Terrorism In Pakistan: Need For Improved Security Management & Vulnerability Assessment
By Khan A. Sufyan
September 18, 2013
Pakistan has faced different kinds of terrorism related threats since long. Though countering terror is an on-going process, availability of improved technological counter measures provide effective ways to counter terror related threats in an integrated environment.
Integrated Security Management System is one such response measure which helps in consolidation of all security related organizational elements, sub systems, security sensors and equipment under one platform.
It also helps in countering varied threats under a unified command and control for functioning of various tiers and aspects through an efficient and effective integrated security environment.
Objectives of Integrated Security Management System
Prevent loss of life and minimize injury.
Protect critical assets.
Prevent loss of operation.
Deter criminals and terrorists from acting.
Enhance long-term security for personnel and assets.
Characteristics for Implementation of a Successful Integrated Security Management Plan
Identifies potential threats.
Identifies and prioritizes critical assets.
Develops a comprehensive mitigation strategy.
Meets current threats and plans for future modifications. <
Anticipates disasters, emergencies, and potentially damaging events.
Eliminates single points of failure.
Provides earliest detection of threats.
Balances costs while acknowledging and accepting risk.
Minimizes failure of building systems.
Facilitates safe evacuation and rescue.
Prevents intrusions and hostage situations.
Protects people and assets.
Facilitates early recovery of operations.
Security Vulnerability Assessment (SVA) & Procedure
SVA is a critical element in efforts to counter terrorism and other criminal related threats of various kinds. It helps in provision of unified response plan for various emergencies through imposition of effective security to various parts of cities and towns, large and small sensitive areas, facilities, installations, communities and businesses etc. Most SVA procedures follow a well-orchestrated and tiered approach methodology which is risk-based and performance-oriented. This process helps in an all-encompassing integrated security planning, management and execution. The user can choose different means of accomplishing the general SVA methodology, so long as the end result meets the same performance criteria. Major elements impacting the SVA are highlighted.
Asset Characterization
The asset characterization is a procedure which helps in identification of critical assets and functions along with their supporting interdependcies and the consequences of their loss. The procedure also helps in evaluating the existing countermeasures.
Steps/Tasks
Identify critical assets Identify critical assets including facilities, personnel, equipment, systems, and information.
Identify critical functions Identify the critical functions and determine which assets perform or support the critical functions.
Identify critical infrastructures and interdependencies Identify the critical infrastructures and their interdependencies (e.g., electric power, petroleum fuels, natural gas, telecommunications, transportation, water, emergency services, and fire systems etc) that support the critical operations.
Evaluate existing Countermeasures Identify what protects and supports the critical functions and assets including the relevant layers of existing security systems including physical, cyber, operational and administrative, and the process safety systems.
Evaluate impacts Evaluate the hazards and consequences or important acts and the critical functions from disruption, damage, or loss of each of the critical assets or functions.
Select targets for further Analysis Develop a target list of critical functions and assets for further study.
Threat Assessment
Steps/Tasks
Adversary identification Evaluate threat information and identify threat categories and potential adversaries. Identify general threat categories. Consider threats posed by insiders, external agents (outsiders), and collusion between insiders and outsiders.
Adversary characterization Evaluate each adversary and provide an overall threat assessment and ranking for each adversary, using known or available information. Consider factors like general nature and history of threat; specific threat experience and related history of the facility or operation; known capabilities, methodologies and weapons; potential actions, intent and motivation of adversary.
Analyze target attractiveness Conduct an evaluation of target (from assets characterization) attractiveness from the adversarys perspective.
Security Audit/Survey
Analyzes an existing space, individual building or entire urban facility/area.
The intent is to note all physical elements to be evaluated against threat criteria and to determine potential security vulnerabilities.
The survey starts from the outer perimeter, includes public and outdoor areas, and works toward the center, or to the location of critical assets.
All site areas are addressed, as well as building exteriors and internal spaces within the specified area/facility.
Building systems are identified, infrastructure is evaluated and operational and staffing issues are documented.
The process consists of interviewing stakeholders and locals and by performing on-site inspections.
The level of detail in each survey depends on project security requirements and concerns of stakeholders/users.
Vulnerability Analysis
This process involves the identification of existing countermeasures and their level of effectiveness in reducing the existing vulnerabilities. The degree of vulnerability of each asset and threat pairing is evaluated by the formulation of threat-related scenarios or through asset protection evaluation. If certain criteria are met, such as higher threat expectancy or higher attractiveness ranking related to a target, then it may be useful to apply a scenario-based approach to conduct the Vulnerability Analysis. It also includes the assigning of risk rankings to the threat-related scenarios. If the asset-based approach is used, the determination of the assets importance and attractiveness may be enough to assign a target ranking value and employ protection measures required for a standard protection set for that target level. In this case, scenarios may not be developed further than the general thought that an adversary is interested in damaging an asset.
