View Full Version : Manic Article Search

Michael Harris
12-19-2005, 12:57 PM

I have collected a few articles or interest over the last few weeks. I know that I should have posted them immediately, buy my Criminal Law class and Police Management class took far too much of my time.

Michael Harris
12-19-2005, 12:59 PM
To All:

I have a few Theft-related articles for you to chew on.

"Theft Is Serious Business"
Houston Chronicle (10/16/05) P. 5; Doggett, Don

There are a number of measures that small businesses can take to protect themselves from employee theft, which is said to be one of the most common types of theft that small businesses experience. The first such measure should be conducting background and reference checks of job applicants, particularly those who will be handling money. Businesses should also make sure that inventory records are kept current, and audits should be conducted regularly, as these measures increase the chances that employee theft will be detected. Employees should be trained and supervised closely, and this training can include a presentation on the drawbacks of employee theft, such as the possibility that employees will lose their jobs or harm their reputations. Time locks, alarms, surveillance cameras, motion detectors, and central alarm systems are all effective tools for minimizing theft, and only a handful of employees should be given keys to the business. Two employees should be responsible for checking incoming inventory, which is a popular target for theft, and the employees should compare the log items received to the shipping ticket. Trash cartons should be checked and flattened to ensure that merchandise has not been hidden, and the receiving and shipping door should be locked when not being used. There are positive ways to discourage employees from stealing, and these include showing employees that they are valued--giving them discounts on merchandise, for example.

Q: I am experiencing some reduced income and, based on all my records, that should not be occurring. My only conclusion at this point is I am experiencing some employee theft. Any ideas on how best to deal with this problem?

A: No one likes to think a customer or employee would steal from a business.

Theft can cost your business a great deal of money.

It's up to you to implement systems and controls that will protect your business.

Employee theft is often cited as the most common type of theft within small businesses.

As a first step in theft prevention, carefully screen job applicants before hiring. Background and reference checks are especially crucial for positions in which the new hire will be handling money. Ideally, a background check should include a check of police records.

Next, keep up-to-date inventory records and perform audits regularly. Many firms audit quarterly, others biannually. Frequent audits enhance your chances of spotting and correcting problems. When records are poorly maintained, the chances of theft increase because the chance of getting caught decreases.

Incoming inventory is a target for theft. When inventory is received, have two people check it in. Log items received compared to the shipping ticket.

The two-employee inventory process helps verify the contents.

Flatten all trash cartons and spot-check cartons after hours to be sure no merchandise has been left inside such cartons.

Keep the shipping and receiving door locked whenever it's not in use.

You can also eliminate potential theft opportunities through careful training and supervision of employees.

Major losses can often occur when employees take merchandise after hours.

Only a few employees should have keys to the business. Installing time locks and alarms can also help prevent theft.

You may look into measures such as installation of a central alarm system, video cameras or motion detectors.

There are also positive ways to discourage employee theft.

For example, offer employees discounts on merchandise.

This can make employees feel valued.

If you do suspect a thief among your employees, document missing items. Hold a training session on the negative aspects of theft, including damage to the business, potential loss of job and a harmed reputation.

If the problem persists, report it to the authorities.

Don Doggett is a management counselor for SCORE, Counselors to America's Small Business, a volunteer, nonprofit association, and a partner of the U.S. Small Business Association. For information, go to www.scorehouston.org. Send your questions to: Small Business Houston Chronicle P.O. Box 4260 Houston, TX 77210.

"War on Shoplifting"
Mercury (AU) (10/13/05) P. 14; Choy, Heather Low

Police in Tasmania are offering retailers advice for guarding against shoplifters. "Staff should be aware of large groups of people entering shops and hanging around display cabinets or near expensive items," says Police Sgt. Darren Spinks, adding that this is a common tactic to distract store employees as other shoplifters remove security tags from merchandise or steal items. In addition, business owners are advised to always keep display cases locked, to train their employees to be aware of shoplifting tactics, and to install surveillance cameras and/or security mirrors. Also, owners should be aware that shelving and signs can create clutter and blind spots that allow shoplifters to operate. CDs and DVDs should be displayed in dummy cases, shopping bags should be closed with receipts stapled to the outside of bags, signs should be placed to indicate that bags will be checked, clothing in and out of fitting rooms should be checked, and the rear areas of stores should remain locked during business hours.

"Survey: Shoplifting Losses Mount"
Tampa Bay Business Journal (12/06/05)

The University of Florida's latest National Retail Security Survey concludes that U.S. retailers lost nearly $31 billion to inventory shrinkage in 2004 and that employee theft remains the biggest source of shrinkage. Inventory shrinkage cost retailers 1.54 percent of their total annual sales in 2004, said University of Florida criminologist Richard Hollinger, who has led the survey for the past 15 years. Although employee theft declined slightly in 2004, the survey finds that shoplifting accounted for 34 percent of retail losses in 2004, compared with only 30.8 percent in 2000. The increase can be explained by organized retail crime, a new form of shoplifting that involves gangs of shoplifters who work in tandem to quickly steal large amounts of merchandise. Since the university began conducting the survey, "the percentage of inventory loss has declined in a fairly significant way," Hollinger said. However, "because the retail industry has grown, dollars lost to inventory shrinkage have actually increased," resulting in higher consumer prices, Hollinger explained.

Michael Harris
12-19-2005, 12:59 PM
To All:
I found an interesting article on the expectation of privacy (Not!).

"Court Upholds Bag Searches on Subways"
New York Daily News (12/03/05); Zambito, Thomas with Alison Gendar

Manhattan Federal Judge Richard Berman ruled on Dec. 2 that the city's almost five-month-old program for inspecting the bags of subway riders is constitutional. The New York Civil Liberties Union, which challenged the search policy, said it would appeal Berman's decision. Police have been performing random bag searches at some of New York City's stations since July, when fatal terror bombings in London's subway caused the New York Police Department to increase focus on the transit system. Riders can circumvent a search by turning around and going into another station without risk of being stopped.

Get ready to open that backpack again.

A Manhattan federal judge ruled yesterday that the city's nearly five-month-old program for inspecting subway riders' bags is constitutional.

"The need for implementing counterterrorism measures is indisputable, pressing, ongoing and evolving," Judge Richard Berman said in rejecting the New York Civil Liberties Union's challenge of the search policy.

"The decision's a victory in the fight against terrorism," Police Commissioner Raymond Kelly said. "Common sense prevailed."

The NYCLU said it will appeal Berman's 41-page ruling.

"The NYPD's unprecedented program of searching hundreds of thousands of innocent people using the New York City subway system violates one of our most basic freedoms," said NYCLU Executive Director Donna Lieberman.

Cops have been doing random bag searches at some of the city's 468 stations since July, when deadly terror bombings in London's subway led the NYPD to refocus on the transit system.

Riders can avoid a search by turning around and entering at another station without threat of being stopped.

Berman sided with Deputy Police Commissioners Michael Sheehan and David Cohen, who said even random searches were an effective deterrent against a terrorist strike.

Mayor Bloomberg praised the decision. "Unfortunately, we live in a time when terrorist attacks are a very real possibility, and we must be vigilant in our security measures," he said.

Michael Harris
12-19-2005, 01:02 PM
To All:

I have a handful of disaster and security articles for your reading pleasure.

