National Security 2019 Legal ReportGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652019-02-01T05:00:00Z<p>This month’s “Legal Report” is a roundup of major security-related legislation considered by the 115th U.S. Congress, which concluded in January 2019. Included in this summary are public laws that went into effect and legislation that was introduced but failed to pass. The bills that failed were nullified, and members of Congress will have to reintroduce them in the 116th Congress.</p><div><br></div><h4>Border security. </h4><p>The U.S. House of Representatives passed a bill that failed to advance in the U.S. Senate that would have created punishments for individuals who have been forcibly removed from the United States or denied admission who enter—or attempt to enter—the country.</p><p>The bill (H.R. 3004) would have allowed the United States to fine and imprison—for up to two years—non-U.S. citizens who enter, or attempt to enter, the country after being excluded, deported, removed, or denied admission. </p><h4>Clearances. </h4><p>U.S. President Donald Trump signed legislation into law that requires the National Background Investigation Bureau (NBIB) to report on the security clearance backlog.</p><p>The SECRET Act of 2018 instructs the NBIB to report to the Executive Office of the President on the current security clearance backlog; the bureau must then create a mitigation plan to identify the cause of the backlog, along with recommendations to address it.</p><p>The act also instructs the Office of the Director of National Intelligence to report to Congress and the president about implementing “governmentwide continuous evaluation programs” and U.S. agency initiatives to meet requirements for “reciprocal recognition to access classified information,” according to the law.</p><div><br></div><h4>Cybersecurity. </h4><p>President Trump signed legislation into law that created an institute to train local law enforcement and other partners to investigate and prevent cybercrime. The law (P.L. 115-76) authorized a National Computer Forensics Institute within the U.S. Secret Service through 2022 to share information related to investigations and prevention of cyber and electronic crime, and to educate, train, and equip local law enforcement, prosecutors, and judges.​ The institute will train attendees about methods to obtain, process, and store digital evidence for use in court proceedings. It will also help with the expansion of the Secret Service’s Electronic Crime Task Force by adding officers who have completed training through the institute.  Another new law created new requirements for agencies addressing cybersecurity risks. </p><p>The act (P.L. 115-236) required the National Institute of Standards and Technology (NIST) to consider small businesses when it creates and supports the development of voluntary, industry-led guidelines and procedures to reduce cyber risk to critical infrastructure. The Senate failed to advance legislation passed by the House that would have required entities to create internal risk control mechanisms to safeguard and govern market data storage.</p><p>The Market Data Protection Act of 2017 (H.R. 3973) would have required the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority, and the Consolidated Audit Trail—in consultation with a chief economist—to establish comprehensive internal risk control mechanisms to safeguard and govern the storage of market data, market data sharing agreements, and academic research.​ After the Equifax breach, legislation stalled in the House that would have required some companies that store Americans’ data to meet specific security and privacy requirements.</p><p>The Consumer Privacy Protection Act (H.R. 4081) would have required companies that collect and store data on at least 10,000 Americans to implement a “comprehensive consumer privacy and data security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity, and the nature and scope, of the activities of the covered entity,” according to the bill. Covered data would have included Social Security, driver’s license, and passport numbers; financial account and debit or credit card numbers in combination with PINs; usernames and passwords; and biometric data.</p><p>The Senate did not advance legislation introduced for the second time by U.S. Senator Bill Nelson (D-FL) that would have required companies to disclose data breaches within 30 days of becoming aware of the breach.</p><p>​Under the bill (S. 2179), companies would have had to report the breach, and any individual who concealed data about the breach could have faced up to five years in prison. </p><p>Nelson introduced the legislation after it was revealed that Uber paid hackers $100,000 to destroy documents and hide evidence of a data breach of more than 57 million records—including personally identifiable information from customers and drivers.</p><div><br></div><h4>Disclosure. </h4><p>President Trump signed legislation into law that nullified a payments disclosure requirement instituted as part of financial reform after the 2008 recession.</p><p>The resolution (H.J. Res. 41) eliminated the “Disclosure of Payments by Resource Extraction Issuers” rule that the U.S. Securities and Exchange Commission finalized in July 2016. The rule required resource extraction issuers to disclose payments made to governments for the commercial development of oil, natural gas, or minerals.</p><div><br></div><h4>Firearms. </h4><p>The House passed legislation that later stalled in the Senate that would have allowed people with concealed carry permits to carry firearms across state lines.</p><p>The bill (H.R. 38) would have allowed people with concealed carry permits and a valid government-issued photo ID to carry their firearms into another state. It also would have required agencies to report criminal history records to the FBI’s National Instant Criminal Background Check System (NICS).</p><p>The second provision of the bill was added after the First Baptist Church shooting in Sutherland Springs, Texas, where a gunman was able to purchase a firearm because his criminal record was not entered into the NICS prior to the purchase.</p><div><br></div><h4>Harassment. </h4><p>As part of the new U.S. tax law (P.L. 115-97), businesses are now prohibited from deducting the cost of sexual harassment or sexual abuse settlements if the payment is subject to a nondisclosure agreement.</p><div><br></div><h4>Identification.</h4><p> President Trump signed legislation into law that prevents the U.S. Coast Guard from implementing previous identification requirements.</p><p>Under the law (P.L. 115-230), the military branch will not implement previously required Transportation Worker Identification Credential (TWIC)-Reader Requirements for the time being. </p><p>The law also requires the secretary of homeland security to report to the House Committee on Homeland Security, the Committee on Transportation and Infrastructure, and the Committee on Commerce, Science, and Transportation about the effectiveness of the TWIC program. After this report, the U.S. Department of Homeland Security may propose a new rule to implement TWIC readers.