Security Management Security Incident Management For Transit Supervisors US Department of...

Security ManagementSecurity Management

Security Incident Management For

Transit Supervisors

US Department of TransportationFederal Transit Administration



Course GoalCourse Goal

• Define your duties in managing a security Define your duties in managing a security

incidentincident

• Identify the four phases of an incidentIdentify the four phases of an incident

• Describe the elements of IED and CBR incident Describe the elements of IED and CBR incident

management management

• Demonstrate the ability to apply the principles Demonstrate the ability to apply the principles

of managing a security incident of managing a security incident



Course OutlineCourse Outline• Review Review System Security AwarenessSystem Security Awareness course course

• Threat assessment exerciseThreat assessment exercise

• What are your duties in managing a security What are your duties in managing a security incident?incident?

• What are the four phases of an incident?What are the four phases of an incident?

• What are the elements of IED and CBR incident What are the elements of IED and CBR incident management?management?

• Threat response and incident management Threat response and incident management exercisesexercises



Security Awareness Course Security Awareness Course ReviewReview

• What is the real threat?What is the real threat?

• Where do you fit in?Where do you fit in?

• What do you look for?What do you look for?

• What about Anthrax and other What about Anthrax and other

suspicious substances?suspicious substances?

• What is your top priority?What is your top priority?



What Is The Real Threat?What Is The Real Threat?

• There is a wide variety of motivations, There is a wide variety of motivations,

backgrounds and types of terroristsbackgrounds and types of terrorists

• Improvised Explosive Devices (IED) are Improvised Explosive Devices (IED) are

the most common based upon historythe most common based upon history

• Chemical, Biological and Radiological Chemical, Biological and Radiological

(CBR) agent dispersal is possible(CBR) agent dispersal is possible



Where Do You Fit In?Where Do You Fit In?

• Roles and responsibilitiesRoles and responsibilities

• Eyes and ears philosophyEyes and ears philosophy

• Neighborhood Watch conceptNeighborhood Watch concept

• Practice good housekeepingPractice good housekeeping

• Routinely perform security sweepsRoutinely perform security sweeps



What Do You Look For?What Do You Look For?

• Suspicious peopleSuspicious people

• Suspicious activitiesSuspicious activities

• Suspicious packagesSuspicious packages

• Suspicious devicesSuspicious devices

• Suspicious substancesSuspicious substances



What About Anthrax…?What About Anthrax…?

• Chemical attacks become visible through Chemical attacks become visible through

immediate symptoms in multiple victimsimmediate symptoms in multiple victims

• Biological agents are hard to detect - will not Biological agents are hard to detect - will not

show up through symptoms for hours or daysshow up through symptoms for hours or days

• Radiological agents are also difficult to detect Radiological agents are also difficult to detect

but monitoring can verify their presence if a but monitoring can verify their presence if a

threat or device is involvedthreat or device is involved



Life SafetyLife Safety

Incident StabilizationIncident Stabilization

Property ConservationProperty Conservation

What is Your Top Priority?What is Your Top Priority?



Exercise #1Exercise #1

Threat AssessmentThreat Assessment



What are Your Duties in What are Your Duties in Managing a Security Managing a Security

Incident?Incident?



ObjectivesObjectives• Define the roles and responsibilities of a Define the roles and responsibilities of a

supervisorsupervisor

• List the six steps in the communication processList the six steps in the communication process

• Name three kinds of information to be gathered Name three kinds of information to be gathered and analyzedand analyzed

• Describe the decision-making processDescribe the decision-making process

• Explain how to implement a planExplain how to implement a plan

• Explain why evaluation is importantExplain why evaluation is important



RolesRoles

• Support the goals and mission of the agencySupport the goals and mission of the agency

• Manage people, not things or activitiesManage people, not things or activities

• Provide a positive role modelProvide a positive role model

• Support front-line employeesSupport front-line employees

• Instruct, coach and mentorInstruct, coach and mentor



ResponsibilitiesResponsibilities

• Know your jobKnow your job• Know your peopleKnow your people• Communicate Communicate

• Keep people informedKeep people informed• Listen to feedback and Listen to feedback and

informationinformation

• Take action, take responsibilityTake action, take responsibility• Assign tasksAssign tasks• Enforce rules and proceduresEnforce rules and procedures



Incident Management DutiesIncident Management Duties

• CommunicationCommunication

• Information gathering and analysisInformation gathering and analysis

• Decision-makingDecision-making

• Plan implementationPlan implementation

• EvaluationEvaluation



The Communications ModelThe Communications Model

FORMULATEFORMULATE SENDSEND RECEIVERECEIVEINTERPRETINTERPRET

FEEDBACK/CONFIRMFEEDBACK/CONFIRM

TRANSFERTRANSFERTHROUGHTHROUGHMEDIUMMEDIUM

A Six Step ProcessA Six Step Process



Information gathering and Information gathering and analysisanalysis

• Pre-incident informationPre-incident information• What you have been told prior to the incidentWhat you have been told prior to the incident

