Effective Security Risk Management

In the wake of the January 6th attempted insurrection – following a wide-ranging failure of security risk management protocols – and the storming of the United States Capitol by members of right-wing militias, and extremist groups, an investigation is underway to determine why these failures even occurred.

The storming of Capitol Hill underscored numerous physical security, risk mitigation, and management failures, resulting in a complete breakdown of law enforcement security plans, policies, and procedures as the crisis unfolded on cable TV.

From the perspective of a physical security and risk mitigation professional, my first thought was, ‘the estimated United States Homeland Security Budget in 2020 was roughly USD 70+ Billion, and thugs have breached and bypassed virtually every Capitol Hill security ring ‘… What the F…?

Hours and days following the breach, questions started to circulate on social media – What was the Capitol Hill Police Departments’ (CHPD) risk and crisis management strategy on January 6th ? Did CHP even have a workable and effective security strategy?

Moreover, why were so many previously published security reports (weeks prior) detailing the Likelihood of a security incident on January 6th – including examples and scenarios of violence and unrest – overlooked or ignored?

As the investigation and inquiry into these failures proceeds, answers will be unearthed over the months and years to follow, which will undoubtedly highlight some significant protocol flops.

As any physical security practitioner understands, security and risk management’s fundamental foundations have taught us to create a rational picture of the risk and threats we face.

If CHP had followed a simple three-stage risk management process – allowing them to create an understanding of risk – January 6th would have been an entirely different outcome of events.

Where to start?

We follow the three simple risk management stages applicable to most situations.

  • Risk Assessment – What are the problems?
  1. Identify and list all potential threats
  2. Give those threats comparative risk value
  • Risk Control – What should we do about it?
  1. Minimize the Likelihood of an unwanted event happening
  2. Minimize the impact of any unwanted event that does happen
  • Contingency planning – What do we do if it goes wrong?
  1. Regain control of the security operation as quickly and effectively as possible
  2. Return to normal operations status as quickly and effectively as possible

Clearly, the task of physical security and risk mitigation is never over when operating and dealing in and with an environment such as Capitol Hill. It is a continuous 24/7 security operation.

Nevertheless, many incident response operations fail because they do not have enough resources – manpower; equipment; budget; management skills – which, considering it was Capitol Hill, should not be the case, or should it be deficient in any other necessary resources due to the sensitivity of the location itself.

Even though the events of January 6th are well behind us, CHP and federal agencies will undoubtedly remain vigilant for some time to come as they rebuild, review and update risk mitigation strategies, plans, policies, and procedures. So, they are risk and crisis ready when faced with any future challenges or similar threats.

The recovery phase post-January 6th is critical, and capitol hill authorities must address what went wrong and be oriented and aware of their new normal and their future postcrisis. Leaders’ ability to mobilize resources and their staff to resume operations, address physical damage, heal wounds, and overhaul internal relationships enables progress toward vitality, greater adaptive capacity, and strengthened relationships. Such progress is also critical for the Capitol Hill Police overseeing the Capitol security, to be able to remedy and change some deeper systemic issues that may have contributed to the breakdown of protocols that lead to the security breach on Capitol Hill on January 6th .

by Ken Smith