Gregory M. Schmidt, CPP, PSP, CHPA

Designing a School to Stop Shooters

From “Designing a School to Stop Shooters”
The Wall Street Journal (03/13/18) Hobbs, Tawnell D. Posted by ASIS.

The Wylie Independent School District spent $19 million to make George W. Bush Elementary School in an upper-class Dallas suburban neighborhood able to withstand a school shooter. The special features include sparse landscaping and numerous windows in the front to provide a clear view of approaching visitors. In addition, entering the school is a multistep process. First, visitors enter a vestibule and must be buzzed inside the main office. Then, a government-issued ID must be scanned through a system called the “Raptor,” which flags child molesters and anyone else who should be kept out. The school has wide hallways and no small nooks, making it harder to hide or avoid video surveillance that is viewable by school administrators and police officers in patrol cars. The Wylie School District has regular lockdown and emergency drills, full-time security officers trained in active school shooting situations, and strong ties with local police, according to district spokesman Ian Halperin. These types of designs and tactics are becoming more common among the country’s 98,000 public schools as students, parents, administrators, and lawmakers grapple with the rash of school shootings. Since 1990, there have been 32 shootings in schools where at least three people were killed or injured.

Weapons in the Workplace

From “Weapons in the Workplace”
Security Management (03/18) Sorrells, Eddie. Posted by ASIS.

For most private employers, the issue of guns in the workplace is complex. There is currently no U.S. federal law regulating weapons at private workplaces, and while many state legislatures have taken up the issue, these laws vary in terms of their restrictions and make it difficult for employers operating in multiple U.S. states to implement one overarching weapons policy. By understanding the legal landscape surrounding firearms on work property, and establishing policies within the employers’ legal rights that properly address workplace violence, security professionals can help ensure a safe work environment without infringing on the legal rights of their employees. Notably, 23 states have some form of “parking lot laws” that allow employees to have firearms in their locked, private vehicles while parked on company-owned property. Meanwhile, more lawsuits can be expected regarding employee termination based on gun-free workplace policies. Florida, for example, passed a law in 2008 that prohibits employers from discriminating against any worker, customer, or invitee for exercising the right to keep and bear arms. Policies on workplace violence should include a thorough explanation of state law regarding guns on workplace property and outline how to respond to employees who are potentially violent. When firing any individual considered to be high-risk, companies should consider providing a security escort to the parking lot. Organizations should also train security officers in the use of de-escalation techniques. Finally, for workplaces that must comply with parking lot laws, organizations may consider increasing security in parking areas, such as adding an access control point, conducting patrols, installing video surveillance systems, and implementing proper lighting.

U.S. Closes Consular Agency in Playa del Carmen, Bars Employees From Travel Over ‘Security Threat’

From “U.S. Closes Consular Agency in Playa del Carmen, Bars Employees From Travel Over ‘Security Threat'”
ABC News (03/08/18) Finnegan, Conor. Posted by ASIS International.

The U.S. has closed its consular agency in Playa del Carmen, a coastal resort town in Mexico, and is restricting its employees from traveling there over a “security threat.” The State Department offered few details on what the threat was, saying only that one was received by the embassy in Mexico City on March 7. The warnings come after a bomb exploded on a ferry that runs between Playa del Carmen and Cozumel in February, injuring 25 people, including two Americans. One week later, an unexploded ordinance was found on another ferry in Cozumel, Mexico. The State Department confirmed “undetonated explosive devices” were discovered on the ferry by Mexican law enforcement, warned Americans to “exercise caution,” and barred employees from traveling on that ferry route. Both incidents are still under investigation. “We take our obligation to provide information to U.S. citizens seriously as evidenced by the clear, timely, and reliable safety and security information we release worldwide,” State Department spokesperson Heather Nauert said. Both the closure of the consular agency and the limits on personnel travel will continue “until further notice,” added Nauert. Still, Americans were not told to avoid travel to Playa del Carmen. The State Department’s alert system ranks it at a “Level 2: Exercise Increased Caution.”

After Mass Shooting in Florida, Indiana Lawmakers Call for Study of School Security

From “After Mass Shooting in Florida, Indiana Lawmakers Call for Study of School Security”
USA Today (02/27/18) Herron, Arika. Reprinted from ASIS.

Lawmakers across the country have been looking for ways to improve school security since the deadly shooting at a high school in Parkland, Fla. Some Indiana lawmakers are calling for a review and report on the status of school safety across the state. The Indiana House education committee recently added language to a bill that would require the Secured School Safety Board to review current school safety issues, report back to the legislative council, and make recommendations for improvements. Some states have suggested arming teachers as a possible security solution. Indiana is one of several states that already allows school boards to decide whether or not to permit individuals, including teachers, to carry guns on school property. Most districts do not, but at least one district already has a provision to allow administrators to carry guns and another district is reconsidering the idea of arming teachers after the Florida shooting. Some lawmakers have suggested other means for protecting students. One lawmaker proposed mandatory active shooter response training last week and another pitched a plan for $100 million school security grants. However, neither proposal made it into a bill.

