Environmental Security

December is National Critical Infrastructure Protection Month

December 9, 2011 By Continuity_Compliance Leave a Comment

Photo courtesy of DHS

Just a reminder — the month of December is recognized in the U.S. as “National Critical Infrastructure Protection Month”.

For those readers who are not quite sure of the significance of this declaration, or how it relates to them in their place of work, their community or where they live, it would be helpful to read the information on the Department of Homeland Security’s (DHS) website to learn exactly what critical infrastructure is, what each of us can do to assist its protection as a shared responsibility, and, finally which industry sectors are most directly affected by this effort.

A quick summary of some of that information is:

Definition of Critical Infrastructure: “… a summation of all the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.”
Why is Critical Infrastructure Important?
1. Attacks on critical infrastructure could significantly disrupt the functioning of government and business alike and produce cascading effects far beyond the targeted sector and physical location of the incident.
2. Direct terrorist attacks and natural, manmade, or technological hazards could produce catastrophic losses in terms of human casualties, property destruction, and economic effects, as well as profound damage to public morale and confidence.
3. Attacks using components of the nation’s critical infrastructure as weapons of mass destruction could have even more devastating physical and psychological consequences, and
What are the critical infrastructure sectors of the U.S. (in alphabetical order with links attached to provide more details and information)?

a. Agriculture and Food

b. Banking and Finance

c. Chemical

d. Commercial Facilities

e. Communications

f. Critical Manufacturing

g. Dams

h. Defense Industrial Base

i. Emergency Services

j. Energy

k. Government Facilities

l. Healthcare and Public Health

m. Information Technology

n. National Monuments and Icons

o. Nuclear Reactors, Materials and Waste

p. Postal and Shipping

q. Transportation Systems

r. Water

As just this short summary above indicates, this listing of industry sectors surely includes almost every aspect of commercial, industrial and community dynamics important to each and every U.S. citizen.

To protect these sectors we must also recognize that an informed and engaged public is another important line of defense to build resilient communities.

The “If You See Something, Say Something™” campaign continues to educate the American public on the behaviors and indicators of suspicious activity and encourages all Americans to be vigilant and to report suspicious activity to local law enforcement – all certainly in support of this National Critical Infrastructure Protection Month.

Click here for more details and information.

If you found this information valuable, please pass it along to those business continuity, risk management, disaster preparedness or community first responder teams where you work and where you live.

Filed Under: Cybersecurity, Environmental Security, Information Security, Risk Management Tagged With: Agriculture and Food, assets, Banking and Finance, Business Continuity, Chemical, Commercial Facilities, communications, critical infrastructure, critical manufacturing, dams, defense industrial base, Department of Homeland Security, DHS, disaster preparedness, economic effects, emergency services, energy, first responder, government facilities, healthcare and public health, human casualities, incident, information technology, mass destruction, National Critical Infrastructure Protection Month, national economic security, National Monuments, networks, nuclear materials, nuclear reactors, nuclear waste, public health, resilient, resilient communities, risk management, Safety, Security, systems, targeted sector, transportation systems, water

DHS Terrorism and Response to Terrorism Review Report 2011 Now Available

September 20, 2011 By Continuity_Compliance Leave a Comment

As a continuation of this website’s support for this year’s National Preparedness Month 2011, and for many of our readers who participate on committees delegated to promote policies and a better understanding of the origins, dynamics, and social and psychological impacts of terrorism, our staff would like to present for review some of the recent output from the National Consortium for the Study of Terrorism and Responses to Terrorism (START).

As you will notice on their website, START is actually a U.S. Department of Homeland Security Center of Excellence based at the University of Maryland and is a great resource made available to everyone for both reference and for keeping on top of current developments in the area of terrorism and how to best respond to those terrorist activities.

Recently START released its 2011 Research Review report which does a good job in trying to summarize, analyze and explain a range of topics relevant to current terrorism and counterterrorism issues and summarizes research projects completed by START investigators and research writers, who offer in this report, a quick summary of the project findings discovered in each of their reports.

