Introduction: why Behaviour Detection?
The concept of behaviour detection, or Behaviour Risk Assessment, as a method of detecting suspicious individuals continues to occupy the headlines. As a recognized layer of security screening that has been successfully deployed in Israel and other countries, it is part of considerable efforts worldwide focusing on reforming the existing legacy approach to security into a more risk-based system (read about Focus on Intent).
In recent years, two international bodies, IATA and ICAO, have been leading the way by advocating a transition from the current “one-size-fits-all model” of security to a model where passengers are screened based on established or perceived levels of risk. As part of a risk-based model, all passengers would be divided into Low, High, Unknown groups according to information available about them to security personnel in advance (e.g. Passenger Name Record) and identification of any suspicious indicators in real time. Various countries, such as the US, Canada, UK, France and Australia have been studying the subject very closely including in pilot projects and research studies to determine best practices and/or validate the approach.
Does the Private Security Industry need a Standard to improve their security service performance and demonstrate good management practices? If you, like us, think that the security industry should become more professional then who or what organization would develop such a Standard and how far would its tentacles reach?
For the last several years ASIS International and ANSI (American National Standard Institute) have been debating this issue with subject matter experts from all over the world based on numerous difficulties and complaints in the private security industry related to costs, poor management, and human rights and freedom violations.
The result – ANSI / ASIS PSC.1-2012 “Management System for Quality of Private Security Operations – Requirements with Guidance” was developed and approved by the American National Standard. Our Senior Associate, Peter Stewart, has combed through the draft standard documents for your benefit.
CHI Security has been invited to participate in the international symposium on "Airport Security: Design, Governance, Performance, Financing and Policy" which will take place in Toronto in May 2014. Bringing together up to 50 top experts from government, corporate and academic spheres worldwide, the purpose of the symposium is to evaluate challenges and best practices in the current aviation security system.
Michael Berk, CHI Security's Director, has joined the Executive Advisory Board to assist with developing the symposium's agenda and will be presenting at the 'Layered Screening and Preemption in Airport Security' panel session.
A feature article in the September 2013 issue of "Passenger Terminal World" is dedicated to the coverage of Behaviour Detection as one of the risk-based screening methods applied in modern mass transit (e.g. airports) settings.
CHI Security's Michael Berk was interviewed by this leading industry magazine to provide insights into this highly specialized trade. Read the feature article here on-line or in the digital format here
(see page 18).
Note: the authors have incorrectly associated the Passenger Behaviour Observation pilot program with Transport Canada, as oppose to the Canadian Air Transport Security Authority. We asked them to update this (as well as the full name of our company) but the issue went to print already...
We live in exciting times. Those who can see or feel subtle changes in the matrix of our socio-economic system will understand what we mean. While some of these changes may be positive or negative, depending on where one stands, paradigm shifts take place everywhere. When observed in the ossified system that is Security -- a slow, legacy-based, mostly reactive and heavily tech-equipped giant -- the signs of changes coming present new and interesting opportunities. One of the fundamental changes we observe is the shifting of focus towards 'Intent' in security operations. Focusing on those who have the motivation, intent and capabilities to execute an attack makes security more proactive, risk-based and agile.
According to CBC and other sources, VIA Rail is considering to beef up its security procedures in light of the alleged terrorist plot to derail a train on New York to Toronto route. Among the possible security measures under consideration are greater scrutiny of checked luggage, use of sniffer dogs, mandatory ID checks and luggage reconciliation. Among other measures already in place, VIA Rail spokesperson mentioned that VIA employees have been trained in observing suspicious body language. Some pundits were quick to describe these measures as 'aviation security style' screening which will render traveling by train in Canada a lot less pleasant. We believe this won't be the case.
In our opinion, the addition of more serious security measures to Canadian rail cargo and passenger transportation has been long overdue. Rail infrastructure and communications constitute an integral part of the national critical infrastructure. A recent event at Lac-Megantic, QC has provided vivid images of what could occur in an urban area if an attack involving a heavy load of explosives is executed. In the current evolving threat environment the addition of sensible and scalable risk-based security measures makes a lot of sense.
Today's news are filled with articles citing another GAO report issued yesterday and entitled "TSA Could Strengthen Oversight of Allegations of Employee Misconduct".
Apparently the rate of complaints against TSA screening officers have increased by 26% in the past three years. The report said 3,408 misconduct allegations were filed against TSA workers last year, up from 2,691 in 2010. Many of the charges for screening and security-related incidents pertain to violating standard operating procedures, including not conducting security or equipment checks, and allowing patrons or baggage to bypass screening.
While the increase in allegations (if they're based on true foundations) is lamentable, with over 1.6 million of screened passengers per day and over 56,000 Transportation Security Officers involved, the numbers cited must be taken in a proper context.
Let us begin by defining what this means in the world of security operations. In our practice, it is the process of observing someone's behaviour and analyzing it for indicators of adversarial modes of operations.
In addition, especially trained officers would look at appearance, accompanying people, documents (if possible), verbal and other non-verbal cues, and conduct a security-driven interview (if allowed by regulations). All of the information thus assembled in a course of 5 sec to 1:30 min is analyzed relative to the operational environment or context in which the process is occurring. In the end, a qualified security officer will reach a simple decision: threat or no threat. Wait, you can ask, where does the racial / ethnic / religious profiling come into play? It does not.
Just came across an article in LA Times entitled "Randomizers' could ward off airport profiling accusations" stating that one of the reasons for deploying them "is so TSA officers can't be accused of profiling passengers when they direct some fliers to a line for regular screening and others to a line for a faster, less-intrusive search". This is peculiar, I thought.
In our practice, we often encounter situations when clients ask questions about measuring 'security value' or whether this or that security solution works. How does one evaluate the effectiveness and efficiency of security operations? How does one determine which solutions to choose from?
In our answers, or when we design and implement security solutions, we base our approach on the Outcome-Based model -- almost everything can be supported by data or evidence if you know what questions to ask and how to engineer performance measurements.
In a rapidly changing operational environment when new threats emerge on a regular basis, the existing prescriptive models can no longer provide the expected security answers. In an outcome-based approach to security, while the established objectives remain the same a security program has enough flexibility and adaptability to deal with most of emerging challenges.
CHI Security Senior Associate, Peter Stewart, has prepared a short overview of what an Outcome-Based Approach is all about (see pdf below). Feel free to contact us if you have more questions.
CHI Security team includes professionals with diverse backgrounds and experiences. In this blog we share our musings on how to build a resilient security force. Hardware comes later...