Exclusive Roundtable: 9/11 Lessons Learned

Five security experts take a forward-thinking look at security and public safety 10 years after the events of Sept. 11, 2001


How did 9/11 impact the way security executives go about protecting large commercial properties like the World Trade Center?
Kambic: Large commercial properties naturally come with a lot of different considerations. There is no “one size fits all” solution. Security directors must evaluate their program based upon the specific types of businesses that are housed within their property and the risks that may be associated with them. For example, large commercial buildings often house many different types of tenants which may carry risk as well as retail and even tourist attractions. I believe that 9/11 has made the security executive of any type of property much more accountable for their department as it relates not only to protection of the property, but also life safety of the occupants and business continuity for resilience.
Harrison: Protecting large buildings and landmarks since 9/11 has changed in three distinct ways: technology, law enforcement partnering, and intelligence gathering. The necessities and advancement in technology since 9/11 have enabled security to couple historic guard force protection with technology capability to better protect assets. Technology capability advancements provide for better access control capabilities, monitoring and controlling the movement of personnel, automatically alarming for inappropriate movements or out of place items, and better video capabilities to identify threats. These elements coupled with guard force resources provide a much better informed and process capable program. Private security and local law enforcement forces are much more aligned in sharing information and monitoring local threats. These connections allow for real-time sharing of information and collective action when threats do arise.
Villarreal: Prior to 9/11, most commercial properties were concerned about the “office creeper” walking into a building and stealing lap-top computers, phones, and personal items such as expensive clothing, jewelry and cash. Sept. 11 changed the dynamics of security planning from protecting against property theft to protecting buildings and people against large-scale catastrophic events. Today, security executives must plan for efficient strategies to control and monitor both public and vehicle access into buildings and parking garages. How, when and what are the triggers points to conduct a full building evacuation is a major issue in the planning stages of a security program.
Giles: Initially after 9/11, many high rise property management companies did not have in-house security professionals; therefore, a lot of requests went out asking for security assessments of their properties. However, many of these facilities made very few changes to systems or procedures once they looked at the cost of those changes, especially as time went by and there were no new attacks. I believe this drove some increase in the use of contract security officers. Interestingly, there were some facilities that did assessments to look at moving from contract officers to proprietary officers, but I don’t believe there were very many of them that actually made that change.
Tello: After Sept. 11, increasing the quality and visibility of uniformed security personnel became paramount as a way of not only deterring future attacks but also to alleviate the anxiety of our constituents who visit and conduct business in our properties.

What kinds of technologies and innovations have you seen in terms of hardening buildings against terror attacks over the past 10 years and how much does it factor into your security planning?
Giles: Today you will see many more of these facilities that have added or enhanced systems such as CCTV, access control, package screening, vehicle screening, improved lighting and even alarm systems. Some clients have also been concerned about bio-terrorism and this has driven them to make sure they have the proper HVAC system controls in place and in some cases, they have hardened security around their intake vents. Another improvement that I have seen has been in the training of security officers. There is more focus today on making sure officers are trained in counter-surveillance so they are aware if someone is conducting surveillance of the facility.
Kambic: We take our commitment to security and life safety systems very seriously, as do other buildings across the nation. As a security director, you must look at integrating systems that will allow you to track and monitor your property and occupants effectively. That can include a combination of technologies ranging from access control, CCTV, barriers and online visitor management systems. However, I think the biggest gains for hardening facilities include IP cameras, intelligent video recording and package screening systems.
Harrison: Camera resolution capability has greatly improved. Technology identifying inappropriate objects or movement has resulted in better monitoring. Access control to monitor and control personnel movement allows for better facility controls. Building materials and design can help minimize the impact of attacks. The overall acceptance by employees to play a role in helping to secure their work area and protect the company now plays a key role in the security program. These elements, especially technology and building improvements, are now acceptable elements woven into corporate and security program planning for budgetary and enterprise risk reduction purposes.
Tello: We have seen a great emergence of Web-based technologies such as IP CCTV cameras, graphical user interfaces for surveillance systems well as digital video storage technology. We have also seen remarkable innovations and expansions in the roles and criticality of centralized security command centers.
Villarreal: Exterior protection is a key ingredient in hardening buildings against terror attacks, such as using high-impact vehicle barriers and planters to protect the perimeter of a building; installing blast resistant film protection on windows to minimize damage; and controlling public access into office towers by using turnstiles, visitor management systems and electronic authorization cards for both tenants and guest.