The 10 featured research projects in the 2011 Research Review include:

“Terrorism vs. Protest: Stimulating Individual Decision-making via Online Experiments”- Anthony Lemieux and Victor Asal
“Trajectories of Terror: Islamic Radicalization in North America”- Gary Ackerman and John Sawyer
“Jokers Wild: Understanding the Influence of Service Provision on Popular Support for and Participation in Violent Political Groups”- Shawn Flanigan
“IED I.D.- Understanding Terrorist Bomb Attacks and Improvised Explosive Device Usage”- Margaret Wilson, Gary LaFree and Richard Legault
“Wicked Web: Social Network Analysis for Combating Islamic and Arab Terrorist Networks”- Victor Asal and R. Karl Rethemeyer
“Cause and Effect: Terrorism and Counterterrorism in Israel and Palestinian Territories”- Arie Kruglanski, Laura Dugan and Erica Chenoweth
“Against the Clock: Measuring Intervention Success in Terrorist Activity”- Kelly Damphousse, Bent Smith and Summer Jackson
“Terror’s Legacy: Quantitative Index of the Public Health Impacts of Terrorism”- Kathleen Sherrieb and Fran Norris
“The Missing Piece: Citizen Engagement in Public Health Planning”- Monica Schoch-Spana
“Clear, Calm, Collected: Communicating Effectively During Times of Threat”- Elaine Vaughan, Hamilton Bean, Kathleen Smarick and Dennis Mileti

Click here to read an online version of this report.

In addition, START has made available another report titled “Background Report, 9/11 Ten Years Later” — Click here to read this report.

This information is a great reference resource, not to ignored, and certainly one that comes to mind in this year’s NPM 2011 theme….”A Time to Remember, A Time to Prepare”.

If applicable, please pass this information on to those business continuity, crisis management and disaster preparedness team members in your organization as well as to those local community team members who may need updated information for their counter terrorism strategies.

Photo courtesy of blog.chron.com

Filed Under: Business Continuity Info, Environmental Security, Physical Security, Risk Management, Safety Tagged With: Business Continuity, counter terrorism, crisis management, Department of Homeland Security, DHS, disaster preparedness, National Consortium for the Study of Terrorism and Responses to Terrorism, National Preparedness Month 2011, NPM 2011, START, terrorism, terrorist activites

ASIS 2011 — Expanded Educational Offerings

July 15, 2011 By Continuity_Compliance Leave a Comment

As this year’s ASIS 2011 Conference comes closer, and if your career path is related to the security industry, then you should consider attending this conference.

To that point, security practitioners from across the industry will find some exciting new offerings at the ASIS International 57^th Annual Seminar and Exhibits (ASIS 2011) in Orlando, Fla., Sept. 19-22. New partnerships with (ISC)² (“ISC-squared”) and PSA Security Network among others, broaden the scope of the educational program and open valuable new networking opportunities. In total, this year’s Seminar will offer attendees more than 180 educational sessions across 18 tracks.

Read more about these expanded educational developments, and click here if you would like to download a pdf version of the just released Seminar Overview Brochure.

To get more details and information, and to register your attendance at the conference, click here.

If applicable, please pass this information along to those physical and information security team members in your organization.

Filed Under: Cybersecurity, Environmental Security, Executive Protection, Information Security, Physical Security, Safety Tagged With: ASIS 2011, Information Security, Physical Security, Security, security practitioner

New Security Survey Indicates Increased Executive Interest in 2011

May 10, 2011 By Continuity_Compliance 4 Comments

In the 2011 Strategic Security Survey conducted by Information Week (IW) — findings seem to indicate that businesses are finally starting to understand that when it comes to security, everyone needs to pay attention. To that point, an article written by Michael Davis, IW contributing writer, does a fine job in citing particular findings to support that increased interest in security by C-level managemers.