</p><div><br></div><h4>Injuries. </h4><p>A new law eliminates a rule requiring employers to create and maintain records of work-related injuries and illnesses.</p><p>The resolution (P.L. 115-21) eliminated the rule created by the U.S. Department of Labor in 2016, which required employers to record injuries and illnesses on U.S. Occupational Safety and Health Administration (OSHA) 300 Log and 301 Incident Report forms within seven calendar days of becoming aware that the injury or illness occurred. </p><p>President Trump also signed legislation into law that authorizes the U.S. Capitol Police Board to make payments to the U.S. Capitol Police Memorial Fund. </p><p>The Wounded Officers Recovery Act of 2017 (P.L. 115-45) allows payments to be given to families of U.S. Capitol Police employees who were killed in the line of duty or sustained serious line-of-duty injuries.  The legislation was passed and enacted in response to a shooting in Alexandria, Virginia, that targeted members of Congress who were practicing for the annual Congressional Baseball Game. Two Capitol Police officers were wounded in the incident, along with a member of Congress.</p><div><br></div><h4>Investment. </h4><p>The Senate failed to advance legislation that passed in the House that would have modernized the Committee on Foreign Investment in the United States (CFIUS).</p><p>The bill (H.R. 5841) would have made changes to CFIUS to better guard against national security risks to the United States posed by foreign investment. Specifically, the bill would have given CFIUS jurisdiction over joint ventures, minority position investments, and real estate transactions near U.S. military bases and national security facilities. </p><p>The bill also would have updated CFIUS’s definition of “critical technologies” to include emerging technologies essential for the United States to maintain a technological advantage over its adversaries.</p><div><br></div><h4>Privacy. </h4><p>The House passed legislation that would have updated privacy protections for electronic communications stored by third-party service providers, but the bill stalled in the U.S. Senate.</p><p>The Email Privacy Act (H.R. 387) would have updated the Electronic Communications Privacy Act (ECPA) to require all U.S. government agencies to obtain a warrant to search Americans’ online communications, regardless of when the email was written. </p><div><br></div><h4>School security. </h4><p>The House passed legislation, which did not advance in the Senate, that would have provided grant money for school safety measures.</p><p>The Students, Teachers, and Officers Preventing (STOP) School Violence Act (H.R. 4909) would have authorized $750 million in U.S. federal funding for 10 years to train school personnel, students, and law enforcement to prevent student violence.</p><p>Grant money could also have been used to develop anonymous reporting systems for threats, implement deterrent measures like metal detectors, or install technology for expedited notification of law enforcement during an emergency.</p><p>The bill was introduced after the Marjory Stoneman Douglas High School shooting in Parkland, Florida, which left 17 dead after a former student opened fire on campus.</p><div><br></div><h4>Surveillance. </h4><p>Congress reauthorized and President Trump signed legislation that allows electronic surveillance tools to continue for another six years.</p><p>The law (P.L. 115-118) renews Section 702 of the Foreign Intelligence Surveillance Act, which allows U.S. agencies to monitor communications of foreigners on foreign soil without a warrant.</p><p>The Senate failed to advance legislation passed in the House that would have protected diplomats from surveillance by consumer devices.</p><p>The bill (H.R. 4989) would have directed the U.S. Department of State to create a policy on the use of location-tracking devices at U.S. diplomatic and consular facilities. Government employees, staff, contractors, and members of other agencies working at those facilities would be subject to the policy.</p><p>The bill was introduced in response to revelations that a fitness app used by U.S. military personnel revealed sensitive information about base locations and troop movements.</p><div><br></div><h4>Terrorism. </h4><p>The House passed legislation that would have given nonprofit organizations access to grant funds to prevent terrorist attacks, but it stalled in the Senate.</p><p>The bill (H.R. 1486) would have authorized $30 million in grants for nonprofit organizations that the U.S. Department of Homeland Security (DHS) deemed to be at risk of a terrorist attack. The funds would have been used to purchase security equipment, physical and cybersecurity training, target hardening, and terrorism awareness.</p><p>President Trump signed legislation into law that created a program to protect food, agriculture, and veterinary systems from acts of terrorism. </p><p>The law (P.L. 115-43) directs the assistant secretary for health affairs for DHS to create a program to coordinate its efforts to defend food, agriculture, and veterinary systems against terrorism and other high-consequence events that are a risk to homeland security.</p><p>The program will be designed to lead DHS initiatives to prepare for and respond to agricultural terrorism. It will be coordinated with U.S. Customs and Border Protection on activities related to food and agriculture security and screening procedures for domestic and imported products.</p><div><br></div><h4>Trafficking. </h4><p>President Trump signed legislation into law that will enhance efforts to combat human trafficking in the transportation sector.</p><p>The Combating Human Trafficking in Commercial Vehicles Act (P.L. 115-99) directs the U.S. Department of Transportation (DOT) to designate an official to coordinate human trafficking prevention efforts across the U.S. federal government and consider the challenges of combating human trafficking when several transportation modes are used.</p><p>President Trump also signed the No Human Trafficking on Our Roads Act (P.L. 115-106) that directs the DOT to disqual­ify operators of commercial motor vehicles—for life—if they use vehicles to commit a felony involving human trafficking. </p><div><br></div><h4>Utilities. </h4><p>The House passed legislation that failed to advance in the Senate that would have reduced the threat of wildfires to electric transmission and distribution facilities.</p><p>The resolution (H.R. 1873) would have amended the Federal Land Pol­icy and Management Act of 1976 to ensure that all existing and future rights-of-way established by grant, special use authorization, and easement for electrical transmission and distribution facilities include provisions for utility vegetation management, inspection, and operation and maintenance activities.</p><p>The resolution also would have required transmission and distribution facility owners and operators to create a plan for vegetation management that “provides for the long-term, cost-effective, efficient, and timely management of facilities and vegetation within the width of the right-of-way and adjacent federal lands to enhance electricity reliability, promote public safety, and avoid fire hazards.”  </p><div><br></div><div><h2>Elsewhere in the courts</h2><div><br></div><div><h4>Discrimination. </h4><p>The U.S. Age Discrimination in Employment Act (ADEA) applies to all public-sector employers regardless of their size, the U.S. Supreme Court ruled. The ADEA prohibits employers from discriminating against employees based on their age, and in its opinion by Associate Justice Ruth Bader Ginsburg, the Court said employers under the law include even public employers with fewer than 20 employees. The ADEA and other relevant laws  “...leave scant room for doubt that state and local governments are ‘employer[s]’ covered by the ADEA regardless of their size,” Ginsburg wrote. (Mount Lemmon Fire District v. Guido, U.S. Supreme Court, No. 17-587, 2018)</p><div><br></div><h4>Discrimination. </h4><p>MPW Industrial Services, Inc., will pay $170,000 to settle a race discrimination lawsuit brought by the U.S. Equal Employment Opportunity Office (EEOC). The suit alleged that MPW subjected two African-American employees to racial harassment, including hangman’s nooses, racial epithets, racist comments and jokes, and a KKK meeting at the worksite. Along with the monetary funds, MPW must train supervisors and managers to spot and prevent racial harassment in the future. (EEOC v. MPW Industrial, U.S. District Court for the Southern District of Ohio, Cincinnati Division, No. 1:18-cv-00063, 2018)</p><div><br></div><h4>Pregnancy. </h4><p>Nursing and healthcare facility Absolut Facilities Management, LLC, will pay $465,000 to settle charges of pregnancy and disability discrimination brought by the EEOC. Absolut “failed to accommodate disabled workers; denied leave as a reasonable accommodation to individuals with disabilities; refused to allow disabled employees to return to work unless they could do so without medical restrictions; and subjected employees to impermissible disability-related inquiries and medical examinations,” according to the EEOC. It also charged that Absolut fired employees based on their pregnancy status and failed to accommodate pregnancy-related medical restrictions. (EEOC v. Absolut Facilities Management, LLC, U.S. District Court for the Western District of New York, No. 1:18-cv-01020, 2018)</p><br></div><br></div><div><br></div> maladies Sanctuary the Green Light Scrutiny maladies Sanctuary Weaknesses Shock to the System Maladies Review: Corporate Security in the Mind Review: Personal Security

 You May Also Like... the Control Room of Tomorrow.aspxBuilding the Control Room of Tomorrow<p>​At the center of an enterprise organization’s security op­eration stands its nucleus, arguably one of the most important pieces for overall functionality and efficiency: a command center or security operations center (SOC). A place where a variety of systems and solutions come together, the command center exists to provide a common operational picture, mitigate threats, and promote enhanced communication during an incident.</p><p>The goal of any command center is to monitor, assess, and respond to a variety of threats and incidents. As technologies advance and trends develop, so too do the strategies in place to meet this goal. There are several considerations that must be made when designing the control room of the future. </p><p><strong>Space</strong>. For many companies, a control room may be allotted space in a basement or small windowless room chosen as an afterthought. While some companies are limited by space, many decide the SOC’s location is unimportant. This can be a big mistake when designing a control room that will serve the company now and into the future. It’s critical for this space to be large enough to house important equipment that allows operators to view the relevant incoming data and make informed decisions, but it’s also necessary for the space to be scalable as needs change, technology evolves and coverage increases, and a company grows.</p><p><strong>Operator comfort</strong>. Space isn’t the only consideration when designing an SOC or control room. Central to the success of any organization is the ability for security operators to quickly and efficiently take information coming into an SOC and act on that information to identify risks and mitigate threats. Operator comfort, as a result, should be central to the design of a control room, taking lighting, console comfort, ergonomics, ambient noise, and temperature into careful consideration. If operators are uncomfortable or distracted, in pain with a sore neck due to bad viewing angles, or too warm in a room without proper ventilation, they can miss out on critical events or emergencies. Addressing these before they become problematic is crucial in the design stage of an SOC.</p><p><strong>Technology. </strong>When it comes to building a mission-critical SOC, there's a reason why large-scale video walls that showcase a number of incoming data points are dominant. Uniform and integrated visual elements are imperative to the success of an SOC or control room, because operators and first responders require the most up-to-date and complete information regarding incoming security-related events. Additionally, the technology needed to bring multiple data streams together in a single-pane-of-glass view is an important consideration to make, and hiring a control room integrator that specializes in this technology can streamline the process and result in better situational awareness across the board.</p><p><strong>Data convergence</strong>. Command centers today combine a number of security components, but as end users demand an emphasis on the full umbrella of security rather than small silos, facilities are focused on including additional pieces, such as risk and threat assessment, employee travel, and social media monitoring. Data incorporation is also a critical element, and command centers must be able to collect any number of data points for effective data aggregation. Dashboards that can make sense of a large amount of information can streamline decision-making and response.</p><p><strong>Innovation</strong>. While words like artificial intelligence and machine learning are often whispers around the industry, for innovative companies, these terms are becoming more commonplace as they enter a new frontier in how data is collected and analyzed to deliver information to security operators. The control room of the future brings innovative software and systems to the forefront, taking existing sensors that are providing a wealth of information and layering an additional method by which to understand what is happening and make decisions about the organization’s health. </p><p>Enterprise organizations rely on their SOC for business operations. In times of an emergency, and as risks become more severe, a complete situational picture is necessary. Taking into consideration the space, operator comfort, technology, data convergence, and future innovation can set security managers up for success in protecting their enterprises.  </p><p>Dan Gundry is director of national control room sales at Vistacom.