NGO Security

Acceptance Research Report

2012-01-26T09:53:00.000-08:00

USAID (through OFDA) has been funding a research project that looks at the role of acceptance in security management. While acceptance has long been part of the humanitarian security triad (along with protection and deterrence), its effectiveness has mostly been through anecdotal accounts. The Acceptance Research project is the first time academic rigor has been applied in determining if acceptance is indeed a viable strategy. Over a year's period, field research was conducted in Kenya, South Sudan, and Uganda. The conclusions aren't going to startle anyone who's been doing NGO security work for awhile (acceptance works), but the final report is worth reading and the toolkit is a great way to increase awareness of the value of acceptance within your organization. Kudos to Larissa Fast, Christopher Finucane, Faith Freeman, Michael O’Neill and Elizabeth Rowley for some great work.

Google Public Alerts

2012-01-25T16:02:00.000-08:00

Google's Crisis Response Team just rolled out another application in its increasing collection of emergency-related tools. This one is called Google Public Alerts. It overlays real-time earthquake and hazardous weather information on Web-based Google Maps. At the moment, coverage is limited to the United States, but I have a sneaking suspicion it will eventually go international.

Safety Maps

2012-01-24T10:02:00.000-08:00

Cartography (the art and science of making maps) has been democratized over the past five or so years. You no longer need to turn to a graphic designer, GIS technician, or cartographer when you need a map. Thanks to MapQuest, Google Earth, and a host of do-it-yourself map Web sites and programs, it's simple and easy for anyone to create a map.

Just because you have access to the tools though, doesn't necessarily mean you can produce National Geographic quality maps. There are a number of design rules you need to know to make top-notch, usable maps. Designers and map-makers who support the citizen cartographer movement are starting to become hip to this, and are offering user-friendly tools that non-designers can use to make professional quality maps.

An example of this is Safety Maps. This slick, free Web site allows you to create a map that tells where to meet during an emergency. You specify a location, write up instructions, and the site creates a PDF file map (based on Open Street Map data). Print the file, cut out the wallet-sized maps, and share them with friends, family, or co-workers (you can even have the site email a copy of the map to people). It's a great idea, executed quite well. And very applicable to humanitarian safety and security work. Check it out and spread the word...

Animated Safety and Security Training

2012-01-22T14:43:00.000-08:00

RSM Consulting is offering some unique training on NGO safety and security issues. The learning material features animated, human-like characters facing a variety of challenges (abductions, fires, natural disasters, civil disturbances, and more). Check out a few samples here. While I can't vouch for the educational effectiveness, this is certainly an innovative (and perhaps cost-saving) approach.

SOPA and PIPA - Stop Censorship

2012-01-17T21:49:00.000-08:00

Today (Wednesday, January 18, 2012) you'll read about Web sites "going dark" to protest two bills in the United States Congress (SOPA - the Stop Online Piracy Act and PIPA - the Protect IP Act). These proposed pieces of legislation are very ill-conceived and pose a threat to Internet innovation and free speech (they would put this site in legal jeopardy if it linked to a site anywhere online that had any links to real or perceived copyright infringing material).

The NGO Security Blog stands with Google, Wikipedia, Amazon, Twitter, PayPal, Facebook, and numerous other Web sites, businesses, organizations and individuals in opposing these initiatives. Learn more about SOPA and PIPA here. If you're a U.S. citizen, consider contacting your Congressional representative and voicing your opposition to these bills. Google and the Electronic Frontier Foundation make it easy to do so.

Safety and Security Training in Thailand

2012-01-15T18:09:00.000-08:00

Human Development Forum Foundation is putting on a five-day class for NGO staff members who have safety and security responsibilities. The training is being held in Bangkok and runs from February 20 to 24, 2012. There's a 25 student maximum, with first-come, first-serve registration. Visit the hdff.org Web site for more details.

Pascal's Triangle Lecture

2012-01-09T13:07:00.000-08:00

Ted Lewis, a professor at the Naval Postgraduate School, has an excellent online lecture on risk and probability theory. If you're an NGO security practitioner who wants to dig deeper into probability and risk (way, way beyond what is typically taught in security classes) this is a great introduction. Pascal's Triangle, Probalistic Risk Assessment, and Black Box Outcomes are all covered in easy to understand terms. Even if math normally makes your brain hurt, you'll pick up some valuable concepts that I personally believe should be applied more often within the humanitarian community. The narrated PowerPoint slide presentation runs for about a half an hour. Check it out...

DoD Non-Lethal Weapons Reference

2012-01-04T10:33:00.000-08:00

The Public Intelligence disclosure site recently posted an unclassified U.S. Department of Defense reference on Non-Lethal Weapons (NLWs). If you're responsible for safety and security in areas experiencing civil unrest, this is a useful guide to understanding the types of crowd control measures that may be employed. (Public Intelligence also has a number of other documents that humanitarian security practitioners likely will find interesting.)

Stratfor hacked (including credit cards)

2011-12-25T09:27:00.000-08:00

A number of large humanitarian organizations use the private intelligence Web site Stratfor to keep up on world events. Yesterday the site was hacked by the group Anonymous (or maybe someone else), who released the business' client lis t. Supposedly the client credit card database was also compromised and is being used to make donations to non-profit organizations such as the Red Cross. Some preliminary details are here. If your organization subscribes to Stratfor, it would be prudent to check if any fraudulent transactions show up on your credit card in the coming days.

