Adriaan Bosch, Senior Security Consultant at Buro Happold, analyses security strategies organisations can use for risk assessments, and its practical applications for use in current climates and for future adaptability.
Adriaan Bosch
The realm of physical security is rapidly evolving, demanding innovative approaches to risk assessment. Traditional methods, being only reliant on past data in developing a risk-based approach can fall short in predicting and mitigating future threats.
An organisation might also find itself in a position where there is no past data available but still need to provide a realistic and practical guide for the development of a security strategy.
This article delves deeper into alternative, forward-looking methodologies that enhance an organisations ability to anticipate and prepare for emerging security challenges.
To make it practical, the implementation in a real world example of an airport will be considered where there is already high levels of security, while remaining a complex dynamic environment and attractive target for adversaries.
In the field of physical security risk management, the Sigma-Delta method stands as a strategic approach in Horizon Scanning. This method intricately combines the analysis of both constant factors (Sigma) and dynamic elements (Delta) within a security context. By doing so, it empowers organisations to develop a thorough and up-to-date understanding of their security landscape.
This understanding is crucial for effectively managing persistent and emerging threats. Horizon Scanning, when applied through the Sigma-Delta lens, involves identifying early signs of change and potential disruptions. This approach is particularly valuable in environments where security conditions are evolving, as it aids in predicting future security challenges and opportunities. Consequently, it guides organisations in proactively preparing for emerging risks in the security domain.
Unpacking constants (Sigma): Sigma represents the enduring, unchanging elements of a security environment. These elements form the bedrock of a security strategy and include factors such as an organisation’s foundational values, established security policies, the physical layout of a premises, and the historical threat landscape. Sigma elements are the security cornerstones, offering stability and consistency in a security framework.
Embracing variables (Delta): On the flip side, Delta factors symbolise the fluid, dynamic elements in the security landscape. These are the changes and trends that can transform the risk profile of an organisation. They include the advent of new technologies, shifts in social or political climates, emerging criminal tactics, and evolving cyber threats. Keeping an eye on Delta factors is crucial for staying ahead of potential risks and adapting Security strategies in real time.
Image credit: PantherMedia/AlamyStock
To illustrate the Sigma-Delta Scan Architecture in action, consider an international airport, a complex setting rife with diverse security challenges. Here, the Sigma elements, or constants, include the airport’s longstanding physical infrastructure like terminals and runways, established aviation security regulations, and consistent passenger behaviours derived from historical data. These stable components form the foundation of the airport’s security framework.
In contrast, the Delta elements, or variables, represent the evolving aspects of the airport’s security environment. This includes the adoption of new technologies such as full-body scanners and AI-based surveillance systems, shifts in geopolitical climates affecting security threat levels, and adaptations to health crises like the COVID-19 pandemic, which impact passenger flow and screening processes.
Applying the Sigma-Delta Scan in this context involves a two-pronged approach. Firstly, anchoring in Sigma requires maintaining and updating the foundational elements like infrastructure and regulatory compliance. This might involve regular reviews of emergency protocols and ensuring adherence to global security standards. Secondly, navigating Delta focuses on adaptability and responsiveness to change. This includes integrating technological innovations for enhanced threat detection and revising security procedures to address new challenges like health emergencies.
Navigating Delta: Here, the focus is on agility and adaptability. It’s about being able to embrace technological advancements to bolster threat detection and modifying procedures in the face of new challenges, like a global health crisis.
By harmoniously blending Sigma’s stability with Delta’s dynamism, an organisation can craft a robust security posture that is both rooted in proven practices and nimble enough to tackle emerging threats. This balanced approach ensures a thorough and adaptive risk mitigation, marrying the need for foundational security measures with the flexibility to navigate the ever-changing risk landscape.
The Sigma-Delta Scan Architecture stands out for its comprehensive approach, considering both stable and evolving elements in the security landscape. This dual focus is its greatest strength, enabling proactive anticipation and preparation for future threats.
However, the complexity of balancing constant (Sigma) and variable (Delta) factors can be challenging, requiring deep expertise and significant resources for effective implementation. While versatile, its effectiveness hinges on the analytical skills of the security team and the agility of management, making it a resource-intensive method.
Maturity Modelling in the realm of physical security is a journey, not just a destination. It’s about evaluating and evolving the sophistication and effectiveness of an organisation’s security measures. This model is not static; it’s a progressive path leading from basic, reactive measures to advanced, proactive strategies. It involves assessing and enhancing various dimensions of security, like policy compliance, technology integration, and incident response capabilities.
In Maturity Modelling, there’s always a next step, a new level to aspire to. It’s about nurturing security strategies, allowing them to grow and adapt to the changing environment. This approach ensures that an organisations security posture doesn’t just respond to the current threats but is also prepared to meet future challenges.
As the organisation progress through each stage, it organization becomes more resilient, agile, and equipped to handle the complexities of modern security risks.
Maturity Modelling in security can be visualised as a journey from basic, reactive measures to a more developed, proactive stance. This progression occurs through distinct stages, each representing a leap forward in managing and mitigating security risks.
In the context of an airport, a dynamic and complex environment, the application of Maturity Modelling reveals its transformative potential to addressing security risk. At the outset, an airport might rely on fundamental security measures, such as basic passenger screening and standard surveillance, with a primary focus on reacting to immediate threats. This initial stage, while essential, only addresses surface-level security concerns and lacks depth in strategy.
As the model is applied over time, the airport’s security posture matures significantly. Advancing through the stages of Maturity Modelling, the airport adopts more nuanced and proactive security measures.
