I’m definitely not//not condoning the
behavior, but I do understand that a person will do just about anything to ensure the wellbeing of
their family. We are around our coworkers for the better part of eight hours a day and are in a
good position to notice if they are doing things that are outside of their normal character, to judge
whether or not their attitude has changed and whether or not they are in a good mood. If a long-
term change of behavior is noted it should be reported to the persons supervisor or security team
out of due diligence. Airline employees have access to the aircraft at large and if in the wrong
state of mind are in a position to make a good flight go bad relatively quickly. Flight attendants
can tamper with food/beverages, I don’t even want to begin to think what the mechanics can do,
and the pilots, well we need to look no further than 9/11. Bottom line is that we each have the
ability and responsibility to keep an eye out for the unusual and report it. That one report can
make the difference between something happening and something being avoided.
2) Escort all visitors on the ramp and in the hangar area (National Business Aviation
Association, 2013).
I find this to be a very simple, yet effective method of maintaining positive control over a
controlled area. An active flight line is a crazy place to work!! Through my active duty service I
can say that I’ve been on A LOT of flight lines and from a military standpoint I can say they are
pretty secure. There are typically entry controllers that control access to the physical area, and
7
MSA575 MIDTERM EXAMINATION
everyone within that area has to display a restricted area badge. On top of that there are security
personnel that actively patrol the area and keep an eye out for those not displaying a badge, look
out of place, or are caught in a place they shouldn’t be. It’s a time-tested system that simply
works.
With that said, I also went on a temporary duty to San Juan, Puerto Rico where I worked
a counter-narcotic mission with the U.S. Customs Service at Luis Munoz Marin International
Airport and saw how the civil aviation industry worked. It’s not as secure as an Air Force flight
line, but there is an entry control point that badges were checked. We were all issued an airport
I.D. that allowed “swipe” access into certain areas of the airport, but more importantly, after
completing the flight line driver’s safety course, we were issued badges that allowed us out onto
the taxiways and aprons so we could transit from area to area to search. The only thing lacking
was an armed guard presence, but then again they aren’t securing multi-mission fighters. I
believe the badging system in and of itself serves as a form of mitigation in that those without
badges are normally challenged by those internal to the area, and look more out of place than
anyone else.
4. Center For Disease Control Puts Out Excellent Information For The General Public And
First Responders In Relation To A Bio-Terror Attack.
When I stumbled across this I had an epiphany! This is the type of information I am
ALWAYS on the look out for because it’s something I can train the staff on and they can carry it
forward to their friends and family. I find no greater joy in my job than putting out relevant and
practical information the can be used by EVERYONE! I typically break my training down into
two categories, “inside the office”, or that which is specifically relevant to the office. These
topics usually cover annual security training requirements and aren’t really applicable to the
8
MSA575 MIDTERM EXAMINATION
employee’s family, and then there’s the training I know they will all pay attention to. I call this
these the “ear perkers” because when you mention the topic people tend to perk up in their chairs
and pay attention. I categorize identity theft, minimizing your personal on-line footprint, and the
nuances associated with locking down your credit in this category. The “ear perkers” typically
yield the most questions, requests for me to e-mail the slides out en masse, and a ton of “side-
bar” conversations after the training is complete. I consider this topic to be one of those “ear
perkers”.
The CDC has taken the time to break down the categories of bio-toxins by mortality,
mutation rate and method, and how they affect the public at large. The following is taken
straight from the CDC website:
Category A
These high-priority agents include organisms or toxins that pose the highest risk to the public
and national security because:
• They can be easily spread or transmitted from person to person
• They result in high death rates and have the potential for major public health impact
• They might cause public panic and social disruption
• They require special action for public health preparedness (Center for Disease Control, N.G.).
Category B
These agents are the second highest priority because:
• They are moderately easy to spread
• They result in moderate illness rates and low death rates
They require specific enhancements of CDC's laboratory capacity and enhanced disease
monitoring (Center for Disease Control, N.G.).
9
MSA575 MIDTERM EXAMINATION
Category C
These third highest priority agents include emerging pathogens that could be engineered for mass
spread in the future because:
• They are easily available
• They are easily produced and spread
They have potential for high morbidity and mortality rates and major health
impact (Center for Disease Control, N.G.).
