K12 Security and resilience
This series of posts starting on Sep 21st , will explore the role of security management in the larger organizational resilience. It is a critical goal to achieve a higher level of resilience to recover and resume activities following disruptive events, no matter their nature. Covering mostly public institutions, these principles can be applied to the private corporate sector as well.
Can and should resilience still be a guiding principle in Security Planning for K12 ?
What is it that distinguishes schools versus local government? If we looked at it objectively, we could identify a number of similarities. They both should have a head office: City Hall / Town Hall or an Education Centre / School Board Admin building.
Head offices are the seat of governance with administrative functions required by the centralized nature of the organizational structure. This is where more thinking should be applied into the structuring of security management. A centralized model should work in the form of a SOC ( Security Operation Centre). The latter is a recipient of constant information making it the foundation of SSA (Security Situational Awareness). So the idea is that a combination of centralization and distributed networks would be the optimal organizational security structure. In practice the SOC would be the “eye in the sky” we are all so familiar with in sci-fi movies but once an event is occurring the individual locations i.e schools have to be the focus of the given emergency. Years ago, the concerns for school safety were not as acute as now but since Columbine and other extreme events , K12 security is no longer an after thought. School board administrators are more aware than ever of security matters . issues range from demonstrations that could be quite belligerent to individuals with medical distress acting out in a manner that might not be predictable.
A good question to ask would be : what happens when communications are cut-off due to a power or a cell service provider outage? And we did experience these situations in various jurisdictions on a regular basis with the most memorable being August 2003, when the entire Eastern Seaboard ended up blacked out for days.
The pertinent issue then is : we simply don’t know how people “addicted” to their smartphones would react to a serious systemic breakdown, no matter how short it might be.
The new digital infrastructure is truly a wonder of modern technology, providing a great platform for communicating meaningfully as long as it is up and running. What happens when a disruption occurs? A land telephone line, not VOIP, may be the answer. I do know that it sounds as if we were going back in time but older systems seem to have more built in resilience than the state of the art optimized wonders.
Schools do face a new stream of threats they may not have had to deal with on such a pervasive basis. The idea, at least in the US, was that inner City schools may have been perceived as more at risk than others. What Columbine , Sandy Hook , WR Myers in Alberta and other incidents have shown is that the pair threat/risk is an equation for all to address regardless of location. No assumptions, rely more on available data and field assessments. It is almost cliché to state that failure in risk management is mostly due to limited imagination. Picture worst case scenarii and assess the likelihood of occurrence. Risk exposure will range from highly likely, low impact to very highly unlikely but devastating impact.