"Disaster Preparedness Needs to Be Mandatory"
St. Louis Post-Dispatch (12/08/05); Dalin, Shera

Webster University professor of management Albert Marcella stated that even though disaster recovery and business continuity plans take a great deal of time to create, businesses should invest their time in the creation of these products because those larger firms without such plans only have a 20 percent to 30 percent survival rate after a disaster. Small businesses have a mere 5 percent survival rate after a disaster if they do not have a plan in place to keep the business afloat. Companies have begun storing documents and records offsite in an attempt to keep them protected from disaster, and some workers are even asked to backup data and take it to their homes for safe keeping. Insurance companies are now starting to offer incentives to businesses that backup their data or store their data offsite as part of a business continuity or disaster recovery plan. Alternative worksites are also a popular means of survival for many businesses, but businesses also should keep and up-to-date list of workers and their contact information. Moreover, all workers should be trained to keep the business afloat in case of or after a disaster, which means communication channels will have to be hammered out before disaster strikes, and those responsible for backing up consumer data and other information should be aware of how to access that data and reboot company systems as quickly as possible.

Disaster preparedness and recovery plans are time-consuming to create, but business owners should have them in place, no matter what size the company is.

Tornadoes, fires, floods, hail storms, power failures and even corporate theft can befall area companies, said Albert Marcella, professor of management at Webster University and author of "Business Continuity, Disaster Recovery and Incident Management Planning: A Resource for Ensuring Ongoing Enterprise Operation."

Businesses without a plan have about a 20 percent to 30 percent survival rate after a disaster, Marcella said. That number drops to about 5 percent for small businesses.

"You always have to have a 'plan B,'" he said.

Many business owners don't prepare for several reasons.

"It's painful, because it's time consuming," Marcella said. "The business owner has to look at his or her risks."

For some companies, the greatest assets might be physical, such as a plant or equipment. For others, the most valuable resources could be customer lists or data.

"I can replace an employee eventually, but I may not be able to recover that data. That could have a longer-term financial impact than losing an employee," Marcella said.

Lost data was the casualty for Diversified Foam Products Inc. of St. Louis. The manufacturer's plant burned Jan. 16, 2003, destroying everything.

"We've learned some lessons (about) storing documents and information off-site," said President Stanley Safron, who now keeps backup data at home.

Owners should set a value for their assets and spend no more than that amount on protecting them, Marcella said.

In the case of a full business continuity and recovery plan, the cost of creating and documenting the strategy can be $5,000 to $10,000. That figure rises to $70,000 to $100,000 for a large corporation, Marcella estimated.

"The question they need to ask is can they afford not to do it?" he said.

Some insurance companies give businesses breaks on their premiums for having such plans in place, he added.

Because of the complexity, plans can take six to 12 months to prepare, he said.

Elements include an alternative work site, known as a "hot site," in the same city or elsewhere in case of a regional disaster, such as an earthquake. Other factors include an eight- to 10-member recovery team of essential employees, job descriptions for each of them in case some cannot get to work, a list of contractors who could help with outsourced work and an estimate of how long the company can function without its technology, services or employees.

Maintaining a current list of employee home and cell phone numbers is essential, Marcella said. Keeping that list and a copy of the plan at the owner's house in a protected place, such as a fireproof lock box, is also a good idea, he said.

Business owners should give a floor plan of their offices to fire and police departments along with a list of any hazardous chemicals on site.

Other factors to consider are designating recovery team members who are geographically dispersed and giving a copy of the plan to a trusted person who lives outside the region.

"The distribution should be highly controlled," he said, adding that only key people should have copies and perhaps only the sections that apply to them.

Business owners also should consider calamities of the man-made variety.

"A real disaster that most business owners don't consider is a disgruntled employee," Marcella said.

Such a person could steal private information, such as employee medical records, Social Security numbers or customer credit-card numbers, Marcella said.

Disaster preparedness tips
· Keep an updated list off-site of employees, their home and cell phone numbers.
· Identify critical employees needed for ongoing operations, a recovery team.
· Consider alternative transportation for workers who live across the Mississippi or Missouri rivers. Bridges could fail.
· Train employees and their families on dealing with disasters.
· Set up transportation plans for moving workers off-site and how to pay for it.
· Have a calling tree to contact all employees.
· Tell your staff which radio station will have announcements about the company.
· Designate a spokesman to handle media questions.
· Do a critical document inventory, such as business licenses, customer list, contact lists, credit card numbers, and credit card statements. Regularly update it.
· Back up and store off-site original documents in a tamper-proof, locked box.

Additional resources and sample plans:
· Disaster Recovery Journal www.drj.com
· Small Business Administration disaster planning www.sba.gov/disaster/getready.html
· American Red Cross Guide for Business and Industry http://www.redcross.org/

"Abductions for Ransom Soar in Haiti"
Miami Herald (12/07/05); Mozingo, Joe jmozingo@herald.com

Colombia has been surpassed by Haiti as the country with the greatest ransom-kidnapping problem in the world. "It is worse now than we ever saw in Colombia," says Miami-based FBI supervisory agent Alejandro Barbeito, the head of an FBI kidnapping-case squad. The FBI normally handles cases of American citizens being kidnapped in foreign countries, and several Americans have been abducted in Haiti in recent months. Kidnappers in Haiti are targeting anyone with even a small amount of money, compared with kidnappers in Colombia who carefully select their targets and demand large ransoms or political considerations. Colombian kidnappers tend to be highly organized paramilitary groups that are capable of holding hostages for years in the jungle, whereas Haitian kidnappers are criminals who are unable to feed hostages for months at a time and are normally looking only for quick money. Recently, American missionary Wes Morgan and his driver were released by a group of kidnapers after his church group paid a $10,000 ransom. Morgan and his driver were held in a slum in Cite Soleil and they were sometimes guarded loosely, but Morgan did not try to escape because he feared he would not be able to escape the lawless slum.

Haiti has replaced Colombia as the kidnapping capital of the hemisphere. Anyone who has any money is at risk of being snatched.

PORT-AU-PRINCE – On a cool morning in October, an American missionary named Wes Morgan was riding in his church's Toyota 4-Runner when three gunmen stormed up to the vehicle. One put a pistol to his face.

Another shoved his Haitian driver into the back seat and took the wheel. Within 10 minutes, the 53-year-old from North Carolina said, he was driven into the Haitian capital's Cité Soleil slum as two of the kidnappers hung out the back windows and shot into the air to celebrate his capture.

Among Haiti's litany of woes, kidnapping has surged into an epidemic in recent months, with an estimated eight to 10 people abducted for ransom every day -- including 25 U.S. citizens just since April -- according to the FBI. The 25 were later released, the FBI added, but three other Americans were killed trying to resist apparent kidnapping attempts.

Security experts say the rate of kidnappings in this country of 8.1 million people now dwarfs the notoriously high levels in Colombia, a nation of 43 million people where about 2,200 abductions were reported in 2003.

In just one day last week, U.S. missionary Phillip Snyder and 11 children in a school bus were kidnapped in separate incidents. The students were freed hours later under unclear circumstances, and Snyder was released the following day. Haitian media reports said he paid an unknown ransom.

''He's out, he's safe,'' said Alejandro Barbeito, an FBI supervisory special agent in Miami who heads one of the three bureau squads that deploy for foreign cases like Snyder's. FBI agents routinely help when U.S. citizens are kidnapped abroad.

