In a time where terror attacks have become a frequent occurrence, we see that much is discussed on the ability of first responders to respond as quickly, effectively and efficiently as possible. The active shooter incident in Orlando earlier this month, the attack against a policeman and his family in Paris and finally the horrific attack in Ataturk Airport in Istanbul on the 28th of June are an example of these and a preview of what awaits us in the near future.
In this modern era we find ourselves in conflict between adding more layers of security and the fact that we have to also continue operations and keep the civil liberties which are the cornerstone of our existence.
While looking at many of my associates in the security consulting world, we see many recommendations on adding layers of security, from intelligence to physical hardening of infrastructure and adding layers of cognitive and behavior detection to existing deployments. To my surprise after 2 days of going through posts and newspaper articles I see little discussion on preparation for crisis management and disaster recovery.
Finishing a series of war-gaming and Table-Top exercises in the United States and Europe in the last three weeks on a range of different subjects, from active shooters and up to cyber-attacks against an airline we see that the ability to run through scenarios in a controlled environment enables the organization to fully examine its thought process on how to deal with rising issues. Procedures are evaluated and lessons learned, while enabling the participants to “feel” the event, so that when they encounter it in real life, it won’t be the first time they deal with the specific crisis.
One of the recurring elements we have seen in many of these War-Games and Table-Top exercises are the lack of clarity and information at the beginning of the event. This becomes critical in such events as every second counts and when the flow of information between entities is not smooth they cannot develop a real analysis of events which in real life will cost us human lives.
So, when planning your security deployment start with defining your threats, develop your concept and security layers, processes and procedures. Acquire the correct technologies to deal with your threats, recruit and train the correct people and text them and the chosen technology. Don’t forget to test yourselves as managers who may one day be in charge of managing such a crisis and who will be responsible for recovery and continuity.