Skip to content

Utilities Are Adopting the Incident Command System

2015 April 28
by Jason Nairn, CPP, CISSP

Increasingly, public and private utility companies are moving to the Incident Command System as a framework for responding to incidents.  The increase in incidents affecting their infrastructure, and the ubiquitous use of the National Incident Management System have prompted movement among critical infrastructure owners and operators toward the national standard.

However straight ICS is not always the best solution for utilities, and electricity, gas, water and telecommunications infrastructure systems require an approach that takes into account the complexity of networks.  According to Electric Energy T&D Magazine, 52% of utilities surveyed employ some sort of in-house or combination FEMA-based and in-house training in incident management.  This indicates that utilities are tailoring ICS for their own unique applications.  As a result, there could be different versions of ICS among utilities, complicating the response to incidents, especially where mutual aid and multi-company collaboration is required.  While some ICS is better than no ICS, standards would help the industry stay focused on the core tenets of NIMS, like the avoidance of company-specific jargon.

The recent announcement by the Western Energy Institute of a strategic partnership to create a National Training Center for Utility Incident Management makes sense.  Incident management curriculum designed by utilities, for utilities will focus ICS for the industry and provide training in best practices that serve the utilities specifically.  The goal of the national center is to develop cost-effective, world-class training tailored specifically for utilities that will increase the pace of the adoption of incident management best practices, like the Incident Command System, among critical infrastructure.  This will result in a more resilient national critical infrastructure system.

Concordia University – Portland Unveils National Training Center for Utilities

2015 April 21
by Jason Nairn, CPP, CISSP

Concordia University – Portland in partnership with the Western Energy Institute announced a new training center designed to provide incident management training tailored for utility companies.  The announcement was made at the WEI’s Spring Operations Conference in Las Vegas this week.  Here is the press release announcing the partnership and the new training center.

The training program is designed to support utilities in the implementation of ICS and other industry best practices in their organizations.  This new center will allow utilities to obtain concise, utility-focused training for their employees and managers at a reasonable cost.  Customized training packages include the use of the homeland security simulation center to provide hands-on application of concepts covered in the training program.

For more information, visit


Tips for Staying Engaged While Avoiding Information Overload

2015 April 5
by Jason Nairn, CPP, CISSP

Security professionals protect their employers and clients from the acts of Satan and the laws of Murphy, and the news is filled with stories of both.  There is always something in the news that might be interesting to the homeland security professional, and one could spend hours reading news stories, blogs, and journal articles filled with information relevant to our vocation.  Unfortunately, there just isn’t time in most professionals’ lives to gather it all in, analyze it, and add it to our knowledge base.  So how do we stay engaged professionally, without burning out on bad news and overtaxing our processors?

Here are four tips for staying engaged while remaining sane and productive:

  1. Focus on Your Area of ExpertiseWe have pointed out in HLSR that “homeland security” is a rather vague term, and encompasses a broad range of disciplines.  If you monitor everything related to the homeland security enterprise, you will get overloaded in a hurry.  Focus instead on your area of expertise. Most professionals operate within a discipline or a focus area.  We should pay the most attention to the stories, articles and blogs that serve our niche.  As for the rest – let it go.  Prioritize your thought resources.
  2. Cache the Good Stuff for Later – If you find a good story or article that is right in your wheelhouse, consider developing a database of good stuff and caching the pdf or link for later, when you have some downtime.  This will allow you the time to analyze the piece as you read, and to develop a thorough understanding of its content.  At the same time you will be developing a database of research relevant to your area of expertise that will serve you well in other ways.
  3. Monitor Trends, Not Individual Events – This is self-explanatory, but here is an example.  Over the past few months there have been almost daily stories of the dastardly deeds of groups like ISIS or ISIL and Boko Haram.  All of these stories provide accounts, often in excruciating detail, of the brutality of these terrorists.  Unless you are an ISIS expert (see #1) you can likely do without the gory details.  Focus your attention on trends, like radicalization, the growth of these groups and the general geography affected, and spare yourself the details and the emotional stress.
  4. Be Intentional About Engagement Time – Pick a time of day or a day of the week where you review the news and articles.  This will cause the engagement to be intentional, and will avoid the pitfalls of reviewing news bits during times when other productive work should be done.  Disconnecting from outside distractions is more important than ever in our connected workplace.  Scheduling engagement time will improve overall productivity.



