IQinVision

I began my security reporting career focusing on the third-party monitoring side of the industry as the associate editor of our sister publication, Security Systems News. One of the biggest issues for that beat was ensuring that these third-party companies provided adequate monitoring of residential and commercial customers, which, when you have thousands and thousands of accounts, is by no means simple. (Check out Dan's blog and the monitoring page for continuous reporting on this sector).

And every so often a story would hit the mainstream media that a customer had been paying for an alarm system to be monitored, but it wasn't working properly. This, of course, was never good news and contributed to the public's skepticism about the security industry.

Now that I live on the end user side of life, I can better understand the frustration of not getting what you're paying for. Take, for example, this story out of New Jersey where a hotel employee was viciously attacked while on duty. The woman managed to hit a silent panic alarm during the course of the attack to alert police, but guess what? It wasn't working and the police never showed. Fortunately, the woman managed to escape to a guest room, but sustained significant injuries and trauma from the incident.

The article points out that the alarm company, Vanwell Electronics, who installed and then outsourced the monitoring of the system, was aware that it wasn't working properly, but didn't do anything to fix it.

"Vanwell knew for 16 weeks the (security) line wasn’t properly connected and did nothing about it," said her lawyer, David Mazie.

Yep, for 16 weeks it wasn't working. Disgraceful, I know.

The alarm company has agreed to pay the woman $2.5 million to settle the lawsuit. I suppose it's good to know that these companies who aren't doing their jobs (and are making everyone in the security business look bad), are being forced to pay up.

But, my question to the end user community is: How much responsibility do you have in ensuring that your security systems are working properly? Most end users employ some sort of integrator to put these systems in place, but ultimately isn't it the responsibility of the security department to make sure the job is done right? What type of policies do you need to have in place to make sure things are working properly?

While I agree with this settlement, that it is largely the fault of the security company for not taking care of this problem, what responsibility does the hotel security department have in this? It is, after all, the hotel's assets and the hotel's people at risk.

Tomorrow is the first of two Senate confirmation hearings for the third (yes, THIRD) nominee to head the Transportation Security Administration. On June 10, FBI Deputy Director John Pistole is likely to face some of the same scrutiny that his failed predecessors faced and will have to answer the same questions that led to their demise.

As a quick refresher, Erroll Southers (nominee number one) endured a five-month long nomination process before withdrawing on Jan. 20. Basically, his nomination became a political brawl over the possibility that, if confirmed, Southers would grant TSA employees collective bargaining rights. Those unionization concerns, coupled with reports that he misused his power when he conducted background checks of the boyfriend of his ex-wife, resulted in the stalemate of his confirmation process.

The second nominee, retired Army Major Gen. Robert Harding, on the other hand, only lasted 18 days before withdrawing his name after issues involving his work as a defense contractor arose during his confirmation hearing.

So, what's in store for Pistole tomorrow?

Now, I usually don't link to (or even acknowledge, for that matter) our competing publications, but this time, I think it's worth it. HSToday.us published an interview with one of those former nominees, Erroll Southers discussing what he thinks Pistole will face.

On the topic of collective bargaining rights, Southers believes Pistole will take the same approach as he did:

"I would assume that he would take the position that I took and that General Harding took, which is one of a comprehensive assessment to determine what kind of impact that kind of action would have on the organization and whether or not it would be prudent to make that kind of recommendation to the Secretary or to the President," Southers told HSToday.us.

Here's more advice from Southers:
Outside the issue of collective bargaining, Southers stressed he would advise any incoming leader of a large organization to focus on three elements of the organization--people, partnerships, and the public.

"In those societies that are more resilient to terrorism like the UK and Israel, people tend to be more supportive when they become part of the system. We could accomplish that if the public is educated about policies, practices, procedures, and changes in those things that are going to affect them as a traveler," noted Southers, who also serves as managing director of counterterrorism and infrastructure protection for international security consulting firm Tal Global Corp.

I would say those all seem like reasonable and achievable goals and Pistole would be wise to adopt them, but, above all, what the TSA really needs is strong leadership.

Or wait, what it actually needs is any leadership at all. My goodness, let's just get someone in there and stop messing around. After all, third time's a charm, right?

