All entries for November 2016

CARVER Washington DC Training Courses Announced for 2017 in Tysons Corner, Virginia

April 11-13, 2017
June 13-15, 2017
August 15-17, 2017
October 10-12, 2017

Each course is limited to 8 attendees | Register Below Today!

The CARVER Target Analysis and Vulnerability Assessment™ training courseCARVER Target Analysis and Vulnerability Assessment™ training course, offered by Security Management International, is an interactive three-day course on conducting facility threat and vulnerability assessments. CARVER Washington DC is a nationally recognized target analysis and vulnerability assessment methodology used extensively by the military, intelligence and law enforcement community and the Department of Homeland Security in its Automated Critical Asset Management System.

The course is run by Leo Labaj, SMI Director of Critical Infrastructure Protection. With 40 years of government and commercial experience, Mr. Labaj is a veteran of the U.S. Navy, the Air National Guard and the Central Intelligence Agency. He has managed research and development programs and applied science projects for the Department of Defense, the Department of Energy, the Intelligence Community, and federal, state and local law enforcement agencies.


CARVER Washington DC identifies assets most attractive to attack by an adversary based upon key factors:
Criticality – Single points of failure and degree of importance to system operations.
Accessibility – Ease of access to critical assets.
Recoverability – The time and effort to recover system operations after an adverse event.
Vulnerability – Level of exposure to attack based on adversary capability.
Effect – Magnitude of adverse consequences resulting from malicious actions and subsequent responses.
Recognizability– Likelihood that potential adversaries would recognize that an asset is critical.

 


 

The Myth of Safety | The Fukushima Nuclear Disaster Five Years On

By Luke Bencie and Yuji Kumamaru

The March 11th, 2011 accident at the Fukushima Daiichi Nuclear Power Station (simply referred to in Japan as “3/11”) exposed vulnerabilities in Japan’s emergency preparedness and crisis response systems, which continue to linger five years after the horrific catastrophe. The devastating Tohoku earthquake, and subsequent massive tsunami, led to the the largest Level 7 nuclear accident since Chernobyl (by comparison it was 1/10th the radiation fallout of the 1986 Chernobyl event). As a result, nuclear reactor units 1 and 2, belonging to Tokyo Electric Power Company (TEPCO), suffered critical meltdowns, hydrogen explosions, not to mention the release of radioactive elements that blanketed nearby residential areas of the Fukushima Prefecture. Nearly twenty-thousand people died (90% of deaths were drownings) or disappeared as a result of the 9.0 magnitude earthquake and nearly 50-foot high tsunami wave, while another 150,000 were forced to evacuate from their homes. To this day, over 90% of the Fukushima residential areas have remained uninhabitable, drawing eerie comparisons to scenes out of post-apocalyptic movies.

So what happened? Why did Japan – a country epitomized by its traditions of efficiency and quality assurance – fall victim to a lack of foresight and indecisiveness in the face of chaos? There was no emergency plan. The answers are various and complex, but to those in the world of emergency preparedness, one phrase best summarizes the confusion… “The Myth of Safety.”

Emergency Preparedness and The Myth of Safety

“The Myth of Safety” essentially promulgates the idea that the nuclear industry is so critical and sophisticated, that surely redundancies for security and safety, as well as every conceivable emergency response protocol, have been tediously thought out and tirelessly exercised to ensure maximum safety to operations and the civilian population who reside within nuclear areas. As a result, when the events of 3/11 began to unfold, the TEPCO and Nuclear Safety Commission (NSC) emergency response manuals had no such contingencies for unusually high tsunami waves. For example, the protective concrete walls of the plants along the water were built to a height of 19 feet, while the wave that struck the Fukushima Daiichi Plant was an incredible 49 feet. Furthermore, it was concluded that a loss of AC power, or even what to do in the event that the nuclear reactors began to boil away their coolant, were too improbable to happen – until they did!

According to the Independent Investigation Commission on the Fukushima Nuclear Accident, published in 2014 by a civilian lead coalition, in conjunction with the Bulletin of Atomic Scientists and the Rebuild Japan Initiative Foundation:

“In 2010, for example, the government of Niigata Prefecture, on Japan’s western shores, made plans to conduct a joint earthquake and nuclear disaster drill. This was imminently sensible, since just three years before an offshore earthquake had temporarily shut down a TEPCO nuclear power station on the Niigata coastline. But the Nuclear and Industrial Safety Agency (NISA), the nation’s main nuclear regulator, advised the local government that a nuclear accident drill premised on an earthquake would cause ‘unnecessary anxiety and misunderstanding’ among residents. The prefecture instead conducted a joint drill premised on heavy snow.”