12/25/2011 1500 EST Update - As of a few hours ago, it appears credit card and personal information from the hack are now being posted on the Internet. This is going to come as very unpleasant, post-holiday surprise to the 4,000 plus businesses, organizations, agencies, and individuals impacted.

12/26/2011 Update - If you've ever subscribed to Stratfor or corresponded with someone that works there, it would be wise to check Cryptome's coverage of the hack. There is a staggering amount of personal information being released as a result of this compromise.

Security Theater

2011-12-23T13:30:00.000-08:00

Vanity Fair has a great article on "security theater" with insights by two of my favorite security and risk commentators (Bruce Schneier and Paul Slovic). Read the piece and reflect on how it applies to humanitarian security. While it's easy to take potshots at TSA and government airport security practices, it's a lot more difficult to take a critical look at your organization's and your own decisions following a crisis event.

Some questions I always ask myself following such an event include: Are my decisions based more on emotional aftermath versus the reality of the situation? Have I thought about the actual cost of my decisions? Am I perhaps guilty of engaging in security theater? And if so, is that always bad?

Mindfulness paves the path for better coping with future crisis...

U.S. Border Data Searches

2011-12-21T13:37:00.000-08:00

Quite some time ago I posted about U.S. Customs and Border Patrol agents examining laptops and cell phones of people entering the United States. U.S. citizen or not, if you fit a profile or raise suspicions, your laptop, cell phone or other electronic device may be searched, its contents copied, or even be held for an indefinite period of time. Usually the Constitution prevents these kinds of things from happening without a warrant or probable cause. But in this post-9/11 world, the federal government says Constitutional privacy protections don't apply at the U.S. border.

You've probably heard the quote, "if you're not doing anything wrong, you don't have anything to hide." To me, this rather trite statement really doesn't hold up to even a small amount of critical thinking. Financial and health records, personal messages, sensitive organization files, and family photos are all examples of digital data that have nothing to do with wrongdoing and everything to do with keeping private.

If the idea of someone going through your laptop bothers you, the folks at the Electronic Frontier Foundation (EFF) just released a handy guide called Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices. This free publication helps you assess concerns and risks and offers straight forward guidance on a rather controversial subject. Anyone traveling to and from the United States, regardless of citizenship, should consider reading it here.

PS - An informed source tells me that prior to his annual Christmas eve journey, Santa Claus will be following EFF recommendations to ensure the naughty and nice list on his laptop stays confidential when he clears customs. Happy holidays...

Securing PCs and Macs - The NSA Way

2011-12-16T09:22:00.000-08:00

Most NGO security practitioners I know tend not to be techies and leave computer security to the IT folks. That's a shame, because information security is becoming a necessary concern just about everywhere you go. In my opinion, anyone involved with humanitarian security should have at least a basic awareness of computer-related vulnerabilities and threats. However, this doesn't mean you need to be a techie. A little knowledge and common-sense go a long way in recognizing common vulnerabilities and having intelligent conversations with IT staff.

In the past I've blogged about some of the resources the National Security Agency (NSA) provides the public through its Information Assurance program. Today I want to steer you toward a collection of guides devoted to best practices in securing operating systems. You'll find how-to information for hardening various versions of Mac OS X and Windows. Check out what the NSA has to say about the type of operating system your organization uses. Even if it all doesn't make sense, I bet you'll learn something in the process. At the very least, pass the link on to someone in your IT department. It's a good lead-in to getting together for coffee to start coming up to speed on computer security basics.

Blast from the Past: PMCs in Iraq

2011-12-15T10:21:00.001-08:00

Four years ago, quasi-news site Gawker filed a Freedom of Information Act request for records relating to Private Military Company (PMC) activities in Iraq. Over 4,500 pages of declassified documents were obtained that provide an inside look at Blackwater, DynCorp, and Triple Canopy operations in support of the U.S. government between 2005 and 2007. Gawker has now put all of the documents online for viewing. I'll leave it to the reader to draw his or her own conclusions on the "hearts and minds" impact the described actions had; including the potential unintended consequences for humanitarian organizations working in-country at the time.

TSA Friendly Modular Pocket Knife

2011-12-14T16:02:00.000-08:00

At a loss for ideas on what to get your favorite globetrotting NGO security professional for the holidays? How about a Switch modular pocket knife. The Switch features a slick design that allows you to add or subtract tools based on your needs. Going somewhere on a plane? Take off the knife blades to stay in the good graces of TSA. A simple turn of a coin allows you to reconfigure the pocket tool to your own specifications with any of included 18 attachments. At $79 they're not Swiss Army Knife inexpensive, but they are oh so high-tech and cool looking. (If Santa is on a budget this year, Switches are currently on sale at Think Geek for $20 off.)

Toward a Common Langauge

2011-12-11T11:05:00.001-08:00

I recently was part of a conversation that included the following. "The Kabul focal point really needs to make sure the hibernation plan is updated for the satellite office if AOG activities increase more in the south. Then there's BGAN. We've got HF now and that helps, but if BGAN goes down what are we going to do?"

Depending on your experience and training, the above may make perfect sense or be as clear as mud. As with most professions, the humanitarian safety and security community has come up with its own lingo. There's nothing wrong with that, of course, until it starts to pose problems.

