Aligning with the ‘First Principles of Security’

Paul Mason, Founder and Director, Redline Assured Security discusses the methodology for effective threat detection and risk mitigation.

As the threat landscape continues to evolve, security training and provision continues to advance, most notably in the aviation industry, where investment to improve threat identification and risk mitigation, such as the implementation of Computed Tomography (CT) x-ray scanners within mandated frameworks, have resulted in a progressively proactive risk reduction.

Whilst not eliminating all threats to the sector, these mitigation measures have led to threats migrating into new sectors, including public spaces where high population density is commonplace and predictable.

Major events, venues, rail infrastructure or even popular tourist spots are increasingly at risk, evidenced by the rise in attacks on public places over the past ten years and the consistency of attacks on crowded spaces.

This shift calls for more pre-emptive, effective systems and methodologies that can detect threats and mitigate risk in a diverse set of environments.

What that looks like in terms of training solutions varies by sector, organisation and location, however, there is an overarching pre-requisite to adhere to by applying the First Principles of Security.

The First Principles of Security follows a descending order of actions to implement when carrying out security provision in the face of an attack. They are measures working in isolation or unison, using layers of security to prevent attacks.

  1. DETER – Measures employed that deter the threat from carrying out the attack in the first place
  2. DETECT – Measures to detect threat, critical where deterrent offers no defence, be that through behavioural detection, threat image recognition or other mitigation measures
  3. DENY – Robust security, credible and capable mitigations in areas such as access control, search and screening to deny the threat achieving its objective
  4. DELAY – A range of security solutions utilised in combination or isolation to delay an attack, such as parking controls, road blockers and queue management
  5. DEFEND – The final and innermost ring of security, which usually involves security teams or the police apprehending the intruder or providing last minute intervention

The ultimate aim of the First Principles of Security is for a situation to never escalate beyond the first stage of ‘Deter’.

However, recognising that this isn’t possible in every scenario, by embedding this set of principles into security systems from the outset ensures, firstly, any plausible threat scenario has its appropriate mitigation, whether it be Threat Image Recognition Training (TIRT) or traditional vehicle, body or bag searches, and secondly, officers will have sharper awareness of what is required of them in order to protect the public to the best of their abilities, based on the situation at hand.

In an ideal world, security systems would be to such a standard that the terrorist or criminal recognises it would be futile to attempt carrying out an attack and is therefore deterred from the outset.

However, there are challenges facing the security sector, particularly outside of aviation, that diminishes the deterrent element, leaving more locations at risk of having to detect threats once the attack has commenced, placing more importance on swift detection ability and decisive response.

Barriers and gaps

When discussing the challenges, it is necessary to consider perceptions of the wider security sector.

The view that it is a low-paid sector for most frontline security personnel negatively impacts culture and commitment, in comparison to higher paid more developed security sectors.

Compounding this is the poor standard of many training programs that offer quick fix certification at minimal cost, placing little to no importance on the performance standards required in the roles or sectors.

Comprehensive training programs should be designed following a process of training needs analysis, objective led training and performance-based assessment with recurrency training.

Personnel should grasp the importance of their role within the wider system and develop the required competencies to perform.

A training and exercise framework should enable staff to continuously engage with methods to improve and become integral to the system and contribute to a positive culture.

A huge barrier is a fundamental lack of understanding of the purposes of training within the specific context. Without a detailed assessment of an organisation’s security system, clear security objectives cannot be set against clear outcomes.

Therefore, training needs cannot be analysed and consequently training cannot be delivered with purpose.

Addressing knowledge gaps regarding the overall threat environment and the environment’s weaknesses are critical for organisational understanding of the purpose of training.

Delivery of the above, combined with testing and repeatable training to maintain competency and continuous development has, without doubt, a positive impact on addressing vulnerabilities to threat and risk factors in the system.

A lack of adequate training is often compounded by a worryingly lack of tools available required to execute jobs.

A builder wouldn’t be expected to build a wall without a trowel and it is unreasonable for security officers to be expected to provide a high level of security without the detection tools, such as an x-ray machine to identify prohibitive items.

Moreover, criminals carrying out hostile reconnaissance of a potential target location can easily discern the level of detection equipment in place to plan an attack.

Such weaknesses are often unveiled during the security program testing phase.

Covert testing conducted by Redline Assured Security provides organisations with a continuous assessment of the effectiveness of system processes and effectiveness as well as recommendations to address identified vulnerabilities.

Where personnel can perform bare minimum requirements, testing can, for example, reveal that many are ill-equipped to recognise anomalies in the pattern of life or escalate a suspicious situation through appropriate channels.

Faced by these ongoing challenges, the security industry must utilise new developments to embed better security culture.

The introduction of remote and blended learning has enabled training to be cost effective (cheaper than basic first aid in many cases), more accessible and customisable.

Advanced data point led delivery mean that we can evaluate the required learning outcomes and identify the best delivery methodologies to help people reach those outcomes.

Leveraging the above helps mitigate several challenges by providing more opportunities to engage with training.

The increase in public awareness around terrorism and the constant existence of threats should put security at the top of the political agenda.

This is seen with the lobbying of Martyn’s Law following the Manchester Arena bombing, which will improve security preparedness in large capacity, public environments.

Where security is not yet mandated, hearts and minds of leadership shift towards recognising the cost of not having effective security – too often only realised when it is far too late.

New technology and equipment has the ability to improve the threat detection process, but it is vital that the methodologies are deployed effectively.

Redline Assured Security provides training curriculums and quality assurance programs for organisations to ensure their security system is utilised effectively and meets standards to align with the First Principles of Security.

It is vital that security systems and personnel are prepared for eventualities with robust training and advanced tools to deliver the highest level of security for the public.

In the event of a terrorist attack, anything less than getting it right first time can have devastating consequences.