As I look over the categories I can see how any of them would create a complete drain on
the healthcare system. Further, “...the waits in medical offices are too long, and in addition to
the millions who have no health insurance, millions more live in areas where there are physician
shortages and poor access to care in general” (Redlener 19). In a state of pandemic, hospitals
would be flooded by sick patients. Doctors and physicians would be overwhelmed, and in areas
where the number of trained professionals is low, the sick would suffer. Even where there is a
sufficient amount of doctors and physicians, the number of patients would be so large that they
would have to begin prioritizing patients, which will also result in many others suffering”
(Dockter).
To be honest, before I researched this particular topic I hadn’t even thought about the
current shortage of doctors, or smaller municipalities that simply have no large scale emergency
capabilities. I was simply thinking about this from a personal/practical perspective. After doing
the research I’m pretty positive that if a chem/bio attack were to occur in any part of the nation
there would be no recourse other than for the military (or more to the point the government or
CDC) to dedicate robust amount of resources to the response. The real questions here is the
American public prepared for the government to come into their respective town in a manner
10
MSA575 MIDTERM EXAMINATION
suitable to contain and arrest the spread of chem/bio agents. By the way, I’m not talking about a
response like in the movie “Outbreak”; I’m talking about a “real-world” chem/bio environment.
I’m not sure the answer to that question is an unequivocal “Yes”.
5. Personnel Security Begins During The Staffing Process.
I gave my dissertation on personnel security with my week three assignment. It is a
discipline I hold near and dear to my heart because it is where the protection of classified
information begins. The nomination process sees a candidate selected by his supervisor/manager
for access to classified information, that decision should be based on a bona fide need for that
employee to materially contribute to the company’s overall mission and require access to that
information on a regular and persistent basis. With that said, a manager should nominate only
those that have demonstrated trustworthiness, reliability and responsibility throughout their
employment. This can occur during the hiring process with something as simple as vetting a
candidates educational records. There are several costly cases from both the past, Robert
Hannsen, Aldrich Ames, and Chi Mak to name a few, and the present, Bradley (or now Chelsea)
Manning, and SNOWDEN, that should serve as constant reminders of the importance of the
security clearance vetting process, and that each and every person in the chain serves as a link in
chain that protects our nation’s most intimate secrets.
Personnel security “Best practices suggest that two general principles should be followed
in defining a position: separation of duties and least privilege. Separation of duties refers to
dividing roles and responsibilities so that a single individual cannot subvert a critical process.
For example, separate responsibility should be given for requesting a personal identification
number and for authorizing a personal identification number. Least privilege refers to granting a
user only those accesses that they need to perform their official duties. For example, a data entry
11
MSA575 MIDTERM EXAMINATION
clerk may not need to run analysis reports against the entire VCCS shared database. As part of
the process to fill a position, best practices also suggest that testing and background screening
should be used as appropriate to help validate and/or access a candidate’s qualifications, past
performance and appropriateness for a particular position” (Thomas, N.G.).
To offer a counterpoint with regard to Edward Snowden, “The background checkers
failed to verify Mr. Snowden's (SNOWDEN) account of a past security violation and his work
for the Central Intelligence Agency, they didn't thoroughly probe an apparent trip to India that he
had failed to report, and they didn't get significant information from anyone who knew him
beyond his mother and girlfriend, according to the review (Kendall, 2013). Knowing that
SNOWDEN had access to databases and I.T. systems he had no business accessing tells me a
couple of things, namely SNOWDEN’s supervisors at the National Security Agency (the
Agency) weren’t properly vetting candidates, attempting to limit and compartmentalize access to
their sensitive I.T. systems and definitely not exercising the theory of “least privilege”.
I can write an entire novel on the personnel security process and the important role it
plays in our nation’s long-term survival. But in the spirit of this assignment I will close by
saying that the very best practice in the personnel security process is simple and very simply
stated; it requires those charged to carry out the mission of protecting the process to do their job!
