as world security networks (especially airlines) go on high alert as
the first anniversary of the death of Bin Laden is upon us, some pretty
level thinking about better business security comes from the head of
a U.S.-based think tank and editor of The Journal of Physical Security.
“Organizations with poor security
cultures are often obsessed with secrecy.
“In reality, security, somewhat
counter-intuitively, is usually better when it is transparent,”
writes Roger G. Johnston (left) in “Outside Opinion” for
the Chicago Tribune.
Mr. Johnston is Section Manager, Argonne—Vulnerability
Assessment Team at Argonne National Laboratory near Lemont, Illinois.
“People and organizations can't
keep secrets anyway,” Johnston declares.
“But more to the point, transparency
allows for accountability, review, criticism, and employee buy-in.
“The most serious mistakes in a
poor security culture include being reactive instead of proactive about
security; not thinking like the bad guys; scapegoating after security
incidents instead of trying to fix the problems; not undertaking independent,
critical, creative vulnerability assessments and security reviews; and
confusing or overemphasizing threats at the cost of not understanding
“Poor security cultures also have
a binary view of security.
“They encourage the viewpoint that
something is either secured or it is not, even though security is actually
“Poor security cultures do not tolerate
questions, criticism, or debate about security, although anything as
challenging as security, and involving so many trade-offs and value
judgments, should be controversial.
“In a business with a poor security
culture, the discovery of security vulnerabilities is viewed as bad
“In fact, finding vulnerabilities
is good news. Vulnerabilities are always present in very large numbers.
“Finding one means you can do something
Worth noting: the vulnerability assessment
team at Argonne provides consulting, training, vulnerability assessments,
and security solutions for dozens of companies, government agencies,
and nonprofit organizations.
The Journal of Physical Security
(produced under the auspices of the Argonne National Laboratory) is
the readable result of all the big security thoughts going on as JPS
deep dishes articles of unique common interest in security, billing
itself as “a peer-reviewed, scholarly journal devoted to technical
or social science aspects of physical security. Physical security involves
protecting tangible assets (including people) from harm, or using physical
security measures to protect intangible assets.”
A quick look-see at JPS (anyone can download
the Journal, and it is also available by subscription) uncovered that
there are indeed well crafted articles and think pieces contributed
to the magazine that should be read by security people.
Others might discover that away from the
blare and sometimes sensationalism of security headlines, these articles
are interesting and worthwhile.
But also included are some observations
that anyone can understand.
For example JPS Issue I Vol 5 2011, Editors Comments, in addition to
the heavy stuff, made room for these comments, titled ‘Some Interesting
Homeland Security Quotes’:
“TSA is moving towards risk-based security.”
(Jim Fotenos, TSA spokesman)
Comment: It’s been a decade since 9/11
And we’re only moving towards risk-based security!?!
“Taking my tweezers away is not going to win the war on
(Airline passenger, Ross Ratcliff)
“So far, DHS seems pretty efficient at detecting losers
and wackos, then entrapping them into some kind of inane terrorist
“It would probably be better if they concentrated on serious
“After 9/11 it was literally like my Mother running out
the door with the charge card.
“What we really needed to be doing is saying: 'Let's identify
the threat, identify the capability and capacity you already have
and say, OK what is the shortfall and how do we meet it?’”
(Al Berndt, Nebraska Emergency Management Agency)
“So if your chance of being killed by a terrorist in the
United States is 1 in 3.5 million, the question is, how much do
you want to spend to get that down to 1 in 4.5 million?
(John Mueller, Journal of Physical Security)
interesting lead toward understanding, and a behind the headlines, balanced
view mentioned in JPS, was a new book.
“Charles Kurzman has written an
interesting book entitled, The Missing Martyrs: Why There Are So
Few Muslim Terrorists, Oxford University Press, 2011.
“Kurzman points out that approximately
150,000 people have been murdered in the United States since 9/11. Islamic
terrorism has taken fewer than three dozen lives on U.S. soil in the
same time period.
“Fewer than 200 Muslim Americans
have been caught planning or engaging in terrorist acts, out of a U.S.
population of 2.5 million.”
One guy that knows air cargo security
from the ground up and knows more about what needs to be done to get
security in line with flying right is Harald Zielinski, Lufthansa Cargo
Head of Security & Risk Prevention Management.
Harald, who combines a street cop’s
sense with a visionary view of what works (and what definitely will
not work) says, “What air cargo must do is continually raise awareness.”
To that end, Harald has held high profile,
free admission air cargo meetings in front of large audiences both in
Germany and the USA for the past several years.
Lufthansa stands alone amongst every other
airline for its continued effort in carrying the security dialogue public.
“Moving forward is a terrific challenge
to everybody,” says Harald Zielinski.
Almost 60 days ago, on March 5, Lufthansa
Cargo hosted a Security Conference in Frankfurt.
In a world where timing is often everything,
the event played against European Union security directives saying that
next year on March 25, 2013, EU member states’ shippers must certify
known shippers; air cargo from all other shippers will require exacting
and cost-intensive security inspections prior to being allowed onboard
“It is a huge undertaking,”
Registering “known shippers”
and how a potential avalanche of cargo from uncertified shippers would
impact life at hub Frankfurt during peak time, between 8 and 9AM, at
gate 31 and 32, when up to 1,500 trucks pass through the Cargo City,
brings home the reality of the world just outside our conference room
windows, Harald noted.
If anything, the conference was also a
reminder of the deep and real cultural differences between various states
in Europe and how perception is reality.
As Harald Zielinski sees it, the basis
for these regulations is one and the same European Union mandate.
“This same set of rules is interpreted
to mean a full stop in Germany, but turns out to be a more benign warning
sign in AMS and LUX and the equivalent of ‘bon voyage’ in
his remarks, Dr. Karl-Rudolf Rupprecht, Lufthansa Cargo executive board
member-operations, noted that since 9/11, security has caused a tenfold
increase in the cost of air cargo, which is untenable going forward.
Despite the volume and more stringent
security measures, Lufthansa has handled cargo with a 0.03 percent error
Dr. Rupprecht went on to list the bizarre
situation of not being allowed to deploy screening technology in Germany
that is in use in the U.S. and elsewhere in Europe, which was very unproductive
and an irritant; his hope was that the conference would advance the
discussion to affect a change in this state of affairs.
Herr Rupprecht called for faster implementation
of the certified known shipper approval process.
Dr. Rupprecht said he found it was “neither
comprehensible nor acceptable that U.S. authorities recognize security
measures for air cargo from say, France or Switzerland, but don’t
recognize the virtually identical measures that apply in Germany.
“That results in additional checks
on all departures from Germany to the USA and an unacceptable competitive
disadvantage for Germany.”
Herr Rupprecht noted that the new construction
of the Lufthansa Cargo Center in Frankfurt is due for completion in
2017-2018, reinforcing the fact that what is needed is ongoing dialogue
with all segments of the air cargo industry.