The Terrorism – Emergency Management Gap

2015 April 2
by Jason Nairn, CPP, CISSP

Recently, I had the pleasure of meeting with a seasoned emergency management director with responsibility for a good-sized American city. Our discussion revolved around incident command, lessons learned from a major event, and the relationship between emergency operations centers and field incident command. As we talked, the emergency manager mentioned “the terrorism – emergency management gap”.  I hadn’t heard the phrase before.  It sounded like a practicing homeland security professional was describing something that happens in homeland security.  I wanted to know more about the phrase and what it means.

After some discussion I learned that the director was describing something he had noticed in the response to a violent incident.  Violent incidents, such as terrorist attacks or active shooters, elicit a tactical response by agencies that are not as accustomed to using the Incident Command System as a primary operational structure.  With active violence, the appropriate focus is on threat eradication and incident stabilization, and thus primary responders, including leaders, are typically focused on tactical operations.  In such a case no one is left behind to coordinate staging and assignment of arriving resources, evacuations and other coordination tasks.  With leaders in tactical mode, and the incident growing in complexity, the need to act strategically becomes increasingly important – thus the terrorism – emergency management gap.

At the heart of the “terrorism – emergency management gap” is an opportunity to engage agencies in a discussion about when and how to use incident command, unified command, and coordination assets (like EOC’s) in the response to a violent incident.

To his credit, the emergency management director with whom I met will be conducting an exercise to practice these concepts this year.  Perhaps in his city he will fill the gap.

The Emerging Threat of “CybeRevenge”

2015 March 22
by Jason Nairn, CPP, CISSP


You represent a large utility company, and your power plant discharges waste cooling water into local waterways.  An environmental group reports that your discharge water is contaminated, despite the fact that your testing shows it is within permitted parameters.  Local media picks up the story of reported contamination, and it is subsequently picked up by national media as a result of recent similar stories in West Virginia and elsewhere.  Officials with the state environmental department review your tests and test the water and sediment, finding no evidence of contamination.  They issue a press release stating that there is no evidence of contamination or inappropriate management of facility discharge, but this gets far less attention from the press.

A week after the negative press, a malicious computer virus infects your company’s networks.  A Stuxnet derivative, the virus impacts your SCADA network, causing equipment failures and ultimately customer outages.  The company estimates the damages at over $5 Million.  A cyber hacktivist organization takes responsibility for the cyber attack, stating that the attack is in response to your company’s ” corporate greed and disregard for the environment”.

Now imagine this…

Your local police department experiences an officer-involved shooting.  An ethnic minority member of your community is shot by a police officer in an altercation.  As the investigation into the incident gets underway, your City is hit with a cyber attack that disables the web servers for all city government departments.  City residents are unable to access government services, and city business is seriously restricted.  City and county police and fire agencies are impacted and officers put at increased risk, 911 operations are impacted and thus residents are put at greater risk, and the costs are significant.

A cyber hacktivist organization takes responsibility for the attack, citing the shooting death “at the hands of the police”.

Both of these scenarios are examples of “Cyberevenge” attacks, where hackers target public or private agencies for perceived damage to interests that they purport to represent or support.  These punitive, extra-judicial attacks are not new, but they seem to be happening with greater frequency and with less concern for due process.  The latter of these two scenarios happened last week.

According to Cyber Threats: Defining Terms (2009), hacktivists’ primary tools have traditionally consisted of “website defacements and denial of service” attacks.  However, as internet-based hacktivist organizations become more coordinated and more advanced, the threat of more damaging attacks is likely.

Security professionals, now more than ever, need to be aware of their vulnerability to cyber attacks that result from negative press or unpopular announcements.  Both public and private organizations are vulnerable, and the continued trend toward greater risk to infrastructure systems from cyber attacks means that public officials and critical infrastructure owners and operators should expect damaging cyberevenge attacks following media coverage of controversial issues, or negative press.

