Challenges Facing Security Industry and Historical Inflection Points

This article is based off of my 2020 OSAC Annual Briefing presentation “Historical Inflection Points for the Security Industry”

Looking back, history has not been kind to the safety and security industry. As a former agent hired after the devastating embassy bombings in Beirut and Kuwait in ‘84 and ‘85, tragedy has forced lots of changes, mostly driven by intelligence failures. However, adaptation and resilience have been our guiding strengths.

Every decade since the 1970’s has brought new critical shifts and challenges facing the security industry, driven by terrorism, potential assassins, embassy bombings, hostage-takings, active shooters, and now, a pandemic.

The 2020 pandemic has already dramatically changed our industry and will cause changes for decades to come. The loss of life and economics of this pandemic have been horrific and are still playing out: job cuts, corporate downsizing, and the emotional toll on families. Corporate security officers are being told to do more with less. I hear this every day.

However, the physical security industry has experienced dramatic changes many times before. External and internal drivers have caused shifts and inflection points in the industry over the last several decades.

35 years ago, those external factors drove changes here, too. The Office of Security — known as SY — became DSS, and OSAC was created.

The Heightened Role of Security

I find it important to wind back the clock to help understand how we got here, so we can plan for the changes that are coming next.

In my experience, there has been one constant — whatever we face going forward, in many ways, we have seen some variant before. So, as these physical security industry trends change and unfold, more responsibilities are being placed upon security professionals around the globe. In many ways, it’s a natural evolution over the last 35 years. As we react to world events, your job changes.

And just like the security professionals before you, it’s part of our job to build organizations that can adapt and be resilient to those challenges facing the security industry.

I’ve identified several events that I believe have impacted security industry standards the most. There are obviously many others that may have been very disruptive, especially in specific industries, but the events listed below had the most significant impact on all types of security professionals, whether you support government, business, education or faith-based organizations.

In sharing these ideas, I hope you’ll see the ways we’ve adapted and see the parallels to the threats we face today. Even though tragedy has often forced change, our industry has built resiliency. We have more tools than ever to understand what’s happening, to adapt to the threats, and to help keep our organizations and our communities safe.

1970s – “Days of Rage”

This was the decade of the “Days of Rage” and the pace of attacks was relentless: on cops, government buildings, corporate offices and college campuses. In fact, in 1975, a bomb went off INSIDE the State Department, damaging 20 offices on 3 floors. The Weather Underground claimed credit for the attack and were linked to 25 other bombings. Think about that tempo and scope? As a kid who grew up in Bethesda, Maryland, I can still recall parts of the D.C. that were left in ruins from the riots in 1968, and well into the 80’s.

On the international front, global terrorism takes the world by storm.

In 1972, the horrific attacks at the Munich Olympics happened, and then in 1975, the OPEC kidnappings occurred. Carlos the Jackal and the Black September Organization changed high-profile and special event security forever. In response, hostage rescue teams were created and our personnel were trained on what to do if they were caught in that situation. Then in 1978, two staff from Ross Perot’s company EDS were seized in Tehran. They were rescued later, as depicted in the best-selling book On The Wings of Eagles, by Ken Follet.

In 1979, the takeover of our embassy in Tehran was a key inflection point for the State Department. It overshadowed the kidnapping and murder of Ambassador Spike Dubs in Kabul two hours after that same day. Can you imagine BOTH of these terrible events unfolding in today’s 24×7 news cycle and social media world?

Thus, in the mid to late 70s, the tempo of attacks — both inside the United States and outside — was staggering and overwhelming. It far surpasses anything we see today.

Each of these events drove changes in the US government — overseas facility security and contingency planning became key. The U.S. private sector followed their lead, increasing security for their facilities and ramping up protection for executives. The security measures implemented by the private sector proved to be resilient — business continued in many dangerous areas, mostly through the tireless efforts of security personnel to keep tabs on the threat and implement any countermeasures in their toolkit.

1980s – The Emergence of Executive Protection and International Security

Executive Protection came into focus in 1981 on the last serious attempt on a President’s life. John Hinckley’s attack renewed the focus on high-profile protection. The kidnappings and hostage taking in the 1970s had prompted many executives to hire protection personnel. But after the assassination attempt targeting President Reagan, Executive Protection teams were ramped up. In this and other high-profile incidents like the murder of John Lennon, Protection Professionals also began finding new ways to track stalkers and other persons of interest who threatened their protectees. But, challenges facing the security industry included a lack of resources and technology available.

The horrific bombings in Beirut and Kuwait in 1984 and 1985, brought about the need for physical security standards, upgrades and security industry best-practices. New technologies were developed to reduce blast effects from bombs and save lives. Explosive modeling and set-back became the norm. Security standards for personnel traveling and working in dangerous places were enhanced. The importance of staff notifications became S.O.P.

But it wasn’t just facility security that was important — Beirut became the center of gravity for global terror —embassy bombings, hostage-takings, and hijackings.

