After the attack on the Benghazi mission and the tragic mass shooting at Sandy Hook Elementary, its apparent that what these two terrible incidents have in common is that security was not adequate.
In Benghazi, after the hearings and the pundits and speculation, the bottom line is that there was insufficient security. In-place security controls were not sufficient to deter an attack, and the emergency controls were also not sufficient to recover and deal with the emergency attack.
In Newtown, at Sandy Hook Elementary, security was inadequate. Security people often say that security is just as good as the weakest link, and despite adding new security controls, it was defeated because of the glass entry. The shooter wasn’t allowed in so he simply broke the glass. That slowed him up by 2 minutes, maybe. Also backup security controls were non-existent. The shooter was observed and still there was no effective response.
There are three elements to security – DETER, DENY and RESPOND:
DETER – means to make the facility look too difficult to attack, and so the attacker thinks it’s too hard and goes away.
DENY – means that it is impossible for the attacker to get into the facility to launch an attack.
RESPOND/PROTECT means that after the attack is launched, the facility can defend itself, or to protect the individuals and/or property inside the facility.
Both Benghazi and Newtown did not deter, didn’t deny access, and didn’t have an adequate security response.
The Newtown shooting showed that this school, like many others across the country, had a false sense of security, because while some security elements were in place, the shooter easily entered the school, making the other elements irrelevant and him to inflict mass casualties.
In both cases, the response was not adequate, it was ‘too little too late’. And ‘too late’ means the attack can’t be stopped or contained.
The WHY is easy, because the security budget was inadequate. These facilities did not have adequate risk assessments that could have demonstrated the critical assets contained within them. What is more critical than classrooms of 6 year old children? What is more critical than a State department facility with a U.S. ambassador inside? Yet both didn’t have the protective security controls they deserved because their wasn’t enough budget for enough security.
Another element these incidents have in common is that they are both government facilities. Yes, one was the Federal government and one was a local school district – but they both had the same problem of being short on budgets. And when organizations are short on budgets, security is one of the first things to get their funding cut, or reduced.
Every facility needs a SECURITY risk assessment up front, how else can you allocate the funding and make sure that there is ENOUGH security in place to protect our most critical assets, our children?