Maryland mail scare puts spotlight on mailroom security

Security experts weigh in on how recent attacks will impact mail screening procedures for government and corporate entities

Last week, two incendiary packages were sent to state office buildings in Maryland. The packages, which reportedly ignited and emitted a sulfur-like smell when they were opened, were addressed to Maryland Transportation Secretary Beverley Swaim-Staley and to Governor Martin O'Malley.

Yet another package, this one addressed to Homeland Security Secretary Janet Napolitano, ignited at a Washington, D.C. postal facility on Friday. While the motivation for sending these packages appears to be someone's personal vendetta against anti-terror public awareness campaigns by the DHS and state of Maryland, they highlight the importance of having secure mail screening facilities.

According to Ronald Heil, assistant vice president and senior security consultant for TranSystems, an independent consulting and security systems design firm, government agencies and private organizations alike need to realize how vulnerable they are to incidents like this and take proper precautions.

"Any organization, any building that has employees who could be upset at being fired, being disciplined or being passed over for promotions or pay is at risk. If the (organization) has customers, someone is always going to have a disgruntled customer; they are going to be at risk. And, of course, there is symbolism," he said. "If you happen to be a sub office of the IRS or in this case, the department of transportation... you are at risk because you are a symbol of whatever it is the disgruntled person has against (the parent organization). The point is you are not immune just because you are not a government agency."

Richard Coakley, director of mail solutions for Pitney Bowes Management Services, which provides mailroom screening services to large corporate entities in the U.S. and the UK, advises businesses and government agencies to conduct threat assessments that take into account such things as the technology being manufactured by the organization, any religious affiliation the company may have, political affiliations, economic and environmental considerations, as well as how the company's brand is perceived by both the public and private sectors.

While many suspicious packages have visible telltale warning signs, Coakley says that does not appear to be the case in this instance.

"As part of our training and security processes, there are usually 12 red flag warnings when inspecting a mail piece or a package, and based on information received from authorities, there were only one or two characteristics to the packages that would have been red-flagged; the use of postage stamps/clusters of stamps and over-paying for postage," Coakley explained. "In this case, it appears that an external visual check did not yield many abnormal warnings."

According to Coakley, there was also not a sufficient enough time lapse after the first package was opened to warn another state office about the potential for another incendiary device.

"When you consider the process involved, you have an emergency responder in one facility who has just responded to a threat. From there, communications from an emergency response team to workers in other facilities could not have happened in 15 minutes," Coakley said. "When people are working front line sorting the mail, they are not looking at text messages, and they should not have their cell phones on and operating at their work stations. When there is an emergency, the communication chain needs to run from emergency response to senior leadership, then distributed to anyone responsible for operating mail centers. From that point, the individual mail supervisors must take the e-mail communication onto the work floor and communicate to the workers to stop work. This process doesn't happen in 15 minutes."

This content continues onto the next page...