According to an article in the NY Times, the security employee monitoring the smoke alarm panel had only been on the job for three days. When the alarm came in the employee contacted a guard in the main church area and sent them to check the alarm. The guard responded back to the security employee that there was no indication of a fire. Unfortunately, it took approximately 30 minutes before they realized that the security employee had sent the guard to the wrong building – the fire alarm sensor was located in the attic area, above the main church. To get there the guard climbed 300 narrow steps but by then the fire was beyond controlling with a fire extinguisher. At that point the guard radioed the security employee to call the fire department.
Some interesting facts contained in the article: The “ponderous response plan” underestimated the speed with which the fire would spread in the attic area; To preserve the architecture, no sprinklers or fire walls had been installed; The security employee had not been replaced at the end of his eight-hour shift so was required to work a second shift; The control panel displayed a complicated string of letters and numbers – ZDA-110-3-15-1, that was code for a specific smoke detector among more than 160 individual detectors and manual alarms in the church.
Given the type and quantity of combustible materials in the upper portions of the church, the lack of sprinklers and fire walls, and the need for a person to physically respond in order to validate the alarm, any proper risk assessment should have concluded that the threat from fire was a high probability, high consequence event. The article did not indicate if or when the response plan was ever tested. Based on the events described in the article, my assumption is that it was not.
Many of my corporate and government clients work with classified information. The areas in which this work is accomplished prohibits the introduction of electronic items such as cellphones, laptops and smart watches. The question is how to store these items until they could be picked up by their owners upon leaving these secure areas. The most frequent solution was to install first-come/first-serve wall mounted lockers with key-operated locks. For larger facilities this could take up a significant amount of real estate. There are also several drawbacks to using this type of storage system. Individuals would lose their keys. Unfortunately, most of these locker installations were not master-keyed so someone from the security department would need to take time to pull a back-up key, assuming the individual could remember which locker they had stored their item in. There was also the need to make another backup copy of the key to replace the one that was lost. An additional problem that was encountered was that assigned personnel would simply keep the locker key so they would be assured of place to lock up their device when they arrived at work.
Yesterday I met with a client who appeared to have found a more suitable solution to this storage problem. They’re using a Robocrib TX750 industrial vending machine that works with their access control cards. You simply hold your access control badge up to the proximity reader on the front of the machine to initiate the process. You will be stepped through the process via a display screen at the front of the unit. It will prompt you to select the size of the device you want to store. After a moment the door will release and the sliders will open to reveal a space to insert your phone, laptop, etc. To retrieve the device simply hold your badge up to the reader. After a few seconds the door will release, the sliders will open and you can take your device.
This DHS video provides information to assist with mitigating the evolving threat corresponding to vehicle ramming incidents with insightful technical analysis from public and private sector subject matter experts. It leverages real-world events, and provides recommendations aimed at protecting organizations as well as individuals against a potential vehicle ramming incident.
On 21 November 2019, Haitao Xiang, previously employed by Monsanto and its subsidiary, The Climate Corporation, was indicted by a federal grand jury on charges of economic espionage and theft of trade secrets. One thing that the prosecution will need to prove at trial is that Monsanto and Climate Corporation employed reasonable precautionary measures to secure their trade secrets. Just marking it as a trade secret/proprietary information doesn’t make it so.
In a similar case, the United States v. Hanjuan Jin (2012), involving the theft of trade secrets from Motorola, the judge evaluated the physical security (access controls, alarms, security cameras and on-site security guards), network and computer measures (passwords, firewalls, and logon reminders), and administrative procedures (document markings, training programs, and confidentiality agreements) employed by Motorola to protect their trade secrets and determined that they met the threshold for reasonable precautionary measures. The implication is that if Motorola and The Climate Corporation had not enacted these “precautionary measures”, it may have been difficult for them to justify the claim that the material was indeed sensitive and that it’s loss caused significant damage.