In the past I've posted about the Incident Command System (ICS). This is a management framework that's used by government agencies to deal with wildland fires, disasters, oil spills, terrorist incidents, large gatherings, and other complex events. The origin of ICS can be traced back to a series of catastrophic fires that struck Southern California in 1970. A large number of firefighters died and a project called FIRESCOPE was established to determine the reasons for the fatalities and how to prevent more in the future. Investigators found that the lack of a common language was one several factors that contributed to the deaths. People were using terminology that not everyone understood for issuing orders and describing situations. This, coupled with the human nature of not wanting to appear ignorant by asking for clarification, was putting firefighters, law enforcement, and civilians further in harm's way. One of the project's recommendations was to establish common terms that all responders would understand. This became one of the cornerstones of ICS.

The humanitarian safety and security community could benefit by doing the same. Some initial work can be found in a 2010 paper written by Anna Dick titled "Creating Common NGO Security Terminology: A Comparative Study" (available here). As part of her research Dick took a variety of common humanitarian security terms and compared how 32 organizations defined them; as you might expect, there were differences. She then came up with a proposed set of definitions that could be adopted across the humanitarian space.

This paper is an excellent starting point for further conversation. In addition to being invaluable during a crisis, common terminology provides for more consistent and accurate incident reporting and increased efficiency in day-to-day operations through reduced misunderstandings. It would be nice if InterAction, ECHO, or some other body drove a common terminology initiative forward. (This actually may be more sooner than later, considering the International Organization for Standardization's recent work on ISO 31000, which provides standards for how organizations should manage risk.)

Don't wait for someone else though, this is something you can be doing right now. Come up with a common security lexicon that works for your organization (based on Dick's paper or not). Then get people to start using it. Clear communication pays for itself time after time.

Global Terrorism Database

2011-12-07T21:16:00.000-08:00

When performing threat assessments for a country or a region, one of the tools I use to get a basic understanding of terrorist activity is the University of Maryland's Global Terrorism Database. This free resource catalogs over 98,000 terrorist events from all over the world. The incidents span from 1970 to the end of 2010 (with annual updates planned). It's a remarkable collection of open-source incident reports that allow you to browse by country, perpetrator, causalities, attack types, target types (including NGOs) and more. In addition to viewing individual incidents you can create bar, line, and pie charts to get a visual handle on trends. Everything is easy-to-use and quick. It would be nice if the data was updated more frequently, but I'm not complaining. This a great site to visit when you find yourself in an analyst role.

Pondering Power Problem Possibilities

2011-12-04T20:24:00.000-08:00

Most people in Western countries take electricity for granted. You flip a switch and the lights come on. Your phone or iPod runs out of juice, no big deal. You just plug it into the wall. If you've done much traveling though, especially visiting field offices, you quickly learn power is something not to be taken for granted. Dirty power and brownouts fry computers and printers. Rationed electricity forces you to schedule when you'll use electronic devices. Natural disasters and government crackdowns shut off power at inopportune times. Many NGOs turn to using diesel generators and power regulation systems to ensure they can operate their offices. But this can be quite costly.

During a crisis, communication is essential. People rely on their cell phones and radios to stay in touch and manage the situation. But what happens if power isn't available for an extended period and the batteries run down? As with any problem, there are a number of possible solutions.

If you have a generator in the office, whether large or small, you can press it into service (just remember a generator requires fuel, and you should have a pretty good idea of how long it will run on your existing fuel stocks).

Solar panels are an option in sunny environments. Small panels are available for charging consumer devices like mobile phones. Some of these products even have built-in batteries that store electricity when the sun isn't shining. (I've had good luck with Solio's products). Large panels that charge lead acid batteries such as those found in cars and trucks are an even better option. Bigger batteries store more juice and can charge more devices, quicker. (You'll need an adapter that converts the direct current of a battery to the alternating current required by a charger.) Rollable panels such as those produced by PowerFilm are portable but are more expensive than rigid panels.

You may have encountered hand-operated crank radios and lights developed by FreePlay; the company has produced a number of different devices for the humanitarian community. They also make a commercial, hand-operated charger for electronic devices. (The hand charger sounds good in theory, but takes a considerable amount of time and effort to fully charge a phone. It's best for getting a few minutes of talk time in. FreePlay used to offer a foot-operated charger that was easier to use, but unfortunately it's no longer listed on their Web site.)

Car chargers for radios and mobile phones plug into the cigarette lighter of a vehicle and provide power from the vehicle's electrical system. There are also inverters available that you plug into a cigarette lighter outlet. These allow you to use an electrical device with the inverter. For example you could plug a laptop computer into the inverter just like you would in an office wall electrical outlet. (Inverters have different power ratings, so be sure the wattage of the device doesn't exceed the maximum wattage of the inverter.)

Finally, one of my favorite power to the people solutions is pedal power. MNS Power offers free plans for building a bicycle power generator. It's not portable, but you can keep electronic devices charged up while getting some exercise and burning off stress in the office.

Remember that different electrical voltages are used throughout the world. Just because you can jam a plug into an outlet doesn't mean your device will run. Pay attention to the voltage and wattage numbers associated with your device and ensure primary and backup power systems will work with them (and not send them to a smoking and burning early grave).

UN Server Hacked

2011-11-30T08:59:00.000-08:00

The hacker group TeaMp0isoN (Team Poison) compromised a United Nations Development Program server and released a collection of email addresses, names and passwords to the Internet today. BBC news story is here. The list of the accounts, as originally posted by the hackers, is here.

UNDP is downplaying the security breach, saying the server was old and didn't contain current information. This is rather disingenuous, as surveys have shown most people use the same password over and over again for various accounts. If you worked or work for UNDP, it would be prudent to check the above link to see if any of your login information was compromised. There are also email accounts for people from the Organisation for Economic Co-operation and Development (OECD), the World Health Organisation (WHO), the UK's Office for National Statistics (ONS), other UN agencies, and a variety of governments and organizations.