</p><p><br></p>GP0|#69b4a912-eafa-43d2-b6a4-8aed47f69245;L0|#069b4a912-eafa-43d2-b6a4-8aed47f69245|Security Technology;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 2016 Industry News<h4>​Casino Cameras</h4><p>The Fond-du-Luth Casino, owned and operated by the Fond du Lac Band of Lake Superior Chippewa of Minnesota, planned an upgrade to an IP-based video surveillance system. With the help of North American Video, the casino chose the American Dynamics victor video management system from Tyco Security Products as the core platform for the new system, which includes hundreds of Illustra IP cameras and several VideoEdge network video recorders.</p><p>Casino staff can view and manage video through a single intuitive user interface or a Matrix switcher keyboard. Surveillance operators can quickly identify security issues using victor’s Command Center feature with its Virtual Matrix, which lets operators view live and recorded video, select cameras, and communicate quickly among security operator workstations. Staff can search video history in seconds and search across multiple recorders simultaneously when performing investigations.</p><p>Illustra Pro IP pan-tilt-zoom cameras provide high-resolution video and fast positioning speed—up to 512 degrees per second—enabling surveillance officers to identify suspicious activity at distances of up to 1,000 feet from a camera. The casino plans to add more cameras and integrate its access control system with victor in the near future.​</p><h4>PARTNERSHIPS AND DEALS</h4><p>Newpointe Community Church deployed 3xlogic Intelli-M Access Corporate access control at four church locations across northeastern Ohio.</p><p>Aeriandi and Proxy Networks announced a new strategic partnership. Proxy Networks’ screen capture technology will be incorporated into Aeriandi’s secure payment and recording solutions.</p><p>Argus Cyber Security was chosen by representatives from Daimler AG, Plug and Play, University of Stuttgart, and ARENA 2036 to participate in the Startup Autobahn program.  </p><p>Avwatch signed a formal alliance agreement with New Zealand–based Martin Aircraft Company to introduce Jetpacks to the North American market.</p><p>BICSI signed a memorandum of understanding with the Lima, Peru–based lnstituto Nacional de lnvestigacion y Capacitacion de Telecomunicaciones de la Universidad Nacional de lngenieria to further their mutual goals through collaboration and information sharing on events, education, marketing, and standards development.</p><p>Serco invested in a new network security system from Chemring Technology Solutions. Chemring’s Perception will be rolled out across Serco’s global operations.</p><p>ControlByNet joined forces with Colosseum Online Inc. to offer Colosseum’s customers a cloud-based video surveillance solution.</p><p>The Libman Company subscribed to the COPsync911 threat-alert system to increase the safety and security of its facilities and employees.</p><p>Deloitte Advisory cyber risk services formed an alliance with ThreatConnect to integrate its threat intelligence platform into Deloitte Advisory’s threat intelligence and analytics services.</p><p>DFNDR Armor is using Honeywell Spectra Shield ballistic composite materials to create light, high-protection body armor plates.</p><p>ISONAS Inc. selected ThinkReps to represent the company in northern New Jersey and the New York City metropolitan area.</p><p>Lumeta Corporation announced that its flagship product, Lumeta ESI, is now integrated with McAfee ePolicy Orchestrator.</p><p>Milestone Systems collaborated with Oncam and AsPro Security to deliver a cost-effective security solution to a logistics company in the United Kingdom.</p><p>The new Harrah’s Cherokee Valley River Casino & Hotel in Murphy, North Carolina, has an IP video surveillance and security system that was designed and built by North American Video in consultation with Harrah’s Cherokee Casinos.</p><p>OnSSI named EOS Australia Pty Ltd., supported by Brassets International Pty Ltd., to manage wholesale sales activity for OnSSI across Australia and New Zealand.</p><p>OnSSI’s Ocularis video management software is now represented in Latin America by INFINITEXUPREME.</p><p>Princeton Identity Inc. licensed its patented iris recognition technology to Samsung Electronics Co., Ltd., for use in the Samsung Galaxy Note 7 and other mobile devices.</p><p>Safetell announced a preferred supplier agreement with Gunnebo.</p><p>SCADAfence joined Gigamon’s ecosystem partner program to provide a joint cybersecurity solution.</p><p>Sielox teamed up with CM3 Building Solutions to provide an offering to enable schools and other facilities to have a safer and more secure environment. </p><p>Tosibox Inc. entered into an exclusive distribution partnership in Canada with Westburne, a Rexel company.</p><p>Tufin announced integration of the Tufin Orchestration Suite with Cisco Application Centric Infrastructure to deliver unified security policy management across physical and public, private, and hybrid cloud networks.</p><p>Tyco Security Products expanded its Connected Partners Program to mul­ti­ple brands, including integrations with products from American Dynamics, Kantech, and Illustra, in addition to Software House.</p><p>Ripon College in Wisconsin worked with La Force Inc. and Vanderbilt to design, implement, and test a new and effective lockdown solution.​</p><h4>GOVERNMENT CONTRACTS</h4><p>Axon, a business unit of TASER International, announced that California’s San Jose Police Department purchased 963 Axon Body 2 cameras.</p><p>Delta Scientific announced that Delta MP5000 mobile deployable vehi­cle crash bar­ri­ers were ordered by the U.S. Secret Service for the Democratic Convention in Philadelphia and the Republican Convention in Cleveland.</p><p>Elbit Systems Ltd. was awarded a contract from the Maldonado District Administration in Uruguay to provide a Safe District project that will span six municipal authorities.</p><p>NETCOM designed a visitor control solution for Maryland’s Montgomery County Public Schools, maximizing the efficiencies of IP surveillance camera technology by integrating a two-way audio monitoring product from Louroe Electronics.</p><p>The South Los Angeles Industrial Tract Business Improvement District tapped Metro Video Systems, Inc., to improve its IP video surveillance. </p><p>Raytheon Company signed a commercial logistics contract with RUAG Switzerland Ltd. to service the ALR-67(V)3 digital radar warning receiver for the government of Switzerland.</p><p>TASER received an order for 1,210 TASER X26P Smart Weapons for the Georgia Department of Community Supervision. </p><p>Teleste will deliver its S-VMX video management solution to upgrade and expand the video surveillance system of the Paris Prefecture de Police and IRIS, the contractual partner operating and managing the system.</p><p>Utility announced that Georgia’s DeKalb County Board of Commissioners approved the purchase of 600 BodyWorn wearable body cameras to outfit its entire uniform division to enhance transparency, accountability, and officer safety. </p><p>Vencore Labs, Inc., was awarded a prime contract from the U.S. Defense Advanced Research Projects Agency (DARPA) to deliver research in enhanced cyber defense.