It’s a typical day in the Global Security Operations Center (GSOC). The anticipated chatter on the phones, radio communication, and sounds of the software giving audible alerts are all what you’ve come to expect in this busy hub of the security program.
Stepping back and looking at the operations center, you see what you would expect and feel a touch of pride and accomplishment. There is an impressive video wall with dozens of camera images, and people in sharp-looking regulation uniforms who were carefully selected using screening criteria you have provided. Everyone has been through the sensitivity, cultural and company orientations required to be a team member of the GSOC and broader organization.
The Security Operations Center (SOC) agents have arrived on-time and you have observed a turn-over routine as the agents who have completed their shifts hand over the reins to the team coming on duty.
The software used to notify the SOC agents of any incoming alerts from the intrusion alarm devices is in place and working properly, which is the reason for the incessant audible notifications everyone is successfully ignoring.
Everything seems to be in order and exactly as you would have expected. You exhale the breath you’ve been holding while examining the situation, and you feel a sense of relief.
But is it really what you expected? Or does it just seem to be? What happens when we take away our filter of predisposition on the images of the SOC and look below the surface?
The near non-stop sounds of alerts have become normal and you have learned to tune them out. It seems the normal day-to-day routine of personnel ignoring the established policies has everyone in the mode of accepting hundreds of alerts each day for something that’s supposed to be an exception event.
But everyone is aware these are nuisance alarms and not actually something to be concerned about, right?
Why does this happen? And how did it evolve into an operational state which is now just “noise” from these intrusion sensors?
The GSOC has many facets and provides several functional security roles. From answering the phone for lost access control credentials to situational intelligence and threat assessment, there are dozens of connections to the organization and its operations, brand name, security posture, as well as guest and employee safety.
When this complex and carefully designed assembly of “people, processes and technology” were chosen, each aspect of the security and operational readiness objectives for the organization was examined.
After the budget and operating objectives were established, it was time to get the program set up and running. Of course, there were small gaps and minor changes to get the operation established, measuring the right performance indicators, and delivering reports that would substantiate its success. Now it was time to step back and watch this well-oiled machine run and deliver what was expected.
Remembering the compromises that had to be made and the hard-fought budget discussions to be funded, not only in the beginning but at each new fiscal year planning session, creates a question mark that begins to form at the edge of your security consciousness. Is the program still operating efficiently? Is the value both real and demonstrable to the larger organization and its leadership?
Are we accepting some things as normal that should be looked at more closely? Has the GSOC become complacent? Are there changes which have taken place in the overall organization, and the threats which have entered its operating realm, that have made new gaps that are now exposed but not yet clearly in focus and seen? Have the people we brought on board become familiar with the kinds of exceptions that are easier to ignore than to have resolved?
Did the overall organization decide that since you have a 24 hour-per-day, 7 day-per-week operation, you could also take some non-security related calls or e-mails? Things such as facility or engineering requests? Complaints or concierge calls for travelers or new employees in hard-to-fill positions? Are you now also creating service tickets for housekeeping or maintenance requests?
While it’s expected for the GSOC to be a team player and do what’s necessary to keep your funding and be a valued part of the organization, don’t lose sight of the primary objectives. The Security Program is job #1 and the reason GSOC agents have all of the tools at their disposal. They have to remain current, vigilant, and have the mission of the security program in the crosshairs every hour of every single day.
With those filters off of our eyes, we see how alerts from nuisance sensors are being ignored or acknowledged but then deleted from the alarm queue. We also see how our agents have become familiar with each other and what they do day-to-day, which leads to shortcuts and failure to use all of the authentication protocols. The state of readiness for the inevitable critical event will not lead to a smooth, efficient and unemotional response when it arrives.
Being prepared means looking at the GSOC and its components regularly against a backdrop for the circumstances evolving in the ever-changing world of risk, threats and vulnerability. We must keep in mind that the broader organization will evolve and adapt, as does the security industry. Preparations have to consider the dynamic forces at work around us for socioeconomic and environmental implications.
Don’t fall short when it counts and make your GSOC the next weak link in the chain of protection for the organization. Complacency can literally cost your organization in terms of assets, personnel protection, brand name recognition and reputation.
Remember this: even if you are on the right track, you’ll be run over if you don’t keep moving.