6. Security Specialist Competences
At the core of every occupation is a set of core competencies in which each employee
must master in order to progress to the next highest level. I am a multi-discipline security
specialist meaning I am multi-hatted in my position. I manage the personnel, physical,
industrial, and information security functions of my office as well as managing OPSEC and also
serve as the organizational Anti-Terrorism Officer. On any given day I can cycle through each
12
MSA575 MIDTERM EXAMINATION
discipline several times and simultaneously carry on several functions at once. It’s a great job
that keeps my engaged, interested and constantly thinking. What I found when I first got into
this job was that there seemed to be no set standard in what I was doing, no target to keep my eye
on. I was basically given an office, a set of operating instructions and inspection checklists and
turned loosed to make things “right”. It was a bumpy road at the beginning but I eventually
learned from trial and a lot of errors, and made an excellent security program that was not just
“inspection ready”, it was functional, flexible and easily understandable.
The Defense Security Service (DSS) has been making a run at setting a core curriculum
for both government security specialist (holding the GS designation code of 0080) and industry
partner Facility Security Officer’s. It’s called the SPēD (speed) program. SPēD is an acronym
for the Security Professional Education Development Program. The SPēD Certification Program
is part of the Department of Defense's (DoD) initiative to professionalize the security workforce.
This initiative is intended to ensure that there is a common set of competencies among security
practitioners that promotes interoperability, facilitates professional development and training,
and develops a workforce of certified security professionals” (Defense Security Service, N.G.).
This hits home for me because there have been many times in my career that I’ve called
person “A” and asked a question, asked person “B” the same question and spoke with person
“C” to see if either of the other answer I got sounded right. There seemed to be no set standard
in how two organizations with similar missions carried out their day-to-day security operations.
The knowledge taken from DSS courses comes together in a series of tests. Tests range from
Security Fundamental Professional Certification to Security Asset Protection Professional and
Security Enterprise Professional Certification. Once an exam is taken and passed the security
professional is considered “certified” in the given discipline and required to accumulate a
13
MSA575 MIDTERM EXAMINATION
specific continuing education credits over a period of two years, and then retest to maintain the
certification.
All in all I believe this is an excellent program that will help standardize the security
profession across the board and more importantly add a layer of legitimacy to budding security
professionals across the community. I applaud the efforts of DSS and look forward to taking the
Security Fundamental Professional Certification exam in about a month. I’ve also signed up to
take the BETA test for the physical security assessment. While the certification process is not
mandatory for DoD 0080s now, there is a push to make it mandatory. What the certification
does now is gives those (both DoD and contractor) certified professionals a proverbial “leg-up”
when it comes to competing for jobs, it shows they’ve gone the extra mile in attaining a
certification getting on the road to security discipline mastery. This can only be explained as a
best practice for the entire security profession, and may not pay dividends today or tomorrow,
but eventually we will all be on the same page and those that aren’t quite up to doing the job to
the best of their ability will be weeded out strengthening the career field wholly.
7. Criminal Justice System as a Counterterrorism Tool.
Such an easy concept, but one I didn’t readily identify until I saw it. There are a couple of
different facets to this program as the Department of Justice (DOJ) webpage points out. The first
is using the DOJ as an intelligence gathering organization. I thought this sounded a little weird
too, until I read the context in which the intelligence is collected. It is not a traditional (or maybe
it is) method of collecting intelligence; it’s face to face conversations with known terrorists, or
collaborators/associates of terrorists that are arrested in the United States. The DOJ website
further states, “The criminal justice system provides powerful incentives for suspects to provide
accurate, reliable information, and the Department of Justice and FBI work closely with the rest
14
MSA575 MIDTERM EXAMINATION
of the intelligence community to maximize information and intelligence obtained from each
cooperator” (Department of Justice, 2010).
I’ll be honest; I’ve never been a fan of promising leniency in favor of receiving
information. In my humble opinion, it leaves too much to chance; people will say just about
anything to get a lesser sentence or to give the appearance they are “helping”. Terrorist cells
have traditionally been kept compartmented so that if one cell is caught they have no knowledge
of what other cells are doing. It’s actually a smart way of conducting business, but also leaves
the door wide open for creative stories that probably have some measure of truth, no matter how
slight, but gives investigators the overall appearance of “cooperation”. I’m not saying that the
information “sharing” angle can’t be fruitful, what I am saying is that if the U.S. is cutting
punishment for information, I personally don’t like it. It’s something that I’ve never agreed with
going back to the days Mafioso began rolling on each other for lessor sentences. If we take a
character like Sammy “The Bull” Gravano, he admits to murdering 19 people, cuts a deal with
federal prosecutors and ends up serving less than five years in prison. But since his testimony led
to the successful prosecution of over 30 members of organized crime Gravano’s sentence was
considered, “Fair”? I get the whole, “let the little fish go to catch the bigger fish” concept, but he
admitted to murdering 19 people!! Justice? I am not so sure.