</p><p>The Hashemite Kingdom of Jordan awarded Veridos a contract to produce and deliver its passports for the next few years. The passports are machine-readable and meet the requirements laid down by the International Civil Avia­tion Organization for international travel. ​</p><h4>AWARDS AND CERTIFICATIONS</h4><p>The ASIS Accolades awards for security’s best new products were given at the ASIS 62nd Annual Seminar and Exhibits in Orlando. Wireless CCTV, LLC, took both the Judge’s Choice Award and the People’s Choice Award for its WCCTV Body Worn Camera (Connect). The camera provides live transmission from the wearer’s location to control rooms and mobile devices. Other winning companies were AlertEnterprise, Gibraltar, Hanwha Techwin America, Medeco, NVT Phy­bridge, RightCrowd Software, SpotterRF, Stratfor, and Vismo. For more information on the winners, visit SM Online.</p><p>Identity Guard was named in the Online Trust Alliance’s 2016 Online Trust Audit and Honor Roll for its leadership in consumer protection, data security and responsible privacy practice.</p><p>LaaSer Critical Communications earned a U.S. patent for its proprietary caller location determination technology.</p><p>SecurityScorecard was awarded several U.S. patents for calculating an entity’s security risk score and other technologies that enable SecurityScorecard to produce accurate security ratings. </p><p>SuperCom announced that its subsidiary Safend was awarded strategic patents for encryption and other safeguards for external media drives and virtual machines. ​</p><h4>ANNOUNCEMENTS</h4><p>AFA Protective Systems, Inc., expanded its fire protection services in the Florida market to include sprinkler system inspection, testing, maintenance, and repair.</p><p>Albany Law School will launch an online Master of Science in Legal Studies (MSLS) in Cybersecurity and Data Privacy in January 2017.</p><p>Delta Risk LLC acquired Allied InfoSecurity to expand its managed security services and consulting practice.</p><p>The Automotive Information Sharing and Analysis Center released an overview of comprehensive Automotive Cybersecurity Best Practices as a proactive measure to enhance vehicle cybersecurity throughout the industry.</p><p>Boon Edam Inc. announced that its entrance solutions are now available to architects, designers, and contractors as Building Information Modeling (BIM) files on the Autodesk Seek library at</p><p>CEDIA members will be able to access discounted security training through a new partnership with </p><p>CNC Technologies opened a new service center to provide comprehensive service for large scale aerial surveillance, microwave downlink, and wireless transmission solutions at New Jersey’s Linden Airport.</p><p>Duo Security launched Duo Insight, a free tool that lets IT teams run internal phishing simulations that can identify potential security weaknesses.</p><p>The EMV Migration Forum will change its name to the U.S. Payments Forum; it will continue to support chip migration while also broadening its focus to other new and emerging payment technologies in the United States.</p><p>Galaxy Control Systems published a new white paper that explores the potential of access control systems to help organizations improve the efficiency and effectiveness of physical and virtual security.</p><p>IOActive, Inc., introduced its Advisory Services practice, offering strategic security consulting that leverages its testing and research expertise to help customers better align their security programs with business objectives.</p><p>KnowBe4 Inc. released its Kevin Mitnick Security Awareness Training in 26 language versions. </p><p>Larson Electronics donated remote- controlled spotlights and handheld LED spotlights to the Wounded Warrior Anglers nonprofit organization.</p><p>Organized by Messe Frankfurt Middle East in partnership with Al-Harithy Company for Exhibitions, the inaugural edition of Intersec Saudi Arabia will take place in May 2017 at the Jeddah Center for Forums and Events.</p><p>Per Mar Security Services acquired Neighborhood Patrol, Inc., of Urbandale, Iowa. </p><p>Scoop News Group announced Cy­ber­Scoop, a digital newsletter featuring articles and events related to protecting electronic data. </p><p>The Smart Card Alliance released a new white paper, Contactless EMV Payments: Benefits for Consumers, Merchants and Issuers, which answers questions about the adoption of contactless payments. ​</p>GP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 Sounded Like an Avalanche<p><em>For the 15th anniversary of the September 11 attacks, we pulled a story from our archives about the experience of one security director in a hotel near the towers. This story ran in our September 2002 edition.</em></p><p>​George Compas had worked in security for the Marriott Corporation for more than 15 years, but he had only served as director of loss prevention at the World Trade Center Marriott for seven weeks when the planes hit the towers. As one of the survivors from ground zero, he saw firsthand how traditional emergency preparations stood up during a major catastrophe, and his experience has yielded lessons for the entire lodging industry. </p><p>Compas spent the weeks leading up to September 11 going over evacuation, fire, and emergency procedures, even though he had no way of knowing that his plans were about to undergo the ultimate test. He updated all three plans simply because he was newly transferred to the World Trade Center Marriott, and he wanted to make sure that the plans had current contact information as well as the appropriate details on how everyone at the hotel should handle specific threats. Compas gave all managers and all 21 members of the security staff copies of the revised procedures, and in late August, he held a management staff meeting to discuss the changes and each position's responsibilities in an emergency.</p><p>For example, in case of an evacuation, the front desk manager would be required to make two printouts of the occupied rooms in the hotel. This manager would also make a separate printout of all the handicapped rooms and whether they were occupied. </p><p>In addition, the fire-safety officer was given refresher training on how to respond to an evacuation using the fire command station in the hotel lobby. Compas also purchased extra two-way radios and gave one to each executive to expedite communications during any emergency. Instead of the executives coming to Compas to ask what was happening and what to do next, Compas could inform everyone at the same time. </p><p>While Compas had not yet scheduled fire drills, he did conduct training sessions with management. In case of a fire, one manager from each department was to respond to the fire command station and wait for in­structions from the fire-safety direc­tor. Shortly after the training, the hotel experienced a false alarm from a faulty smoke detector, which served as a test of the training; all the hotel employees responded appropriately. </p><p>Plan limitations. Compas had been mindful of the need to plan for emer­gencies. But those preparations had their limitations on September 1st. "You can't prepare for a catastrophe like this," he says. "Everything looks great on paper, but you don't know how each individual, or you yourself. will react when the time comes." </p><p>On that morning, the 22-story hotel, which was adjacent to Tower Two, was fully booked, with about 1,200 guests and 200 employees on the premises. The hotel had three main entrances, one at the front of the hotel on the west side of the building, one on the north side connecting to the lobby of Tower One, and one on the south side connecting to the WTC plaza and to Tower Two.