As Mr. Davis points out, the survey also addresses a common complaint from security pros — i.e. top executives don’t consider security a priority. As one survey respondent comments, ” Upper management rarely considers the value of security — until an attack or breach occurs“. Survey results, however, seem to point to an encouraging movement around both levels of management buy-in and levels of adequate funding — long regarding as additional problems often facing security pros. And, as an answer to those concerns, the survey indicates that when asked what might increase their company’s vulnerability to attack, the number of respondents citing “budget constraints” fell by eight (8) percentage points compared to 2010.

Other survey results also seem to be very promising. For instance, both the CEO/owner and CFO are now showing an increased interest (involvement?) in security policy decisions as well as in levels of security $$ spending. In 2010, only 27% of CEO’s and presidents were said to be involved in security policy decisions; in 2011, it jumped to 34%. In 2010, 46% of CEO’s and presidents were said to be involved in security spending descisions; in 2011, it jumped to 52%. As for CFO’s , 56% are involved with security spending, according to the IW 2011 survey, up from 52% in 2010.

If security related issues are a major cocern or topic for discussion of your risk management or business continuity planning teams, then please recommend them to read more about the results of this strategic security survey.

Photo courtesy of blog.cenzic.com

Filed Under: Business Continuity Info, Cybersecurity, Environmental Security, Information Security, Physical Security, Security Tagged With: breach, business continuity planning, risk management, Security, security policy, security pros

Hurricane Probability Tools Now Available for BC/DR Planning Toolkits

May 6, 2011 By Continuity_Compliance Leave a Comment

If your organization resides any of its entities in hurricane prone locations in the United States, Caribbean or Central America, the your business continuity, disaster preparedness and recovery and crisis management teams need to add take notice of the following website links listed below.

United States Landfalling Hurricane Probability Project:

Interactive Landfall Probability Display
The user selects a county, and landfall probabilities based on CSU’s Tropical Meteorology Project’s 2011 tropical cyclone forecast are presented. The numbers in parentheses are the climatological averages based on landfalling tropical cyclones in HURDAT.

Landfall Probability Table
A Microsoft Excel table displaying all landfall probability calculations.

State Landfall Probability Table
A Microsoft Excel table displaying all landfall probability calculations for each of the coastal states.

Region Map
Map of the eleven regions for which landfall probabilities have been created.

Methodology Documentation
A Microsoft Word document describing how the landfall probabilities were calculated.

Caribbean and Central America Landfalling Hurricane Probability Project :

Landfall Probability Table
A Microsoft Excel table displaying all landfall probability calculations.

Methodology Documentation
A Microsoft Word document describing how the landfall probabilities were calculated.

If and where applicable, these important landfall probability calculations and forecasting tools are important early disaster preparedness and business continuity planning components not to be ignored.

If any of our readers have additional information to share, please do so in our comments section below.

Thank you.

Photo courtesy of gomexico.about.com

Filed Under: Environmental Security, PS-Prep Program, Safety, Security Tagged With: Business Continuity, crisis management, disaster preparedness, disaster recovery, HURDAT

Hurricane Probability Planning Tool Now Available for BC/DR Planning Toolkits

April 5, 2011 By Continuity_Compliance 1 Comment

United States Landfalling Hurricane Probability Project

Interactive Landfall Probability Display
The user selects a county, and landfall probabilities based on CSU’s Tropical Meteorology Project’s 2011 tropical cyclone forecast are presented. The numbers in parentheses are the climatological averages based on landfalling tropical cyclones in HURDAT.
Landfall Probability Table
A Microsoft Excel table displaying all landfall probability calculations
State Landfall Probability Table
A Microsoft Excel table displaying all landfall probability calculations for each of the coastal states.
Region Map
Map of the eleven regions for which landfall probabilities have been created
Methodology Documentation
A Microsoft Word document describing how the landfall probabilities were calculated.

Caribbean and Central America Landfalling Hurricane Probability Project

Landfall Probability Table
A Microsoft Excel table displaying all landfall probability calculations
Methodology Documentation
A Microsoft Word document describing how the landfall probabilities were calculated.

If any of our readers have additional information to share, please do so in our comments section below.

