The security week that was: 02/25/11 (Fiscally conservative security)

What we can learn from the TSA
How the administration inadvertently made physical security practitioners even more fiscally conservative

Often when interviews security directors, we ask them about what technologies they are investing in. The answers are pretty much what you might expect: access control systems, cameras, more intrusion alarm systems. We always wait with baited breath for the one who says, yes, we just spent $1 million on a new brand new facial recognition solution to grant access to individuals for the C-suite level of our office tower -- but we never hear that. The fact of the matter is that security budgets are tightly watched budgets, and most security managers are conservative spenders. In fact, the fiscally conservative nature of corporate security managers is so good, that I don't sometimes wonder why we don't have these men and women move up to Washington and to our state capitals to fix all the budget shortfalls.

Well, here's another story of caution that should keep our industry fiscally responsible. Back in 2008, there was a very real worry that terrorists might try to board planes with explosives and then detonate them in mid-air. As the "Christmas-Day" bomber's attempt later attested, the threat was real. This was before the era of the new body scanners that allows the TSA to see you naked, if you will, and the technology on the market was one called "puffers". These were the machines that used a puff of air to ostensibly dislodge particles from clothing, skin, etc. Those particles would then be scanned by an electronic nose, which would seek to identify if those particles registered positive for trace levels of explosives.

In theory, it was a a great system. Even explosives wrapped in plastic were likely to allow some trace that could be detected. In the lab, it was a great system. It seemed to work successfully. Companies like GE and Smiths Detection won contracts to deploy these technologies. The U.S. Transportation Security Administration spent an estimated $30 million dollars to buy about 200 of these machines at around $150,000 each. To put this cost in perspective, every man, woman and child in the United States would have had to line up and drop a dime in the basket to allow us to pay for this failed technology. Considering that every man, woman and child in our nation effectively donates $26.05 to be spent solely by the TSA every year, maybe that $30 million doesn't seem like a lot, but $30 million still is unquestionably "a lot".

The problem was that these machines didn't work well in the field. False positives and maintenance issues plagued the machines, and the program was eventually tabled before even half of the 434 planned units could be put in place. Most persons credit the cleanliness of the airport environment as the problem, and the machines were highly susceptible to dust and humidity. The program finally died quietly late last year, with the last puffer machine taken out of service.

It's the kind of story that keeps corporate security managers leery of new technology. In fact, I've never heard a single corporate security director say that they want to be the first to buy into new technologies. Biometrics, for example, has been around for years and years, but there is still a lot of suspicion about their effectiveness. The same has gone for video analytics, and to some extent even PSIM, according to a group of vendors I spoke with yesterday.

I think the concept to work on here is a failure threshold. We are all destined to have failures, and I hope that truth doesn't deflate anyone's ego. The question is how much are we willing to spend to find out whether something will be a success or a failure. As you consider your future technology implementations, I suggest you think about the amount of money you're willing to spend to find out whether something will work. Perhaps the TSA could have set that threshold at $2 million or $10 million. Certainly there is a cost of “finding out”, but it's a number that any technology buyer has to define – unless, of course, you have an $8.1 billion budget like the TSA.

The 4 Types of Violent Crime
Look out for these four types of workplace violence

Hundreds of webinar attendees enjoyed a program yesterday featuring Bryan Warren, CHPO-I, CHPA, and I want to take a moment to share with our readers one of the key learning points from this webinar “Workplace Violence in the Healthcare Industry.”

In his presentation, Warren – the president elect of the IAHSS and director of corporate security for Carolinas HealthCare System – discussed four categories of workplace violence as defined by the FBI's National Center for the Analysis of Violent Crime. The four types of violent crime in the workplace include:

Type 1: Violent acts by criminals who have no other connection with the workplace, but enter to commit a robbery or other crime;

Type 2: Violence directed at employees by customers, clients, patients, students, inmates or any others for whom an organization provides service;

Type 3: Violence against co-workers, supervisors or managers by a present or former employees;

Type 4: Violence committed in the workplace by someone who does not work there, but has a personal relationship with an employee (domestic violence).

We had a packed house for the webinar program, and quite a bit of our training material on workplace violence was applicable well beyond the healthcare environment. The program is now archived, and you can watch the program here.

In other news
Drug cartels demand "protection payments," ASIS and (ISC)2 co-locate shows, more

It seems Mexican drug cartels have added extortion to their criminal portfolios as it was reported this week that one crime gang is demanding "protection payments" from natural gas operations. ... ASIS International announced this week that (ISC)2, a non-profit group for information security professionals, will be co-locating its annual convention with ASIS 2011 in Orlando this year. ... Tyco has acquired Signature Security Group and will be combing the company's operations in Australia and New Zealand with ADT. ... Two men in Massachusetts are facing attempted murder charges after they allegedly attacked a police chief in Sunderland in a failed attempt to break their younger brother out of jail.