</p><p>When the first plane hit, Compas was in his office on the basement level of the hotel. "It sounded to me as if there were three loud bangs and then the building shook," he says. </p><p>Immediately, Compas walked out of his office and into the adjacent security command station. He brought up a CCTV feed from a camera that overlooked the lobby of the hotel. This lobby, long and narrow, led directly onto the WTC plaza via a revolving door. So, by looking through the camera, Compas could see the lobby of the Marriott and into the lobby of Tower One. Compas saw people running through the doors into the hotel. They were surrounded by gray smoke. </p><p>Compas grabbed a radio and started to run upstairs to the lobby. At this point, he saw the personnel manager standing near the stairwell with a number of employees. Compas told the manager to evacuate the basement of the hotel, where personnel, security, laundry, and housekeeping offices as well as the employee cafeteria were located. Compas then ran up the stairs to the lobby, where he found people streaming in from Tower One. </p><p>In an attempt to find out what had happened, Compas went out through the main entrance of the hotel but had to run back in because of the falling debris. As he returned, he found that the director of finance, the resident manager, the personnel director, and the housekeeping director had also gathered in the lobby. Compas told each of them to go to one of the three main entrances of the hotel and not to let anyone out because of the falling debris. "Our evacuation plan quickly became a retention plan," says Compas. </p><p>Before taking further action, Compas knew it was critical to find out what had actually happened. After informing security personnel of his plans via radio, he began running through the hotel's basement corridor, which connected to Tower One. Just before he reached the doors between the two buildings, Compas saw the hotel's assistant chief engineer. He was holding a woman at arm's length, trying to steady her. The woman was burned over her entire body. She was in shock but was able to say that she had been in the elevator in Tower One when she felt the impact and then fire—later confirmed to be jet fuel—surge through the shaft. Compas and the engineer put the woman in a safe place out of the way as a stream of people came through the doors into the hotel. </p><p>Compas called for an ambulance on the radio. The hotel also had a nurse, hired by Marriott, during the day, seven days a week. The nurse on duty at that time was in the security office and heard the call. She ran to the injured woman and looked after her until rescuers arrived. </p><p>Compas, now convinced that something large had hit the towers, went back to the hotel lobby. He directed several managers to begin evacuating guests and staff out of the southern hotel entrance, toward Tower Two. The front entrance was still blocked due to falling debris.</p><p>While in the lobby this time, Compas ran into three FBI agents. The agents confirmed that a commercial jet had hit the building. It had been five minutes since the impact. </p><p>Police and fire officials began arriving at the hotel and commandeered the concierge desk as a command post. The health club manager called Compas on the radio and told him that part of the plane had fallen into the hotel's swimming pool, located on the roof of the building. The fire battalion chief assigned a fire lieutenant and six firemen to go upstairs to make sure that everyone was okay.</p><p>Compas sent two security officers and an engineer to accompany the firefighters. He gave one of the officers the master room keys and told him to start knocking on doors to ensure that everyone was evacuating. As the group began to walk toward the elevators, the hotel mechanic told them that the main elevators were flooding with water and that only the freight elevators were in operation. </p><p>Then the second plane plunged into Tower Two, located directly behind the hotel, where people were being evacuated. Now guests faced burning rubble on the south side of the building and falling debris on the north and west sides. </p><p>One of the hotel's sales people offered to go help with the evacuation. Hundreds of people were in the hotel lobby waiting to evacuate. When employees saw that debris was no longer falling at the south entrance, though there was debris on the ground, the salesperson, aided by police and hotel managers, would usher out as many people as possible; when the debris started falling again, he would stop people from going out. No one could get out of the front entrance because the falling debris was continuous. </p><p>Compas was receiving radio calls from various security personnel in different parts of the building. One security officer reported that while the engine of the first plane had landed in the swimming pool, everyone in the health club was fine, and all were being brought to the lobby. Another officer radioed that the room-by-room evacuation was proceeding and that all guests were being brought down to the first floor. </p><p>The procedure for having a print­out of the handicapped rooms made available to personnel evacuating the rooms, however, was not properly executed in the confusion. Consequently, the front desk received a panicked call from the fifth floor, where a woman in a wheelchair and her daughter were stranded. Compas immediately sent two security officers to that room, and they carried the handicapped guest down the stairs. A few minutes later, there was another call from a wheelchair-bound woman on the eleventh floor. The officers went back up and carried her down as well. In the lobby at the police and fire command post, firemen who had gone into the towers were now coming back to replenish their oxygen. To help out, Compas sent hotel employees downstairs to the basement to bring up cases of bottled water for the firefighters. With the firefighters being attended to by hotel employees, the fire chief told Compas that he was going to enter the towers to help. The chief never returned; his body was later found in the rubble. </p><p>At about 9:45 a.m., everything in the hotel seemed to be proceeding as well as could be expected. The evacuation was going well, and the room­to-room search was still underway. There were hardly any people coming from the Tower One entrance, leading Compas to believe that those who could get out of the building had done so. "But no one dreamed that those buildings were going to come down," he says. </p><p>The guests had been evacuated by now, and Compas began ushering staff out of the building. He saw a group of about 12 men near the Tower One entrance. Compas sent a security supervisor over to tell the men to leave. They were officials from the Port Authority of New York and told the security supervisor they needed to stay and monitor the situation. Compas walked over and told them to leave anyway. </p><p>Despite his commands, Compas could not get all of the staff to