Franklin D. Kramer, Stuart H Starr, and Larry Wentz, eds.  “Cyber Threats: Defining Terms.” Cyberpower and National Security (2009).


Who Cares If We Call It “Terrorism”?

2015 January 5
by Jason Nairn, CPP, CISSP

I recently wrote a post about the definition of terrorism, the public’s perceptions about terrorism, and the importance of the use of the word to the work of homeland security professionals.  The conversation about this topic has continued on the blog Homeland Security Watch, as well as in professional circles.

There are differences among professionals within the homeland security enterprise about whether the word “terrorism” should be a applied to events such as the Canadian Parliament attack and the Sydney Cafe Hostage Incident.  A recent conversation that took place via email between homeland security educators provides insight into the terrorism terminology tussle.  The emails are a continuation of a discussion prompted by a colleague who shared analysis by Scott Stewart of Stratfor Global Intelligence entitled “The Sydney Hostage Incident was a Classic Case of Grassroots Terrorism”.  (Stratfor is a subscription service and I could not therefore attach the article.  However, you may be able to get the article free here by providing an email address.)

A key phrase in Stewart’s analysis addresses the issue.  Stewart writes:

Despite Monis’ reported mental instability, the sequence of events in this incident clearly demonstrate that he was acting in a planned, logical manner designed to accomplish his goals — however delusional those goals may have been.

Thus Stewart makes the case that this attack, and others like it, are terrorism.  But some do not agree.  Here is the email conversation:

Clinical Psychologist and Homeland Security Educator [responding to the article]:

Hmm – Hoffman would say it’s terrorism if there is a political purpose behind the attacks – that would be necessary, but is it sufficient that the perpetrator’s message is political? But (and I’ll confess to skimming this) I didn’t see where the cafe or the patrons were emblematic of some political regime? Shouldn’t the target also serve as a symbol?

For example, the Pakistan school shooting by Taliban – the school is a military sponsored/funded school that the Taliban perceived as a training ground for future military personnel (though Pakistani’s argue there were lots of civilians’ children in attendance and is not a military prep school). The school is a symbol of the military, government and political regime the Taliban wants to change/eliminate. The King David Hotel, the Edward R. Murrah building, etc – all symbols, as well as civilian/noncombatant locales.

This dude sounds like a garden variety criminal. Self appointed cleric, currently charged with murder of a loved-one (though killing your ex wife is probably not a symbol of great love). So he slapped a pseudo-political label onto his act and was active in social media with other extremist groups…I just don’t buy it. My clinical opinion? Lone Nut.

Related: this is the problem with having no agreed-upon, operational definition of terrorism.

Homeland Security Educator 2:

I think the interesting question in both this instance and the Canadian Parliament attack is, as both incidents were perpetrated by individuals of questionable mental stability, does mental status matter?  Couldn’t it be said that anyone that is willing to put explosives on themselves (in their underwear even!) is likely not in perfect mental health, i.e. a lone nut as the article describes.  I think there is a danger in calling these politically-motivated, pre-planned attacks something other than terrorism, because it reduces the importance of the homeland security element involved in preventing / responding to these attacks.  The HLS element provides the vehicle for collaboration among agencies, countries, etc, and additional resources.  Crimes by lone nuts are addressed by local resources, and if we rely on local resources to do everything, we will be back where we were prior to 9/11, where some agencies had information, nothing was shared with the local agencies that ultimately had to respond, and no one was putting the pieces together.

Why does it matter?  Who cares if we call it “terrorism” or not?

It matters because the use of the word terrorism is important to the funding and resource support for anti-terrorism efforts in the US and abroad.  The recognition of the threat of ongoing terrorist attacks is important for the political framework that surrounds international homeland security (or domestic security, or civil protection, or whatever) efforts.  The correct description of these events as terrorism reminds us, the public-at-large and our policy-makers, of the importance of the collaborative framework of homeland security, and its essential role in preventing, responding to and recovering from these types of attacks.