While the FBI said there's no indication that Americans are specifically targeted in Haiti, kidnappings have become such a common method for criminals to get money in this abjectly poor nation that anyone with even scant wealth is at risk.

''As far as numbers, it is worse now in Haiti than we ever saw in Colombia,'' Barbeito said.

The U.S. citizens taken hostage are mostly Haitian Americans living here or visiting family, including a New York State trooper who was abducted in August and later freed, the FBI says. Often, the victims are children snatched to extort their parents.

More and more, they report being taken to Cité Soleil, a slum neighborhood so dominated by armed gangs that Haitian police almost never go there. U.N. peacekeepers have tried to seal off the area but kidnappers can still move in and out. Morgan says that when he was abducted, his vehicle didn't pass a single U.N. checkpoint on the way into the slum. Snyder was also held there.

The Haitian Red Cross appears to be one of the few groups that can move about the slum freely. After Snyder was shot in the arm, a Red Cross medic treated his wound, his family said.

The abductions are just one prong of the violence that has dogged Port-au-Prince since an armed rebellion ousted President JeanBertrand Aristide last year. While the security situation has improved in recent months, the chaos in Cité Soleil continues despite the presence in Haiti of nearly 8,000 U.N. peacekeepers.

''Cité Soleil is the deepest wound in Haiti's belly,'' said Juan Gabriel Valdés, the U.N. Special Envoy to Haiti, in an interview with The Herald last week. He called it the most ''complicated problem'' facing the U.N. mission here.

The rash of abducted Americans, meanwhile, has made Haiti the No. 1 destination for FBI kidnap investigators like Barbeito's squad. Its members advise families on negotiating with captors, help the local authorities, and arrange for FBI evidence teams that can build cases against the kidnappers.

On Oct. 7, they flew two kidnapping defendants to Washington, where they were indicted for holding a 9-year-old Haitian-American girl for a week, Barbeito said. Yves Jean Louis, 24, and Ernso Louis, 19, allegedly took the girl from her bed while she was sleeping at her family home and demanded $200,000. She was rescued after a tip to police.

Both the FBI and U.S. State Department praise the new Haitian National Police chief, Mario Andresol, for working closely with U.S. agents and going after some officers allegedly involved in the kidnappings. Andresol has ordered the arrests of more than 20 officers on charges of kidnapping, drug trafficking, and murder, according to news reports.

But Haiti provides unique difficulties for the FBI agents. In many countries, they can zero in on the captors by tracking the location of their cellphones. But such analysis is difficult in Haiti because of its poor cellular system and telephone company record-keeping, agents said.

The nature of kidnapping in Haiti also is different.

In Colombia, for example, most abductions are carried out by highly organized guerrilla and paramilitary groups that carefully select their victims and demand large sums of money or political concessions, such as the release of government prisoners. Negotiations can go on for months.

'In Colombia, you're snatched and you're going to the jungle for `an ecological tour' for two years,'' said Barbeito. ``The infrastructure is in place to hold hostages for a long time.''

The largest rebel group, the Revolutionary Armed Forces of Colombia, or FARC, even has doctors for its hostages, he said.

But Haiti's kidnappers usually just want quick cash and don't have the means to feed a hostage for months, the FBI agent added.

Morgan, who said he has cancer and has had his stomach removed, needs to eat small doses every two hours. He was kidnapped Oct. 14, less than a week after getting out of chemotherapy.


The gunmen who captured him and his driver took them to a bare concrete shack in Cité Soleil where a gang leader waited with an M-16 assault rifle, Morgan recounted in an interview. The man leveled the gun between Morgan's eyes and said he would kill him if someone didn't pay $300,000.

The leader then left the pair under the guard of a man who had a pistol. Morgan said he called his church group, New Directions International, on his cellphone to tell them what happened. He described his captivity as loose -- he was allowed to step outside to urinate. He thought of escaping, he added, but figured he would never get out of the slum.

The church contacted the U.S. Embassy in Port-au-Prince, and the FBI began helping with the ransom negotiations, Morgan said. The same night as the kidnapping, Morgan and the driver were released after the church paid $10,000.

Morgan said his Haitian driver knew exactly where they were held in Cité Soleil. But because police cannot enter the slum without heavy U.N. military backing, the kidnappers remain free.

''You'd have to take over the whole neighborhood,'' Barbeito said.

"High-Rise Security Remains in the Spotlight"
Security Technology & Design (11/05) Vol. 15, No. 11, P. 62; Savage, Bill

High-rise buildings are inherently challenging to secure, beginning with the building lobby. Access control in the lobby should be thorough, but it also must be convenient and quick for employees who enter the building during the morning rush hour. An increasing number of high-rises are turning to optical turnstiles to provide this type of access control because the turnstiles allow only one person through at a time, thus preventing unauthorized people from sneaking into the building behind authorized cardholders who hold the door open for them. There are several types of turnstiles, including open-and-close glass barriers, turnstiles with lanes but no barriers, and wing-style retractable barriers, but whatever style of turnstile is used, care must be taken that applicable codes and ADA requirements are being followed. Some buildings maintain "exclusion lists" consisting of names and photos of individuals who are not welcome at the building, and these lists can be linked to national watch list databases. Multi-tenant commercial buildings often use programmable card readers to control access to the building's elevators, thereby restricting employees' access to certain floors of the building. Ideally, the high-rise owner or security director should choose a security integrator from the local area, one that is well-versed in the local area's building and fire codes. The security integrator also should have experience with high-rises, multi-tenant environments, and elevator companies.

"How to Act if You're Kidnapped"
CSO Magazine (12/05); Datz, Todd

In order to guard against the possibility of being kidnapped, executives can take several steps, including traveling with a security detail, minimizing the number of people who have knowledge of their itinerary, and ensuring that their whereabouts are not predictable. Executives who always stay in the same hotel or use the same travel routes make easier kidnapping targets, as do executives who use drivers in airports who hold up signs with the executive's name and company. Executives who are kidnapped should try to get information from their captors and use this information to their advantage so that the kidnappers will empathize with them. "The fact that you have children, family, go to church, are a compassionate person, anything that strikes to the heart of humanness, are important so they can't diminish who you are," says Kelly McCann, Kroll's senior vice president of security operations and training. Kidnapping victims should always be alert for ways to improve their circumstances or health, even if it is as simple as requesting a pillow and blanket. Kidnapping victims should try to figure out why they were kidnapped, whether the motivation was religious, financial, political, or a combination. Kidnapping victims are often transported to temporary holding locations before being taken to a long-term spot, and these intermediate locations often offer escape opportunities.

"Lessons from New Orleans: Banking on Recovery Plans"
Security Management (11/05) Vol. 49, No. 11, P. 78; Elliott, Robert

During the Hurricane Katrina disaster, the biggest issue facing the financial services sector was communications, particularly in New Orleans, where the whole 504 area code was out of service. This communications problem even prevented customers from using their credit cards and debit cards because these card transactions must be authenticated over the telecommunications network. The customers of one financial services company, Whitney Holding Corp., were able to use Whitney's online banking features to pay bills and handle their banking needs during the disaster. Whitney even increased its server capacity to handle the extra Web traffic for its online banking features, and it also ramped up the capacity of its call center. The disaster brought out a sense of cooperation among banks, with intact bank branches agreeing to share their physical space with competing branches that had been destroyed. Banks also made agreements that allowed them to cash the checks of competitors' customers up to a certain amount. Chad Driskell, director of government relations for the Mississippi Bankers Association, says that banks had no problem protecting their customers' assets, though getting services up and running again was challenging. Biff Motley, senior vice president of marketing and retail banking at Whitney, says that the main lesson banks can draw from Katrina is that reliable communications are essential during a disaster.