Massachusetts Hospital Makes Security Changes After Nurse Stabbed 11 Times

From “Massachusetts Hospital Makes Security Changes After Nurse Stabbed 11 Times”
Campus Safety Magazine (09/27/2017) Brennan, Amy

Harrington HealthCare System’s Southbridge, Mass., hospital began implementing new security measures in September following the June stabbing of a nurse by a former patient. Elise Wilson was working as an emergency room nurse on June 14 when 24-year-old Conor O’Regan stabbed her 11 times. Doctors say Wilson almost died from tremendous blood loss. Investigators say O’Regan picked Wilson at random and was seeking revenge for what he considered to be unsatisfactory treatment at the hospital three weeks prior for a wrist injury. He told court physicians that he heard voices telling him to “be a warrior.” Hospital administrators say the new security measures include limitation of visitors in emergency departments and mandatory bag searches at Harrington’s Southbridge and Webster locations. Each patient in the emergency departments will be limited to two visitors. Added public safety officers will manage visitors as they arrive. Public safety officers will also now carry batons, pepper spray, and handcuffs. “There are very strict guidelines and circumstances under which these tools would be used, and that is being communicated during the training being taken by our Public Safety Department,” says Harrington vice president Harry Lemieux. Many hospital employees, including public safety staff, will participate in de-escalation training and defensive tactics. On-site training and drills will also be rolled out with department and building-specific protocols. Two walk-through metal detectors have also been placed at emergency room entrances and additional security cameras and panic buttons have been installed throughout the hospital.

Mitigating Active Shooter Risks

From “Mitigating Active Shooter Risks”
PropertyCasualty360 (08/16/17). Posted by ASIS.

Security professionals should prepare their companies for the possibility of an active shooting, as the number of incidents involving active shooters has risen steadily over the last 15 years. Keith Plaisance of Global SHE Solutions says implementing an active shooter program is similar to preparing for a fire drill, and survival depends on having a plan with three specific options: run, hide or, fight. Preparing for an active shooter scenario involves the development of a workplace violence policy and plan, emergency response plans, training, and exercises. For the workplace violence policy, the employer should establish acceptable workplace behavior, affirm the company’s commitment to take action and provide a safe workplace for employees, and address physical violence as well as threats, bullying, harassment, and weapon possession. Plaisance says a reporting mechanism should be in place letting employees know who to approach with concerns. He also recommends creating a threat assessment team within the company. Companies should test plans to determine effectiveness and identify potential problems, presenting plans to employees in regular training. Companies should also conduct a detailed physical security assessment, with the goal of denying unauthorized access and protecting property, personnel, and operations.

Microsoft PowerPoint Used as Attack Vector to Download Malware

From “Microsoft PowerPoint Used as Attack Vector to Download Malware”
Neowin (08/15/17). Reposted by ASIS.

Trend Micro researchers have discovered that a vulnerability in the Windows Object Linking Embedding (OLE) interface is being exploited by cybercriminals through Microsoft PowerPoint in order to install malware. The interface is commonly exploited by the use of malicious Rich Text File (RTF) documents. The attack starts with a phishing email that contains an attachment. The message appears to be some sort of order request, with the attached file supposedly containing shipping details. The provided document is a PPSX file, which is a type of PowerPoint file that only allows the playback of the slideshow, and is not editable. Should the victim download and open it, the content will only display the text “CVE-2017-8570,” a reference to a different vulnerability for Microsoft Office. Instead, the file will launch an exploit for the CVE-2017-0199 vulnerability, and will then begin to infect the host computer with malicious code being run through PowerPoint animations. A file called “logo.doc” will then be downloaded, an XML file with JavaScript code that runs a PowerShell command to download a new program called RATMAN.exe, a trojanized version of a remote access tool called Remcos.

Man Used Gurneys to Steal TVs, Laptops from Phoenix Hospital

From “Man Used Gurneys to Steal TVs, Laptops from Phoenix Hospital”
Campus Safety Magazine (08/04/2017) Brennan, Amy. Reposted by ASIS

A man was allegedly caught on camera stealing three laptops and five big screen televisions from Abrazo Central Campus Hospital in Phoenix. Brian Leroy Nichols, 35, was seen on surveillance video wandering the basement of the hospital for approximately three hours, going from room and room and changing his appearance along the way. Nichols allegedly took the computers from a classroom and hid them under a staircase, covering them with a gurney mattress. At one point, he reportedly left the hospital and sold two of the laptops. The third was found in his backpack when he was apprehended by police. Once in custody, police asked Nichols about how he was able to get three televisions out of the hospital unseen. Nichols said he put the stolen televisions on a gurney and covered them with sheets. Abrazo Central Hospital officials released a statement, stating, “We are reviewing campus security footage of this incident to assist the Phoenix police department with its investigation. We are also conducting a thorough review of our campus security measures.”