• Empirical or perceptual informationEmpirical or perceptual information• What someone else observesWhat someone else observes

• What you actually observeWhat you actually observe

• Cognitive informationCognitive information• What you have learned in trainingWhat you have learned in training

• What you have learned from experienceWhat you have learned from experience



Decision-makingDecision-making

• Problem identification and assessmentProblem identification and assessment• Hazard identificationHazard identification

• Risk determinationRisk determination

• Developing a plan Developing a plan




• Hazard identificationHazard identification• Credible threatCredible threat

• Improvised explosive or agent Improvised explosive or agent dispersal devicedispersal device

• Agent releaseAgent release• ExplosionExplosion




• Risk determinationRisk determination• Number of potential victimsNumber of potential victims• Asset criticalityAsset criticality• Adjoining asset criticalityAdjoining asset criticality• Extent of exposure areaExtent of exposure area



Decision-makingDecision-making• Developing a plan Developing a plan

• Based upon the problem identification Based upon the problem identification and assessment, develop a plan using and assessment, develop a plan using “Strategy and Tactics”“Strategy and Tactics”• Strategy - The overall goal or desired Strategy - The overall goal or desired

outcome you are trying to achieveoutcome you are trying to achieve

• Tactics - The specific objectives or tasks Tactics - The specific objectives or tasks that will be used to achieve the goalthat will be used to achieve the goal



ImplementationImplementation

• Putting the plan or tactics into motionPutting the plan or tactics into motion• Instruct subordinatesInstruct subordinates

• CommunicateCommunicate

• DelegateDelegate

• Make notificationsMake notifications

• Request support/resourcesRequest support/resources

• Activate contingency plansActivate contingency plans



EvaluationEvaluation

• Continually monitor the incident and the Continually monitor the incident and the effectiveness of the tacticseffectiveness of the tactics

• Coordination of operationCoordination of operation

• Safety and expediency of activitySafety and expediency of activity

• Availability and responsiveness of resourcesAvailability and responsiveness of resources

• Activation of service contingency plansActivation of service contingency plans

• Modify activity and tactics accordinglyModify activity and tactics accordingly



SummarySummary

• Defined the roles and responsibilities of a Defined the roles and responsibilities of a supervisorsupervisor

• Listed the six steps in the communication processListed the six steps in the communication process

• Named three kinds of information to be gathered Named three kinds of information to be gathered and analyzedand analyzed

• Described the decision-making processDescribed the decision-making process

• Explained how to implement a planExplained how to implement a plan

• Explained why evaluation is importantExplained why evaluation is important



What are the four What are the four phases of an phases of an

incident?incident?



ObjectivesObjectives

• Identify the four phases of an incidentIdentify the four phases of an incident

• Determine when each phase begins and endsDetermine when each phase begins and ends

• Specify the focus of each phaseSpecify the focus of each phase



Incident PhasesIncident Phases

Restoration PhaseRestoration Phase

Notification Phase

Response Phase

Recovery Phase

Incident recognized

Scene control begins

Last ambulatory victim removed

Contamination survey completed

Operations Level Actions



The Notification PhaseThe Notification Phase• Focuses on information Focuses on information

gathering and reportinggathering and reporting

• Includes requests for help and Includes requests for help and resourcesresources

• Begins with recognition that an Begins with recognition that an incident has (or is about to) occurincident has (or is about to) occur

• Ends with the initiation of site Ends with the initiation of site control procedurescontrol procedures



The Response PhaseThe Response Phase

• Focuses saving lives and Focuses saving lives and minimizing injuryminimizing injury

• Begins with site control Begins with site control proceduresprocedures

• Ends with removal of Ends with removal of ambulatory victims from the ambulatory victims from the hazard areahazard area



The Recovery PhaseThe Recovery Phase• Focuses on re-establishing Focuses on re-establishing

essential services and operationsessential services and operations

• Begins when the scene is Begins when the scene is stabilized and the last living victim stabilized and the last living victim is transported to a medical facilityis transported to a medical facility

• Ends with completion of a Ends with completion of a complete contamination surveycomplete contamination survey



The Restoration PhaseThe Restoration Phase

• Focuses on preparing for a Focuses on preparing for a

return to revenue servicereturn to revenue service

• Begins with completion of Begins with completion of the surveythe survey

• Ends with complete hazard Ends with complete hazard remediationremediation



SummarySummary

• Identified the four phases of an incidentIdentified the four phases of an incident

• Determined when each phase begins and endsDetermined when each phase begins and ends

• Specified the focus of each phaseSpecified the focus of each phase



What are the What are the Elements of IED and Elements of IED and

CBR Incident CBR Incident Management?Management?