If you're on the rather lengthy list and have used your password elsewhere, now is a good time to start changing passwords before someone accesses your other accounts (if they already haven't).

The server hack is bad news, but equally as bad is the poor password security practices of the majority of users (first name as password, no password used, less than 6 character password, all lower case password, etc.). This is a big fail for the IT staff in not ensuring strong passwords are used (a simple and automated process), a big fail for managers if they didn't educate staff and have policies about using strong passwords, and a big fail for users who should know better.

Core77

2011-11-23T20:49:00.000-08:00

If you read my post on Dieter Rams, you might correctly guess that design philosophy and theory influences my approach to NGO safety and security. Industrial design has changed quite a bit since Rams' time and is no longer just about conceiving and creating products. Designers are branching out into organizational and service design, and using their skills to tackle complex social issues.

One of the best Web resources on design is Core77, the Net's oldest online magazine; it's been around since 1995. You'll find lots of interesting and informative news stories and articles with some very insightful essays by "names" in the design world.

If you're still thinking that design is only for creative types and really doesn't apply to the humanitarian space, there have been a flurry of Core77 articles over the past month that may change your mind.

Dave Seliger wrote a four part series entitled "Redesigning International Disaster Response." Part I - The Players, Part II - The Challenges, Part III - Looking to the US Military, and Part IV - Current Innovation.

Panthea Lee also kicked off a seven part series aptly named "The Messy Art of Saving the World" that will focus on design in the context of development work.

This is good stuff. Check it out. Expand your brain and start thinking outside the conventional humanitarian security box.

Question of the day

2011-11-22T21:24:00.001-08:00

Does your organization have staff members who are disabled (having a physical or mental condition that limits movements, senses, or activities)? If so, do your safety and security policies, procedures, and training take this into account?

If Dieter Rams Did Security

2011-11-20T14:34:00.000-08:00

You’ve probably never heard of Dieter Rams. He’s not a security guy and to the best of my knowledge he never worked for a humanitarian organization. But there's a good chance you know his work.

Rams was the head product designer for Braun from 1961 to 1995. He designed coffee makers, clocks, radios, razors, tooth brushes, and a host of other consumer products for the German company. His functional and aesthetic designs won him many awards and accolades. He also inspired several generations of industrial designers, including Apple’s Jonathan Ive, who credited Rams’ design philosophy for such iconic products as the iPod, iPhone, and post-1997 desktop and laptop Macintoshes.

Rams came up with 10 principles of good design that are widely taught in universities and are adhered to by product designers who appreciate his "less, but better" approach. Interestingly enough, these same principles can be applied outside of design to other disciplines - including humanitarian safety and security.

Here's my own take on adapting Rams' 10 principles for good design to the practice of NGO security (I’ve switched out the word “security” for his original “design" and added a bit of commentary).

Good security is innovative - Many NGOs fall victim to the “that’s the way we always do it around here” syndrome. Good security practitioners are intellectually curious, and look outside the humanitarian space, and even the broader security field, for new ways of better reducing risk. Innovation should constantly be sought, with an eye kept out for complacency so you can avoid it at all cost.

Good security makes a product useful - In this principle, Rams espoused that form follows function (usability should come before appearance). From a safety and security standpoint, this means ensuring that what you do is in fact useful for staff. All too often there's a tendency to implement policies and procedures, make recommendations, and give trainings without much thought given to the implications and whether it is indeed useful.

Good security is aesthetic - When it comes to safety and security, I don’t believe enough attention is paid to aesthetics. Simple things like using legible type faces and sizes in a report, minimizing the amount of text and number of bullet items in a PowerPoint presentation, ensuring a hazard warning in an office is large enough and easy to understand. You don't need to be an artist or graphic designer to think aesthetically; most everyone naturally recognizes good design. People appreciate aesthetics and it catches their attention; probably because there is so much bad design in the world.

Good security makes a product understandable - It’s essential that people know the reasons why security policies and procedures are put in place. If staff doesn't understand why you ask them to do something, there's less chance of compliance. There's also less of a chance of them creatively problem solving if they need to because they don't have a basic level of understanding about a threat or vulnerability.

Good security is unobtrusive - Ideally, safety and security should be part of an organization's culture and blend into the background. This principle also applies to maintaining a low profile for staff, vehicles, and office facilities in some contexts.

Good security is honest - Security for security's sake is not honest. For example, many security professionals feel that the TSA's airport passenger screening process does little to truly reduce a terrorist threat and is more "security theater" than anything else. Practicing good and honest security means always being frank and candid about issues with management and staff members.

Good security is long lasting - Good security seeks to be sustainable. That means weaving it throughout an organization's culture so safety and security practices aren't seen as separate but instead are viewed as part of the whole.

Good security is thorough down to the last detail - There’s an old Japanese saying that goes, “Matters of small concern should be treated seriously.” Pay attention to details! It's usually a cascading series of small events that eventually lead up to a serious incident.

Good security is environmentally friendly - I’ve only met a few security practitioners who think about environmental impact. People don't ask questions like: What’s the carbon footprint of international travel (can meetings or assessments be done virtually)? What happens to plastic water bottles after they’re used? Does it make more sense to use rechargeable batteries in a guard’s flashlight rather than disposable ones? Is a PDF version of a security manual just as effective as a printed one? Degrading the environment leads to human suffering. If you work for a humanitarian organization it doesn't make sense to be doing things that contribute to the problem.