The financial services sector started girding up for Katrina well before the storm inflicted its 90,000-square-mile path of destruction. But no institution had an airtight plan for dealing with so fierce an onslaught.

“This was an extreme circumstance, so banks with even the very best, most thorough, and well-thought-out disaster plans found where the weaknesses were,” says Peter Gwaltney, chief executive officer of the Louisiana Bankers Association.

In New Orleans, bank buildings wallowed under eight feet of water in some of the hardest-hit areas, such as St. Bernard Parish. Of the 165 banks in Louisiana, 45 were directly affected by the storm.

In Mississippi, banks struggled with power outages and fuel shortages, while on the Gulf Coast several branch offices were annihilated. “Some of them lost everything they had in their main offices,” says Chad Driskell, director of government relations for the Mississippi Bankers Association.

Incommunicado. Communications quickly became the major issue crippling the financial services sector. In New Orleans, the entire 504 area code was wiped out, cutting off interplay between bank executives and their staff, and leaving customers trying to access their money with no way to do so.

“It’s clear that whether it was banking or emergency services, we were all subject to the inability of the 504 area code to work. That hurt,” says Biff Motley, senior vice president of marketing and retail banking at Whitney Holding Corp, a major New Orleans financial institution.

Customers who tried to use their credit or debit cards found them inoperable since they could not be authenticated over the telecommunications network. Cellular phone towers were also lost.

Relocations. Banks tried to set up alternative sites, but ran into barriers there as well. Getting to staff was one problem. “They had trouble communicating [with] and finding their people because of the way the evacuations went. I had one banker who had staff in 13 states,” says Gwaltney.

Another problem was the slow response time of telephone vendors. One solution was to go to other areas where there was telephone service and purchase boxes of cell phones to bring back to senior staff working out of places such as Baton Rouge or the North Shore. Whitney Holding Corporation bought a few hundred cellphones with Houston’s 713 area code and advertised the numbers for clients on its Web site. Satellite phones were also used, although selectively, considering their expense.

Many banks relocated their center of operations to places like Covington and Baton Rouge. Whitney initially placed 125 recovery people at its disaster recovery site in Houston, and it doubled the number after the storm hit.

Safe in Cyberspace. Motley says online banking served Whitney’s customers best during the emergency, allowing them to pay bills and conduct general banking. The bank added server capacity to handle the increase in the volume of online activity.

It was also forced to increase its call center capacity to cope with the flood of telephone queries. At a time like this, Motley explains, “People want reassurance. They want to make sure the bank is still there, that their money is safe and sound.”

Gathering Greenbacks. The need for the public to get cash did not arise immediately, and when it did, demand was satisfied in creative ways.

“It took a few days before anyone thought about cash,” says Gwaltney. That was simply because “before a storm, what typically happens is that people go to the grocery store, stock up their pantry, buy bottled water, and get some cash,” Gwaltney explains.

Driskell says that Mississippi customers who needed to write checks or access cash were able to do so within two days after the hurricane. Louisiana officials concurred. “There were never lines at banks and people clamoring for cash,” says Gwaltney.

Working Together. Community banks that lost entire branches partnered to share buildings. As many as five banks were squeezed into one branch, each putting out their plaques in front of a teller window.

“Depending on where you were, the size of your bank, [and] your specific disaster plan, every bank had their own issues,” says Gwaltney. “But the common denominator was that banks leaned on each other to ensure consumers were served.”

Banks also furnished temporary manufactured housing branches to replace destroyed branch locations and brought in mobile ATM networks.

Banks forged agreements between themselves to cash the checks of each other’s customers up to a certain amount. Community banks in particular relied on each other to serve as points of contact for their clients until they could get back on their feet.

Relaxing Red Tape. Financial institution standards were relaxed to allow people to receive payments, open accounts, and put debts on hold. The Federal Deposit Insurance Corporation (FDIC) called on banks to waive ATM, overdraft, and late fees; extend repayment terms; restructure existing loans or ease terms for new loans; defer payments; ease credit card limits; ease restrictions on check cashing; and be reasonable in verifying the identity of displaced persons trying to open accounts.

The evacuees posed an immediate problem since many had fled the storm minus their wallets and purses. To deal with that situation, banks slackened the identity process. Potential bank customers could be vouched for by friends or relatives, or were asked to get a duplicate driver’s license.

“They will enter the banking system in a less secure mode than banks are typically comfortable with, and that is something we don’t have answers for right now,” says Gwaltney. Commonly accepted practices under the Bank Secrecy Act were also skirted to serve immediate needs of customers.

In addition, the FDIC urged banks to take “not-on-us” checks, handwritten and typewritten Social Security checks, and handwritten Red Cross checks. The Social Security Administration issued laser Social Security checks in their Louisiana, Mississippi, and Alabama offices, which the FDIC encouraged banks to accept. Social Security personnel also went to Red Cross shelters to identify recipients and give them their checks. More allowances in the banking system are likely to be made as local authorities work in tandem with the federal government.

Going Forward. There are many questions yet to be resolved. The extent to which regulatory changes will be made to deal with the aftermath of Katrina remains up in the air.

“We’re talking to members of Congress, regulatory agencies, all the way up to the President himself,” says Gwaltney. “A lot of issues have been proposed by the American Bankers Association, America’s Community Bankers, the Independent Community Bankers of America, and state associations like ours and Mississippi and Alabama. We will keep developing them.”

One looming regulatory headache is the ability of the banks in the disaster area to handle the federal aid money that will come their way. Congress has authorized $60.5 billion to the Federal Emergency Management Agency for Katrina relief. As of mid-September, the Homeland Security Department had spent or committed at least $16.8 billion for hurricane relief. “With all the government and Red Cross assistance that will be forthcoming, plus insurance payments, we know our banks will literally be flooded with cash deposits,” said Driskell.

“That sounds like it would be absolutely wonderful for banks, but it does create regulatory problems when banks have huge influxes of cash.” Driskell and other officials have been seeking advice from bankers in Homestead, Florida, and other areas via daily conference calls, tapping them for their knowledge gained during Hurricane Andrew in 1992.

The bottom line is that banks handled the situation fairly well. Banks facing the hurricane had extensive disaster recovery and business resumption plans, including the common practice of housing backup data files at locations hundreds of miles away. “I think our industry has a very good story to tell as far as being back up running rapidly after this catastrophic event,” says John Hall, spokesman for the American Bankers Association.

And while getting services up and running was a challenge, protecting customer assets was not a problem, says Driskell, whose association represents 108 financial institutions holding 99 percent of Mississippi’s $40 billion in bank assets. Gwaltney says banks in Louisiana were able to protect client assets even as looters targeted their computers and desks. “All the money is in the vault. With personal information, the safeguards are there, and the data centers are usually off in other locations,” he notes.

