Yearning to learn.
The 140 sessions were gleaned from 170 submissions received in response to the Third Annual Call for Papers. A fifteen-person Seminar Program Review Committee (recruited from among the ASIS membership) rated submissions individually on such qualities as the speaker's experience and the practical applicability of the topic. They met as a group in early March to finalize decisions. Eventually, presentations were selected from 52 individuals, 15 suppliers, and 73 committees or councils. According to ASIS staff members who coordinated the deliberations, submissions that favored innovative and fresh approaches to security-related topics received the highest ratings.
Topics were allotted time slots of sixty, seventy, or ninety minutes and placed into one of nine educational tracks. A new track, Personal Development, joined Crime and Loss Prevention, Crisis/Emergency Management, Information, Investigation, Legal Issues, Management, Personnel, and Physical Security as a focus for content.
The following highlights give an overview of a representative sample of each day's sessions.
A glowing report. Are nuclear facilities in the former Soviet Union properly protected? That question may be impossible to answer with any certainty, but Jim Mason is working to make them safer.
Mason, a security specialist with Argonne National Laboratory-West, gave an hour-long presentation titled "Nuclear Security in Former Soviet States." The fundamental-level session included a slide presentation in which Mason showed how American security experts are helping their former enemies enhance the protection of nuclear plants.
Mason discussed a recent trip he made to Latvia, where he conducted a security survey of a nuclear facility and found several problems. Months of work eventually led to a new access control system, metal detectors, and other improvements.
The 8 o'clock rule. One lesson Mason learned from his travels is that the former Soviet states have a different concept of security. In one case, he said, he asked a security officer about his facility's "use of force" policy, When the officer seemed confused, Mason asked him when he was permitted to use his gun. "Eight o'clock," the officer said; he had been instructed to shoot anyone who climbed the fence after 8 p.m.
Devious business. Information collection, whether competitive intelligence, industrial espionage, or economic espionage, is a dangerous and devious business, noted John A. Nolan III, CPP, in a session titled "Active Countermeasures Against Competitive Intelligence." One problem is that many companies don't know how to assess predators, identify and test their vulnerabilities, or prove to management that there is an information security problem. Nolan, principal of Phoenix Consulting Group of Huntsville, Alabama, explored some of the methods and processes his company uses to address these gaps.
The objective of threat assessment is to evaluate the level and nature of rivals' ability to collect the company's sensitive or proprietary information, Nolan said. One must first determine who are the company's direct competitors, indirect competitors (perhaps large companies in other fields looking to diversify), and emerging competitors (such as start-up companies).
Nolan walked through elements of threat assessment, including education through written materials or organizations (such as ASIS and the Society for Competitive Intelligence Professionals), liaison and coordination (such as finding out how other companies have been victimized), research and interviews, "nonbox" thinking, and replication of known or reasonably postulated approaches used by rivals. "Imitating your competition ... is the highest form of protection," he commented.
Smoking out vulnerabilities. Nolan then discussed ways of smoking out vulnerabilities within your own organization. Some of the methods discussed included identifying lead personalities, identifying their patterns, and then using their license plates to get a home address and phone number. The operative conducting the assessment could then try to get information out of the target, such as job description and salary, by conducting a bogus telephone survey. The next day, another operative could call the target's office posing as a headhunter, using information gleaned the day before to prompt the target. Nolan said that many professionals approached by headhunters eagerly sell themselves by offering information on current projects.
Other ploys include asking for bits of information via e-mail, reviewing corporate Web sites, conducting ruse interviews, and monitoring what employees say at trade shows and what rivals seem to be looking for. Nolan closed with a discussion of how to prove to management that information security should be a high priority.
Nolan also offered some Phoenix Consulting statistics on who targets whom for information collection. The company's data show that large companies are the biggest players in information collection, with most of their targets being "the incubators of technologies" - small to mid-sized companies. "They're looking for Steve Jobs and [Steve] Wozniak in the garage in Cupertino," he said.
Case in point. Attendees at another information protection session titled "Targeting Technology: Lessons from an Espionage Conviction" learned lessons from the case of Dr. Aluru J. Prasad, who was convicted in 1996 of stealing sensitive military information from defense contractors and research installations. Audience members were able to follow Prasad's thefts, detection, and eventual capture.