Good security is as little security as possible - This principle has a Zen quality to it. You should be striving for Goldilocks "just right" security, which is just enough to get the job effectively done. It’s easy to go overboard (or underboard) on safety and security, depending on the situation, and you should always be mindful of that tendency.

For a great interview with Dieter Rams, not about security, including photos of his work, go here.

U.S. Military Presence Increasing in Africa

2011-11-12T09:39:00.000-08:00

The Guardian has an article about the U.S. military providing counter-insurgency training to Nigeria to combat the growing threat of the radical Muslim group, Boko Haram. The excellent Confused Eagle blog, which provides commentary and analysis on USG doings in Africa, has further details.

So let's see now. Last month it was announced 100 U.S. advisors were heading to Uganda to help deal with the Lord's Resistance Army (LRA). Past U.S. involvement fighting the LRA hasn't been exactly stellar. Three years ago the U.S. Africa Command helped plan Operation Lightning Thunder, a large-scale attack on LRA camps. Due to a lack of coordination between Ugandan ground and air forces, the raids failed, and hundreds of civilians were killed as enraged LRA units went into hiding.

Over in Kenya, the U.S. has been training the Kenyan military for quite some time. Border incursions by al-Shabab are almost certainly prompting covert U.S. special operations missions against the Somali Islamist group. U.S. drones, cruise missiles, and helicopters have already been used against targets in Somalia during the past four years.

Then don't forget about Camp Lemonnier, a large American base in Djibouti. And those new drone bases in Ethiopia and Seychelles that the Washington Post reported in September.

From a humanitarian security perspective, this expansion makes me uneasy. U.S. and Western military actions in Iraq and Afghanistan didn't exactly win hearts and minds, and in the process, many Western NGOs and their staffs were put at greater risk. If your organization is doing work in Africa, you should be paying attention to any early signs of local fall-out from U.S. military actions; and adjusting your security measures accordingly. While acceptance is a powerful strategy, history has shown it can be trumped by perceived guilt through association.

DigitalGlobe FirstWatch

2011-11-06T13:11:00.000-08:00

I'm a self-admitted geospatial junky. I've always had a thing for maps, aerial photos, and satellite imagery and feel that anyone practicing humanitarian safety and security should have a basic grasp of common geospatial tools such as GPS, Google Earth and ArcGIS (as well as old-fashioned paper maps and a compass).

One of the big players in the commercial geospatial business is DigitalGlobe. The US-based company has a number of its own high-resolution imaging satellites in orbit; if you've ever used Google Earth, you've seen some of their satellite imagery.

DigitalGlobe has long worked with the humanitarian community, providing digital images for relief and emergency work through its FirstLook service. A couple of weeks ago the company added a new service to its product portfolio called FirstWatch.

FirstWatch provides rapid analysis and reporting. When a natural or man-made disaster occurs, DigitalGlobe begins collecting new imagery from the affected region. The company's analysts then review the images, and within hours after the event occurs, produce reports that give an initial and accurate sense of the disaster's magnitude. Evidence of structural damage, infrastructure failures, changes to the topography, flood water depth and other potentially life-threatening elements are identified. This information allows organizations and agencies to quickly assess the situation and formulate response strategies and plans.

I can't emphasize enough the importance of good analysis. You can have the most up-to-date, real-time imagery available, but if you don't know how to fully interpret what you see, its value is greatly diminished. Imagery analysis is both an art and a science, and following a large-scale, critical event, you want a trained analyst examining the data and telling you what it means so you can make good decisions. It's nice to see DigitalGlobe offering this capability, as this skill set is typically not found within NGOs.

Most humanitarian organizations are averse to using the term "intelligence" because of perceived connotations with government spying. Semantic sensitivity aside, if you start using satellite imagery you'll undoubtedly run across the acronym GEOINT. That stands for "geospatial intelligence," which is a hot buzzword in government and corporate circles these days.

Interview: Christine Persaud on Gender and NGO Security

2011-11-02T13:40:00.000-07:00

Gender issues in humanitarian safety and security tends to be overlooked by many organizations and practitioners. One of the leading voices in this area is Canadian security advisor Christine Persaud. Christine started her humanitarian community career nearly ten years ago, with Médecins Sans Frontières in Chechnya and Daghestan. Since then she has worked internationally, providing consultation and training on a range of safety and security issues for large non-profit organizations and government agencies (American Red Cross, CARE, CIDA, Save the Children, and USAID, to name a few). In this interview, she shares some of her experiences and insights on gender and the practice of humanitarian security.

I appreciate you taking the time to chat, Christine.

Thank you for the invitation. Before we get started though, I'd like to reference two definitions from the Inter-Agency Standing Committee's (IASC) Gender Handbook.

Gender refers to the social differences between females and males throughout the life cycle that are learned, and though deeply rooted in every culture, are changeable over time, and have wide variations both within and between cultures. "Gender," along with class and race, determines the roles, power and resources for females and males in any culture.

Gender-based violence (GBV) is an umbrella term for any harmful act that is perpetrated against a person’s will and that is based on socially ascribed (gender) differences between females and males. The nature and extent of specific types of GBV vary across cultures, countries and regions. Examples include sexual violence, including sexual exploitation/abuse and forced prostitution; domestic violence; trafficking; forced/early marriage; harmful traditional practices such as female genital mutilation; honour killings; and widow inheritance.

