“With the [June 2017] London Bridge incident, for example, you need to
look at the approaches to the facility and adjacent properties, especially if
those buildings bring higher risk. If the user is next to a hardware store, they
don’t pick up much additional risk. If they are located next to an abortion
clinic or an animal testing laboratory, that’s a different situation because
of potential activists or extremists,” he said.
Hayes said one part of the risk assessment establishes the nature of
adjacent properties risk. Another facet is crime prevention through envi-
ronmental design (CPTED).
“Before any system’s design or use, clients need to conduct their own
risk-threat assessment,” he said.
The SEC, a research and advisory firm focused on corporate security
risk-mitigation solutions, provides thought leadership and expert resources
and serves chief security officers, chief information security officers, C-suite
functions and other key stakeholders.
Risk assessment defines threats and aligns security with the business
objectives of the user, going beyond physical threats. According to Hayes,
a client who has not performed this analysis can’t define what a system
ultimately should do.
“Business continuity and security plans have changed dramatically since
9/11,” he said. “Prior, you didn’t think as much about public spaces, such
as the inside of an airport or theaters, hotels and even restaurants and
bars with an outdoor seating environment. As threats change, planning
has to change as well.”
Jarod Stockdale, security project consultant for NV5 Technical Engineer-
ing and Consulting Solutions, Las Vegas, said the security assessment is
paramount and an area where the industry has fallen short.
“We look at the entire scope of the project, including where threats
may arise,” Stockdale said. “It’s not only technology, but CPTED and also
working with outside agencies, such as police and fire responders, to de-
vise a successful plan. It takes a full security profile and analysis, bringing
in all stakeholders. It’s then that the real planning can take place, and the
results are far better.”
Perimeter security may focus on prevention, and while that’s a great
goal and outcome, it isn’t realistic, Stockdale said.
“The best-case scenario is that we are going to deter, detect and delay,” he said. “The bad guys have the advantage of time. They’ve probably
already done an assessment of the likelihood of committing a crime and
know what the premises look like. We are trying to delay to prevent an
attack. If I put a fence up, it keeps the guy out until he climbs it, or we use
bollards to keep him away until he uses a motorcycle, for example.
“If an attack is likely through a front gate, we install Z-shaped driveways so the perpetrator can’t reach high speeds to ram through the
building or use bollards. Now, those particular elements won’t delay a
person on foot, but stairs will. So we use the outside perimeter to delay
and give the user the opportunity to sound an alarm, lockdown, evacuate or provide shelter in place. We need to recognize all those things to
take steps to delay an attack. In the end of the day, all we have is our
Changing roles and opportunities for installing companies
Security contractors are taking on a different role than in the past.
“This is a marvelous opportunity, but it’s fraught with risk if they don’t
lay the proper groundwork,” Hayes said. “They have to transform their
company to meet the new needs of the client and start thinking about
security that shows a deep understanding of the customer, employees
and others who use those companies. There are 26. 8 million corporations
in the U.S. alone. A Fortune 100 company typically can use the services
of up to 30,000, so the security of their supply chain is equally important.
You need to partner with information technology and corporate security
and know their language, as they are your biggest ally for success. The
whole landscape of security we are currently operating in is providing
the greatest opportunity, the greatest risk and undergoing the greatest
transformation ever witnessed.”
Many new technologies improve detection, but they may not be ap-
plicable if the risks haven’t been clearly defined.
“Focusing on hardware and technology only is not the solution. Ask
these questions: What’s the desired outcome with the equipment? Do we
want to detect, intervene or do something else? What are we worried
about, what are we going to address and how are we going to change
the outcome? Are you happy with your existing role in just pulling cable or
are you the kind of company that CSOs are looking for to be part of their
solution design? If they want to be part of the solution design they need to
know this theory and practice,” Hayes said.
Technology can improve an outcome if deployed properly with advance
planning, but it’s not the end all and be all.
“Technology is a force multiplier to improve response, but it’s also an
“We are so dependent on the technology in our pocket,” he said. “As
obstacle,” Stockdale said. “People are walking into poles because they are
focused on their smartphones. The biggest thing is to look up and be aware
of your surroundings—situational awareness. Implementation of technol-
ogy combines more successfully with better information. CCTV and video
analytics can alert of a vehicle heading in the wrong direction and then an
alert can be sent out, even combined with a public address system. And
these alerts need to be expanded more easily to that 5-inch-screen we
are focused on. In London, where they have many cameras, maybe if the
vehicle approaching the bridge was detected at a high rate of speed with
analytics, an alert could have been pushed out to everyone in the area via
Stockdale encourages people to look up and be aware.
you walk down the street, be aware of what’s going on around you.”
The SEC has written extensively on this theory and practice. Find this
material for free at
O’MARA is a journalist with more than two decades
experience writing about security, life safety and systems
integration, and she is the managing director of DLO
Communications in Chicago. She can be reached at
firstname.lastname@example.org or 773.414.3573.
FOCUS | TECHNOLOGY
Continued from page 68