But banks, like everyone else, were hindered by communications glitches. Gwaltney notes that during Katrina, first responders, individuals, and businesses suffered a lapse in contact in much the same way as they had during the September 11 attacks. “We’ve got to get our arms around this,” he says.

Whitney Holding Corporation’s Motley agrees that the importance of reliable communications for the financial services industry was the chief lesson to come out of Hurricane Katrina, noting: “You have to be resourceful, but in order to be resourceful, you have to have the communications element.”


Many governments and companies affected by Hurricane Katrina lacked adequate plans to deal with the disaster. But private industry was much more nimble than government in its response. The lessons from that effort should help businesses craft better emergency preparedness policies.

First and foremost, companies must ensure that their personnel are safe, and area businesses accomplished this in many ways, such as by hiring buses to evacuate employees, creating centers to help displaced staff, and continuing to pay salaries.

Another lesson is that companies must be self-sufficient and not rely on government help in the immediate aftermath. That means having several days of essential supplies on site as well as a way to provide backup electricity and communications.

Lessons were learned in sheltering strategies and risk mitigation as well. For example, people who had their own vehicles were helped by a newly implemented traffic flow plan—though vehicle evaluation worked less well three weeks later in Texas.

On the healthcare front, hospitals and community responders showed a lack of coordination in disaster preparedness. A model of good practice is provided at the healthcare system in Brevard County, Florida, however, where managers extensively plan for each upcoming hurricane season. Redundancy and drills are emphasized during the planning.

Katrina pummeled even the well-girded financial sector, cutting off customer use of credit and debit cards and forcing site relocations. But the industry showed its resiliency by relying on Internet transactions, sharing locations among various banks, and relaxing red tape, such as by easing restrictions on check cashing.

Once again, a major U.S. disaster exposed the weaknesses in first-responder communications. Two-way radios weren’t compatible among responders coming from different parts of the country. The good news is that new tools are on the way, including an Internet model for building interoperable technologies, the addition of features to satellite phones, and broadband networks instantly available to first responders.

"Air Marshals Shoot and Kill Passenger in Bomb Threat"
New York Times (12/08/05) P. A1; Goodnough, Abby; Wald, Matthew L.

Two federal air marshals aboard an airliner at Miami International Airport shot and killed a passenger who claimed he had a bomb in his backpack. The air marshals shot the man after he uttered the threats, ran from the plane and onto the jetway, and reached into his bag. Authorities later determined that the passenger, identified as 44-year-old Rigoberto Alpizar, did not have explosives in his bag. Alpizar's wife, who was aboard the flight with him, claims that her husband was bipolar and did not take his medication. Witnesses said that prior to the incident, Alpizar's wife received a phone call and briefly left the plane, acting "frantic.” Later, after his wife had returned, Alpizar suddenly ran from the back of the plane toward first class, with his wife following him. Alpizar then made the bomb threat and was confronted by the air marshals, who followed Alpizar as he ran from the plane, ordering him to the ground. "He then appeared to be reaching into a carry-on bag, and the air marshals proceeded consistent with their training," said a spokesman for the Homeland Security Department.

"JFK Screeners Find Bomb Residue, Let Man Go"
WCBS-TV (New York) (12/08/05); Weinberger, Scott

A man wearing suspicious looking high-top sneakers that tested positive for explosives was allowed to board an airliner--without his shoes--by security screeners at JFK airport last week. The security screeners waited several days before informing law enforcement about the incident, which occurred last Friday. The passenger's shoes were taped and had rubber bands sticking out of them, prompting a security screener to test the shoes for explosives. The testing resulted in a very high reading for explosives--"the highest ever," according to one federal source. The Transportation Security Administration confiscated the shoes but allowed the man to go on his way. Prior to reaching the security checkpoint, the man told U.S. immigration officials at the airport that his name was Gamal Badawi, but the officials were unable to access a computer system that matches travelers' fingerprints with terrorism watch databases. Therefore, Badawi's documents matched the information that was available, and he was allowed to proceed through U.S. Customs and to the security checkpoint. Badawi caught a flight to Iowa and has since been located and interrogated.

(CBS) QUEENS A man's sneakers tested positive for explosives at JFK airport. The sneakers were confiscated, but the man walked free. However, federal screeners didn’t tell any member of law enforcement what happened for days.

The man used the name Gamal Badawi with U.S. immigration officials last Friday at JFK airport. At the time, authorities were unable to use the computerized system that takes a visitor's fingerprints and checks it against various databases, including the terror watch list. As a result, Badawi’s documents checked out against the information locally available at JFK.

Federal sources told CBS 2 that Badawi passed through U.S. Customs and went into the airport to connect to a Delta flight to Iowa via Chicago. As he went through security, a Transportation Security Administration screener pulled Badawi out of the line.

Suspicious Sneakers

Badawi was wearing high-top sneakers that, CBS 2 was told, had tape around them and rubber-bands sticking out of them. The screener told Badawi to take off his sneakers. They were then checked for explosives, and airport sources told us that the reading for explosives was off the charts. "The highest ever," one federal source explained.

“Unless there’s more to the story, I don’t understand how this individual was let go without his sneakers,” said Robert Strang, CBS 2’s security expert.

Instead of holding Badawi, the TSA kept the sneakers and let him go. Badawi missed his original connection to Iowa. He had told the TSA screener that he was going to visit his brother there. He ended up, sources told CBS 2, spending the night at JFK and catching a flight on Saturday.

Investigators have located Badawi and have questioned him. There was no word about charges being filed.

"U.S. Is Given Failing Grades by 9/11 Panel"
Washington Post (12/06/05) P. A1; Eggen, Dan

The former Sept. 11 commission, which re-created itself as a private nonprofit to pressure Congress and the White House to act on its recommendations following the release of its best-selling "911 Commission Report," has issued a report card that marks its last official act, giving the federal government largely failing and mediocre marks as well as "incompletes” in its implementation of the panel's 41 main proposals. While the government received its highest mark, an A-, for its "vigorous effort against terrorist financing" and Bs and Cs for other efforts like the creation of a director of national intelligence and the ongoing presence in Afghanistan, it was heavily criticized for a host of failures largely blamed on political wrangling and bureaucracy. Panelists focused on two stalled measures in Congress, one that would give states with larger populations a greater share of federal homeland security funding -- current practice allots the money equally among states -- and the other, an amendment to a House bill reauthorizing the USA Patriot Act, that would place the focus for homeland security funding on risk assessments, a recommendation not included in a compromise bill due to opposition from small-state lawmakers. The panel also criticized Congress for failing to set aside a part of the broadcast spectrum solely for the use of first responders and said the FBI, which received a C, was restructuring itself too slowly. "We believe that the terrorists will strike again,” said panel chairman Thomas Kean. "If they do, and these reforms that might have prevented such an attack have not been implemented, what will our excuses be?"

