Facility Intrusion | Scope of Risk

A facility breach may be due to unintentional intrusion by ignorant trespassers—for example, as a result of the facility being on traditional trade or migration routes by nomads—or it may be done by opportunistic and unrefined criminal elements seeking to pilfer materials; by organized crime seeking to steal highvalue assets; or by insurgents, terrorists, or specialinterest group activists seeking to kidnap employees, damage critical infrastructures, or make a public statement to support their cause. Intrusion may be slowed by physical security structures and manpower provided to protect a facility, and alerts may come from human or technological measures. Typically the security plan for a facility or critical infrastructure will outline the measures used to deter, detect, delay, prevent, and respond to an intrusion. Where mature security plans and policies are not in place or a nonsecuritytrained manager is in charge of the first stages of a response, the IMP will play a crucial role in providing guidance to assist in managing the situation until law enforcement or other response agencies can deploy and resolve the situation.
Add a note hereIn the event of a physical security breach of a facility, it is important that both immediate and interimterm risks are identified, understood, and mitigated. The nature of the intrusion will largely determine the actions taken (i.e., if intruders are armed or unarmed; if they intend to harm individuals, steal property, or damage infrastructures). The following common threats are posed by facility intrusion:
§  Add a note herePhysical or psychological threats to personnel, including assault, intimidation, and kidnapping.
§  Add a note hereThreats to critical infrastructures: explosive hazards, vandalism, and contamination.
§  Add a note hereTheft or damage to assets and other materials.
§  Add a note hereEspionage and data theft.
§  Add a note hereCorporate reputation and image risks.
§  Add a note hereDisruption to operational and business productivity.
§  Add a note hereSitins or unlawful occupancy of areas or work spaces.
§  Add a note hereLiability and legal risks.
Add a note hereIn addition, the nature of security policies and resources in place to protect a facility will also guide the response measures (e.g., mature or inadequate policies and plans, and a robust and armed security force or an insubstantial and unarmed response force). Longterm risks will be the responsibility of the crisis response group, who should address shortfalls and gaps within any security plan and associated policies and resource levels. Local site or incident managers should determine the following facts as the basis of their response decision paths:
§  Add a note hereWhere has the breach occurred?
§  Add a note hereWhen did it occur?
§  Add a note hereAre intruders armed and violent?
§  Add a note hereHow many intruders are there? Is their location known? What do they look like?
§  Add a note hereWhat is their intent, and what other threats might be posed by the intruders?
§  Add a note hereCan organic security resources counter those of the intruders?
§  Add a note hereWhat level of support is available from government or other agencies?
§  Add a note hereWhat personnel are at risk, and can they be secured?
§  Add a note hereWhat resources of infrastructures are at risk, and can they be secured?
Add a note hereThe IMP should complement a mature and wellconstructed security plan where possible. The IMP should be tied to standard operating practices and preprepared security response protocols to ensure that security personnel, or other employees, carry out immediate actions upon notification of a security breach. Where security plans and resources are not in place, the IMP should be focused on ensuring the safety of personnel and the protection of vulnerable or highvalue resources or assets, while guiding law enforcement or other resources to the point of threat.

Threats, Coercion, and Extortion | Scope of Risk

Coercion is the practice of compelling a person to behave in an involuntary manner (either through action or inaction), by the use of threats, intimidation, or some other form of pressure or force. Extortion occurs when a person either unlawfully obtains money, property, or services from a person, entity, or institution through coercion or intimidation, or threatens a person, entity, or institution with physical or reputational harm unless they pay money, or property (or is profiting in some other manner). Threats, coercion, or extortion of company staff or subcontractors can be detrimental to the safety and welfare of individuals, as well as to the productivity of the business activity as a whole. Critical personnel or entire workforces may not attend work if perceived to be at risk, and employees may feel forced to undermine the company by actively participating in illegal or unethical activities if they or their families are threatened. Isolated threat or coercion events, even when perpetrated by individuals or based on a hoax, can have widespread and dramatic effects on the morale of entire workforces and the success of both micro and macrolevel business activities, even when driven by individual and group perceptions rather than by a clinical assessment of risk. The company should consider the following when facing such threats:
§  Add a note hereConsider the welfare of the employee and overall workforce morale.
§  Add a note hereConsider the implications to corporate reputation and business continuity.
§  Add a note hereObtain all available details about the incident.
§  Add a note hereIf it appears a credible extortion, threat, or coercive event, mobilize the CRT.
§  Add a note hereIdentity of perpetrators, their motive, credibility, capability, and likely intentions.
§  Add a note hereConduct a detailed analysis of the threat: to kill, injure, or kidnap personnel or to sabotage, damage, or steal equipment or intellectual property.
§  Add a note hereEstablish the implications if the threat were to be carried out.
§  Add a note hereEstablish whether dialogue can be established without increasing the threat.
§  Add a note hereDetermine what external government and specialist resources might be required.
§  Add a note hereGather information on any other existing or previous similar threats and their outcomes.
§  Add a note hereConsider the legal and longterm business implications of conceding to demands.
§  Add a note hereReview the capability of local law enforcement agencies to act to eliminate the threat; confirm they are not involved.
Add a note hereIt is important for companies to make a determination of the nature, extent, and likelihood of a threat or coercive risk, taking into account the welfare and safety of employees, corporate reputation, and the business continuity requirements. Typically, such risk elements are identified by or reported to local managers, and in coordination with the company's security manager, a pragmatic threat assessment should be undertaken, balancing the likelihood of the threat being implemented against the impacts the threat will have on the individual or group, as well as the company operations. While the safety of employees is paramount, companies must also consider the legal liabilities in the event of a threat being carried out. The company must also evaluate whether coerced individuals are assisting (albeit unwillingly) criminal groups to protect family members, are seeking financial compensation for false claims, or are indeed at any real risk.
Add a note hereThreats may be made to specific individuals or as a blanket statement to communities or particular groups. Threats and coercion may also be used as a business vehicle by unscrupulous companies seeking to deter competition. In some countries, criminal threats are often masked under the auspices of insurgency and terrorism. Companies should seek to determine the motive behind threats and coercion. Understanding the nature, likelihood, and scope of any postulated threat can be developed, in part, by establishing the gender, race, age, education level, voice characteristics, and mental or emotional state of the person making the threat, whether in person or by telephone. Any mention of a demand for money or other concessions will also assist in determining the nature and extent of the risk, confirming the motive, credibility, capability, and likely intention of the perpetrator(s).
Add a note hereThe company may wish to review security arrangements of employees, consider withdrawal or relocation of those most at risk, and determine mitigation measures to enable business to continue. Options may include ignoring any demands, attempting to deflect the perpetrator(s) by entering a dialogue in order to cause a delay without actually dismissing the demand, and negotiating for local government or community support. Companies may also consider threatening to withdraw from operations in the area, thereby laying off the local workforce; this move might generate external resolutions, as a wider community is detrimentally affected. Law enforcement agency assistance may be sought, with the intention to plan an operation to arrest the perpetrator(s) during negotiations or a pretense of payment. Alternatively, modifications to operating procedures can be implemented to avoid or mitigate the risks. The IMP will assist local managers in gathering clear and detailed information as to the nature of the risk, enabling companies to quickly distinguish real from perceived risks posed by these threats, educate affected employees, as well as take remedial actions to protect staff and the business activity at risk.

Popular Posts