Five Tips for Hiring and Maintaining Quality Security Guards

2014 December 13
by Jason Nairn, CPP, CISSP

In the past few days a report about security guard industry by CNN and the Center for Investigative Reporting has been making the rounds among security professionals.  The report does not paint the industry in a good light.  The theme is lax regulation, which is a real issue in some states.  But based on what I’ve read, I don’t believe that they bothered to interview very many reputable firms.  Nor did they dig very deep into the regulations in at least some of the states they surveyed.  Michigan, which was listed as having no regulation at all, actually has some fairly robust regulations on the books for private security.

As someone who has managed multi million-dollar armed and unarmed security contracts, I’ve seen and addressed plenty of quality issues with both guards and managers in security companies.  Given that the CNN/CIR report didn’t provide much in the way of helpful advice, I thought it a good opportunity to share a few tips that those in responsible charge of security might apply to retain resilience forces that are up to scratch.

Here are five tips for hiring and maintaining quality security guards, whether armed or unarmed:

  1. Pay Up – In most service industries, you get what you pay for, and security guard services are no different.  You must be willing to pay up for quality.  I have heard some security managers say “I will hire solid, new, less expensive people and train them well”.  Sure go ahead, and when you get them trained well they will be transferred away from your contract to the other client that will pay them what they are worth.  Be that guy, and pay for quality up front – then you’ll get the good stuff and you’ll save on the training costs.
  2. Contract, Contract, Contract – The quality of your contract is directly proportional to the quality of the guard service you will receive.  Even if you live in one of those “unregulated” states, incorporating plenty of training, refreshers and requirements into your contract just makes sense.  The good companies are doing it already – so you’ll weed out the small fish quicker.  The contract becomes your primary tool for quality if you are a government agency working toward hiring a “lowest qualified bidder”.  Beware – a contract light on requirements like post orders and training could literally be a matter of life and death.
  3. Join a Trade Group or Network in the Security Guard Field – One sure fire way to get the skinny on who is good and who is not is to join a group in the industry.  Most states have groups, like ASIS, that meet to discuss trends in the security guard industry.  Some lobby legislatures or provide information to the public about the industry.  Others’ like ASIS, certify professionals in the field.  Join a group to find out who the best firms are and stay active to be up on the latest information.
  4. Find the Insurer – Security guard companies have to get insurance just like any other business.  If you can find the company that insures the guard companies in your area, you might just find a source of great information about which companies are the best.  Sometimes these insurers are members of the trade groups.  Ask them questions.  If it’s legal and ethical, they’ll tell you what they can because they are interested in quality as well – better quality = fewer claims.
  5. Get Out and Observe Your Forces in Action – It’s tough for executives to get out to the posts where the guards are on duty, but it is essential.  At site inspections I always found something that could be improved.  Sometimes it was just a simple issue like guard comfort, other times it was a dangerous safety issue.  Check on the guards often with supervisors in-tow to make adjustments when appropriate.  DON’T order your guards around at their posts – it is demeaning and amateurish.  Use the contractual chain of command.  Get to know your site supervisors and build that trust relationship.  You will need them when something goes wrong – and it will.


Ottawa Attacks Reveal Public’s Confusion About Terrorism

2014 December 1
by Jason Nairn, CPP, CISSP

The US media and news-consuming public are known for their short attention spans when it comes to domestic events.  A novel major story quickly refocuses attention, often leaving important issues without context or follow-on reporting.  This phenomenon, one that I like to call “Issue Attention Deficit Disorder (IADD)”, is exacerbated when the event in question is not domestic.  Major issues in Africa, Asia and Europe are simply underreported in the US media, and though they often do not, major events in Canada should merit our attention.  Ottawa is only a 9-hour drive (471 miles or 911 kilometers) from Washington DC, the rough equivalent of driving from Detroit, MI, to Marquette, MI (455 miles), or from Nashville, TN to Chicago, IL (471 Miles).