It would be counter productive to defeat a best practice I chose for the week. Just
because I’m not a fan of letting people go that give up information doesn’t mean it’s not an
effective tool in the collection of counterintelligence information. The I.C. has done it, at least,
since the days of the Cold War with spies and it happened to be a pretty fruitful enterprise. The
CIA for example, would catch a spy, flip them and in return for them giving up info and working
15
MSA575 MIDTERM EXAMINATION
for the U.S., the government would allow them to keep their diplomatic status and wouldn’t kick
them out of the country.
8. NYPD Transit Bureau Anti Terrorism Unit
After reading about the NYPD Transit Bureau Anti Terrorism Unit I have to admit that
my curiosity was piqued. I actually struck out to see if I could find out how they were conducting
their searches of suspicious packages but couldn’t really find much about it. I did learn that the
Transit Bureau has dedicated K-9 teams. I will say that when I was handling an explosive
detector dog we never searched suspicious packages! There were simply too many unknowns
and variables; besides, that’s why we had EOD units! They can take out their robot and inspect a
suspicious package from a safe distance without ever placing a human life in danger.
What I was able to find out about the NYPD is that they actually have several anti-
terrorism units. There’s the counterterrorism division that has the following subunits:
• The Technology and Construction Section designs and implements large scale
counterterrorism projects, such as the Lower Manhattan Security Initiative and Operation
Sentinel, bringing them from initial concepts to deployable operations;
• The Training Section develops and delivers counterterrorism training to the patrol force and to
other law enforcement agencies and private sector entities;
• The Threat Reduction Infrastructure Protection Section (TRIPS) identify critical
infrastructure sites throughout the City and develop protective strategies for these sites;
• The Chemical, Biological, Radiological, Nuclear, and Explosives (CBRNE) Section
researches and tests emerging technologies used to detect and combat chemical, biological,
radiological, nuclear and explosive weapons and develops plans and policies for their use;
16
MSA575 MIDTERM EXAMINATION
• The Maritime Team is responsible for researching and developing systems and programs to
increase harbor security. The Maritime Team uses the Tactical Radiological Acquisition
Characterization System for proactive deployments and mapping of background radiation in the
Port of New York/New Jersey. This is the only waterborne deployment of TRACS equipment in
the nation.
• The NYPD SHIELD Unit manages the Department's public-private security partnership,
providing training and information to the private sector and addressing concerns from the private
sector (Police Department City of New York, 2013).
I enjoy the fact that since 9/11 the NYPD has taken on a robust infrastructure of
antiterrorism professionals. I am actually great friends with a Detective that works for the
NYPDs Joint Terrorism Task Force. What I can say is that it’s closely modeled after other
JTTFs, and they work VERY close with DHS in accomplishing their mission. Again, I like the
fact the NYPD has these units at their disposal, and can only imagine that other large cities
around the U.S. have adopted a similar AT infrastructure.
As I have spent a fair amount of the last two classes talking about information sharing
with the intelligence community, I can say that the one single area of greatest improvement in
the way of information sharing has to be between the civilian and federal law enforcement
communities. Where joint meetings used to be few and far between we are seeing the
relationship between the two blossom into a strong, fruitful partnership that will no doubt
strengthen the law enforcement community wholly. Personally, I see only see things getting
better over time.
There is also a great relationship with federal law enforcement and our defense industry
partners! When I worked for Boeing we actually had a counterintelligence unit that worked very
17
MSA575 MIDTERM EXAMINATION
close with several of the “Alphabet Soup” organizations (CIA, FBI, NSA, DIA, NGA...etc.). The
mission was to ensure Boeing assets were being well protected and threat data was making its
way back to the company for dissemination in a timely manner. Obviously the moneymaker for
Boeing is the commercial aircraft facility in Washington State, but Boeing facilities around the
world house critical information/infrastructure and develop/manufacture critical parts for both
military and commercial aircraft, not to mention the Boeing Future Combat System offices.