That's good for level setting, thanks. So my first question is, as a female, what have your biggest challenges been in performing NGO security work?

Safety and security work, NGO or otherwise, remains mostly a male-dominated field — usually because of the gender roles perceived to be associated with security management. This sometimes creates, as you may imagine, gender-related challenges. Some individuals see females as weaker and as an easier target for criticism of their work and recommendations. These same individuals tend to second-guess women, regardless of their skills and experience. This is difficult because right away, there is a sense that a woman must prove something to validate herself and gain acceptance as a female safety and security advisor.

Since there are more male security workers than females, I am sometimes greeted with skepticism by field staff (men and women both). On these occasions it takes effort to have others recognize who I am. Usually, once they get to know me, they open up and become incredibly receptive and realize I am fully competent to do the job. But, I should never feel the pressure of having to prove myself in the first place.

Of course sometimes cultural nuances are present and there are certain situations that are considered off limits for a female security advisor. I try to recognize this ahead of time and work accordingly. I never want to cause harm because of my presence.

While I don't want to stereotype, what differences do you see in how female humanitarian security practitioners do their jobs compared to their male counterparts?

There aren't many female security practitioners like myself who deploy to conduct security assessments. You will more often find women as security desk officers, researchers or trainers. There is a role and importance for all. Women who perform security in the field such as Beverly Aisha Toomer, have really worked hard and devoted themselves to the job and have assumed incredible roles in security management. I really appreciate their approach, experience and commitment.

As for the differences between male and female approaches, I can only speak for myself and say that in theory, there shouldn’t be too much difference. The notion of cultivating acceptance and interfacing/connecting with various actors is very important to me. I think being a female has enabled me to have more access to the most vulnerable groups — humanitarian personnel and beneficiaries. I also don't want to stereotype but I do wonder if women use more intuition, discussion and consultation — although I have some male colleagues who are very sensitive and intuitive.

Gender is often overlooked in humanitarian organization security practices. Could you explain why we need to be more aware of gender when it comes to security planning?

Gender can make individuals further vulnerable and it must be considered in security planning. Gender Based Violence is pervasive all over the world in all cultures and societies. Some types of programming could and do cause greater harm to vulnerable staff and beneficiaries in situations where they are put at risk. In humanitarian organization security, this point is often not well considered and gender barriers to reporting and acknowledging increased risk exposure may be pushed away because of fear.

It is also important to understand and accept the cultural and religious gender issues that are imperative to each individual staff member. For example, there was a situation in Darfur, where a female Muslim national staff was made to share a house with male staff at a field office location. This woman was not from the area, and living with male personnel brought shame and insecurity in the eyes of the community and to herself. The organization's Country Director had complete disregard for the situation and in planning to better accommodate the needs of many of its national female staff; including providing better security systems at residences. In this case budget took precedence over fundamental respect for religious cultural and gender roles. Another area of concern includes the dynamics of sexual exploitation and abuse perpetrated by aid workers against beneficiaries and often by international male staff members upon national female staff.

We must consider the fact that staff members are from all over the world and each has their own notion of gender roles. This variation in even basic comprehension of what constitutes Gender Based Violence (GBV) can seriously exacerbate situations and sensitivities.

I recall doing an office evacuation drill once where the women's traditional clothing really impacted their ability to quickly exit the building. I'm embarrassed to say, it didn't even occur to me that would be an issue. Have you had any security experiences where something gender-specific surprised you?

I remember a case in Sri Lanka where an NGO’s female staff members were being sexually harassed every time they passed an SLA checkpoint. This harassment was even worse when they were driving motorbikes. Getting around in motorbikes was the primary transportation means for this NGO. Unfortunately, none of female staff had communicated they were being subjected to daily harassment and sometimes even assault. I was surprised and fortunate that they opened up to me about these incidents during a focus group discussion. This had been going on for some time but they never mentioned it to management. This highlights two issues: lack of incident reporting and the fact that program delivery increased their exposure to GBV. Once apprised, I facilitated ways to avoid future incidents.

You've worked in a number of different countries, including many conflict zones. As a whole, do you think women staff members look at safety and security differently than their male co-workers?

In general, and to varying degrees, I have found some men can be slightly more cavalier about security simply because they haven’t experienced gender inequality and the increase in vulnerability to GBV. This attitude could also come from the cultural norm that men are assumed to be protectors and shouldn't show weakness or fear. In other situations, women take greater personal risks in deciding to work for humanitarian agencies and can easily become targets (especially in very strict contexts where females are oppressed). However, at the end of the day, it comes down to the individual and his or her acceptance and understanding of security.

From your experience, which countries have a high risk of sexual assault among female humanitarian aid workers?

GBV is driven by context — society, culture and religion. Staff members may suffer GBV but most often, do so in their own private lives, often hidden from others, especially co-workers. I cannot say for sure which countries have a higher risk of rape or sexual assault. The statistics don't really matter as sexual assault — as we all know — is hugely under-reported. You can just assume it is prevalent everywhere.

I don’t know why, but there is one situation that has always pre-occupied my mind and that is how the conditions in Banda Aceh deteriorated over time. With an influx of foreigners in an otherwise closed area before the Tsunami, some of the local men had pre-conceived ideas of what western women were like. During the later phases of emergency response and reconstruction there were increasing incidents of harassment, assault and rape against international female staff and female staff from Jakarta. I myself experienced sexually inappropriate comments and advances. What was also starting to happen, was the increased exercising of Sharia law (in response to exposure to western culture). This became a factor that lead to an alarming increase of incidents of GBV against local female staff working for INGOs. This is a very specific example of the impact of presence and of the gender-specific risks that exist and need to be anticipated.