leave. The resident manager, the personnel director, the salesperson helping with the evacuation, and two engineers refused to leave. Compas was touched by their concern but was also worried about them because he knew the situation was dire. While he was trying to convince these staff members to leave, dozens of firemen came running into the hotel from the towers. "They were yelling that everyone had to get out because the building was coming down," says Compas. </p><p>The firemen and hotel employees started to run away from the towers. They had run about 40 feet before they began to hear loud banging noises. "It sounded like an avalanche," says Compas. "You could hear it coming on top of you." Then Tower Two landed on top of the hotel. </p><p>When the tower hit, everyone in the group was knocked to the ground. After he fell, Compas covered his head and waited. "I don't know how long this lasted," says Compas. "I lost all track of time, and all I could think was that we had gotten all of the guests out and that I had to get the employees out safely." </p><p>Then, debris began to fall on the group. "I felt something land across my legs and then something landed across my back," Compas says. At one point, he opened his eyes and touched his hand to his nose. He couldn't see his hand. The air was pitch black and filled with dust.</p><p><strong>Getting out.</strong> The debris finally stopped falling. For a few seconds, there was absolute silence. Then all the survivors started moving and asking if everyone was all right. After the initial shock, people started screaming and yelling. One of the firemen asked Compas: "How are we getting out of here?" </p><p>Compas turned to an engineer, who had been with the hotel since it was constructed. The engineer indicated that there was an emergency door straight ahead and to the left, about 100 feet from them. The survivors headed for this exit, climbing over the debris and dead bodies that had fallen from above. </p><p>The group reached the door. The door had a pushbar exit device, but it wouldn't move. The firemen used axes to knock the door off its hinges. But when they moved the door to the side, all they could see was concrete and steel blocking the way. The exit was impassable. </p><p>Searching for another way out, the group traveled west toward another side exit in the hotel's restaurant. As it was designed to, the fire door had come down. The firemen lifted up the door, but it too was blocked by a grisly amalgam of glass shards, twisted steel, disembodied arms and legs, and chunks of concrete. However, there was a small opening that could just be seen through the smoke, now a gray haze instead of a black cloud. Some members of the group said they were going to try and dig their way out. </p><p>While the digging began, Compas tried to contact other managers via radio to see whether they were okay. But he found that, although he could hear some managers talking back and forth, he couldn't transmit; the soot and debris were blocking the signal. </p><p>A fireman turned to Compas and said that digging out would take too long and that they needed to find another exit. Compas and three others decided to go back the way they came and try to go out the main entrance, where debris had been falling before. They walked past where they had originally been knocked down by the falling rubble. In the area where police had set up the command post and across the horizontal length of the hotel, there was debris 10 feet high—glass, steel, concrete, and bodies. The group began climbing over the rubble. </p><p>As they mounted the pile of debris, they realized that holes in the rubble were open several stories down to the basement, creating the risk that one of them would fall through. The survivors had to jump carefully over these holes until they finally reached solid flooring. </p><p>As soon as he had scaled the 75 feet of rubble, Compas heard two women screaming his name and asking for help. A security employee and a member of the front desk staff were on top of the mound and were attempting to crawl over. The men formed a chain to get the two women down. Each person stood at a different location to make sure that the women wouldn't fall through the holes in the debris. </p><p>The six survivors then saw lights flashing. Making their way through the haze, the group reached the lights and found that they were the roof lights of an ambulance and a police car. The vehicles had been crushed, but their emergency lights were working. It was only at this point that members of the group realized they were outside.</p><p>Compas turned around and saw that the entire hotel had collapsed, except for one 50-square-foot section where he and the others had fallen. Compas later learned that the hotel was made of poured concrete but the section still standing was constructed of reinforced steel. </p><p>"I thought we were at war," says Compas. "So I suggested that we walk to Battery Park because the buildings couldn't fall that far." As they were walking, a police officer grabbed Compas's arm and told him to go into a building about four blocks from the WTC where a triage unit had been set up. Only then did Compas realize that he was bleeding and his clothes were in tatters. Once inside that building, Compas felt it start to shake. </p><p>"I knew I could not stay in another building," says Compas. He ran outside just in time to see Tower One collapse. As the dust cloud advanced on them, Compas, the WTC Marriott employees, and several former coworkers from another nearby Marriott began to run. When they reached Battery Park, they found about 1,000 people already there.</p><p>Determined to get the remaining staff out of Manhattan, Compas convinced them to get on a waiting ferry. Eventually, with the help of family and friends, Compas got the surviving employees home. </p><p><strong>The missing. </strong>Two hotel managers from the WTC Marriott died on September 11. They were both helping in the evacuation. One was killed when the building collapsed. The last time anyone saw the second manager, he was on the third floor helping people evacuate. Nine guests are still missing and presumed dead. However, it is impossible to know whether they were in the hotel at the time of the attacks or in the WTC conducting business. </p><h4>LESSONS LEARNED</h4><p>After the search and rescue phase was over, hotel security experts wanted to learn all they could about how evacuation procedures really worked in such catastrophic circumstances. The Hotel Association for the City of New York invited Compas to speak about his experiences. After giving an account of what happened to him on September 11, Compas noted that most of the emergency procedures went as planned but the scale of the disaster was too great. </p><p>Based on his presentation, the association's board decided to devise a generic evacuation plan noting several steps that security managers can take during a catastrophic event. The generic plan was designed so that each individual security director could then tailor a more specific program to suit his or her own property. </p><p>Instead of reinventing the wheel, the board based the generic plan on the fire-safety plan that every hotel is required to have under New York City Local Law 16. Each establishment must also have a fire command station in the lobby and a fire-safety officer on duty 24 hours a day. The fire-safety officer can be a proprietary security officer, but he or she must be certified by the New York City Fire Department. The law also has other requirements that factor in during an evacuation. </p><p>Based on Compas's experiences, the board organized the generic plan around three main points: notifying guests, conducting room searches, and planning evacuation routes. </p><p><strong>Notification.