Type of effects
o Potential for causing maximum casualties.
o Potential for causing maximum damage/loss.
o Potential for causing maximum damage and economic loss to the national infrastructure.
o Potential for causing fear psychosis.
Type of targets
o To cause collateral damage.
o Proximity to national asset or landmarks.
o Difficulty of attack including ease of access and degree of existing security measures (soft target).
o Iconic or symbolic target.
o Recognition of the target.
Steps/Tasks
Define scenarios and evaluate specific consequences Use scenario-analysis and/or use asset-based analysis to document the adversarys potential actions against an asset.
Evaluate effectiveness of existing security measures Identify the existing measures intended to protect the assets and estimate their levels of effectiveness in reducing the vulnerabilities of each asset to each threat or adversary.
Identify vulnerabilities and estimate degree of vulnerability Identify the potential vulnerabilities of each asset to possible threats or adversaries. Estimate the degree of vulnerability of each asset for each threat-related undesirable event.
Risk Assessment
The risk assessment determines the relative degree of risk to the facility in terms of the expected effect on each locality/area/critical asset as a function of consequence and probability of occurrence. The risk assessment assists in conducting the risk management in an effective manner.
Countermeasures Analysis
Based on the vulnerabilities identified and the risks to the layers of security that could be breached, appropriate enhancements to the security countermeasures are recommended. Countermeasure options are identified to further reduce the vulnerability. These include improved countermeasures that follow the security strategies to deter, detect, delay, respond, mitigate and possibly prevent. Some of the factors to be considered are:
Reduced probability of successful attack.
Degree of risk reduction by the options.
Reliability and maintainability of the options.
Capabilities and effectiveness of mitigation options.
Costs of mitigation options.
Feasibility of the options.
The countermeasure options are re-ranked to evaluate effectiveness, and prioritized to assist decision making for implementing security program enhancements. The recommendations are included in a SVA report that is used to communicate the results of the SVA.
Protection of assets against terrorism and other kinds of threats is the combined responsibility of all elements of business/civil society and national security infrastructure. It is therefore imperative that all the stake holders in Pakistan generate a well-coordinated and aggressive response through employment of technology based integrated security management systems so that such threats can be mitigated and defeated.
Link: Terrorism In Pakistan: Need For Improved Security Management & Vulnerability Assessment Eurasia Review
By Khan A. Sufyan
September 18, 2013
Pakistan has faced different kinds of terrorism related threats since long. Though countering terror is an on-going process, availability of improved technological counter measures provide effective ways to counter terror related threats in an integrated environment.
Integrated Security Management System is one such response measure which helps in consolidation of all security related organizational elements, sub systems, security sensors and equipment under one platform.
It also helps in countering varied threats under a unified command and control for functioning of various tiers and aspects through an efficient and effective integrated security environment.
Objectives of Integrated Security Management System
Prevent loss of life and minimize injury.
Protect critical assets.
Prevent loss of operation.
Deter criminals and terrorists from acting.
Enhance long-term security for personnel and assets.
Characteristics for Implementation of a Successful Integrated Security Management Plan
Identifies potential threats.
Identifies and prioritizes critical assets.
Develops a comprehensive mitigation strategy.
Meets current threats and plans for future modifications. <
Anticipates disasters, emergencies, and potentially damaging events.
Eliminates single points of failure.
Provides earliest detection of threats.
Balances costs while acknowledging and accepting risk.
Minimizes failure of building systems.
Facilitates safe evacuation and rescue.
Prevents intrusions and hostage situations.
Protects people and assets.
Facilitates early recovery of operations.
TO MINIMIZE SECURITY RISKS PLAN AROUND FOUR BASIC STRATEGIES
Security Vulnerability Assessment (SVA) & Procedure
SVA is a critical element in efforts to counter terrorism and other criminal related threats of various kinds. It helps in provision of unified response plan for various emergencies through imposition of effective security to various parts of cities and towns, large and small sensitive areas, facilities, installations, communities and businesses etc. Most SVA procedures follow a well-orchestrated and tiered approach methodology which is risk-based and performance-oriented. This process helps in an all-encompassing integrated security planning, management and execution. The user can choose different means of accomplishing the general SVA methodology, so long as the end result meets the same performance criteria. Major elements impacting the SVA are highlighted.
Asset Characterization
The asset characterization is a procedure which helps in identification of critical assets and functions along with their supporting interdependcies and the consequences of their loss. The procedure also helps in evaluating the existing countermeasures.
Steps/Tasks
Identify critical assets Identify critical assets including facilities, personnel, equipment, systems, and information.
Identify critical functions Identify the critical functions and determine which assets perform or support the critical functions.
Identify critical infrastructures and interdependencies Identify the critical infrastructures and their interdependencies (e.g., electric power, petroleum fuels, natural gas, telecommunications, transportation, water, emergency services, and fire systems etc) that support the critical operations.