This brought about new technology and physical security countermeasures that were then implemented around the world for global public safety. Aviation security also came into play with efforts to reduce hijackings and aircraft bombings.

A new breed of corporate security came into vogue: the International Security Manager, whose responsibilities included not just the home office, but also the unknowns that came with more extensive international offices and travel.

After watching so many bombings and attacks, we learned that several parts of the attack cycle were fixed. If we were watching carefully, we could identify those pre-operational indicators and prevent an attack. So, we responded by creating the concept of protective intelligence in the 80’s, something that I was very much proud to have been a part of. We did our best to be threat hunters, in an effort to identify acts of pre-operational surveillance to prevent the next tragedy.

I’m also very proud to see this field develop and grow today with a new category of security professional, that is a Protective Intelligence Analyst.

1990s – Domestic Terrorism and School Safety

Domestic terrorism struck again in the 90s, with the 1993 attack against the World Trade Center and later, the 1996 attack in Oklahoma City. I was at FBI headquarters the day of the Oklahoma City blast. Based on the extent of the damage, we initially believed this was Hezbollah. The attack renewed our focus on homegrown threats, honing our protective intelligence skills to hunt for the next attackers at home and abroad.

The Columbine attack in 1999 was another inflection point and changed school safety forever, but those changes also led to changes in the corporate security environment. School resource officers were created, and active shooter plans became the norm in schools and businesses. We created training programs — both for law enforcement officers and for school officials — to mitigate future incidents. The safety and security industry also responded by creating new physical security countermeasures to help save lives in active shooter situations, regardless of the location. Learning how to Stop The Bleed in schools and the workplace becomes critical.

2000s – A Global Hunt for Terrorists

As we enter the 2000’s, the strategic strike by al-Qaeda on 9-11 puts the world at war. Nobody feels safe. Letters laced with anthrax and sent to public figures highlighted other possible failure points and vulnerabilities. TSA and DHS were created to try to mitigate the threats, both to aviation and the homegrown threat. Aviation security becomes paramount and intelligence sharing becomes a new inflection point, after “our failure of imagination.”

Protection officers suddenly had numerous new threats to track, both at home and abroad. It was a grave realization that even the most deadly and complex attacks could occur inside the United States.

The global hunt for terrorists becomes a national priority with many of you in the audience deployed around the globe in the armed forces to combat this threat.

2010s to present – Insider Threats and Cyber Attacks

Insider threat cases like Edward Snowden’s leaks and high profile data breaches changed protection inside the government and the private sector, as everyone rushed to identify possible threats, both in cyberspace and within the physical workplace. Meanwhile, nation-state cyber actors like China and Iran emerge, stealing IP and secrets from governments and companies alike and carrying out destructive cyber-attacks against other governments and private companies.

No company is left untouched by the new threats and cyber security industry growth becomes a national priority.

During this time, physical threats and cyber threats converged — it became impossible for protection officers to completely separate the security of your organization’s information online from physical security. The use of smartphones and internet of things devices created new opportunities and challenges facing security industry protection personnel. In my early career, I couldn’t have imagined attempting to protect someone who’s carrying a personal tracking device at every minute.

A new breed of security officer and specialist is born — the CISO (Chief Information Security Officer). The cyber and physical security industry is adapting again, learning new skills and adding new responsibilities to their portfolio while developing technology and tools to find malicious insiders and monitor for threats. This has also expanded the role of protective intelligence. New technology and tools have made it possible for us to continuously monitor new and existing threats, both in the cyber world and the physical world. We can adapt our security posture on a continual basis as new threats emerge.

Terrorism is not forgotten with tragic events like Benghazi unfolding during the decade, reminding us not only of the continuing threat of terrorism, but also of the continual threat from fire. Protection teams have adapted to counter smaller-scale but still deadly attacks in more locations. High-threat protection for many posts has become the norm.

In 2020, the pandemic has taken the world by surprise, but the industry will continue to adapt and move forward.

What’s on the Horizon?

The pandemic isn’t over, and we’ll continue to feel its impacts throughout the protection field for decades to come. Health safety and security is the new frontier, and the home has become the new workplace.

This brings new challenges facing security industry professionals. The attack surface has expanded. Security functions — like preventing workplace violence, executive protection and information security — must now expand far beyond the workplace, and offer protection for far more employees. Our world and our workplace today is virtual, something that I couldn’t have imagined as a young agent in the 1980’s, when our first mobile phones were the size of a brick and our telegrams were hand typed on IBM and Royal typewriters, with the ribbons locked up at night inside Mosler safes.

As to the future, what will we be talking about 35 years from now? I know I won’t be at my age! But, I would like to think we’ll see the convergence of amazing technology not yet developed, to enhance physical security, health safety and information technology.

But one thing remains certain — the security of our organizations and communities relies on your adaptability and efforts to create resiliency to counter new and emerging threats.

Visit Ontic’s Center for Protective Intelligence for more strategies and best practices, insights on current and historical security industry trends and lessons learned from physical security peers and industry experts.