Security Positive: New Initiatives Are Making Our World Safer

It’s easy to be negative about the future. Coverage of natural and man-made disasters seems to dominate the headlines, bringing us stories of grief and terror that can make even the most positive of us sometimes disillusioned.

But there are reasons to be optimistic about the future and the challenges that security managers face. This past year we saw the almost total collapse of the Islamic State—at its peak, the militant group held territory about the size of Portugal (see "Deaths Fall but the Right Wing Rises").

Security practitioners, engineers, and manufacturers are engaging in robust conversations about the impact technology has on our daily lives, and how to incorporate privacy protections into products to better protect individuals and the organizations that use them.

And the public and private sectors are coming together in ways not seen before to address many of the security challenges we face as a society. Spearheading some of these initiatives is the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Created in November 2018, the agency is America’s “risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future,” according to its website.

A key aspect of this is engaging with critical infrastructure owners and operators, often in the private sector, to provide them with best practices and services that enhance the security measures they are ultimately responsible for.

One of CISA’s main focuses for the past year has been soft target security, reaching out to stakeholders to help them make their nontraditional security apparatus a bit stronger, said Brian Harrell, CPP, assistant director for infrastructure security at CISA, in an interview at GSX.

“Right after the Garlic Festival shooting; the Dayton, Ohio, shooting; and even El Paso, the department really started to stand up and marshal a lot of its resources on domestic terrorism,” he explains.

This is because nearly every week we are seeing threats or incidents at a nontraditional event, venue, festival, or concert because that traditional security apparatus just isn’t in place.

Harrell added that recent attacks, such as the shooting at the Gilroy Garlic Festival that left three dead and several other injured, have revealed that even when an organization does everything right, the risk of an incident remains.

“This really demonstrates or proves that we will never be able to eliminate risk; it’s all about risk reduction,” Harrell said. “At the end of the day, when you have these response plans in place and relationships with law enforcement—when seconds count, it’s those relationships that are going to save lives.”

Building these relationships is one reason that coming to GSX is valuable for Harrell, he added.

“The biggest value I see is engaging the stakeholders—critical infrastructure owners and operators are here,” he explained.

GSX also provides an opportunity to speak to the vendors who supply the security products that owners and operators use, and these vendors play a vital role in creating safer and more secure spaces and organizations, Harrell said.

“When bad things happen in the middle of the night and there’s some sort of malware in your system, or a shooting, or there’s some sort of a technology issue, that owner or operator immediately reaches out to the vendor for help,” Harrell added. “So, they are part of the solution, and if we are going to keep them at arms-length, I think that hurts us and doesn’t help us.”

For instance, when vendors are left out of the broader conversations about organizational security, measures to reduce risk are often “bolted on” after a product comes to market, Harrell said, instead of implemented into the design in the beginning.

“This could open us up to gaps or that enemy approach that we just didn’t anticipate,” he adds.