9. Proper Execution of the Standard Form 312.
This one may be a little outside of the box with respect to being a “Best Practice”, but I
believe it fits the true definition of a best practice. I’ve spent the semester going on and on about
protecting and sharing information with the intelligence community because I truly believe the
reform is there but the Cold War mentality, no matter how slight, is still there. If we look at the
Director of National Intelligence (DNI) and the heads of each and every I.C. agency, it doesn’t
take much to see that they are began their career in the era of the Soviet Bear. It was a time when
classified information was regarded as important, and actually protected in accordance with the
Executive Order that governs its protection (now, Executive Order 13526- Classified National
Security Information).
I pose this question, what good is holding people to a standard to protect our secrets if
we don’t have it down on paper? Good news everyone...we do! It’s the Standard Form 312,
Classified Information Nondisclosure Agreement, and if you have a security clearance, whether
or not you want to believe, you’ve signed one. I don’t ever recall signing one but would have to
guess that it happened sometime when I was in basic training, and I’m sure it went something
like this, “AIRMAN!!! SIGN THIS, NOW!” I probably said, “Yes, Sir!” and inked my name on
the line and carried on with my day happy to have survived another encounter with an angry
18
MSA575 MIDTERM EXAMINATION
Sergeant. Little did I know that the SF312 was my binding contract with the government that
stated, “Intending to be legally bound, I hereby accept the obligations contained in this
Agreement in consideration of my being granted access to classified information” (U.S.
Government, N.G.).
So what does it mean? Lets look at paragraph 4 for the answer, “I have been advised that
any breach of this Agreement may result in the termination of any security clearances I hold;
removal from any position of special confidence and trust requiring such clearances; or
termination of my employment or other relationships with the Departments or Agencies that
granted my security clearance or clearances. In addition, I have been advised that any
unauthorized disclosure of classified information by me may constitute a violation, or violations,
of United States criminal laws, including the provisions of sections 641, 793, 794, 798, *952 and
1924, title 18, United States Code; *the provisions of section 783(b}, title 50, United States
Code; and the provisions of the Intelligence Identities Protection Act of 1982. I recognize that
nothing in this Agreement constitutes a waiver by the United States of the right to prosecute me
for any statutory violation” (U.S. Government, N.G.).
Bottom line: divulge classified information to someone that shouldn’t have it, to include
not verifying Need-To-Know, and you’ll lose your eligibility, be fired, and quite possibly go to
jail for the better part of the rest of your life. For those of you that have a security clearance and
want to see the SF-312 up close and personal I would recommend going here,
http://www.archives.gov/isoo/security-forms/sf312.pdf and really take the time to read the
language.
So how is this a best practice? I say the best practice isn’t in simply screaming at
someone to sign the form. The best practice lies in the way the form is executed! There have
19
MSA575 MIDTERM EXAMINATION
been cases that have been thrown out of court because security professionals failed to execute the
SF-312 properly, i.e. putting it down in front of someone and telling them to just sign it. There is
an entire handbook out there that explains the importance and responsibility of properly
executing the document. It’s a method of protection for the government that ultimately helps
solidifies litigation for those that fail to properly protect our nation’s secrets. With regard to
Homeland Security, I know that DHS, like the DoD has classified information and a security
clearance process the department calls, “suitability”. My understanding is that it’s the same as a
DoD clearance, just by a different name. By executing out duties and ensuring we’re doing
things right, should one of our “own” ever decide to start handing over classified information we
can sleep at night knowing that the case won’t be thrown out because we failed to exercise our
due diligence.
I once got a great piece of advice from another security professional regarding the SF-
312 only after showing him the training module I had set up for executing the form. He looked
through the training, rubbed his a chin a little bit and then said, “This is a great brief. Have you
run it through the legal beagles?” I replied with a “No” and told him I took everything straight
out of the 312-training handbook. He stopped and me said, “That’s great, but you know if you
changed the meaning of anything contained in the 312 and a case goes to court more than likely
the government will lose.” Point taken. 45 minutes later I was on the second floor of the building
making an appointment to see the organization’s SJA. Come to find out, I hadn’t change the
meaning of the language, but according the SJA, there were some place that needed to have the
language a little less ambiguous. He gave me some suggestions, we batted a couple of e-mail’s
back and forth and I continue to use that training guide to this day!