Evaluate existing Countermeasures Identify what protects and supports the critical functions and assets including the relevant layers of existing security systems including physical, cyber, operational and administrative, and the process safety systems.
Evaluate impacts Evaluate the hazards and consequences or important acts and the critical functions from disruption, damage, or loss of each of the critical assets or functions.
Select targets for further Analysis Develop a target list of critical functions and assets for further study.
INFRASTRUCTURE INTERDEPENDENCIES
Threat Assessment
Steps/Tasks
Adversary identification Evaluate threat information and identify threat categories and potential adversaries. Identify general threat categories. Consider threats posed by insiders, external agents (outsiders), and collusion between insiders and outsiders.
Adversary characterization Evaluate each adversary and provide an overall threat assessment and ranking for each adversary, using known or available information. Consider factors like general nature and history of threat; specific threat experience and related history of the facility or operation; known capabilities, methodologies and weapons; potential actions, intent and motivation of adversary.
Analyze target attractiveness Conduct an evaluation of target (from assets characterization) attractiveness from the adversarys perspective.
Security Audit/Survey
Analyzes an existing space, individual building or entire urban facility/area.
The intent is to note all physical elements to be evaluated against threat criteria and to determine potential security vulnerabilities.
The survey starts from the outer perimeter, includes public and outdoor areas, and works toward the center, or to the location of critical assets.
All site areas are addressed, as well as building exteriors and internal spaces within the specified area/facility.
Building systems are identified, infrastructure is evaluated and operational and staffing issues are documented.
The process consists of interviewing stakeholders and locals and by performing on-site inspections.
The level of detail in each survey depends on project security requirements and concerns of stakeholders/users.
Vulnerability Analysis
This process involves the identification of existing countermeasures and their level of effectiveness in reducing the existing vulnerabilities. The degree of vulnerability of each asset and threat pairing is evaluated by the formulation of threat-related scenarios or through asset protection evaluation. If certain criteria are met, such as higher threat expectancy or higher attractiveness ranking related to a target, then it may be useful to apply a scenario-based approach to conduct the Vulnerability Analysis. It also includes the assigning of risk rankings to the threat-related scenarios. If the asset-based approach is used, the determination of the assets importance and attractiveness may be enough to assign a target ranking value and employ protection measures required for a standard protection set for that target level. In this case, scenarios may not be developed further than the general thought that an adversary is interested in damaging an asset.
Type of effects
o Potential for causing maximum casualties.
o Potential for causing maximum damage/loss.
o Potential for causing maximum damage and economic loss to the national infrastructure.
o Potential for causing fear psychosis.
Type of targets
o To cause collateral damage.
o Proximity to national asset or landmarks.
o Difficulty of attack including ease of access and degree of existing security measures (soft target).
o Iconic or symbolic target.
o Recognition of the target.
Steps/Tasks
Define scenarios and evaluate specific consequences Use scenario-analysis and/or use asset-based analysis to document the adversarys potential actions against an asset.
Evaluate effectiveness of existing security measures Identify the existing measures intended to protect the assets and estimate their levels of effectiveness in reducing the vulnerabilities of each asset to each threat or adversary.
Identify vulnerabilities and estimate degree of vulnerability Identify the potential vulnerabilities of each asset to possible threats or adversaries. Estimate the degree of vulnerability of each asset for each threat-related undesirable event.
Risk Assessment
The risk assessment determines the relative degree of risk to the facility in terms of the expected effect on each locality/area/critical asset as a function of consequence and probability of occurrence. The risk assessment assists in conducting the risk management in an effective manner.
Countermeasures Analysis
Based on the vulnerabilities identified and the risks to the layers of security that could be breached, appropriate enhancements to the security countermeasures are recommended. Countermeasure options are identified to further reduce the vulnerability. These include improved countermeasures that follow the security strategies to deter, detect, delay, respond, mitigate and possibly prevent. Some of the factors to be considered are:
Reduced probability of successful attack.
Degree of risk reduction by the options.
Reliability and maintainability of the options.
Capabilities and effectiveness of mitigation options.
Costs of mitigation options.
Feasibility of the options.
SYSTEM INTEGRATION
The countermeasure options are re-ranked to evaluate effectiveness, and prioritized to assist decision making for implementing security program enhancements. The recommendations are included in a SVA report that is used to communicate the results of the SVA.
Protection of assets against terrorism and other kinds of threats is the combined responsibility of all elements of business/civil society and national security infrastructure. It is therefore imperative that all the stake holders in Pakistan generate a well-coordinated and aggressive response through employment of technology based integrated security management systems so that such threats can be mitigated and defeated.
Link: Terrorism In Pakistan: Need For Improved Security Management & Vulnerability Assessment Eurasia Review