ObjectivesObjectives

• Describe how to respond to a sceneDescribe how to respond to a scene

• Describe what must be done once at the Describe what must be done once at the scenescene

• Explain the emergency response activities at Explain the emergency response activities at IED and CBR incidentsIED and CBR incidents

• Describe the requirements and constraints for Describe the requirements and constraints for security incident managementsecurity incident management



Responding To The SceneResponding To The Scene• Remain calmRemain calm

• Drive defensivelyDrive defensively

• Approach from an uphill and upwind directionApproach from an uphill and upwind direction

• Note people and vehicles leaving the areaNote people and vehicles leaving the area

• Note existing potentially dangerous conditionsNote existing potentially dangerous conditions

• Do not block access and egress routesDo not block access and egress routes

• Be alert to changes in people and the weatherBe alert to changes in people and the weather

• Be aware of secondary devicesBe aware of secondary devices



Scene ManagementScene Management• Know the condition and location of all your Know the condition and location of all your

subordinates on scenesubordinates on scene

• Maintain contact with dispatch or control centerMaintain contact with dispatch or control center

• Monitor and evaluate the effectiveness of your Monitor and evaluate the effectiveness of your tacticstactics

• Identify yourself to emergency respondersIdentify yourself to emergency responders

• Communicate with the Incident CommanderCommunicate with the Incident Commander

• Support emergency response activitiesSupport emergency response activities



Emergency Response ActivityEmergency Response Activity

• Evacuation - removal of ALL people Evacuation - removal of ALL people and their personal possessionsand their personal possessions

• Scene isolation and securityScene isolation and security

• Establish “Safe” zonesEstablish “Safe” zones

• Area searchArea search

• Device removal/neutralization*Device removal/neutralization*

*WILL ONLY BE DONE BY HIGHLY TRAINED AND *WILL ONLY BE DONE BY HIGHLY TRAINED AND EQUIPPED PROFESSIONALSEQUIPPED PROFESSIONALS

IED scene management and mitigationIED scene management and mitigation




• Identify agent through monitoringIdentify agent through monitoring

• Establish hot, warm and cold zonesEstablish hot, warm and cold zones

• Confine, contain and control the Confine, contain and control the releaserelease

• Isolate, decontaminate, triage, treat Isolate, decontaminate, triage, treat and transport victimsand transport victims

• Decontaminate the sceneDecontaminate the scene

• Preserve evidencePreserve evidence

Chemical release scene managementChemical release scene management




• There is NO scene unless a threat and There is NO scene unless a threat and dispersal are identifieddispersal are identified

• NO immediate symptomsNO immediate symptoms

• Limited field detectionLimited field detection

• Record, monitor and treat those who Record, monitor and treat those who were potentially exposedwere potentially exposed

• Minimize spread of contaminationMinimize spread of contamination

Biological release scene managementBiological release scene management




• Cannot be detected through sensesCannot be detected through senses

• Suspected release can be verified Suspected release can be verified through monitoring and detectionthrough monitoring and detection

• Determine exposure and Determine exposure and contaminationcontamination

• Contain the radioactive materialContain the radioactive material

• Decontaminate victims and the sceneDecontaminate victims and the scene

Radiological release scene managementRadiological release scene management



CBR Agent Exposure ProtectionCBR Agent Exposure Protection

Source

Shelter in Place

Clothing

Vehicle

12

3

6

9

TimeTime

ShieldingShielding

DistanceDistance



Incident Management Incident Management RequirementsRequirements

• Safety orientedSafety oriented

• DecisiveDecisive

• ProactiveProactive

• Adaptable and flexibleAdaptable and flexible

• Realistic about personal and agency limitationsRealistic about personal and agency limitations

• Apply what you know from training and Apply what you know from training and experienceexperience

• CalmCalm

• ObjectiveObjective

• Quick thinkingQuick thinking



Incident Management Incident Management ConstraintsConstraints

• Decisions and actions need to Decisions and actions need to be made in a timely manner be made in a timely manner

• Limited resources upon arrival Limited resources upon arrival

• Minimal informationMinimal information

• A demanding and highly A demanding and highly stressful environmentstressful environment



SummarySummary

• Described how to respond to a sceneDescribed how to respond to a scene

• Described what must be done once at Described what must be done once at the scenethe scene

• Explained the emergency response Explained the emergency response activities at IED and CBR incidentsactivities at IED and CBR incidents

• Described the requirements and Described the requirements and constraints for security incident constraints for security incident managementmanagement



What Does This Mean To You?What Does This Mean To You?

Every incident needs to Every incident needs to be managed:be managed:

• If not you - then who?If not you - then who?

• If no one - then what? If no one - then what?



Course SummaryCourse Summary

• Defined your roles and responsibilities as a supervisorDefined your roles and responsibilities as a supervisor

• Defined and describe your duties in managing a Defined and describe your duties in managing a

security incidentsecurity incident

• Identified the four phases of an incidentIdentified the four phases of an incident

• Described the elements of IED and CBR incident Described the elements of IED and CBR incident

management management

• NOW - Demonstrate the ability to apply the principles of NOW - Demonstrate the ability to apply the principles of

managing a security incident managing a security incident



Exercise #2 - Responding to a Threat

Exercise #3 - Incident Management

Security Management Security Incident Management For Transit Supervisors US Department of...

Documents

Transcript of Security Management Security Incident Management For Transit Supervisors US Department of...