Did 9/11 change the way you approach normal day-to-day security operations?
Villarreal: Perhaps the most significant change to day-to-day security operations as a result of 9/11 is the information sharing between the public and private sector. Today, we get daily briefings from DHS and local law enforcement agencies regarding terrorist alerts. We take that information and constantly remind our staffs to be on the look-out for suspicious behavior.
Tello: After 9/11, the need to rapidly receive and disseminate information to and from our security command center brought about the emergence of mass communication technology through which all of our constituents can simultaneously receive updates and direction on actual incidents and conditions that affect their personnel and ability to conduct their business. Emergency management planning and the importance of training and exercises for both security personnel and building occupants became a major component of our security program.
Kambic: There is no doubt that business has changed in the last 10 years. One of the primary shifts is to a much more concentrated focus on risk analysis, and understanding the scenarios your security operations may face in the future as well as today. The reality is that you must plan for all emergencies as effectively as possible, with more of an all-hazard approach of a response from the security organization.
Giles: For these types of facilities, I believe the difference was in the areas of visitor controls, package deliveries and truck/dock controls. Many of these facilities were relatively lax in these areas before 9/11. I tell clients all the time that if I want to enter a facility undetected, the easiest way is through the dock or posing as a delivery person. Unfortunately, that is still true today in some cases, but not as many as before.

Are there any procedures or technologies that you have implemented in the past 10 years that you probably wouldn’t have if 9/11 hadn’t happened?
Tello: If 9/11 did not occur, our buildings would most likely still be open to the public during business hours. Since then, all persons entering our buildings must interact with security personnel by presenting their ID badge or checking in with security as a registered visitor in order to be admitted into our facilities. This has had a corresponding exponential increase in the exposure of security and the demand for higher quality of security services. We have also seen a much greater level of partnership and communication between private sector security and law-enforcement/public safety at the local, state and federal levels.
Harrison: An overall enterprise risk approach that takes into account all elements of risk for the corporation, which has opened the scope and view of traditional security programs. This has far-reaching implications that impact all elements of security programs to include the incorporation of new and developing technologies as well as the development of more robust and detailed processes and procedures. Specific technologies include more robust non-proprietary access control programs, visitor management systems, employee threat communication capabilities, as well as explosive trace detection technology to name a few.
Kambic: It is difficult to pinpoint exact measures that have been taken as a result of the 9/11 tragedy because the security market has always been evolving over the last three to four decades. I do believe that it did increase the development and delivering of these technologies, especially in the areas of intelligence of CCTV. In addition to the physical controls and technologies, most buildings have implemented very specific training of the security staff that is critical to day-to-day operations as well as long-term plans. This training includes customer service, counter-surveillance, critical incident management and workplace violence.
Villarreal: There are many new things that we do differently now as a result of 9/11, one example is many commercial high rise buildings now require visitors to be pre-registered into a visitor management system before granting them access into the office tower. This was a major behavioral change for corporate America, as business people now cannot walk into an office building without being pre-registered by an authorized tenant with an electronic recording of their name, company, the purpose of their visit and who they are going to see. This type of screening process would never have been put into practice had 9/11 not occurred; in fact, when this practice was put into place, many people felt it was an invasion of their personal privacy, Today, it is an accepted business practice commonly used in primary markets in the high-rise commercial building sector.
Giles: In my opinion, the major risk that these facilities face is driven by workplace violence, not terrorism, in addition to risks such as thefts and accidents. However, there are many procedures and systems that have been implemented because 9/11 brought security to the forefront of the executives’ minds and allowed for expenditures that were previously on hold or just not recognized. One change that was very beneficial was an increase in the use of background screening of employees and the requirement for on-site contractors to do the same for their employees as well.

What do you think the future holds for corporate security operations?
Kambic: An emphasis on continued improvements as it relates to communications during emergencies will be key. In addition, I think that business continuity will be more mainstream, either encompassed within the Security department or as a close partner.
Harrison: While 9/11 resulted in a much more supportive corporate environment for security program improvements and advancements, absent a follow-on significant security event like 9/11, it seems that, on a broad perspective, corporate philosophy is beginning to withdraw back to pre-9/11 perspectives to include resource levels and budgetary constraints. While this is not a positive perspective, I believe advancements in security technology will continue to expand.
Villarreal: Going forward we must always look back at our history and never forget the tragic events of 9/11. Corporate security operations must always be prepared for worse-case scenarios. Planning, training and recovering from such events should always be in the forefront of security decision-makers. The future is uncertain, but one thing that we do know for certain is that we have many people that do not agree with our culture and way of life, therefore we must always employ the three D’s of any robust security operations, “detect, detour or defend” any type of threat that could affect people and buildings.
Tello: In the future, we see security evolving to meet emerging threats such as homegrown violent extremists, domestic terrorism and the potential for civil unrest and criminal activity brought about uncertain and volatile political and financial conditions.

Joel Griffin is Assistant Editor of SecurityInfoWatch.com