If there’s one place that gets a lot of attention every time security is breached, it’s the White House. Attempted intrusions are so common and newsworthy that there is even a Wikipedia entry devoted to just that. This blog takes a look at the two most recent intrusion attempts and draws some lessons on what can go right and wrong in fixed site security.
The fundamental goal of security is detecting and stopping potential hostiles as early – and as far away – as possible from the protected space, person or event. Since the White House is the highly public home of one of the most protected men on earth, it’s a field day for the media every time any one jumps the fence and tries to break in.
The White House is also a good place for security professionals to draw some lessons about the challenges of this type of protection. But before we do that, let’s have a look at how professionals look at securing any fixed site, whether it belongs to POTUS or someone else.
The four pillars of security
As well trained and experienced security professionals know, several protection barriers all need to work together seamlessly to secure a site from intrusion. If any of the barriers is removed or incorrectly implemented, the security apparatus is weakened. When they all work on their own and together, the security apparatus is strengthened.
The integrity and cohesion of the how the four pillars work together may not show in routine circumstances. But if and when crunch time comes, and the system is put under massive stress, the cracks soon become apparent.
Each of the four pillars of fixed site security represents a barrier that must be breached by an intruder:
- Physical barriers help the security apparatus control access to the protected space. These includes natural (e.g., a river) as well as man-made barriers such as fences, gates, doors or blast protection facilities. Physical barriers help control authorized and unauthorized access during routine activities. In case of an emergency, these physical barriers can be enhanced or escalated to further limit access to the protected space, and to control the damage that may be inflicted by the attack.
- Manpower is key to effective security. Security personnel must be suitable for the task, suitably trained, committed, determined and mentally and physically capable of conducting their responsibilities during routine activities as well as in emergency situations.
- Technological barriers support and enhance physical barriers and manpower. Electronic devices help security personnel identify and stop threats as early and far away as possible; some examples of this are intruder alarms, CCTV cameras and hazmat and explosive recognition equipment.
- Procedural barriers refer to measures taken by security personnel to prevent hostile acts as well as minimize the damage caused once a hostile act occurs. These procedures include management of both people that are affiliated with the location as well as guests, and must always include routine and emergency guidelines. I refer to these as “guidelines” even though these procedures are fairly inflexible. In exceptional cases, security personnel should be open to solutions beyond those defined as standard. Included in these procedures is how to utilize both the physical and technological barriers, as well as procedures for security and non-security persons.
Two attempted intrusions, two outcomes: Security lessons from the White House
On 19 September 2014, an armed intruder climbed the fence and then ran unhindered across the North Lawn, avoiding both a static guard post and a K9 unit. He reached an unlocked door, then entered the main hall and ran toward the East Wing where an off-duty security agent finally apprehended him.
On 23 October 2014, an unarmed intruder climbed the fence and was almost immediately apprehended by White House security personnel using K9 guard dogs.
Let’s take a look at each of these events through the lens of the four barriers described above, and see what we can learn.
In both cases, the physical barrier of the wrought iron fence was overcome fairly simply. As anyone who has seen pictures of the White House knows, there is nothing particularly intimidating about this fence: no barbed wire, no electric shocks.
This does not mean that the physical barrier is a “failure”, however. The White House is a very symbolic and historical site in the middle of the US capital, and as such, it is no doubt a conscious decision to avoid securing it in such a way as to make it appear inhospitable or hostile. Experienced security professionals know that there is ideal textbook security, and there is a reality often guided by compromise.
The trade-off of not truly securing the White House perimeter using physical means is that the perimeter is easily breached. One would expect that other physical barriers, such as the door leading to the main hall, would compensate for this. The unlocked door was not necessarily a failed physical barrier in normal circumstances, but it would appear to indicate a weakness in either emergency procedures or the transition to emergency procedures by the security apparatus.
I am not aware of the current technological measures in place in and around the White House and as such, I will speculate.
As this particular site has been breached multiple times, it is surprising that more robust technological measures do not appear to be in consistent use. One would expect motion-activated CCTV cameras covering the perimeter and areas between the fence and the main building to be constantly monitored by security personnel. Similarly, we would expect to see pressure-activated sensors all along the internal side of the fence and motion and heat detection sensors along both sides of the fence. Of course, all of the above are useless without a control room with access to all the feeds, and manned by trained and competent personnel.
We assume that the White House is amply protected by all the latest technological equipment available, and that the difference between the two intrusion incidents is unlikely to be explained by equipment failure.
We have no reason to question the capabilities of what is probably the world’s premier protective agency, the United States Secret Service.
We do know that without qualified, trained and sufficient manpower – and rigorous procedural barriers to coordinate them – both physical and technological barriers may be useless in preventing a hostile act.
