@"The Angry Independent"
I feel that the burden of proof is on those such as yourself who shout that we're on fire.
I don't share your opinion of the security profession, or of ASIS or of the value of the CPP certification in proving that someone has at least been exposed to a complete grounding in the basics. You seem to lack that grounding.
You allege that "the security architecture in the U.S. is inadequate for the kinds of threats we currently face and are likely to face in the years to come." Yet you don't seem to know much about that architecture nor have you shared any real risk analysis of the various threats, and defend your ignorance by attacking the "overgrown testicles" of those who do.
Costs are real whether you are budgeting for a guard at the warehouse or a police department for your city. Every penny you spend on a hypothetical or fantastic threat is a penny taken away from a real threat. Whether public or private sector, efficiency is critical to results. The public sector agencies tend to buy a certain amount of manpower and assign it by priority, where the private sector spends a certain amount of money on technology and patches the many cracks with minimal staff. Either way, you must get the job done with the resources available, not play fantasy football with the resources you wish you had.
Since you completely discount the expertise of the private security industry, where do you feel that security expertise is to be found? Government agencies? DHS is improving slowly but quite frankly started out as a joke, and the antics of TSA would be office-cooler entertainment if they weren't so very expensive, not only in money but in civil liberty. The halls of academe? The military or police? Just curious.
When challenged to prove your assertions, and given specific facts both publicly and privately, you choose to indulge in personal attacks instead of focusing on the facts. That makes this discussion political rather than professional, and ideological rather than technical. Appeals to authority, whether present or former, leave me unmoved.
You set me up as a straw puppet of the politics and ideology you abhor, and attack that instead of conversing with me. In fact I am as displeased with stupid government regulation as I am with the crowning stupidity of running a corporation as if the quarterly reports were the only important measure of a company's health and stability. The disasters you justly cite are jointly the fault of incompetent government and of unchecked capitalist greed.
The law of unintended consequences when applied to government regulation states that people will evade the regulations when the cost of compliance is higher than the cost of evasion. There is nothing wrong with GSA using its purchasing clout to set a high standard for guards; the problem is when that standard is made mandatory, because the same amount of money will be spread across fewer guards, which means fewer eyes and ears on the job. I feel that companies can do a better job figuring out where to spend their money than a sweeping Federal bureaucracy can -- NOT because of some mythic superiority of the private sector, but because those who are closer to the problem often make the better decision.
For example, on September 11th, 2001, the vast majority of airport screening in this country was done by minimum and sub-minimum wage guards, some of whom were unlawfully in the United States. This perfect storm of stupidity was the result of penny-pinching by airlines (heavily subsidized by the government) and airport authorities (mostly city governments), under regulation by the Federal Aviation Administration. FAA found that only massive fines were enough to provoke even the semblance of compliance.
Instead of providing real security against known threats (9/11 was not the first attack targeted on WTC and was not the first Al Queda plot involving passenger aircraft), the combination of bureaucracy and greed created ineffective security designed to focus on the _last_ threat, the threat of hijacked aircraft in the 1980s. The same threat that flight attendants and pilots were taught to counter through nonviolent cooperation and encouraging passengers to sit back and do nothing. FAA, far from being the agency that prevented 9/11, helped create the conditions that made the attack possible.
"People don't do what you expect. They do what you _inspect_." When government agencies impose sanctions for noncompliance, this arrests the attention and results in security programs narrow tailored towards today's "threat" i.e. government action rather than the "actual" threat, whether it be crime or terrorism or other emerging vulnerabilities. The guard is most alert for vehicles which resemble the supervisor's . . . and money spent to obey stupid government regulations is by definition wasted.
This is not to say that FAA and OSHA and SEC do not play a valuable role. They do, especially when properly funded to perform their mandate with adequate resources to actually enforce reasonable regulations. The TWIC card is a great example of something DHS has largely gotten right. Smart regulation would be great -- but I have no confidence, especially when it comes to public fear of terrorism, that smart security regulations can come from the government.
Look at NRC and the nuclear power industry for another great example of government bureaucracy run amuck. The power plant security force is minimally designed to counter the threat of the NRC inspection. In adversary exercises they generally get their clocks cleaned. As you put it, time will tell if they defeat that first terrorist attack which hasn't happened yet.
Europe and Israel have always lived with the spectre of what is to them severe domestic terrorism. The history is very, very different.
You allege that we may soon be facing "the kinds of threats seen in Madrid, India, and Israel." Who will be carrying out this complex transit bombing, active shooter attack and/or suicide campaign? Where will they train? How will they get their weapons and deploy them to their targets? Will our police stand around and mutter as many did in Mumbai, or aggressively engage?
Yes, our transit systems are wide open compared to say, Israel. But _THIS IS NOT ISRAEL_ and we simply do not face the same level of threat. Spending money on threats we do not face takes away from spending money on threats we do face. If I put a guard on every platform, trained to detect suspicious packages, that means fewer patrol drivers keeping an eye on the parking lots and preventing break-ins, muggings and worse. If the bombings are few and far between and the crime is common, where do YOU choose to spend the money?
We agree on this, "One way or another the private, "for-profit" money driven, unregulated, unprofessional, lowest bid private security model will have to change."
I do not see government regulation changing this model in the slightest. Note the generally poor luck GSA has had with its government bids, which are by the way "to the lowest bidder." Technology is changing in two directions: one is the minimum wage guard, sentenced to guard work as a condition of probation, wearing electronic monitoring devices that force him to do his job -- the other is the security officer paid about twice that who is an active competent user of technological systems that make him a force multiplier, from cameras to gates to handheld devices.
The customer, i.e. the private businesses who pay for the guards, is the one who makes the choice. Too often they pay minimum to get junk, or pay a premium to also get junk. The companies that can provide premium physical security to exacting standards are out there, doing the job every day. I'll pick on Guardsmark as an example. With expensive tastes in management and outrageous screening criteria, they can never price-compete with the likes of Securitas or Bob's Discount Guards -- but they can do a particular kind of job much better than almost any other company.
Much of the information flow is from private sector to public sector, not the other way around. This is the value of the "X"s, as in "ex-" who have done the job on the public dime and then graduated to the big leagues. Far from being the gatekeepers, my observation is that the local police are largely out of the loop precisely because they rely on the JTTFs instead of developing local contacts with the industries in their home towns. The obverse is often true: when you get a bomb threat, you don't call the flatfoots, you get out your Rolodex.
The guard force role is in the prevention phase. The surveillance and counter-surveillance game, access control, patrolling, reporting discrepancies and equipment problems, developing security awareness in the facility population ... all of these are vital roles which cannot be performed by public sector agencies. The empowerment required is neither legal authority nor arms, but the support and backing of management. If illegally parked cars are towed regardless of who owns them, employees who left their badges at home are sent home to get them, and security misconduct by managers results in write-ups from their bosses, this is far more valuable than any amount of regulation or statutory authority.
The personnel who are properly empowered and equipped to take action in the mitigation phase are called "police." Obviously they can't be everywhere and they are expensive, so the question becomes one of "How much can the guards do until the police show up?" Often this is quite a lot with proper investment in training and equipment. Without that investment, false expectations with no support is a prescription for disaster.
How much time and money should we spend on planning and training for relatively rare, high intensity events? More than most people would think, actually, c.f. Admiral Rickover. However, the risks and the consequences need to be clearly spelled out rather than hand-waving over vague threats and making invalid overseas comparisons.
That is what makes security management a science rather than politics -- one of many lessons that one can take from the CPP materials.