Relying On ""If it Has Never Happened Before..." Emergency Plan

Rather than being accused of fear mongering, TEPCO and the Japanese government continued along their steady path of relying upon a belief that if it has never happened before, there is no need to prepare for such an event in the future. Unfortunately, by not considering and training for – much less talking about – worst case scenarios, Japan fell victim to a chain reaction of failures that has lead to billions of dollars’ worth of property damage, a mass migration of the population, an expected forty years’ worth of clean up efforts, fifty-three of the nation’s fifty-six nuclear power plants being taken off line indefinitely, and most significantly, the long-term effects of radiation exposure to Fukushima residents and employees.

Could planning have solved every predictable challenge that fateful day in March? Probably not. Natural disasters are often the most difficult threats facing any emergency responder. However, as General Dwight Eisenhower so famously stated, “Plans are useless, but planning is indispensable.” Had the Japanese Government and TEPCO been more forward looking with their crisis response planning, they might not have encountered as many difficulties as they did.

Just some of the major response failures of the Fukushima Daiichi Nuclear Power Station Disaster included:

  • Lack of information-sharing systems - When the incident first occurred, information was insufficiently passed between the various public and private sector partners, as well as to the civilian population. The System of Prediction for Environmental Emergency Dose Information (SPEEDI) was the government agency especially assigned to pass information to the public about any accidental release of radioactive material. During the crisis, SPEEDI was unable to pass critical information in a timely fashion.
  • Poor decision-making – During the disaster, it was stated that some orders were ignored, or even flatly disobeyed. Much of the confusion came from the simple question of who was actually in charge.
  • Senior leadership was making tactical decisions rather than strategic ones - It was noted that during the disaster that, Prime Minister Kan spent time trying to personally locate and order portable battery units in an attempt to keep power running to the reactor pumps, rather than managing the larger picture of the unfolding situation.
  • No standardized communications system was in place – There were no uniform radio systems encompassing various government response agencies, leading to poor communication between teams on-the-ground, as well as in command centers.
  • No mass casualty plan was previously established – a standardized, nationwide, response protocol - much like the US National Incident Management System (NIMS) or the Incident Command System (ICS) - would have allowed responders from different jurisdictions to respond seamlessly by knowing their roles and responsibilities.
  • The use of social media was employed only in one direction – Despite using social media platforms to relay informational messages, the Japanese government did not monitor responses on social media to determine feedback from residents on-the-ground. This simple step would have provided them with much needed intelligence.

Of course, it is very easy to pass judgment against TEPCO and the Japanese Government five years after the accident at Fukushima. Accordingly, anyone can “Monday Morning Quarterback” the response efforts from afar. It is not the intention of this article to spread blame or point fingers. Rather, the events of this tragic historical event should be put into context as a means of case study and improvement. Much like the terrorist attacks of September 11th, 2001 led to exponential enhancements in the security posture of the United States, 3/11 should also be a catalyst for change in Japan.

Per the testimony delivered to Parliament by the Independent Investigation Commission on the Fukushima Nuclear Accident, the following recommendations should be enacted:

  • Establish a permanent committee in National Diet (Parliament) to oversee the regulators, with regular investigations and hearings.
  • Reform of the crisis management system, making boundaries between responsibilities of local and national governments and the operators clear, and establishing clear chain of command in emergency situations.
  • Establish a system to deal with long-term public health effects, including monitoring and decontaminating radiation-affected areas.
  • Enact dramatic corporate reform of TEPCO and new relationships established among the electric power companies built on safety issues, mutual supervision and transparency.
  • Create a new regulatory body established on independence, transparency, professionalism, and consolidation of functions.
  • Reform of laws related to nuclear energy to meet global standards of safety, public health and welfare.
  • Develop a system of independent investigation commissions.

There is no question as to whether or not another earthquake will strike Japan. It could happen again at any time (in fact, a magnitude 7.3 earthquake recently struck the Kumamoto area on April 16th, leading to the death of approximately 50 people - most of them were crushed in a landslide). The magnitude could be worse than a 9.0 and the heights of a resulting tsunami could very well exceed 50 feet. The fact of the matter remains, failure to prepare means preparing to fail. Five years after the Fukushima Daiichi Nuclear Power Station Disaster, we can only hope that the Japanese government, as well as the Japanese private sector, have learned from their mistakes and will once and for all destroy the Myth of Safety.

Luke Bencie is the Managing Director of Security Management International, an intelligence advisory firm in the Washington DC area that specializes in global emergency response and crisis management. He can be reached at lbencie@smiconsultancy.com.

Yuji Kumamaru was formally the Deputy Fire Chief at US Army Regional Fire and Emergency Services at Camp Zama. He was the first Japanese national to hold this position, where he was responsible for $40B worth of US Government assets. Additionally, he built the first Japanese regional certified rookie firefighter academy, which was accredited by Texas Engineering Extension Service and the Department of Defense. Finally, per the request of the Japanese Government, Mr. Kumamaru obtained a translation and publication license from Oklahoma State University and the International Fire Service Training Association (IFSTA) to translate the 1600-page manual “Essentials of Firefighting and Fire Department Operations” (which took over 2,000 hours for him to complete). He can be reached at kumamaru@jerd.co.jp.