Michael Harris
12-19-2005, 01:04 PM
"Keeping Mass Transit Ahead of the Curve"
Security Management (11/05) Vol. 49, No. 11, P. 83; Roberts, Marta

A multipronged security approach is necessary to protect mass transit from terrorists. This approach should integrate several elements, including K-9 units, high-tech solutions, and training programs. The Homeland Security Department says that K-9 units are the most effective tool for detecting explosives, and police note that K-9 units also help mass transit riders feel more secure. Transit systems in larger cities should be able to afford high-tech sensors that can help detect the presence of chemical agents or explosives. Surveillance cameras can help identify terrorism suspects after an incident has occurred, as the July terrorist attacks in London showed. Security experts say that the real goal of mass transit security is deterrence, explaining that terrorists look for easy targets and that large numbers of security cameras can help deter terrorists from attacking certain targets. Other effective deterrents include increasing the number of police officers protecting mass transit, conducting inspections, and training police to recognize suicide bombers by the common behaviors they exhibit. All mass transit personnel, including nonsecurity personnel, should receive anti-terrorism training, and the training for nonsecurity personnel should especially emphasize how to recognize threats, how to respond to threats, and who to call for help.

When four terrorists failed to detonate four bombs aboard three trains and one double-decker bus in downtown London, thousands of cameras captured images of the suspects, which were broadcast around the world. Using these images, police were able to apprehend the men within days of the incident.

The UK's experience illustrates how helpful CCTV can be in follow-up investigations. Security experts emphasize, however, that it’s only one of many tools that need to be arrayed to defend against terrorists. “You really have to be considering a completely integrated approach, and in order to do that effectively, you cannot depend on one element primarily, or one element to the exclusion of another element,” says Henry Nocella, managing director of Nocella Security Consulting LLC.

Nocella and others advocate a multipronged approach that includes proper training and a blend of non-technical and high-tech solutions. Some progress has already been made on these fronts, but the nature of subway systems presents security professionals with especially difficult challenges that will be hard to fully address.


One way to improve mass transit security is to make sure that everyone involved—nonsecurity personnel as well as police and other first responders—has had the proper training.

Nonsecurity staff. For nonsecurity personnel, the keys are that they can recognize threats and that they know how to respond and who to call for assistance. To those ends, the National Transit Institute (NTI) at Rutgers University has developed several training programs and resource materials, which they make available at little or no cost to transit systems around the country. The effort is funded by money from the Federal Transit Administration (FTA). The FTA has also provided transit systems grants for conducting emergency preparedness drills and threat assessments.

One NTI program, begun after 9-11, is called “System Security Awareness.” The program teaches employees the basic skill sets that will enable them to know where to look, what to look for, and what to report to effectively observe, react, and respond to suspicious activity and security incidents.

Another NTI program, “Terrorist Activity, Recognition, and Reaction,” deals specifically with terrorist threats and teaches employees to understand the importance of identifying and reporting suspicious activity that precedes a terrorist attack. In addition, the course teaches employees to recognize the difference between normal, suspicious, and dangerous activity and how and when to report findings to trained security personnel or police. The content of these and other programs is available to transit systems through classes, train-the-trainer programs, videos, CD-ROMs, and pocket guides.

NTI worked with the Massachusetts Bay Transportation Authority and New Jersey Transit to train staff in preparation for the Democratic and Republican National Conventions in 2004, says Renee Haider, associate director of NTI. The institute was also asked to train every employee of the Chicago Metra system, a commuter train. The Metra training was conducted over a six-week period and included a detailed three-to-four hour training session.

Courses such as those offered by NTI “can provide a force multiplier of many extra eyes who not only know what to look for but, more importantly, know how to properly respond to a threat against the facility or asset,” says Michael Weiss, supervisory special agent with Amtrak’s Office of Inspector General.

Police and first responders. A number of initiatives are aimed at improving police and first-responder readiness to handle transit incidents. At the Los Angeles County Metropolitan Transportation Authority (MTA), for example, drills are as realistic as possible, says Captain Dan Finkelstein, chief of police for MTA.

One drill included actors from UCLA who were asked to simulate victims with shrapnel and other wounds. The drill had three different security events happening simultaneously to mimic multiple attacks. In one situation, police set up a station to identify and decontaminate victims exposed to harmful toxins such as those present in chemical weapons.

Finkelstein says the drills helped prepare his employees to respond quickly and efficiently to a real-life incident. In January 2005, three MTA Metrolink trains collided after the lead train crashed into a car left on the tracks by a man attempting suicide. The crash, which injured hundreds and killed 11, would have been even more tragic, says Finkelstein, if his employees had not prepared for similar events in the drills.

Finkelstein says that his officers have also received training in specific threats, including suicide bombers, which he says is the most challenging danger he may ever face. The training teaches the officers what behaviors and signs are common to most suicide bombers and how the officer should react if he or she suspects that a suicide attack is imminent. In addition, Finkelstein spent a week in London after the July 7 bombings to learn from the methods of disaster response and mitigation used by local first responders.

In Minneapolis, Metropolitan Transit Police Chief Jack Nelson says his officers are regularly trained to respond to a variety of security situations, including suicide bombers. Although Nelson acknowledges that technology can make a significant impact on security, “There’s no substitute for a person,” he says. “I’ll trust a policeman’s gut instincts long before something electronic.”

Other Resources

Even well-trained personnel can only do so much. That’s where supplementary resources come in. Here’s a look at the range of nonhuman interventions that are being deployed.

K-9 units. Some transit systems have been using bomb-and weapon-sniffing dogs on and off since 9-11. According to Charles Patterson, president of C&R Associates Incorporated and a member of the ASIS International Transportation Security Council, transit systems should expand the use of K-9s. Patterson says these dogs should be used for patrols and to augment more high-tech solutions, such as ambient air detectors.

A spokesperson for the Department of Homeland Security says K-9 units remain the most effective tool for detecting bombs. The TSA, the agency within the DHS that is responsible for securing mass transit, is partnering with police departments to provide K-9 teams for use in aviation and mass transit systems. Upkeep and training for the dogs is provided by TSA.

Nelson says that the Minneapolis system has two dedicated bomb-sniffing K-9 units that are used to patrol all 17 stops on the city’s light rail system. When the transit system is at code orange, he says, the dogs patrol the system around the clock.

In Los Angeles, several different K-9 units are trained in a variety of practices, including explosives detection, gun detection, and finding bodies in rubble. Although the transit authority in L.A. already has a substantial contingent of dogs, Finkelstein says that he would expand the use of K-9s if funding allowed. The advantage of K-9s, he says, is that they not only help detect bombs and other threats, but they also help riders feel secure by providing a visible presence.

Sensors. In addition to K-9 units, a number of transit systems are investing in high-tech sensors that can be used to detect the presence of explosives or chemical agents. However, many of these sensors are extremely expensive to install and can be cost-prohibitive to smaller transit systems like Minneapolis. Given the cost, says Nelson, the threat is not great enough to merit installing sensors.

For larger systems like Los Angeles, the threat is greater and the situation on the ground is also different, which changes the cost-benefit analysis. For example, when the MTA was built, explains Finkelstein, methane gas sensors were installed for health and safety reasons. Methane gas can be found in pockets underground and is highly flammable and toxic to humans. The county is in the process of upgrading these sensors to allow them to detect chemicals that might be used in a terrorist attack.

TRIP. Detectors geared specifically toward explosives detection were tested by DHS in the TSA Transit and Rail Inspection Pilot (TRIP) program. In the first phase of the program, the agency installed explosives trace portals, which require passengers to walk through a system similar to a metal detector, at the low-traffic New Carrollton stop along the commuter rail and Amtrak line close to Washington, D.C.