What are some ways to mitigate the risks?

Better security risk assessment and analysis, for one. Acknowledging that different gender groups have different needs and vulnerabilities depending on the specific context. Taking the time to talk and look deeper into day-to-day situations that may put others at further risk is important. This should be understood for both security management (staff security) and program design (beneficiary security). We tend to prioritize the flashy threats such as kidnapping or terrorist attacks. But in reality, life threatening GBV incidents are more frequent. We also want to assert that standard operating procedures and contingency planning are gender neutral. But that's not the case. In order to better reduce risk, we must consider the nature of gender-specific risks and vulnerabilities within specific situations. Specifically, we can achieve this through having a balanced perspective reflected in security assessments which identify context-specific gender risks. The goal is better mainstreaming gender in security management. We also need to promote compliance of agency-wide internal policies of intolerance to all GBV.

When we talk about gender security issues, there's a tendency to focus GBV. What other issues should we be aware of?

We should be aware of sexual exploitation and abuse, intimidation, inappropriate sexual comments, gender inequality and inequity in work and pay. We need to be aware of how our programming and operations can put certain individuals further at risk. And finally, although it often is associated with GBV, we should be aware of supporting personnel who are suffering from domestic abuse.

What can humanitarian organizations be doing better in terms of gender-related security?

Start right from needs assessment and program design — consult with women and girls — consider how programming and carrying out programming may increase vulnerability. We need to listen better and not assume. We need more opportunity to address gender and security without fear of it as a taboo subject.

What advice can you give male humanitarian workers to become more aware of and sensitive to gender-related security issues?

Try to be more compassionate in understanding that women and girls sometimes encounter more challenges in all aspects of their lives. This is situation dependent of course, and I am generalizing. But try to see things from their perspective and then anticipate what may pose more of a challenge and risk. It really comes down to treating all persons, men, women, boys and girls, with the dignity and gender equality they deserve.

Any closing thoughts?

I would really like to stress the following messages. Gender specific threats relate to and concern both women and men. All of the assessment, considerations and planning we do must address both gender groups and their exposure to risk. This can be complex as gender roles are very context dependent, being defined by such factors as individual behavior perceptions, accepted levels of interaction between males and females, association with Western NGOs, and cultural expectations. In addition to this deeper understanding, there are practical measures. Incident reporting data should include gender and be accounted for in analysis. Gender-specific risk should be incorporated into training. We are not doing as good of a job incorporating gender into security management as we do with other issues. But I believe with greater awareness we can change that.

CDC Yellow Book

2011-10-30T10:01:00.000-07:00

Every two years, the Centers for Disease Control publishes a definitive guide to international travel health known as the Yellow Book (for the color of its cover). It's an indispensable reference for understanding health risks all over the world. The 2012 edition is now out. To get a hard copy or use the online version, follow this link.

Inside Jobs

2011-10-26T10:53:00.000-07:00

The Telegraph is reporting that the two Danish Refugee Council aid workers recently kidnapped in Somalia, fell victim to their own security staff. The abduction occurred within 48 hours of the pair's arrival in Somalia, and apparently was facilitated by members of the armed guard force contracted by the humanitarian organization. Without having specific details, any analysis of this incident would be speculative at best. However if the news report is accurate , it does highlight a seldom talked about factor in national or international aid worker abductions. That is there is often an insider within the organization that is somehow involved with the kidnapping. Whether the motivation is political, monetary, or simple revenge, some set of circumstances cause a staff member to act against a colleague.

Unfortunately, NGOs don't seem to be very good at picking up on warning signals prior to an inside job. For that matter neither do corporations, as criminal activities by insiders are far more common than those committed by people outside a company. It probably comes down to a bit of denial, thinking someone's not going to bite the hand that feeds him or her. But in many cases, that's just what happens.

Obviously, properly vetting staff members is a useful preventative measure. After that though, managers need to have a high degree of sensitivity to their employees and be mindful of behaviors that could suggest a staff member might act against the organization. Unfortunately, this isn't widely taught within the humanitarian community. (A good starting point for self-study is Gavin de Becker's book "The Gift of Fear," which offers some basic behavioral insights to potentially violent internal threats.) Another detriment to preventing these types of incidents has been a lack of willingness for organizations to share information about precursors that lead up to an incident. While I appreciate the potential negative PR and legal exposure implications of disclosure, not understanding the events that led to an incident and not applying lessons-learned, almost certainly guarantees the incident will occur again - to your own organization or another.

Inside jobs are tough. But the first step in dealing with them is to acknowledge they occur. With that and the local context in mind, you can start crafting ways to mitigate the risk; whether it's abduction, theft, or workplace violence.

Stephen Pinker's Small Ray of Sunshine

2011-10-23T20:48:00.000-07:00

I recently attended a conference held at the Bill and Melinda Gates Foundation where its staff were described as "impatient optimists." That's quite a contrast to the "studied pessimist" role many in the NGO security business take on. Make no mistake, there are days when being a humanitarian safety and security practitioner is rather depressing. Seemingly endless bombings, abductions, vehicle accidents, and natural disasters don't tend to give one warm fuzzies.

But you know, I recently picked up a copy of Stephen Pinker's lengthy new book, "The Better Angels of Our Nature: Why Violence Has Declined." And I'm feeling a bit hopeful. Although the media may lead you to think otherwise, Pinker states that historically we are living in the most peaceful period our species has ever known.