Additional Information

SMI also offers training courses for government, military, and business professionals. Click to find out more about our training courses including: Emergency PlanningCrisis ResponseThreat Detection & Terrorism AwarenessManaging the Threat of Explosive Devices, and Combating Terrorist Explosive Attacks.

In addition, SMI provides Security ConsultingSecurity Management, and Intellectual Property Protection for executives, business owners, and Fortune 500 companies.


The Dangers of Casual Conversation: Targeting International Business Travelers through Elicitation

Elicitation. A ploy where a seemingly normal conversation is contrived to extract information about the individual, their work, or their colleagues that is not readily available to the public.

“So, what do you do?”

How often have you been asked this seemingly innocent question on an airplane, at a dinner party, or some other random location where strangers might engage in conversation? You’ve probably even asked it to someone, yourself. Believe it or not, these five words have been the catalyst, which have derailed million dollar research and development projects, provided an increase in market share to business competitors, and even been instrumental in the financial success or failure of hundreds of corporations. The reason the question “So, what do you do?” is so powerful, is that it opens up a Pandora’s Box for business executives (particularly during travel) to disclose information that is of some intrinsic value to the person asking. Simply put, it is an invitation from business competitors, government intelligence services, and/or other types of nefarious individuals to get inside your head without you realizing it. It is all part of the subtle technique for extracting information known as elicitation.

Elicitation may seem like something out of a spy movie but it is actually more prevalent in the corporate world than one would imagine. In today’s hypercompetitive global business environment, any sliver of knowledge regarding a competitor’s intentions can be of extreme value. Ask any Fortune 500 security director what keeps him or her up at night and most answers will entail corporate espionage and the difficulty of safeguarding business intelligence and intellectual property. As a result, counter-espionage training courses for business executives have been steadily on the rise for the past decade. And don’t be fooled into thinking that it is just the international sales force or R&D scientists and engineers that require training… there are plenty of secretaries, administrative staff and field operations personnel who are equally targeted (often time with more success!)

How Elicitation Works

The elicitation process starts with the “elicitation operative” assessing the target. By asking direct, yet subtle, open-ended questions, the operative will usually assess the target in order to determine if the target has access to valuable information and whether or not they can be compromised. In some instances the casual encounter may actually be pre-planned. For example, the operative may learn that a business competitor is flying overseas on a certain date and will try to clandestinely reserve the seat next to him. Other times, the operative may just be canvassing a room – such as a trade show or convention floor – in an attempt to find an unsuspecting victim.

The elicitation method exploits several fundamental aspects of our human nature. Most of us want to be polite and helpful, so we usually respond to questions honestly, even when posed by complete strangers. When presented to us, we tend to take the opportunity to show off what we know and we are usually tempted to say more than we should. Many other factors may be reasons for us to say something. We might want to retaliate when our opinion is being challenged - in order to convert the other person’s stance, or we may be working on something important and feel the need to share that information to make ourselves feel more significant. In another scenario, the operative might tell us about himself or herself (women can actually be more effective than men) and we may feel the need to reciprocate out of politeness. We might feel the need to vent about our job or the people we work for. Whatever drives us to open up about our professional lives can have serious and unexpected consequences, which can be hard to avoid unless one knows exactly what to look for.

Common Elicitation Scenarios: International Travel Dangers

There are several scenarios the elicitation operative may use to convince you that he or she is a reliable or acceptable source to share the information with. They may pose as a reporter desiring to write a story about you or your company. This might seem like a senseless reason to disclose information, but a surprising number of people have fallen for this trick… most in an attempt to have their fifteen minutes of fame! Often times, the only way people may notice that they have been “conned” is if time passes and there is nothing in print. By this point it is certainly too late.

Another tactic may involve the operative pretending to be a government agent, running an investigation on either the company or a specific employee. Questioning from a government official often times evokes fear (think IRS) in people to come clean. Similarly, elicitation operatives may also often pretend to have their own business. They may ask to get to know you better for a potential partnership or employment opportunity. When the potential to make money presents itself, the majority of people drop their guard.

Another common problem is that we tend to weed out potential elicitators based on their ethnicity or gender. Take Ann Chapman for example. It is unlikely that anyone who saw the attractive redheaded model would have assumed that she was actually a spy for the Russian Foreign Intelligence Service. However, she was arrested in 2010 along with nine others and charged with conspiracy to act as an agent of a foreign government. It is this preconceived notion that a certain gender or ethnicity cannot possibly be a spy that has caused so many people to begin trusting and forming relationships with others when they were really being used for ulterior motives.