Check back for reports from Pistole's hearing tomorrow...

Security breaches at airports not only cause passenger and flight delays but also cost the aviation industry millions of dollars. While terms like "security theater" plague the industry, aviation security folks obviously don't take procedures lightly. And now, the state of New Jersey is pushing to increase the penalty for those who violate airport security regulations.

On May 20, the New Jersey Assembly passed a measure that would toughen the penalties for those who cause airport security breaches, according to this Associate Press article.

"We need to send a stronger message that airport security rules meant to protect the public and keep airport travel orderly cannot be taken lightly," said Assemblyman Albert Coutinho, who sponsored the measure with fellow Democrat L. Grace Spencer.

If this new legislation becomes law, anyone who knowingly trespasses in the passenger holding and operations areas would be guilty of a fourth-degree crime punishable by a fine of up to $10,000, imprisonment for up to 18 months, or both, according to the AP.

This legislation came about after a Jan. 3 incident where a man ducked under a security rope and entered a restricted area at the Newark Airport, causing the airport to shut down three of its terminals for six hours and delaying more than 200 flights.

The man was sentenced to 100 hours of community service and paid $658 in fines and court costs, but some lawmakers were upset that he couldn't be charged with stiffer penalties. But, if New Jersey legislators have their way, perhaps this legislation could cause the public to take security protocols more seriously.

Sadly, it often takes a tragic event to highlight vulnerabilities and weaknesses. It took something as awful as the Virginia Tech massacre to make schools, students and parents more aware of the importance of emergency response plans and caused a huge push to add technology like mass notification systems. Virginia Tech prompted schools to dust off their emergency plans, refine them and start conducting regular drills, as well as better educate their staff and students about security procedures. I would bet most schools have conducted some form of an active-shooter drill because of Virginia Tech.

And there are lessons to be learned after the murder of University of Virginia student Yeardley Love allegedly by her ex-boyfriend, George Huguely. University officials were unaware that Huguely had been arrested in November 2008 on charges of public intoxication and resisting arrest. The arresting officer's report said Huguely had threatened to kill her and a female probation officer, and he had to be subdued with a stun gun, according to this article in the San Francisco Examiner.

Some say that having that information could have possibly prevented Love's murder.

If school officials had known about that arrest, University of Virginia President John Casteen said they might have been able to discipline Huguely and keep a closer eye on him. Instead, he said the incident highlighted not just a gap in the law, but "a hole you can drive a truck through."

I have to say I'm skeptical about such logic. Sure, knowing that Huguely had run into some trouble certainly couldn't have hurt, but would it have really stopped anything from happening?

Casteen is calling for a state law that would require police to report off-campus arrests of students to colleges and universities.

But law enforcement officials and some campus safety experts say such a law would be complicated and costly. They question what steps would be required to verify if a suspect was a student, either halfway across the state or halfway across the nation.

While I think schools in general work very closely with their local law enforcement agencies and probably do pass along that type of information, it really can't be expected that agencies beyond the local area will contact school officials when students have a run-in with the law. I would think the logistics would just be too difficult. And frankly, police are taxed enough as it is, should campus officials really be adding more to their plates?

The Texas State Capitol officially increased its security measures on May 21, installing metal detectors and screening people entering the building, but in Texas, all screening measures are not created equal, according to the Associated Press:

Officials are creating one line for the masses, one line for lawmakers and their staffs and then a separate procedure for concealed handgun license holders. The general public has to get scanned at the entrances. State officials and gun toting citizenry do not.

I know Texans love their guns, but come on, that's not really fair. The policy is based on the fact that those holding conceal-carry permits have already undergone background checks and training and, according to the state, do not pose a threat. But some out there are a little skeptical about this logic.

"If you’re planning on perpetrating something in the state capitol, you should simply get a concealed handgun license and show your gun on the way in," said Peter Hamm, spokesman for the Washington-based Brady Campaign to Prevent Gun Violence. "It’s just ludicrous."