The session speakers - Stanton M. Felton of the FBI and Patrick H. Mahoney and Robert C. Seidel of MIT/Lincoln Lab - used facts and testimony from the trial to illustrate how security managers can protect themselves from would-be spies.
Robot report. The emerging role of robots in security was the focus of a session led by Celeste DeCorte. DeCorte described the types of robots now in frequent use in facilities control, including tele-operated robots that are remotely driven and can communicate over fiber optic cable or radio frequency and return video feed. In a warehouse environment, for example, they can be used not only as intrusion detectors but also to perform more mundane tasks such as detecting spills.
These robots run on tracks, but other types can operate under their own power - even climbing stairs. DeCorte provided the example of a stair-climbing robot that was used in a hostage situation to deliver a phone to the hostage taker. The robot frightened the man into negotiation.
Self-guided robots, DeCorte told listeners, come on three-, four-, or six-wheel drive varieties. She added that any building that is handicapped accessible is robot accessible.
DeCorte also discussed the U.S. Department of Defense's Mobile Deterrent and Response system. The program uses robots to provide security for warehouses and to perform inventory. As the robot passes by, it reads the item's inventory tags and compares the data with the data in its memory. The Defense Department reports a 40 percent savings over using soldiers to guard and inventory the warehouses.
Operation cooperation. As part of the first ASIS Law Enforcement Day, a special session, "Operation Cooperation, An Effective Private/Public Sector Tool," was presented on Wednesday. A panel of public law enforcement officers and private security practitioners discussed cooperation programs that are working in communities today.
For example, Sgt. Charles P. Duffy of the New York City Police Department (NYPD) reviewed the successes of the Area Police/Private Security Liaison (APPL), originally formed in 1986 in the Midtown Manhattan area. The group, now consisting of more than 1,000 members, meets with NYPD division commanders, precinct commanders, and other key law enforcement personnel to share information, identify and discuss crime trends and solutions, and work for public safety and asset protection. Information is also distributed via fax and Internet. Membership in APPL is open to security directors having an established proprietary or contractual security force within New York City.
Other programs highlighted included the Washington Law Enforcement Executive Forum, founded in 1980, with a mission of enhancing public and private sector cooperation by providing a forum for reviewing problems, developing strategies to combat them, and setting up attainable objectives.
Ethical dilemmas. Not all truths are self-evident. Take the case of the vice president whose company was secretly planning layoffs when his friend, a company manager who might have been let go, confided he was considering buying a bigger house.
Does the vice president break the company policy of keeping plans confidential in favor of his friendship? Should he ask that a little leeway be extended to allow him to tell his friend he was being considered for a layoff? Can he slip hints that the manager might not be making a sound financial decision?
This is just one of many ethical dilemmas faced by everyone in the corporate environment. Right and wrong is not always black and white, said Scott L. Martin, of McGraw-Hill/London House, during his Tuesday educational workshop, titled "Selecting and Developing Ethical Leaders."
Being ethical is "not just good for the conscience, but it's also good for the organization," Martin said. However, companies have tended to let policies and models for ethical behavior slip, because they want to show they have faith in their employees and because ethics is difficult to define and violations of it can be difficult to detect. Employees may assume that their behavior is of little consequence, and managers may be afraid to address issues of morality. Some simply don't see being ethical as a necessary element to attaining success.
Getting results. Managers ought to apply the same models to ethics as they do to other business practices. When goals are set, they should be reached. If they are, the individuals who do so should be rewarded; if they aren't, persons failing to meet the goal should be punished.
Managers also need a clear understanding of what factors play into the making of ethically questionable decisions by employees, and then they need to start setting ethical expectations as early as the recruitment stage.
"Sometimes, you get what you ask for," said Martin, adding that he's often looked through the classifieds and rarely has he seen mention of ethics as a requirement for the job.
On the job, companies should provide mentoring, make expectations clear, and provide managers who are models of desired behavior. Companies should even go as far as creating ethics training manuals.
"The premise here is that there is generally a big difference between what we say and what we do," Martin says. "But managers have to understand that how you get results is just as important as the results."
