The holistic security information in a 182 page reference manual is about proactive threat mitigation, vulnerability assessment, and the protection of assets against intentional destruction. Holistic refers to the integration of a wide array of three-dimensional protective layers and systems from the technical aspects of CCTV, fences, locks, and cyber security to the psychological and physical aspects of surviving a terrorist attack. A critical key to protecting America’s infrastructure, government facilities, businesses, and population is to educate oneself and others — that is, to gather public domain intelligence about the threat. The document’s purpose is to understand the genesis of the problem and to recognize security weaknesses in order to make informed decisions related to asset protection and the safety of the public.

What is the magnitude of the threat? Should the United States be worried when only five percent of the cargo that enters its ports is inspected, or when security at nuclear power plants is dismally inadequate? Possessing quality information is a definite attribute that can mean the difference between success and failure — and now is the time to proactively arm oneself with relevant and accurate information, or at least the sources of such information. Simply, this is the ancient Chinese philosophy of knowing your enemy and yourself. If you know both, you will generally succeed; if you know neither, you will never succeed, and if you know only one of the two, you will only sometimes succeed.

Information must be gathered about proactive and reactive security methods, procedures, planning, firewalls and responses at all levels and depths. The security of the individual infrastructure, facility or business must be assessed and the technology for “holistically” protecting it must be tailored to the results of the assessment. For many large infrastructures, this has already been done (some mandated by federal law), or is at least an ongoing effort. However, for many of the smaller infrastructures, the security problem has not been seriously nor completely addressed. Furthermore, the planning and preparedness against terrorist activity for manufacturing and businesses are woefully lacking. About 85 percent of all privately-owned infrastructures and facilities have inadequate security and are easily vulnerable to attack. Most do not consider themselves targets and are not willing to spend the money to implement and install the necessary safeguards. Their rationale (i.e., safety in numbers) is that statistically, in a probabilistic sense, they are not a target.

Global terrorism has a long history and it is not expected to go away tomorrow. The United States ill-planned invasion and seemingly endless occupation of Iraq (based on faulty WMD and terrorist intelligence) has undoubtedly precipitated the growth of a new generation of anti-American terrorists around the world. Although security is being tightened on many fronts and new counter-measures are being implemented, upgraded, and installed, simple but ingenious attacks, such as the 1993 and 2001 World Trade Center (Twin Towers) attacks against Americans and American property are undoubtedly in the planning stages now. These future attacks will be much less frequent than the non-terrorist sabotage attacks seen at industrial sites (primarily disgruntled employee problems) but they will be much more devastating. If an amateur geek 15-year-old boy in Canada with minimal, if any, hacking expertise can paralyze the Internet and bring billion-dollar businesses to their knees from his bedroom computer, imagine what a sophisticated internet attack by skilled terrorists can accomplish. If an employer does not believe that background checks should be part of the hiring process and unknowingly hires someone with a criminal history, this may spell future trouble related to sabotage or terrorism. A newly-hired terrorist may engage in fraud, identity theft or hacking of computers and confidential information. The result could either fund terrorist activity or allow vulnerabilities to facilitate an attack. The potential is there and it can happen. Thus, this list of references is intended to reside on the desk of every facility manager, government official at any level, business executive, public utility commissioner, security professional, and threat assessor and any other person who has direct or indirect responsibility to protect assets.

The reference manual is available in print or as a download.