As opposed to physical and technological measures, manpower is without a doubt the most “intelligent” of measures. People make real-time assessments and adaptations, and take action. By far the biggest challenge to all manpower barriers is that of complacency: slipping into a mindset of dull routine, which often leads to doing nothing when action is required. Simply put: complacent teams do not recognize emergency situations accurately or in a timely manner.
While security personnel effectively intercepted the intruder on 23 October before he could enter the White House itself, they did not stop the intruder on 19 September from making it all the way across the lawn and entering the building.
There were reports and indications that a static post near the main entrance to the building was unmanned at the time of the 19 September intrusion. There are also conflicting reports that this post was, in fact, manned by an agent who was “pushed over” by the intruder. Again, we do not know the facts.
What we do know is that manpower is only as good as its placement, training, commitment, determination and thorough familiarity with both routine and emergency procedures. Had these aspects of the site’s manpower barriers been fulfilled in September, the intruder would not have reached the main entrance. On the off chance that he did reach it, he would have been stopped. I have no doubt about this.
Procedures are the glue of the security apparatus. Without procedures to govern what happens during routine preventative activities, as well as emergency/crisis procedures, protection falls apart.
Far be it from me, of all persons, to negate the value of training. But it is an all too common misconception that “training will take over” during an emergency. Of course, training is essential in establishing thorough familiarity with a site’s security and non-security procedures. No cookie cutter training can provide answers for all possible scenarios, however, and each security person must thus be extremely familiar with procedures per location and post for which they are responsible.
Strong procedural barriers do help across a wide array of circumstances. They facilitate the streamlined movement from routine to emergency by early identification of threats and danger, and the mitigation of these. Without successful training, effective quality control and auditing, as well as maintaining a state of readiness, the previous three pillars are useless against a determined adversary.
Again, we are not privy to information about what distinguishes the last two attempted White House intrusions. We imagine, however, that due to the repeated intrusions, as well as the shakeup of security leadership, failures were examined and corrective procedures established and implemented.
Likely cause of failure: A manpower breach?
Based on what we can glean from media reports, I believe there is one primary factor that distinguishes the successful intrusion into the White House from the unsuccessful attempt. It is a failure of the manpower to follow both preventative and emergency procedures as a result of complacency.
As both intruders successfully entered the White House perimeter, it is clear that the physical barrier did not stop them. We assume that the technological barriers in use were identical. I am fairly certain that while procedures were examined – as should be – after any security failure or success – they were not radically modified.
What’s left? The manpower barrier. Had the team on duty on 19 September been less complacent, I am confident that procedures would have been sufficient to stop the intruder at his first point of entry. At that stage, whether the intruder was successfully stopped or not, an emergency would have been declared and emergency procedures would have been initiated to limit potential damage as well as prepare for any secondary threat. So is it the security person on the ground who is at fault? At first glance, yes, but as this is a pattern, it seems it is a systematic failure as opposed to one or two individuals on the ground.
Complacency happens to everyone in the security industry at one time or another; this is a human trait. The failure was not so much the presence of complacency; the failure is that leadership presumably neither identified nor managed complacency before something happened, but only after multiple incidents.
Likely cause of success: All the protective barriers working smoothly together – and shifting seamlessly from “routine” to “emergency” mode
The intruder on 23 October was stopped immediately after breaching the perimeter. The key word here is “immediately”.
Compared to the September event, the October event demonstrated a different outcome when operational mode quickly and decisively transitioned from routine to emergency. This rapid and determined transition resulted in the releasing of K9 dogs, which effectively prevented the intruder from progressing. Note that these dogs were not released in the September event.
Far be it from us to presume to teach one of the most effective protective forces on the planet about security without all the details from both of these events.
Our purpose here, as security professionals tasked with keeping people, places and events safe from threats, is to try to learn from what happened in Washington, DC.
First, we must understand the importance of the four pillars of security – and how they work independently and together. This is relevant and adaptable for any security scenario, whether for the White House, for a neighbourhood school and, of course, for Executive Protection (EP).
Second, we must understand how time and distance impact security. The goal is to stop a threat as early as possible and as far as possible from the target. The closer the threat gets, the more chance of success in causing harm and damage.
Third, we must familiarize ourselves with the site and its surrounding environment, as well as routine and emergency procedures. Remember rule #1 of all security – know your environment. Without knowing what is normal for the environment, one cannot identify what is abnormal and suspicious.
Finally, and most importantly, ensure that your manpower – otherwise known as your team – is committed, determined, curious and anything but complacent. Are they ready to transition from the humdrum reality of routine procedures to emergency tactics?
There are multiple techniques for security directors and management to help minimize the challenge of complacency. We will discuss these in a follow up post.