Canadian media coverage of the recent attacks in Ottawa involving the gunman Michael Zehaf-Bibeau has revealed a glimpse of the Canadian public’s attitudes about terrorism.  Two stories that ran recently in the National Post provide some valuable lessons for followers of homeland security trends.  First, according to a poll conducted in Canada of over 1500 citizens, only 36% of those that responded would characterize the attack on Parliament as terrorism.  Second, in a propaganda magazine ISIS took credit for inspiring both the attack on Parliament and an earlier attack on a Canadian Warrant Officer by another individual said to be a “jihadist”.

Homeland security professionals have been heard to lament the “‘nothing happens until something moves’ effect” of support for homeland security.  The idea is that only after a disaster or major event, like a terrorist attack, is attention refocused on the support of homeland security goals and objectives.  Based on this report, even serious attacks may not drive the public’s support of security priorities.  If an attack on the seat of government does not qualify as terrorism in the eyes of the public, but qualifies as supporting the mission in the eyes of the terrorist group, then something is awry.  Even if our neighbors don’t use the phrase “homeland security” as we do, a fundamental issue remains.  Getting the word out about what terrorism is, what homeland or domestic security is, and how to support resilience in our communities and institutions should be a focus that we maintain beyond the next headline.

Concordia University – Portland Opens New State-of-the-Art Homeland Security Simulator

2014 November 23
by Jason Nairn, CPP, CISSP

Concordia University – Portland has opened a state-of-the-art simulator designed to educate, train and exercise leaders and operators in critical thinking and ethical decision-making in realistic environments. The Concordia University Homeland Security Simulation Center includes an Immersion Theater in which on-site command staff is right in the action, and a separate Emergency Operations Center where leaders can operate in a simulated EOC environment. The facilities are housed at Concordia’s new Columbia River Campus which is conveniently located adjacent to the Portland Airport (PDX). The Homeland Security Simulation Center can be booked by public and private organizations interested in training, exercise and educational programs to support their missions. More information is available at

The Center has gotten some publicity this week:


The Principle of Ultimum Judicium

2014 August 21
by Jason Nairn, CPP, CISSP

In a series of posts, I am outlining three principles that I believe apply to working relationships in homeland security.  This is a thought experiment presented for discussion and review.  These principles are derived from my own experience as a homeland security practitioner and are presented to highlight issues within the homeland security enterprise that I believe are interesting for further study and discussion.

While future posts may flesh out the details and background associated with the Principles, they will be presented in brief initially.

The Principle of Ultimum Judicium

The Principle of Ultimum Judicium states that the goal of all security activities is the preservation of justice, and that ultimately, only an empowered government apparatus can exercise ultimate justice in a societal context.

The definition of justice includes “the principle or ideal of just dealing or right action”.  Security’s ultimate goal is to deploy resources and deliver services that ensure that stakeholders in a given realm (campus, company, community) live, work and operate within an environment that is just.  A just environment in which to live and work enhances the quality of life and business, and therefore benefits the realm collectively as well as other realms with which it associates.

Fairness and justice can take a variety of forms.  A common form is criminal prosecution.  Yet criminal prosecution is not the ONLY form of “justice” considered by security professionals for violators of collective security.  Some organizations or corporations choose to deliver justice internally, via organizational administrative tools that may include termination or sanctions.

These sanctions do not, generally, result in the delivery of justice for the violator beyond the bounds of the corporation, and thus have a limited societal impact.  Ultimate justice is, in this context, the unique responsibility of an uncorrupted system of judicial prosecution, where an individual is presented before his peers in society and judged based on the unique circumstances of his actions.  The resulting penalties have a lasting impact on both society and the individual.  The principle dictates that ultimate justice is the role of the uncorrupted governmental justice system and its agencies.

Thomas Paine wrote that security is the “true design and end of government”.* As such, an uncorrupted government must have a role in the delivery of justice resulting from security operations.  Anything else, including institutional penalty, is administrative sanction, but is not ultimately justice and does not have a societal impact.

An interesting area of future study is the consideration of the definitions of “government” and “uncorrupted”…  Are groups that form governing bodies, like ISIL for example, governments?  What would be the impact of “legitimacy” in this context?  How does one define “justice”, using universal humanistic descriptors or societal norms? 

* – Paine, Thomas (1986) [1776], Kramnick, Isaac, ed., Common Sense, New York: Penguin Classics