10. Use of Ethnic profiling to Prevent Terrorism
20
MSA575 MIDTERM EXAMINATION
I am a staunch supporter of any methodology that can be used to keep our nation, and
more importantly, my family safe. My personal feeling on the subject is that the U.S. can
reasonably expect the next attack to come from a Middle Eastern (ME) actor. As such, we
should take the measures necessary to ensure we are keeping a cautious eye on that cross section
of society. I don’t see it being any different than knowing that the drug problem in the United
States is being fueled in large part by the Mexican drug cartels. The southern U.S. boarder is
watched closely by the brave men and women of the U.S. Border Patrol (and I do mean brave, I
don’t think there’s enough money in the world that could entice me to work a single shift
running a border protection mission). Boarder patrol obviously knows that the drugs, more than
likely, are being brought across by Mexican cartel members or associates, and keep an out for
those fitting the description and take action as appropriate.
When it comes to our airports I’m not saying TSA should take each and every ME male
between the ages of 16-30 out of the line for additional screening, what I am saying is that
profiling can be effective when used in conjunction with other methods, like Behavior Detection
Officers. Since TSA didn’t exist on 9/11, it’s impossible to know whether or not BDOs would
have played a meaningful role in detecting what the terrorists were about to do, but I’m positive
the hijackers were putting off signals that would have been easy enough for a BDO to detect and
just maybe react to. Remember, they are trained to detect subtle changes in body language that
can point to the fact someone may be getting ready to do something wrong, or are carrying
prohibited items either on their person or in their luggage.
I know that there are those folks out there that believe profiling is wrong, and I
completely respect their opinion, as I would expect they would respect mine. I am simply saying
that profiling is a tool in the box that can be used to help protect our nation when used in
21
MSA575 MIDTERM EXAMINATION
conjunction with other detection methods. I don’t think I’ve ever shadowed how I feel when it
comes to my civil liberties being “infringed” upon when it comes to protecting the United
States. My personal feelings are that if you want to pull me out of the line at the airport for
secondary screening (which has happened about a half dozen times to date), I’m okay with
that. If you want to put a UAV over my house and monitor my personal conversations, telephone
calls and Internet traffic…fine. Perhaps I’ve just defeated my own argument; maybe what I’m
saying is that I think everyone should be profiled...
People are upset over the fact Snowden exposed the NSAs monitoring program, I laugh
because it’s those same people that say the government is monitoring them. I hate to be the
bearer of bad news, but if a FISA judge issued a FISA warrant for NSA to monitor phone calls
and e-mails, then the NSA went to the FISA court with a ready agenda and very specific criteria
that the warrant is issued against. The average government-complaining citizen is probably
nowhere close to making it onto the NSAs monitoring “Radar”.
11. Accomplishing Active Shooter Training with the Workforce
After what happened at the Washington Navy Yard...which is literally 15 minutes away
from where I work, I decided that I would cover “Active Shooter” training for our employees as
a best practice. I’ll be completely honest, I haven’t accomplished active shooter training for the
workforce since about 2010, looking back on it now I know it’s a topic that I need to work into
my annual training plan. “An active shooter is an individual actively engaged in killing or
attempting to kill people, most often in populated areas. In most cases, active shooters use
firearms and there is no pattern or method to their selection of victims. In some cases, active
shooters use improvised explosive devices to create additional victims and to impede first
responders (U.S. Air Force, N.G.).
22
MSA575 MIDTERM EXAMINATION
Now, on to why I consider this a best practice. I can’t really fluff this one up and give it
a pretty reason...I will simply say that I owe it to my employees to give them the tools necessary
to protect themselves in the event someone comes to work and starts shooting. Moreover, this
practice has the potential to save lives. I am semi-fortunate in that I worked in law enforcement
for the better part of 15 years, so the actions to take are pretty automatic for me. BUT, I do
recognize that there is that cross-section of the organization that absolutely zero military or law
enforcement training and have never given a single thought to what they would or how they
would react if an incident ever occurred. Moreover, they’ve probably never given thought on
how to even exit the facility during a real world emergency much less trying to get out in the
event someone came in with weapons and started shooting.