The detector requires passengers to stand in the portal while a puff of air is blown on them. If explosives residue is detected, monitoring personnel are notified. Although a spokesperson for DHS said the system performed its job well, the department has determined that a massive, systemwide deployment of this type of technology would be impractical, because the few seconds it takes to screen each passenger would create insurmountable delays that would hamper the ability of passengers to enter and leave the transit system quickly.

Phase two of the TRIP program used large explosives detection systems (EDS)—which are also used in airports—to screen checked baggage on Amtrak trains. DHS successfully screened 3,800 bags during the testing, but ultimately found that the large size of the equipment and the expense would be too much to make it practical for every Amtrak station. These two tests illustrate why securing mass transit is more difficult than securing airports.

Phase three of the program tested a trace-residue document scanner manufactured by Smiths Detection. The sensors use transit fare tickets that are passed through a detector. The fare tickets were chosen because it is likely that the majority of passengers would use this to access the system, says a spokesperson from Smiths. The company admits, however, that passengers using contactless cards—common in many subway systems—would not be tested because the equipment requires a physical medium for transporting the residue.

Another shortcoming to this type of detector, says Patterson, is that a suicide bomber may not be the person actually handling the explosives and may simply carry the bomb in a sterilized backpack. This person would not have any residue on his or her hands and would, therefore, not transfer the residue to the fare card.

Ambient air. Smiths and other companies are also developing other types of detection systems that test samples of the ambient air for the presence of chemicals without requiring time-consuming individual checks. Ambient detectors might be one of the only feasible ways to implement this type of security, says Douglas Callen, chief security officer for DHS’s Security Administration Office of Security.

The Smiths Detection version of the sensors can be integrated with other security devices, such as CCTV cameras and alarms, which would be triggered to record and alert authorities if chemicals were detected. Most of these sensors, including the Smiths Detection version, can be deployed in closed-air and open-air environments. Sensors used in open-air environments, however, would have to be more sensitive than those used in closed-air environments because the concentration of chemical molecules is less dense when it is dissipated through the open air.

Ambient detectors have their limitations, however. According to Patterson, the detectors are capable of identifying the presence of trace amounts of explosives and other non-explosive materials that have properties similar to explosives, such as perfumes that can be used to mask the odor of homemade explosives. Alerts due to the presence of perfume would create too many false alarms to be effective in a subway environment, says Patterson. For that reason, he says, the detectors are typically configured to alert security only when they detect the presence of commercially manufactured explosives or a substance that is very similar to commercially manufactured explosives, which means that homemade explosives may not trigger an alarm.

Surveillance. As the terrorist incidents in London illustrate, CCTV and other types of surveillance equipment can have a major impact on transit security, at least in terms of helping to identify suspects after an incident. More advanced “smart” systems might help to alert authorities to suspicious activity in advance of an attack as well; however, those more refined systems often come with a steep price tag, says Greg Hull, director of operations of safety and security programs for the American Public Transportation Association.

Hull says that although most major transit systems in the United States have some form of surveillance in place, the sophistication of the systems varies widely. “Certainly transit systems would like to use technology to a much greater degree, and they would like to work towards the newer applications of surveillance equipment, but…the funding simply is not there to enable these systems to do that,” he says.

Some large systems, such as the Los Angeles MTA, have, however, already received DHS grants to improve security. According to Finkelstein, MTA has been awarded more than $8 million in grants that are being used for technology improvements, such as expanding and upgrading the CCTV system.

For example, the MTA is installing new pan-tilt-zoom (PTZ) cameras that have the ability to work in low-light conditions. In addition, all MTA buses, which are also secured by Finkelstein’s officers, have been equipped with CCTV.

One of the most advanced CCTV systems in the United States is currently being planned for the New York Metropolitan Transportation Authority. The system, which will be installed and monitored by Lockheed Martin, is part of a three-year, $212-million expansion that will include the installation of more than 1,000 cameras and more than 3,000 motion detectors and other sensors.

In addition to having PTZ capabilities, most of the cameras will have intelligent-video capabilities, which use specialized software to monitor for specific suspicious behaviors, such as an object being left behind, says Mark Bonatucci, the Lockheed program director for the MTA project. If suspicious behavior is detected, an alarm will alert a member of the security team who can then dispatch police to investigate.

Although Bonatucci is not at liberty to discuss specifics, he says the cameras will be used to monitor high-volume spots, such as train stations, and other high-risk areas. The areas that will be monitored were identified in an extensive vulnerability assessment conducted by the New York MTA prior to the Lockheed award.

Intelligent-video capabilities will revolutionize how CCTV is used, but it is important to remember that these systems are reactive, not proactive, says Nocella. “What still is important is the human element,” he says. “You have to have a person to recognize that alarm—a person to react to it and take some kind of steps.”

Patterson says that perhaps the most effective use of intelligent video is to track and identify pre-event terrorist planning. He says this type of system could also help thwart a terrorist attack, but only in a case where someone’s hesitant about committing the act because it is unlikely that police could respond in enough time otherwise.

“It is important to understand,” says Amtrak’s Weiss, “that a camera on its own will do little to actually stop a terrorist who is bent on attacking a facility.” Weiss says, however, that “the same camera that is properly integrated with additional systems and monitored in a way that allows early warning and quick response can ultimately be the key factor in thwarting an attack.”

The ideal system requires human intervention to make an informed decision, explains Weiss. That decision would be based on the intelligence gathered by CCTV and other security devices.

Other experts are less concerned with whether the cameras have cutting-edge capabilities. The transit systems should focus simply on installing as many cameras as the budget will allow, they say, because the psychological deterrent of cameras is enough to help thwart potential terrorists.

“Terrorists do tend to get scared off at times, and not all of them are of high confidence, and we’re in a situation where al Qaeda’s global capacity for organization is not what it was. Therefore, I think that if we can make the lives of these folks more complicated, we may discourage some of them from trying in the first place,” says Michael O’Hanlon, senior scholar at The Brookings Institution.

Indeed, agrees Arie Kruglanski, terrorism expert and distinguished psychology professor at the University of Maryland: “Deterrence is the name of the game.”

Terrorists look for easy targets that guarantee success, Kruglanski notes, and surveillance may deter attacks. But, he adds, incidents like the bombings in London—where CCTV cameras were prevalent—underscore that “no one means is going to deter terrorism.” That can also be accomplished by flooding a system with police and stepping up inspections as New Yori’s subway did in October after it received a specific threat.

The bottom line, says Nocella, is that “you have to be realistic about security. There’s absolutely no way that any security system can guarantee you protection against anything. A good security posture is one that tries to evaluate the threats and takes a look at existing vulnerabilities, then comes up with programs that will address the vulnerabilities in light of the threats and in light of the risks you think you can accept.”

