Before jumping into a one size fits all, military type approach to security mitigation and system design – which depends on a standard, costly combination of physical security, technology and in many cases armed security personnel – let’s blow the dust off the Security Risk Analysis (SRA) discussed in Part 1 of this series and consider how else to mitigate the security risks identified.
International oil companies have engaged with social scientists to carry out Social Impact Awareness (SIA) studies to help inform their Corporate Social Responsibility (CSR) programmes for many years. However, how often is such activity considered a part of corporate security?
An SIA study may identify, for example, the key subsistence activity of the locals in a particular Area of Operation (AOO) such as farming, which relies on minimizing the environmental impact of an operation. It may identify concerns such as grievances around unequal distribution of profit into the local economy and the resultant lack of educational opportunities and health care. In this scenario, CSR program development at the feasibility stage of a project may in fact be the most effective security risk mitigation strategy available to the project.
Minimizing environmental impact will support the farming community. Training and education may result in job opportunities for locals, not only mitigating economic threat drivers but improving communication and demonstrating investment into the local community.
The table below draws on information from the UNDP Human Security Index (HDI). It shows a correlation between the Global Peace Index (GPI), a leading measure of national peacefulness from the Institute of Economics and Peace, with indices quantifying some key security threat drivers that can be managed through effective Corporate Social Responsibility programmes.
|Country||Global Peace Index||GPI Ranking||GDP Per Capita $||GDP pc Ranking||Literacy %||Lit. Ranking||Health Index||Health Ranking||Food Security Index||Food Ranking|
A clear correlation can be seen between the level of national peace and the level of wages, education, health and food.
These are all services that can be, and in many cases, are included as part of a CSR program and can have a direct impact on security at an operational/project level. Taking this more inclusive corporate security approach at the security planning stage (and gathering feedback about its effectiveness) allows for the reassessment of security threats at the human level. It also makes it possible to engage with specialists throughout the organization increasing both the understanding and veracity of the corporate security function.
For example, I was asked to use the SRA approach to justify a considerable increase in the number of armed troops, the installation of over 50 kilometres of fencing and enhanced surveillance to protect a pipeline in Kurdistan.
The threat assessment identified two significant risks: one from a targeted suicide bomber attack and the other from collateral exposure to an air attack against militia known to operate near the pipeline.
By mapping threats against critical assets, it was agreed that no number of armed guards would reduce the likelihood of the pipeline rupturing due to an airstrike. Even the threat from a suicide bomber would require fencing at significant standoff.
We moved our attention from prevention to response. By adopting a procedural update to response planning we demonstrated we could lower the risk to a level considered “As Low as Reasonably Practicable” at a fraction of the cost of the physical, technical and manpower controls that were initially recommended.
Business continuity planning is another business tool that can prove useful to corporate security. An understanding of essential and non-essential staff is paramount when developing phased country evacuation plans to ensure the timely and cost-effective extraction of staff with minimal disruption to critical business function.
Traditional physical, manpower and technological security remains an essential aspect of operational security, but rather than a first step in security system design, it should perhaps be viewed as the final one. Filling the gaps that cannot be mitigated through softer security considerations.
Not only can a more inclusive and cerebral approach to security save money, it can also lower the overall project risk profile. Military inspired security systems focus on military models employing uniformed armed security that has been centrally trained and is entirely under the command of its officers and NCOs. Contracted armed security draws on private security companies that are, in most cases, drawn from a variety of backgrounds and not under the direct control of the corporate entity paying the bill.
There is a huge responsibility on corporates when contracting private armed security services, as outlined in the Voluntary Principles on Security and Human Rights to which many have committed. However, it should be remembered that the posture of contracted armed security personnel will reflect directly on the company employing them, potentially increasing its target attractiveness.
Effective ongoing Security Risk Analysis facilitates understanding of the corporate security function and offers ongoing analysis for effective decision-making. It can also deliver significant cost savings through the adoption of an appropriate security design process which seeks to limit the likelihood of an attack and put proper response measures in place, rather than the use of a military inspired model that may be neither suitable nor entirely within the organisation’s control.
Paul Mercer is Managing Director and designer of award-winning HawkSight Software. He founded Hawksight SRM Ltd over a decade ago after a career in the UK Military. He has a Master’s Degree in international politics. He served as an officer in the Royal Naval Fleet Air Arm during including deployment as Head of Sector Intelligence for the United Nations Mission in Georgia, Caucasus (UNOMIG). Today he works with clients to provide continuity of security risk analysis, comprehensive risk reporting, and bespoke mitigation strategies to enable rapid and cost effective management of security risks. Contact him: firstname.lastname@example.org
Related Article: Part 1: Security Risk Analysis of Hostile Environments
Image courtesy of ddpavumba at FreeDigitalPhotos.net