Interactive information. "The Internet is going to put the library we know of today out of business," predicted Ron Lander, CPP, in a session he copresented with David R. Green, CPP, called "The Security Professional in Cyberspace." The session guided security professionals on the rudiments of the Internet and how the worldwide network could benefit them.
After describing the Internet and summarizing its history, Lander turned the "interactive discussion" over to specific resources for security professionals. For example, he noted that more police departments are putting crime statistics on the Internet. He also pointed users to www.merlindata.com, a free service that searches UCC (Uniform Commercial Code) and civil filings. Legislation is also widely available online, he said.
A main benefit of interconnectivity is the opportunity for quick communications with peers, Lander said. But he warned that the technology "is not a panacea."
Lander then summarized risks on the I-Way, including hacker attacks, sniffing, credit card number compromise, and viruses. Still, he stressed that the arguments for going online are compelling, given the changing nature of business, the ease of navigation, and the ubiquity of computers.
A real blast. How well prepared is your company for the very real prospect of a bomb threat? A soon-to-be released bomb threat training simulator prepared at the University of Houston may make that question easier to answer.
Christopher Chung, a professor in industrial engineering at the University of Houston, walked attendees through a multimedia software program designed to improve employees' ability to respond to bomb threats at an office complex, a clinic, and a school. Chung noted that scenarios involving an airport and a petroleum company may soon be added.
In the simulation shown by Chung, which took place in an office environment, the user received a bomb threat by telephone. Chung directed the user to ask the caller such questions as when the bomb was due to explode and where it was planted.
After receiving the threat, the user can then choose to ignore the call, evacuate the building, search for a device, or both search and evacuate. Chung then showed how to evacuate the office and search for a secondary device that might be hidden where workers assemble during an evacuation. At the end of the simulation, the program evaluated the user's performance.
Running on Windows 95 and Windows NT, the software was designed to alleviate problems with conventional bomb threat training, such as excessive time and cost. Chung said that the program can enhance existing bomb threat classroom instruction or serve as a means of self-study for law enforcement officers. He also pointed out a study he conducted showing that this teaching tool has a statistically significant effect if done in combination with conventional training.
The simulator was due to be submitted to the National Institute of Justice, which funded the project, by the end of last September. Chung said the program will eventually be available at a nominal cost to the public through law enforcement agencies.
Comedy of errors. Funny you should mention CCTV. By combining comedic witticism with information on industry innovations and trends, Charlie Pierce's educational workshop, titled "Getting the Biggest Bang for Your Buck with CCTV," left audience members rolling with laughter but also equipped with knowledge on how system integration for security can affect a company's bottom line.
The trend, he said, has seen camera providers cash in on their clients' CCTV ignorance. For example, many CCTV suppliers have simply come in and asked where a company wants the camera, supplied it, and installed it, and that's it. Pierce says that's allowing the wrong people to "design" the system.
"By themselves, cameras are very expensive toys," he says. "Integrated properly, they are very inexpensive tools."
He said that companies need to understand that cameras provide visual information both about something that is happening and about something that has happened. Knowing how the court will view material presented can help determine what specifications the system should have, particularly in cases where holdups or workplace violence is a threat.
In the blink of an eye. In an amusing performance, Pierce demonstrated how real-time and time-lapse cameras operate differently. Using a $100 bill posted on the dais, he had audience members act like time-lapse cameras by closing their eyes and blinking quickly every two seconds to simulate how those cameras save tape by taking a picture of a scene every two seconds. He snapped his fingers to indicate when to blink. Each time he snapped, he appeared closer (in some wacky pose) to the bill, and by the time the activity had concluded, the bill was gone.
But nobody saw him take it.
"You saw me enter the room," he says. "You see that I have access to it [the bill], but you didn't see me take it. That won't hold up in a court of law. You can't convict me on that, and if you tried, I'd own you in the morning."
In other instances, cameras are often set in places that look exactly alike and the only thing that distinguishes the two sites are character generators, or digital signs generated on the camera, which can be manipulated. He recommended putting something in each place to distinguish it, such as a heavy potted plant that can't be easily moved, or by imprinting the location's name on a wall.