This could includes implementing advanced technologies such as AI-based threat detection, conducting comprehensive training programs for staff, and developing integrated response strategies. The culmination of this journey is an airport that not only responds to existing threats but also actively anticipates and prepares for future challenges, such as cyber threats and evolving terrorist tactics.
While Maturity Modelling provides a structured framework for enhancing security measures and encourages continual improvement, its application is not without challenges. The gradual nature of this progression can sometimes overshadow immediate security needs.
Furthermore, realising the full potential of Maturity Modelling requires a deep commitment across all organisational levels, a requirement that can be challenging to fulfil in some settings. Despite these potential hurdles, the model’s ability to transform a reactive security stance into a forward-thinking, proactive approach makes it a valuable tool in complex environments.
Image credit: Andriy Popov
Red Teaming and Blue Teaming combines both an inside out and an outside in view of the security strategy, two pivotal, yet distinct, elements working in tandem. Red Teaming, embracing the role of a potential attacker, seeks to creatively identify and exploit security vulnerabilities.
This involves thinking like an adversary, using unconventional tactics to challenge and probe an organisations defences. The aim is to uncover hidden weaknesses, which might be overlooked during a standard risk assessment.
Conversely, Blue Teaming takes on the defender’s mantle, analysing and responding to the simulated attacks staged by the Red Team. Their focus is on reinforcing the organisations security measures, learning from the Red Team’s strategies to bolster defences. This continuous cycle of attack and defence ensures that the organisation is prepared not only for current threats but is also equipped to handle evolving challenges.
When applied to an airport, the advantages of this collaborative approach between Red and Blue Teaming becomes evident.
The Red Team, in this context, can simulate a wide range of threats. These could range from physical security breaches within the airport’s terminals to sophisticated cyber-attacks targeting its security infrastructure. Their objective is to rigorously test every facet of the airport’s security apparatus, from passenger screening processes to the robustness of Security Systems digital networks.
In response, the Blue Team engages in a thorough analysis of these simulated attacks. Their actions may involve strengthening the airport’s surveillance systems, enhancing cybersecurity measures, and refining emergency response protocols.
The overarching goal is to ensure that the airport’s defences are not only solid against known threats but are also flexible and resilient enough to counter new and unforeseen attack methods.
The integration of Red and Blue Teaming offers a dynamic, real-world framework for testing and enhancing security strategies. This approach ensures a balanced perspective, where offensive and defensive strategies inform and strengthen each other.
While highly beneficial in providing practical insights and maintaining agility in security measures, this approach requires substantial resources and meticulous planning. Additionally, regular updates and clear communication between teams are essential to avoid complacency and internal conflicts. Ultimately, this dual approach can develop a security strategy that keeps a step ahead in the rapidly evolving landscape of security threats and solutions.
Every day the world becomes a bit more complex. The greater the complexity, the more numerous the risks, for each new layer adds potential for unforeseen challenges and vulnerabilities The Delphi Method is basically a collaborative forecasting tool applied to the realm of planning, particularly suited for complex challenges.
It leverages the diverse expertise of a group of professionals, drawing on their collective experiences and insights to predict and prepare for future security challenges. This method stands out for its structured and iterative nature, involving multiple rounds of questionnaires where experts share, refine, and eventually converge their views towards a well-informed consensus.
Picture a scenario where each expert at the table contributes a distinct perspective to the security puzzle. The Delphi Method orchestrates this expert dialogue in a methodical fashion. Through repeated rounds of surveys and feedback, these varied viewpoints are gradually aligned, leading to a deeper and more comprehensive understanding of potential future security scenarios.
It is best applied to larger organisations with complex operations and diverse, evolving security concerns.
Image credit: Unsplash/Jeshoots
Again making use of an Airport as a practical example, management might gather a panel of experts from fields such as cybersecurity, counter-terrorism, aviation safety, and passenger behaviour analysis. Initially, they might be asked to identify emerging threats, with predictions ranging from cyber threats to new terrorism forms or issues like unauthorised drone activity near airspace.
Subsequent rounds delve deeper, prompting experts to refine their forecasts based on shared feedback and knowledge of global trends. Each offering a piece of the puzzle based on their knowledge of a specific field This iterative process eventually leads to a consensus, offering a detailed view of future security challenges and shaping the airport’s long-term security strategies.
The Delphi Method excels in harnessing expert opinions to forecast complex security challenges, building consensus through collaborative decision-making. This method is adaptable to multifaceted issues and provides well-rounded insights. Nevertheless, the process can be lengthy and is susceptible to group biases. The effectiveness of the Delphi Method greatly depends on the careful selection of a diverse and relevant panel of experts, making the choice of participants crucial to its success.
By integrating these advanced techniques, organisations can develop a security strategy that is not only robust in the face of current challenges but also agile and adaptable for the uncertainties of tomorrow. Security is not a static endeavour; it’s a dynamic, ongoing process that requires constant vigilance and adaptation.
In the end, remember the mantra that ‘context matters.’ While these processes and strategies are consistent, the way they are applied must be tailored to fit the unique context of each organisation and the specific challenges it faces. By doing so, organisations can ensure they are not just responding to the past but are ready and resilient for the future.
The physical access control market is moving fast. Find out where you stand with the latest edition of IFSEC Insider's comprehensive 2022 State of Physical Access Control trend report, covering all the latest developments within the market. We assess the current technology in use, upgrade plans and challenges, and major trends on the horizon after receiving the views of over 1000 security, facilities and IT professionals.
Get your copy for free today.