While licensed gun owners do undergo an electronic scan of their permit to make sure it's up-to-date, some regulars in the building don't think it's fair that gun owners get to bypass security:

For frequent visitors of the capitol, including lobbyists, journalists and political activists, getting the permit just to get in faster is becoming an alternative to waiting behind tourists.

"I’m thinking about it," said lobbyist Bill Miller, who spends most of his life walking in, out and around the capitol when the Legislature is in session. "I mean, I don’t want to wait in line. If that’s the way you do the deal, I’ll be happy to get the permit. I won’t be carrying any weapons."

But then again, state budgets are tight. A little bump in revenue from conceal-carry permits certainly wouldn't hurt.

After a racially-driven incident at South Philadelphia High last year, the school invested in 126 video cameras at a cost of $689k and not everyone is so happy about the expenditure, according to the Philadelphia Inquirer.

The Philadelphia Federation of Teachers has even said that the addition of so many cameras is making the school "a police state."

The school added the cameras after 30 Asian students were attacked in December of last year. The incident apparently began when a disabled African American student was beaten up by two Asian students outside school. The next day, large groups of African American and Asian students attacked at least 30 Asian students, seven of whom required treatment at a hospital. Some of the attackers went from room to room, looking for students to target, according to the Philadelphia Inquirer.

During the investigation of the incident, one student testified that security officers forced Asian students to follow them into a lunchroom where they were attacked and then directed the frightened students to leave school after they were beaten.

The district responded by increasing security in and around the school and also formed a Task Force for Racial and Cultural Harmony to recommend changes.

While the article doesn't say, I'm assuming the addition of video surveillance was one of the recommendations. Prior to this installation, the school only had 23 cameras. But does installing 126 additional cameras really solve the school's problems or is it just a demonstration that the school is doing something in response to this incident? Often it's not until something happens that an organization is motivated to invest in security. I think the important element for the school to share with the public (who paid for this system after all) is that having a better video system would not necessarily prevent an incident of this scale, but rather it would act as a deterrent as well as aid in the investigation.

A preliminary review released on May 18 by the U.S. Education Department found that Virginia Tech failed to comply with a federal law that requires timely warning of safety threats to the campus community. Officials found that under the Clery Act, the university should have provided the campus with more rapid information after two students were found shot to death that morning. It was this two-hour delay between the discovery of the bodies and the issuance of an email alert by the university where the report finds fault with the school's response, according to an article in The Washington Post.

Here are some of the findings:
"There are two aspects to this violation. First, the warnings that were issued by the university were not prepared or disseminated in a manner to give clear and timely notice of the threat to the health and safety of campus community members. Secondly, Virginia Tech did not follow its own policy for the issuance of timely warnings as published in its annual campus security reports."

Of course, Virginia Tech officials opposed these findings and sent a 73-page objection letter, saying the federal review contained errors of fact and legal interpretation.

"Virginia Tech professionals acted appropriately in their response to the tragic events . . . based on the best information then available to them," said Michael Mulhare, the university's director of emergency management. He said federal guidance and industry practice indicated that timely campus threat alerts could be issued after several hours or even days. "The university actions were well within these guidelines and practices," he wrote.

Since Virginia Tech, schools across the nation have improved their emergency response systems. Many have invested in mass notification systems, but every security official I've spoken with has emphasized that it's critical to have multiple ways to alert the campus community. As a matter of fact, i just wrote a story about the University of Alberta utilizing its mass notification system after a toxic gas leak in one of its primary residential halls. Bill Mowbray, the director of campus security services said that while deploying their mass notification system was critical in this emergency, it was also important to issue messages via their PA system and fire alarms.

Mowbray also said it was critical for security personnel to make direct contact with students, literally going around knocking on doors to evacuate them. He said that many students didn't take the notification seriously and questioned its legitimacy, but after this incident he hopes students will take it more seriously.

During my tour of the Cowboys Stadium an important part of their security program involved the design of the building. Knowing that the stadium could be a desired target for terrorists, especially on game day, they designed the facility with physical and environmental obstacles to keep vehicles away from the building. There was a mixture of permanent bollards, cement walls that contributed to the landscaping of the grounds while acting as a deterrent, as well as more high-tech stuff like remote-controlled hydraulic barriers. These environmental design components became widely implemented after attacks such as the Oklahoma City bombing.