Fears of Hackers Targeting U.S. Hospitals, Medical Devices for Cyber Attacks

From “Fears of Hackers Targeting U.S. Hospitals, Medical Devices for Cyber Attacks”
ABC News (06/29/17) Harris, Dan; Kapetaneas, John; Zepeda, Robert; et al. Posted by ASIS.

Hospital computers and medical devices are potentially vulnerable to hacking, according to cybersecurity experts. Among the U.S. computers affected in the Petya ransomware attack that quickly spread to countries around the world Tuesday were hospital computers. Last month, the WannaCry ransomware shut down 65 hospitals in the United Kingdom, affecting not just computers but storage refrigerators and MRI machines, and last January, Hollywood Presbyterian Hospital in Los Angeles paid out $17,000 after hackers took control of its computers. To combat this problem, doctors, security experts and government employees recently converged at the University of Arizona Medical School in Phoenix to witness the first-ever simulated hack of a hospital. “Anything that is plugged in,” whether it has a Wi-Fi connection or not, can be vulnerable to hacking, and lots of medical devices, such as pacemakers and ventilators, are connected to the Internet for the benefit of the patients, says Dr. Jeff Tully, a pediatrician and self-proclaimed hacker who organized the event and staged the cyberattack with Dr. Christian Dameff, an emergency medicine physician. Cybersecurity expert Josh Corman, who recently served on a congressional task force for the U.S. Health and Human Services Department to investigate health care systems, said these systems are easy to hack because often the computers are running “on very old, unsupported systems.” Also, hospitals need to invest more in qualified cybersecurity personnel. Corman’s team conducted a yearlong investigation and found that at least 85 percent of hospitals do not have a single qualified [cyber]security person on staff.

State Department Issues Europe Travel Alert Over ISIS Terror Threat

LAST UPDATED: MAY 1, 2017

The Department of State alerts U.S. citizens to the continued threat of terrorist attacks throughout Europe. This Travel Alert expires on September 1, 2017.

Recent, widely-reported incidents in France, Russia, Sweden, and the United Kingdom demonstrate that the Islamic State of Iraq and ash-Sham (ISIS or Da’esh), al-Qa’ida, and their affiliates have the ability to plan and execute terrorist attacks in Europe. While local governments continue counterterrorism operations, the Department nevertheless remains concerned about the potential for future terrorist attacks. U.S. citizens should always be alert to the possibility that terrorist sympathizers or self-radicalized extremists may conduct attacks with little or no warning.

Extremists continue to focus on tourist locations, transportation hubs, markets/shopping malls, and local government facilities as viable targets. In addition, hotels, clubs, restaurants, places of worship, parks, high-profile events, educational institutions, airports, and other soft targets remain priority locations for possible attacks. U.S. citizens should exercise additional vigilance in these and similar locations, in particular during the upcoming summer travel season when large crowds may be common.

Terrorists persist in employing a variety of tactics, including firearms, explosives, using vehicles as ramming devices, and sharp-edged weapons that are difficult to detect prior to an attack.

If you are traveling between countries in Europe, please check the website of the U.S. embassy or consulate in your destination city for any recent security messages. Review security information from local officials, who are responsible for the safety and security of all visitors to their host country. U.S. citizens should also:

Follow the instructions of local authorities. Monitor media and local information sources and factor updated information into personal travel plans and activities.
Be prepared for additional security screening and unexpected disruptions.
Stay in touch with your family members and ensure they know how to reach you in the event of an emergency.
Have an emergency plan of action ready.
Register in our Smart Traveler Enrollment Program (STEP).

We continue to work closely with our European partners and allies on the threat from international terrorism. Information is routinely shared between the United States and our key partners to disrupt terrorist plotting, identify and take action against potential operatives, and strengthen our defenses against potential threats.

For further information:

See the Department of State’s travel website for the Worldwide Caution, Travel Warnings, Travel Alerts, and Country Specific Information.
Enroll in the Smart Traveler Enrollment Program (STEP) to receive security messages and make it easier to locate you in an emergency.
Call 1-888-407-4747 toll-free in the United States and Canada or 1-202-501-4444 from other countries from 8:00 a.m. to 8:00 p.m. Eastern Standard Time, Monday through Friday (except U.S. federal holidays).

Students traveling should see: https://travel.state.gov/content/studentsabroad/en.html