This may sound a bit parochial, but I honestly liken it to showing my daughter a new
task. I can’t simply tell her to go and do it, she needs to be shown the first time, and have the
lesson reinforced from time to time. This same principal applies here, I will train on them on the
basic principals of what to do and more importantly WALK them through it! I have no problem
admitting that I’m a tactile learner, which means that I learn more effectively through doing
rather than reading. There’s no doubt I could stand up in front of the staff for two hours and give
a great presentation with a bunch of slides and maps with neat little arrows, but until they run the
route with a little stress will the lessons really sink in? I honestly don’t think it will. As such, as
security professionals, we should all do our part to ensure we are training our people on how to
deal with this particular situation. People do strange things when they are under stress of any
kind, and with a potential government shutdown on the horizon and contracts getting canceled
left and right, I am not going to rule out the possibility that active shooter scenarios won’t start
23
MSA575 MIDTERM EXAMINATION
cropping up a little more frequently that what we’re currently seeing. I’m going to do my best, as
I’m sure you already have, that my people are given the best information and training possible.
12. “Hardening” A Facility Through Teaching Employees What “Physical Security”
Means and Why They Are Considered Critical To The Success Of The Program
I could definitely launch into a long tirade on how hardening a “soft” target would take
months of up front planning, vulnerability assessments, and in a fiscally ideal world a couple
hundred thousand dollars, a plus-up in man power or at the least the employment of Crime
Prevention Through Environmental Design. Which, in all honest it really does. Fail to properly
plan, organize, assess and execute and you have potentially just wasted a bunch of money and
have little to show for return on investment. With that said I want to focus on a different piece of
the physical security, or target-hardening puzzle, the employees. Most of us realize that
assessment, contracting, and shopping for the physical security equipment is ¾ of the fun that
goes into a good physical security program. I’m going to peel the onion back a little further and
say that before a single cent is spent on any of that, there’s an up front and immediate need to
train employees on what exactly the Enterprise requires of them from a security standpoint. We
could put the cart before the horse and assess and purchase/install, but if our employees have no
earthly idea about what the threat is and how they can about either avoiding falling into the
pitfalls or contributing to threat mitigation what are we really doing? I know that I would feel
semi-safe because of the physical equipment I had installed, but have I really done any good?
Did I relay to my employees that the current overarching threat comes in the form of a recent
rash of unauthorized people entering facilities in the area? Have I told them that “piggybacking”
on someone else’s badge swipe is a no-no? Have I told them to challenge people in the building
that aren’t displaying the appropriate credential? Have I gotten with my local counterintelligence
24
MSA575 MIDTERM EXAMINATION
cell and passed on germane information for our installation/unit? If I can’t answer those
questions with an unequivocal “yes”, then I have failed the unit commander that has delegated
the security responsibility to me, and more importantly, I have failed to properly execute my
duties as a security professional.
I’m not saying that I need to give the unabridged history of physical security dating back
to the Praetorian Guard, but I do think explaining the general principals that make the program
work and bolstering it with the how it’s employed within the facility gives them the insight
needed to help make the program successful. The Air Force, “Eagle Eyes program is an Air
Force anti-terrorism initiative that enlists the eyes and ears of Air Force members and citizens in
the war on terror. Eagle eyes teaches people about the typical activities terrorists engage in to
plan their attacks. Armed with this information, anyone can recognize elements of potential
terror planning when they see it” (Air Force Office of Special Investigation, N.G.).
I think the premise of programs like this is to engage people at every level to become
more in tune with their surroundings and teaches them to recognize what “out of the ordinary”
really is. It also takes it a step further and lets them know that it’s okay to call the base police if
they feel they’ve found something out of place. When I was working the road we would go 11
months and two weeks without a single call for a suspicious package. Then the I.G. inspectors
would roll into town for two weeks and we would get five response calls a DAY! We were
getting calls for people that had branches caught around their tires because they thought it was
the I.G. planting det cord on their vehicles, we’d get calls from the gym because someone taking
a shower left their gym bag on the bench, and my personal favorite, the call from the clinic
stating that someone “rigged” an oxygen bottle outside the bathroom, only be followed up with
an embarrassing call two minutes later when the owner of the oxygen bottle walked out of the
25
MSA575 MIDTERM EXAMINATION
bathroom and claimed it. I believe if that type of enthusiasm were translated into everyday life
with a bit of common sense and training (like the Eagle Eye program) we’d definitely be a more
secure nation. Bottom line, before we spend the money we need to ensure we’re training our
people on how they can help harden the facility before any money is spent. What good are the
physical systems we put in place if the people using them are oblivious to the threat, and how the
equipment is designed to work?