Thank you.

Photo courtesy of eci.com

Filed Under: Business Continuity Info, Environmental Security, Organizational Resiliency, PS-Prep Program, Security Tagged With: Business Continuity, business continuity planning, crisis management, CSU Tropical Meterology Project 2011, disaster preparedness, disaster recovery, HURDAT, landfall probability, landfall probability table, Security

Energy Preparedness Strategies Go Beyond Nuclear Reactor Sources of Energy

April 4, 2011 By Continuity_Compliance Leave a Comment

In a recent article written by Deborah P. Scanlon, Chairman of the Board of Chosen Freeholders in Union County, New Jersey and posted on the myCentralJersey.com website, our attention is drawn to the urgency for better preparedness when faced with a disaster the likes of which have impacted Japan since March 11^th. The unique twist of Ms. Scanlon’s article goes beyond just the nuclear reactor sources of energy issue and addresses an urgent need to plan for a future in which energy provides us with the power to respond quickly and effectively to disasters — instead of creating the potential to make a terrible situation even worse.

In the interests of long-term security concerns, Union County has already begun its transition to lower-risk sources of energy options, and, perhaps this activity can spur many other local communities and organizations to plan accordingly and use these Union County activities as a benchmark for planning future energy strategies for other — regional and national scope — requirements.

Union County’s coastline is packed with fuel and chemical facilities. Union County is an international transportation hub with a major seaport, airports, and vital interstate roadways, and is also one one of the most densely populated counties in the most densely populated state in America. Fortunately, there is no comparative seismic activity level to match that of Japan present in Union County — however, that does not allow any less level of urgency for emergency management planning teams in that area.

Click here to read more about potential energy management decisions you, your organization, or your community may consider by learning from the actions taken by Union County – bottom line — we all face the need to act now in securing a better energy future for ourselves, our companies, our communities, and our nation.

If applicable, please pass this information along to those disaster preparedness, crisis management and business continuity team members in your organization. If part of a private sector initiative to promote a better energy preparedness level, also then pass this information along to those PS-Prep strategy planning teams as well.

Photo courtesy of yuasanta7.blog.so-net.ne.jp

Filed Under: Business Continuity Info, Environmental Security, PS-Prep Program Tagged With: Business Continuity, disaster preparedness, emergency management, energy management, energy preparedness, nuclear reactor, preparedness, private sector, PS-Prep strategy planning, Security

e-Discovery Nightmare Continues for BP

June 9, 2010 By Continuity_Compliance Leave a Comment

Photo courtesy of blog.advancediscovery.com

On May 24^th this website posted an article entitled “e-Discovery Preparedness — Next BP Test of Readiness“ under our Regulatory Compliance category , and, as further follow-up to the largest U.S. oil spill incident encountered to date, we would like to turn the attention of our readers to a recent article written by Amy Miller, entitled, ““To preserve and collect” – BP oil spill a discovery nightmare for lawyers.”

The reason we chose this article and the reason we are tracking the e-Discovery activities related to the BP oil spill disaster is that many of our readers have concerns over e-Discovery and the potential requirements that may be affecting their own organizations as more case history is developed in this area of potential corporate risk litigation rulings. We believe this article presents many of the underlying issues surrounding the legal discovery and legal hold requirements and thus is a good learning curve read related to e-Discovery.

We certainly agree with those potential concerns and believe that by keeping on top of the e-Discovery related developments and requirements of BP and any other companies involved in the Deepwater Horizon disaster, we will be offering our readers a case study for others to follow and hopefully gain knowledge that could be transferred directly to risk management, information security, compliance risk and compliance audit team members in their organizations. This information should also help the writing of compliance plans, contingency plans, information security assessment processes, and information security policies in general.

Click here to read more about this important e-Discovery topic.