</strong> To notify guests and employees of an evacuation, the board recommended that security use the public address system, which all hotels in New York must have as a part of the fire command system. During the evacuation, suggests the plan, announcements should continue to all areas of the building to reassure guests and employees </p><p>It is important for everyone to be continuously informed during an evacuation. Announcements can be made to individual floors, groups of floors, and stairwells. </p><p>Initially, guests should be directed to an area of the hotel where they will not interfere with emergency personnel or vehicles. Security should keep the lobby and from of the building clear of obstructions. </p><p>At this point, a list should be used to account for guests who have been evacuated. If an evacuation is going to take a long time or is being conducted in dangerous situations, managers should be assigned to walk guests to other hotels or to a designated outside meeting point. </p><p><strong>Searches.</strong> To ensure the safety of all guests, the plan calls for notification to be supplemented by physical searches of each room. In conducting the search, the plan suggests that searchers first place the back of a hand high against each door to determine whether there is heat emanating from the room. If there is, the room should not be entered. </p><p>If the room can be entered, the searchers should announce their intention. One searcher should stay at the door while the other checks under the beds, in the closet, and in the bathroom. Also, any areas that are not within the line of sight, such as dressing areas and sitting rooms, should be checked. </p><p>After leaving the room, searchers should close the door and make a mark outside on the middle of the door, below the level of the door handle. The type of marking to be used is not specified, but the plan does suggest that marks be made with either chalk or marker, not with easily dislodged Post-it notes or hanging tags. </p><p>Bill McShane, security director for Manhattan East Suites Hotels, which has corporate headquarters in mid­town Manhattan, says that training for search teams is now integrated into fire training. Approximately eight people are chosen from on-site personnel to serve on the team. (The members include five employees trained to serve as a fire brigade under Local Law 16.) Instruction for evacuations due to fire was already part of the curricu​lum for the fire brigade employees, but training now includes the addition of the search procedure. </p><p>To mark which rooms have been searched, McShane decided to use day-glow dot stickers. The stickers have strong adhesive, cannot be washed off by water from sprinklers, and can be seen in dim lighting. A packet of the stickers will be placed in a cabinet on each floor. </p><p>The cabinet also includes the warden phone. These phones, which are required by the local fire law, are located on each floor and are hard­wired to the fire command station in the lobby. Team members are trained to use the warden phones as a primary contact. This idea was based on Compas's experiences with two­way radios. Though the radios seemed a good way to keep in touch, they failed on 9-11 due to the dust generated by the collapsing towers. </p><p>Compas says that security managers should remind their officers that training for search operations is always being conducted under optimal conditions. Though there is no way to safely recreate emergency conditions such as those on September 11, Compas notes how important it is to continually tell trainees that all the duties they must perform in an emergency might need to be done in the dark and under falling debris. </p><p>Issues taken for granted such as breathing freely and working without injury must also be considered. "If I had not had the engineer with me, I might not have gotten out," says Compas. "I knew where the emergency exits were, but I didn't know the hotel well enough to find them in the dark." </p><p>Speed is also an issue, so the training includes tips on how to conduct searches quickly. In larger facilities, several teams may need to work on each floor. To determine the number of teams, the generic evacuation plan recommends that security directors factor in the number of rooms and suites to be searched. It takes approximately 20 to 45 seconds to search an average 12-by-14-foot room. Suites can add an additional 20 seconds to the equation.</p><p><strong>Evacuation. </strong>Though hotel security can use evacuation routes established for fires for other emergency situa­tions as well, there are some differ­ences. As noted in the generic plan, a fire evacuation usually consists of the floor the fire is on and the floors above and beneath. For other disasters, the situation may call for a total evacuation. In that case, each property should delegate multiple egress routes and alternative stairwell exits from floor to floor to cut down congestion on any single stairwell. </p><p>Each hotel is urged under the plan to designate two rallying points for all guests and employees after the evacuation. The primary meeting point should be outside of the hotel and hopefully in some kind of covered area. The alternative meeting place may be inside the hotel, in case the outside point is located in an area that has become unsafe as a result of the disaster. </p><p>Another part of the generic plan concerns mustering of evacuees. It specifies that once all guests and staff have assembled at the rallying point, a hotel employee must have a guest ledger and time and attendance sheet to verify that everyone made it out safely. </p><p>At McShane's properties, producing the guest ledger becomes the responsibility of the front office manager. The employee list becomes the executive housekeeper's responsibility. At each Manhattan Suites hotel, the lists are computerized and can be produced with a push of a button. </p><p>Drawing from Compas's experience, the plan also designates the building engineer as a main point of contact with the search teams and emergency agencies. The engineer is a critical part of the evacuation because of his familiarity with the building, its systems, and especially its exits. </p><p>Though Compas is pleased that the generic evacuation plan might help prepare other security professionals, he knows firsthand that such overwhelming events are difficult to deal with. ''There is nothing I would have done differently, and no amount of planning would have helped me or my staff," he says. “There is no way you can prepare for a building falling down around you."</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465