But, apparently not everyone has gone full throttle with this concept. I just read this Washington Post article about a UPS truck smashing into the lobby of the Smithsonian Institution's Hirshhorn Museum on May 11. Apparently, the driver lost control of the vehicle (in other words, it wasn't a terrorist incident) and managed to plow through five of the building's 1,200-pound cement security planters.

While the museum claims the planters slowed the truck down and prevented even further damage to the building, it still managed to go through five of them. Yes, five.

"They're not expected to stop a truck," a spokesperson said. "They're not embedded in the ground."

She said the planters, which were temporary and had been in place since 2003, probably slowed the truck and prevented the damage from being worse. "They did their job," she said. "We never thought that the planters were truck-proof. Then again, we've never had a [wayward] truck or a car go near a Smithsonian building."

This is Washington, D.C. folks. Must I say that this city is considered highly likely to be a terrorist target? The article pointed out this incident would likely generate concern over the hierarchy of security around the city's monument and government core and the evolution of security levels at Washington's icons. I would agree - it's certainly concerning.

I would argue that it can't be that hard or expensive to make these planters permanent. It at least would make sense to have them be effective, right?

However, like those of you in security know, sometimes an incident like this can actually turn out to be a good thing. Apparently, this spokesperson thinks so too:

"Maybe one piece of good that could come out of this is a little more funding and little more thought into where we really do need security and how we do that correctly and appropriately," she said.

Something I hear over and over from educational security folks is that their working relationship with law enforcement is critical to campus security. Many schools have memorandum of understanding documents with their local police department, establishing an official relationship and setting guidelines about each department's role.

I've been periodically reading about the murder of Yeardley Love, a University of Virginia student who was allegedly killed by an ex-boyfriend. While this is certainly tragic, it's the type of incident that likely could not have been stopped by campus security, especially if there were no previous incidents.

However, something that jumped out at me in this USA Today article was that the suspect, George Huguely, was previously arrested for resisting arrest and public intoxication in Lexington, Va. in 2008. Huguely, according to the arresting officer, cursed and made threats and had to be subdued with a stun gun, according to the article.

However, the university was unaware of Huguely's previous arrest. The president of the school, John Casteen, said the law did not require police departments to inform schools about such arrests, though he said some departments do so as a courtesy. In addition, Virginia students are required to self-report such arrests, but of course Huguely did not.

While I'm not sure that it's necessary to make it a law, I would bet that most security directors at major universities do expect police to contact them of incidents involving their students. In this case, Lexington is about 70 miles away from the university and I would assume that police and university officials probably didn't have an established relationship. But does this type of incident demonstrate the need for police to always contact the university when any student is arrested? I'm sure there's logistical issues there (and the police probably want one more rule to follow), but perhaps it could've brought to light a troubled student. More information is always better than less, right?

It turns out that the $200 membership fee you paid to get through airport security faster may not have been a waste of money after all.

A company called Alclear, LLC announced on May 5 it has acquired the assets of Verified Identity Pass, the company that operated the Clear program for verified travelers, which was in bankruptcy protection.

You may remember that VIP abruptly closed all of its registered traveler security lanes and ceased company operations back in June 2009, stranding its 200,000 members.

According to the company Web site:
Clear will transform the airport experience and take the angst out of travel through expedited service at the security checkpoint. We pledge expedience, predictability and service to our customers. At the same time we are bringing added security for you, our Government and our airport partners.

For our existing members, we appreciate your patience and loyalty. It is important for you to know that we will honor your remaining membership terms. The new Clear is a customer centric company - we want to rebuild it with you and for you.

So sweet.

But, what changes will this new company offer to make this type of program viable? There was speculation that Congress may play a role in revitalizing this program and trying to make biometric identification more inclusive to the general public. However, I am doubtful that the average traveler will ever embrace (or pay for) this type of program. But, that would certainly be a way to get more folks enrolled in the program and perhaps make the Clear program financially possible.

And, if you're super anxious to enroll in this program, the company's Web site has a registration page for you to sign up. Personally, I'm going to hold out for a bit.