Pierce recommended that security experts take a close look at what changes could be made to enhance security without installing expensive hardware, like educating employees or adding a door lock. He also recommended combining all or most security equipment into one system so that the security director only has to go to one source to handle integration issues.
In the long term, he says, companies in the CCTV market will make "big bucks" by paying careful attention to current laws and trends surrounding CCTV systems. And everyone will benefit by dropping the old attitude that a camera here and there will fill a security gap.
Detecting dependency. Drug abuse in the workplace costs U.S. companies more than $120 billion each year, according to Gregory J. Halvacs of PFS Worldwide, who gave a session on drug testing methods. He also noted that 30 percent of all full-time employees abuse drugs, 35 million Americans are addicted to prescription drugs, and 65 percent of on-the-job accidents are drug-related. Though abuse is high, continued Halvacs, only approximately 4 percent of drug abusers are caught.
Halvacs presented this information in his session, titled "Psychological Versus Medical Approaches to Workplace Drug Testing," with John W. Jones of NCS/London House. Halvacs and Jones focused on a pilot program initiated by Pepsico - Halvacs' former employer - that combined traditional urinalysis with psychological testing designed to weed out drug users.
Given the overall statistics about drug use, Pepsico managers were concerned that drug users were abstaining for several weeks, passing a preemployment drug test, and then continuing their drug habits. However, testing all employees regularly was an expensive option. Halvacs wondered whether a written psychological test could point the finger at potential drug abusers.
Pepsico started the program by giving all prospective employees a thirty-question survey during the application process. The potential employees were still tested using urinalysis. The survey was not scored until after the person was hired. Urinalysis was still used to test employees that were involved in workplace accidents.
After testing 9,000 employees over a year, Halvacs determined that a test that measures attitude and personality traits could help a manager make better hiring decisions. However, Jones cautioned, employers must be wary of federal employment guidelines such as those presented by the Americans with Disabilities Act and the Equal Employment Opportunity Commission.
The session, which was categorized as "Intermediate," was sponsored by the ASIS Standing Committee on Workplace Substance Abuse and Illicit Drug Activity.
A step ahead. "In premises liability cases, the plaintiffs have the upper hand," advised Alan Kaminsky of Wilson, Elser, Moskowitz, and Edelman. In an intermediate session, titled "How to Stay One Step Ahead of Plaintiffs in a Security Lawsuit," Kaminsky and his coworker David Weinstein discussed why plaintiffs have an advantage over property owners and how security professionals can reverse the trend.
According to Kaminsky, plaintiffs often have the advantage in premises liability cases because they are sympathetic and may have horrific injuries. At the same time, security is just as likely to be unsympathetic. But the greatest advantage, said Kaminsky, is the advantage of time.
"Some lawsuits are filed two years after the fact," he said. While the plaintiffs are ready to go to court, the defense may be trying to locate the original incident report.
To better prepare, property owners should be familiar with the types of lawsuits generally filed and the legal principles that govern premises liability. Kaminsky discussed the theories of superior, negligent hiring, third party beneficiary, and inadequate security. He also covered important premises liability verdicts that have an impact on current case law.
Special delivery, U.S. Postal workers Christopher Guisti, CPP, and Shawn M. O'Hara, CPP, led a Wednesday morning session titled "Mail Center Security and Awareness." The pair gave a detailed presentation covering issues such as personnel security, access control, handling registered mail, company funds, postage meters, and mail bomb screening and detection.
One focus of the session was mail center design. Mail centers should be physically designed to prevent theft, according to Guisti. Features such as open spaces, one-way glass, CCTV surveillance, or elevated supervisor stations can be effective uses of layout.
To help attendees take a little security home with them, the presenters offered a mail center security checklist as a handout. Using the checklist, security managers can be sure to double-check everything from alarm equipment to employee parking.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||ASIS 43rd Annual Seminar and Exhibits; 43rd annual American Society for Industrial Security meeting in St. Louis, MO|
|Date:||Dec 1, 1997|
|Previous Article:||Bright beginnings.|
|Next Article:||Workshop workout.|
|A challenge well met.|
|Spirit of St. Louis.|
|Making the connection.|
|Workshops western style.|
|Touching base informally.|