Filed Under: Environmental Security, Regulatory Compliance, Risk Management Tagged With: BP oil spill, compliance audit, compliance plans, compliance risk, contingency plans, corporate risk, Deepwater Horizon disaster, e-Discovery, e-discovery preparedness, Information Security, information security assessment, information security policies, legal discovery, legal hold, readiness, Regulatory Compliance, risk management

New Survey Results Claim Security Expertise Not Enough for Successful ESRM

April 14, 2010 By Continuity_Compliance Leave a Comment

In April, the CSO Roundtable of ASIS International released the results of a comprehensive survey of its members and of the ASIS membership. The survey was meant to demonstrate some level of understanding that the security industry has concerning the adoption of an “Enterprise Security Risk Management” (ESRM) methodology.

The survey, conducted in the fall of 2009, asked for information regarding at least the following areas:

What risks were the most challenging?
Where do organizational support for ESRM initiatives came from?
Which business elements of an organization were included in ESRM?
What was security’s role in the ESRM process?
Who has ultimate responsibility for risk in the organization?

More than 80 Chief Security Officers, and more than 200 other ASIS members from around the world, responded to the survey.

One of the major findings from the survey was best expressed by Timothy L.Williams, CPP, Dir of Global Security for Caterpillar, and a member of the CSO Roundtable Advisory Board, when he stated, “We learned that traditional security issues are rarely the ones that keep security professionals awake at night; instead, risks such as database theft, network failure and economic problems are top concerns. We discovered that most CSOs and, indeed, nearly half of non-CSOs, are already deeply involved with evaluating and mitigating non-security risks in their organizations.”

Another survey result claims that CSOs reported the greatest non-security risk they face is the downturn of the economy, followed by business issues such as competition and regulatory pressures. More than half of the CSOs surveyed said they and their security departments were involved in researching, prioritizing, mitigating or evaluating these non-security risks.

Additionally, survey results also indicated that the vast majority of security professionals believe that excellent business management, leadership and communication skills—not security expertise—are the traits that will lead to success in ESRM.

If any of these questions listed above or results stated above appear to reflect similar behaviors in your organization or even a basis for how security standards are established in your organization, then please pass this information along to those internal information security and risk management team members or perhaps, outside security consultants, who are responsible for establishing and maintaining a level of enterprise security risk management most appropriate to your organization.

Click here to read the full report.

Filed Under: Cybersecurity, Environmental Security, Information Security, Physical Security Tagged With: enterprise security risk management, ESRM, Information Security, risk management, Security, security consultant, security standards

Institute of Environmental Security Announces Climate Change Impact Warning

November 3, 2009 By Continuity_Compliance 1 Comment

In a recent press release from the IES, military experts from five continents announce a warning of the impact of climate change on security. The statement, presented at a meeting on October 29, 2009 at Brookings in Washington, and issued simultaneously in Brussels, Dhaka, Georgetown, London, New Delhi and The Hague, says that “incremental, and at times, abrupt climate change is resulting in an unprecendented scale of human misery, loss of biodiversity and damage to infrastructure with consequential security implications that need to be addressed urgently.” To read the entire press release, click here.

The Institute for Environmental Security (IES) is an international non-profit non-governmental organisation established in 2002 in The Hague, with representatives in Brussels, London, Beirut, California, New York, Toronto and Washington, DC.

This “knowledge and action network” was set up to increase political attention to environmental security as a means to help prevent conflict, instability and unrest.

IES Mission

The Institute’s mission is: “To advance global environmental security by promoting the maintenance of the regenerative capacity of life-supporting eco-systems.”

Its multidisciplinary approach integrates the fields of science, diplomacy, law, finance and education. Activities are designed to provide policy-makers with a methodology to tackle environmental security risks in time, in order to safeguard essential conditions for peace and sustainable development.

The relation between the environment and the security of humans and nature has been the subject of much research in recent decades, and is now becoming an important focus of international environmental policy. Click here to read a 2-page overview on environmental security written by Michael Renner.

The following publication by the Institute is also recommended environmental compliance reading for any organization facing environmental security issues – Introduction to the Concepts of Environmental Security and Environmental Conflict.

Filed Under: Environmental Security Tagged With: climate change, environmental compliance, Environmental Security