Looking at security in light of the Paris attacks

On the attacks, not sure anyone can really say much about lessons learned. In case of the publisher, their weak links were their access control system, which allowed the attackers entry to the building, and the only guard in the building was stationed beside the editor in the meeting room. So, the lesson there is if you have a guard in your facility, post them where they can provide the most protection and are able to minimise the element of surprise. In the case of the food shop, that is a public space, not much we can do there since there are so many of these types of businesses in every big city like Paris and New York. How can the police provide coverage? They really cannot. For the authorities, they have a huge task since it typically takes seven to nine law enforcement people to cover the activities on one possible attacker. Again, too many subjects to provide needed coverage, so the authorities must choose who they surveil, and they will make mistakes.

Reports that the gunmen that attacked the Charlie Hebdo offices in Paris last week had gained entry by being let in by an authorised member of staff is a timely warning that employees need to be vigilant with regards to security as much as the organisation itself. When employees are granted access, they should also have a responsibility not to simply offer entry to unauthorised people. Modern biometrics systems are well designed to stop unauthorised use of security tokens, but the Paris attack shows that intruders can also rely upon the unwitting "help" from authorised staff or by tailgating them. It’s vital that staff move away from a general "helpful" mentality to strangers and adhere to security protocols. One way to ensure visitors are welcomed but excluded from the main premises is to host security beyond a reception area, so visitors can be properly checked and only admitted once approved.

Amid inevitable recriminations that will follow revelations that Saïd and Chérif Kouachi had been on terror watch lists in the US and UK, French authorities should be congratulated on the fact that they were able to observe CCTV footage of the kosher supermarket during the siege. Hardly able to leave my TV, I had (for want of information) assumed that the shop was a one-off business. It is in fact part of a large chain. "Hijacking" of the IP streams is likely to have been achieved easily, but surveillance via cameras that would have been installed merely to prevent shoplifting may have saved lives by showing the location of the hostages. Amedy Coulibaly would have shot out the cameras had he harboured suspicions that he was being observed. Access control specialists will note that a cartoonist was forced to enter her pin on a keypad to allow the terrorists into the “Charlie Hebdo” office, but the magazine may want to preserve the ethos of mainstream business premises and use only standard door controls.

One of the staff members in Paris was forced under duress to allow access to the Charlie Hebdo building, and there are already systems to address such instances. In effect, entry of an emergency code can be used to open a door while simultaneously and stealthily notifying authorities. However, the damage happened quickly in this case, so the point is probably moot. I have heard it argued that more video cameras in Paris would have been helpful during the later manhunt, but obviously they wouldn’t have addressed the immediate crisis. In worst case scenarios such as this, I’m not sure any combination of security systems can help.