Latest News & Updates

July 24, 2024
 / 
Briefs
 / 
Threat Analysis

A slight turn of the head at precisely the right moment may have saved former US President and Republican Presidential Nominee Donald Trump from assassination, and because “luck” is a poor security strategy indeed, there were immediate and vocal calls for the ouster of US Secret Service Director Kimberly Cheatle, who succumbed to the mounting pressure and resigned this week.

Multiple security lapses have been cited, including failing to engage with an individual identified as suspicious, a slow response after the shooter was spotted on a rooftop, and poor communication that resulted in Trump taking the stage after a security breach.

But the most fundamental failure, perhaps, was the fact that the shooter’s location was in a sort of grey zone, with unclear authority for protecting it and outside of the formal security perimeter but within bullet range.

How could it happen?

Although more may become clear if the event planning paper trail ever becomes public, it seems there was no formalized decision to accept the risk posed by the building that was the shooter’s vantage point. It is easy to think—if a specific individual or group of people had needed to sign-off on a specific decision to leave that rooftop unprotected—that a different decision would have been made.

When no one is required to own a decision to forgo security for a person, building, or other asset, security vulnerabilities are more likely. That is why, just as decisions to implement security should be part of a formal process, the decision to accept risk (and to not have security) should also be part of a formal process, one that requires review and assigns responsibility for the final decision-making.

What does that look like?

From previous reporting, the Ligue has created an “Enhanced Good Practice” document describing how “doing nothing” should be a mindful choice that tracks a similar process as the implementation of a security countermeasure. This is especially useful for companies with several locations, by requiring any facility that chooses to ignore company security guidelines to follow a process for communicating that decision to headquarters.