Our previous blog defined risk as a combination of threat, vulnerability and consequences.  This week, I’d like to focus on threat.

When one hears “threat” in a security discussion, the natural tendency is to equate threat to whatever powerful, overseas terrorist organization is currently in the news.  While those organizations certainly mean us harm, ending the discussion there overlooks many possible threats, and leaves us with little understanding of actions we can take. 

A better approach is to create categories that help us identify and describe threats, and then use that understanding to reduce risk.  Bucketing threats by where they originate – internally, locally, or globally, is one method. 

  • Internal threats originate within the fence line of our facilities, or the gunwales of our ships.  They could be employees, contractors, customers or crew with a deliberate intent to cause harm, or they could simply be careless in keeping the gates closed and the hatches locked down when required. 
  • Local threats originate nearby.  Are you in a high crime area, are there drug gangs or other organized criminal operations?  Is the area known for civil disobedience?  Could the properties outside your gates be used for surveillance, a staging area, or might they be a target themselves, with you as the conduit – or collateral damage? 

And remember the waterside!  What is the mix of recreational and commercial vessel traffic in the area?  Would an unusual vessel stand out?  Are there dive shops nearby?  Are the water conditions such that an underwater threat is plausible? 

  • For global threats, we don’t need our own spy network to make some useful observations, just pay attention to the news.  Package bombs, mass shootings and the use of vehicles against pedestrians have all been, or continue to be, common threats.  “Lone wolf” and copycat attacks mean that we can identify these as plausible threats even if we know nothing about the individuals who might carry them out.  What has changed in the world since your last risk assessment that might suggest a new threat? 

At Seebald & Associates, we help our clients identify threats and imagine how they might play out against their business operations.  Results are best when the company can provide personnel from across their business enterprise – operators, managers, labor, IT/cyber specialists, and others.  A diverse team ensures that the group will identify threats that a narrower group won’t think of.  A diverse group also helps identify diverse solutions. 

Tune in to this website next week for a discussion of vulnerability – or, what is our exposure to all of those threats?