Another notable incident was the Maytag case in the late 90’s where elicitation played a major role in the intellectual property theft that cost Maytag millions of dollars. Maytag had been planning to come out with a washing machine that was more environmentally friendly and, unlike previous washing machine models, would be designed so the loading door would be on the front instead of on the top to be more energy efficient. Rival companies used various elicitation techniques in an attempt to gather more details about the project. One such method involved elicitation operatives, claiming to be college students, needing more information on the machine for their term papers. One employee received a phone call from an operative claiming to be an employee from another branch who needed the names of the people working on the project. Additionally, someone claiming to be from the local waterworks visited a test subject, who was using the washer at his home. The supposed waterworks employee asked to take a look at the man’s laundry room but never got the chance due to suspicious behavior.

Sometimes, elicitation doesn’t even have to be verbal… it can be written. One incident involved a university professor from a Southeast Asian country who taught a night class in Maryland. He asked his business administration students to write a paper on the company that they had worked for. One of the students ended up contacting the FBI, after the professor had asked her three times to expand her writing on the details of the company, including details about sensitive information.

How to Protect Yourself

Well-trained operatives can effectively utilize elicitation as a probing technique by playing on human traits. They are expert at getting you to drop your guard and unwittingly divulge information you should not, while leaving you thinking, "Wow, what a nice guy." Here are some telltale signs you're being elicited and assessed for suspect reasons. Look for these tactics in the elicitation operative:

Flatters you into revealing things that should make you suspicious about why a complete stranger would take so much interest in you, your family and your work ??Agrees with everything you say to a fault, always complimenting or sympathizing with you, or saying how interesting or intelligent you are ??Engages in active listening and sustained eye contact that makes you feel like you are the only person in the room, and what you are saying is of the utmost importance ??Avoids answering questions or talking about themselves ??Repeats and summarizes what you've said as if studying or learning from you, rather than engaging in a simple, casual back-and-forth conversation ??Puts you on the defensive from time to time, compelling you to prove you are well-informed ??Poses leading questions or summations, or intentionally misunderstands, a topic in which you are more knowledgeable or expert, in an attempt to elicit proprietary intelligence ??Takes their time to thoughtfully respond after you have spoken ??Offers to pay for the drinks, perform a small favor, or even promises to send you a gift ??Asks for another get-together

This is not to say that everyone with exceptional interpersonal skills is trying to elicit business intelligence and intellectual property from you, but it is important to remember that regardless of their motives, it doesn't make a lot of sense to confide in a complete stranger.

Conclusion

When engaged in a conversation with a stranger (or even someone who is not a stranger), you should always ask yourself, “Am I being elicited? What is this person's need to know?” Instead of handing out any specific answers you should resort to vague responses or try to change the subject. You can turn the conversation on the person by saying you “do not know”, or suggest that he or she “look it up online.” Ultimately, if you are not afraid to be honest or the operative is not giving up, be up front and say you “do not wish to discuss the subject at hand.” If an operative realizes you are not budging, you will most likely be left alone.

So the next time you’re on an airplane and the person sitting next to you asks, “So, what do you do?” pause for a moment and reflect on how you are going to answer. You never know if they could be an elicitation operative out to steal your secrets.

About the Author

Luke Bencie is the Managing Director of Security Management International, LLC. He regularly teaches courses on corporate espionage and has written a book, Among Enemies: Counter-Espionage for the Business Traveler. He can be reached atluke.bencie@smiconsultancy.com

SMI also offers training courses for executives and business travelers. Click to find out more about our Traveler Safety Courses including: Business Traveler Safety and Counter-Espionage CourseKidnapping and Awareness Course, and Hostile Travel Course.

In addition, SMI provides Security ConsultingSecurity Management, and Intellectual Property Protection for executives, business owners, and Fortune 500 companies.


Security Award Nomination for Training Initiative | Counter-Espionage for the Business Traveler

We are excited to announce that Security Management International, LLC's Counter-Espionage for the Business Traveler Course has been nominated for the 2016 Security and Fire Excellence Awards by... More »


Kidnapping Awareness | Why Less Bank Robberies is Dangerous

Why the Reduction in Bank Robberies is a Cause for Concern Kidnapping Awareness and Prevention: Why Less Bank Robberies is Dangerous Crime doesn’t pay. Not like it used to at least. In the last... More »


CARVER Virginia | How To Protect Infrastructure

As a nation, the United States has become addicted to the steady and dependable delivery of electrical power. Without electricity the world, as we know it, would cease to function (imagine no lights, television,... More »


SMI

ADDRESS

8300 Boone Boulevard
Suite 850, Vienna,
VA 22182 United States

Telephone : (703) 893-8000

info@smiconsultancy.com

Copyright © 2016 - 2018 SMI, LLC