Conclusion
There are a million best practices out there to choose from. The six I chose for the
assignment are ones that I hold close either because I learned something completely new, am
passionate about a certain topic, or deeply believe in the cause behind the methodology. For
example, I make no bones about the fact I am extremely passionate about personnel security. I
am a certified Tier II review official for those candidates requiring access to DoD special access
programs. I take that responsibility very seriously! I have earned two nicknames in the office,
“Pitbull” and “The Goalie”. I’m not crazy about “Pitbull” but earned that name because I am not
afraid to go into the boss’ office and tell him what I think about a candidate based on the
adjudication I performed. I give him my insight and perspective based on what the candidate
presented. Sometimes I have to argue to get my point across and sometimes he sees things my
way. Bottom line is that I hold a very firm line if I feel the candidate may pose a threat to the
overall security of the program.
“The Goalie” was earned because I use every resource within the scope of adjudicating
candidates to ensure only those meeting the adjudication standards make it through the process.
I’ve conducted background research on people and found glaring differences between what they
claimed on their paperwork and what public records tell me. It’s a part of the job where errors
26
MSA575 MIDTERM EXAMINATION
cannot occur! If errors occur the potential for another SNOWDEN case can present itself and
compromising program information to the general public is something I don’t want to show up
on my resume. As I originally stated, “Best Practices” are those practices that are defined as
practices that the most effective. In this case I believe the twelve presented here, are germane to
today’s security operating environments.
References
Air Force Office of Special Investigation. (N.G.). Air Force Office of Special Investigation. Retrieved September 25, 2013, from U.S. Air Force Eagle Eye: http://www.osi.af.mil/eagleeyes/
27
MSA575 MIDTERM EXAMINATION
Bickel, K. C. (N.D.). Planning and Managing Security for Major Special Events: Best Practices for Law Enforcement Administrators. Retrieved August 27, 2013, from The Police Chief The Professional Voice of Law Enforcement: http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=1347&issue_id=122007
Center for Disease Control. (N.G.). Bioterrorism. Retrieved 2013 03-August from Center for Disease Control: http://emergency.cdc.gov/bioterrorism/
Defense Security Service. (N.G.). Defence Security Service. Retrieved September 05, 2013, from Learn About SPeD Certification: http://www.cdse.edu/certification/sped_what.html
Department of Homeland Security. (2011). Implementing 9/11 Commission Recommendations. Washington , D.C., USA.
Dockter, D. H. (2012). Who’s Ready for a Bioterrorist Attack? Preparation, Biosurveillance, and Response. Davis: University of California Davis.
Kendall, B. N. (2013, August 27). Leaker's Security Check Faulted. Retrieved August 27, 2013, from Wall Street Journal: http://online.wsj.com/article/SB10001424127887324906304579039381125706104.html
National Business Aviation Association. (2013). Best Practices for Business Aviation Security. Retrieved September 02, 2013, from National Business Aviation Association: http://www.nbaa.org/ops/security/best-practices/
Police Department City of New York. (2013). Counterterrorism Units. Retrieved September 11, 2013, from NYPD: http://www.nyc.gov/html/nypd/html/administration/counterterrorism_units.shtml
The TSA Blog. (2010 24-May). TSA Spot Program: Still Going Strong. Retrieved 2013 20-August from The TSA Blog: http://blog.tsa.gov/2010/05/tsa-spot-program-still-going-strong.html
Thomas, T. (N.G.). Personnel Security Standard. Retrieved September 03, 2013, from Personnel Security Standard: http://system.vccs.edu/its/standards/PersonnelSecurityStandard.htm
U.S. Air Force. (N.G.). Air Force Be Ready. Retrieved September 26, 2013, from Active Shooter: http://www.beready.af.mil/disasters&emergencies/activeshooter.asp
U.S. Government. (N.G.). Classified Information Nondisclosure Agreement. Retrieved September 22, 2013, from Archives.gov: http://www.archives.gov/isoo/security-forms/sf312.pdf
28