* Rail Transit Security Grant Program Allocations FY 2005
Urban Area Allocation (Millions) Eligible System Eligible Rail Mode
New York/ $37.6 Metropolitan Transportation Auth Commuter/Heavy
Jersey Cit/ Port Authority NY/NJ Heavy
Newark/ New Jersey Transit Light/Commuter
New Haven CT Dept of Transportation Commuter
Washington DC Capital Region $12.4 Washington Metro Area Transit Heavy
MD Transportation Admin Commuter/Light/Heavy
Virginia Railway Express Commuter
Chicago $11.0 NE III Teg Commuter Rail Commuter
Chicago Transit Authority Heavy
Oakland/San Francisco/San Jose $7.0 SF Bay Area Rapid Transit Heavy
Altamont Commuter Express Commuter
Santa Clara Valley Light
San Francisco Municipal Rail Light/Other
Boston $9.6 MA Bay Transportation Auth Commuter/Light/Heavy
Los Angeles/Santa Ana $4.8 Southern CA Regional Rail Commuter
LA County Metro Transportation Heavy/Light
Atlanta $2.6 Metro Atlanta Rapid Transit Auth Heavy
Source Department of Homeland Security *Does not reflect supplemental funding
Marta Roberts is assistant editor at Security Management.


While the attacks in London illustrate that surveillance cameras can be extremely helpful in after-incident investigations, they are only one of the many resources that must be deployed by mass transit systems in their efforts to detect, deter, and disable terrorists. Among the issues that need to be addressed, say experts, are better training and education for transit workers and police, more K-9 units capable of detecting explosives and other weapons, cutting-edge technology programs including those that can detect explosives and chemicals, and better surveillance equipment, such as more CCTV cameras and intelligent-video software. This type of multipronged approach is the only way to secure the many threats, from pickpockets to suicide bombers, faced by the nation’s subways.

Training nonsecurity personnel and enhancing training programs for police and first responders are both vital steps in securing any mass transit system. Other solutions that can be used to strengthen mass transit security include bomb- and weapon-sniffing dogs and sensors. However, unlike K-9 units, many sensors are extremely expensive and can be cost-prohibitive for smaller transit systems.

CCTV and other types of surveillance equipment can be useful in helping transit system personnel to detect early signs of suspicious behavior and possible pre-event planning. One of the most advanced CCTV systems in the United States is currently being planned for the New York Metropolitan Transportation Authority. The system, which will be installed and monitored by Lockheed Martin, is part of a three-year, $212 million expansion that will include the installation of more than 1,000 cameras and more than 3,000 motion detectors and other sensors.

Michael Harris
12-19-2005, 01:05 PM
To All:

I have two related article on Phishing for you. The first is about a new type attack and the second is just plain scary.

"Gone Spear-Phishin'"
New York Times (12/04/05) P. 3-1; O'Brien, Timothy L.

Phishing is the practice of disseminating Trojan horse programs in the guise of messages from trusted sources to computer users, who unwittingly install the Trojans, which then record sensitive information and send it elsewhere. An even more insidious form of phishing, dubbed spear-phishing, has emerged: Spear-phishers differ from widespread phishers in that their messages are intended for specific prey, and security experts say spear-phishing is harder to spot. Analysts believe spear-phishing is likely orchestrated by profit-motivated organizations, and the phenomenon has received little publicity because victims are reluctant to report such exploitation. These phishing attacks at the very least demonstrate the vulnerability of sensitive data stored on computer networks, hurt consumers' confidence in Web-based transactions, and make email less trustworthy, according to analysts. One of the most scandalous instances of spear-phishing was recently uncovered in Israel, when authorities learned that members of three of the country's biggest private investigation firms conspired to commit corporate espionage on a grand scale using spear-phishing methods. In addition, some of Israel's most illustrious corporations are being investigated for possible information theft in connection with the scandal. Authorities make several suggestions for countering phishers: One is for consumers to be aware that banks or financial institutions would never alert them of any problems with their credit cards or accounts via email, which should tip them off that such messages are suspect. But Johannes Ullrich with the SANS Institute's Internet Storm Center warns that phishing strategies will only get worse as spear-phishing is combined with widespread phishing "so that company logos can be snatched from Web sites to build customized databases of corporate logos."

"'Phishing' Fools 70 Percent of Targets"
Associated Press (12/09/05); Kerr, Jennifer C.

Roughly 25 percent of Internet users receive e-mails every month that try to dupe them into divulging sensitive personal information, according to a study released Wednesday by America Online and the National Cyber Security Alliance. The study also revealed that 70 percent of those receiving e-mails purporting to be from legitimate companies were fooled by those e-mails. "What's happening is that more and more people are actually engaging in transactions online that would generate e-mail traffic that the scammers are copycatting," said Tatiana Platt, senior vice president at AOL. The study found that 74 percent of those surveyed use their computers for sensitive transactions such as banking, stock trading, or reviewing medical information. That leaves phishers with a good chunk of Internet users to target, Platt said. She added that too many people still do not have adequate computer security to guard against, viruses, hackers, and other threats. The study found 81 percent of home PCs lacked at least one of three critical protections--updated anti-virus software, spyware protection, and a secure firewall.

WASHINGTON — About one in four Internet users are hit with e-mail 00000 every month that try to lure sensitive personal information from unsuspecting consumers, a study says.

Of those receiving the phony e-mails, most thought they might be from legitimate companies — seven in 10, or 70 percent, were fooled by the e-mails, said the report.

The study released Wednesday by America Online and the National Cyber Security Alliance looked at Internet security and "phishing 00000."

Phishing refers to e-mails that appear to come from banks or other trusted businesses and are used to induce recipients to verify their accounts by typing personal details, such as credit card information, into a Web site disguised to appear legitimate.

"What's happening is that more and more people are actually engaging in transactions online that would generate e-mail traffic that the scammers are copycatting," said Tatiana Platt, senior vice president at AOL, which is a unit of New York-based Time Warner Inc.

The study found nearly three-quarters of those surveyed, 74 percent, use their computers for sensitive transactions such as banking, stock trading or reviewing medical information. That leaves phishers with a good chunk of Internet users to target, Platt said.

Platt said too many people still don't have adequate computer security to guard against viruses, hackers and other threats. The study found 81 percent of home PCs lacked at least one of three critical protections — updated anti-virus software, spyware protection, and a secure firewall.

The researchers conducted in-home interviews with more than 350 Internet users nationwide. The researchers also reviewed the e-mails received by those households.

The Federal Trade Commission has several tips to keep from getting hooked by phishers:

If you receive an e-mail asking for personal information, call the company directly or type in the company's correct Web address. Do not click on the link provided in the e-mail.

Use anti-virus software and a firewall. This can protect a user from accepting unwanted files that could harm a computer or track a consumer's Internet activities.

Don't e-mail personal or financial information.

On the Net: National Cyber Security Alliance: www.staysafeonline.info; Federal Trade Commission: www.ftc.gov.

Steven Lofing
12-19-2005, 02:53 PM
"Disaster Preparedness Needs to Be Mandatory"

Michael you hit an often overlooked fact. I have a strong background in Disaster Prep. As a commissioner for the city of Downey, I devoloped a program for business and public and formed CERT teams registed with FEMA.

Michael Harris
12-19-2005, 05:51 PM

Thank you for noticing. I keep an eye out for articles that I think can help members here in the IPIU forums.

I hope that most of my serious research will help at least one person.

Lynne Knight
12-19-2005, 08:04 PM
Thanks, Michael. As a serious news junkie, who never seems to find the time any longer to just sit and read the newspaper or watch the news, this posting has me almost "caught up" with the world. I printed the ones out that I wouldn't actually be able to read tonight and have placed them on the breakfast table to have with morning tea! Thank you. VERY helpful.

Michael Harris
12-20-2005, 07:25 AM

I actually have a few sources that collect security-related news for me.