With all the conflict in the world, that seems hard to believe. But his thesis isn't just opinion or idle speculation. Pinker is a well-known and written Harvard psychology professor and he makes a very compelling case that there has been a dramatic, long-term reduction in family violence, murder, racism, rape, and war deaths. He backs up the claim with statistics, charts, maps, peer-reviewed research by other academics, and a variety of historical references (including some fairly gruesome tales of days-gone-by violence and inhumanity).

Pinker's basic hypothesis is as we become smarter, our capacity for violence decreases and life becomes more precious (education-focused NGOs will take heart in that message). However since our brains tend to fixate on accounts of mayhem and destruction, we don't see the decreasing violence and believe the world is getting worse. Of course frequently dealing with safety and security incidents and staying on top of potential threats seems to amplify that belief.

I haven't finished the book yet, but so far Pinker gives me guarded hope that as a whole humanity is heading in a positive direction. And that's a good feeling after a day of digesting the latest news from Afghanistan, Pakistan, Somalia, and Yemen. Maybe the Gates Foundation is on to something about being optimists.

Check out what Pinker has to say in a conversation called A History of Violence at Edge.org (one of my favorite sites for interviews with and commentaries by some of today's leading thinkers).

Thailand Flood Resources

2011-10-22T16:05:00.000-07:00

The Google Crisis Response project has a very useful collection of maps and information resources devoted to flooding that's currently occurring in Thailand. If your organization is operating in the region, this is a great planning tool. (Tip - Save some time and effort by passing the link on to managers and colleagues who are asking you for general situation updates a little too often.)

I continue to be impressed with Google's work in the emergency area. For more on the project, check out a blog post from last month.

Interview: Robert Macpherson on Abductions

2011-10-17T16:45:00.000-07:00

Robert "Bob" Macpherson is a well-known figure in the NGO security community. A retired U.S. Marine Corps Colonel, former director of CARE Internationals Safety and Security Unit, and current principal of Cosantoir Group, Bob has a remarkable amount of experience in the humanitarian space. One of his many areas of expertise is handling abductions. I caught up with Bob recently and he agreed to share some of his insights on kidnappings.

How common are abductions in humanitarian work?

Without a doubt, the frequency of abductions in the humanitarian community is increasing. However, because most abductions are never publicized and there are no central reporting mechanisms, it's difficult to fix exact numbers.

Which countries are currently the most risky for aid workers in terms of abductions?

Afghanistan, Somalia, Haiti, Mexico, and Colombia get the majority of attention. I don't include Pakistan because at this point I don't feel it's overly risky for international staff abductions; national staff is another story, though. There's a great deal of press when a Westerner is kidnapped there, mostly because of the highly publicized political tensions between the United States and Pakistan. I'd rate countries such as El Salvador, Guatemala, Honduras, and other Latin American states more risky, even if they don't get as much attention. People tend to focus on Mexico, without realizing the extent of narco-crime that goes on in the rest of the region. It's only a matter of time before the NGO community will be confronted with criminal kidnapping incidents there.

Have aid worker abductions changed over the past five or so years?

I suspect depending on who you talk to, you'll get different answers. Some of my colleagues say that there are more politically related kidnaps. I disagree. In fact, I believe it's exactly the opposite. The problem is when an international aid worker is kidnapped, the media attention is extraordinary. And since many of these abductions occur in politically-charged, conflict zones, there is often political motivation. But it's the far more frequent abductions you don't hear about, that are on the increase. Kidnap for ransom of national staff members, without a doubt, is very much on the rise. I'm amazed at how tightly the NGO community keeps a lid on abductions of national staff members. To ensure there's no misunderstanding, I applaud that lack of transparency. I'm currently engaged with an organization that had a driver abducted. If it becomes a matter of record that the driver was returned and there was a ransom or some other remuneration involved, you can only imagine what will happen to every NGO driver in the region.

Have most of the incidents you've handled been crimes of opportunity or well-planned and targeted abductions?

An intuitive answer to this question is roughly 50-50. Typically, the ones that involved international staff and became notable in the press were well-planned. But even abductions that don't make CNN usually have some element of planning, whether well-planned or not. To give you an example. In Haiti, people would be abducted and the ransom asked would coincidentally match the exact amount in their bank account. Obviously, some collusion between criminals and bank employees was occurring. That seems like good planning to me. But regardless of whether an abduction is well-planned or not, in the more than 20 abductions I've handled, and virtually every kidnap my colleagues have dealt with, there is one common factor in all of them. That is the victim established a routine and pattern. And even if they were warned to vary the routine, they refused and then suffered the consequences.

Have you found that organizations deal with an abduction differently, depending on if it's an international, national, or local staff member?

You should never get an NGO to answer this question directly. However, there has to be a difference in the way kidnaps are handled depending if it's national and international staff. To be clear, this should be the case. In the simplest context, it is important and essential to remember that an international staff member will always go home. The national staff member and his/her family will remain in the same place from which the victim was abducted. There are nuances that are associated with this fact that have to be considered in a number of ways. A kidnap negotiation is obviously a delicate event. The procedure for a national staff member is very complex. It's not so much in the actual negotiation or the engagement of insurance company crisis response personnel. It's in the more subtle areas of family security.

Some readers may not know about kidnapping and ransom (K&R) insurance. Could you briefly explain what it is and how it works?

K&R insurance is a way for an organization to have a means of assistance if a staff member is kidnapped. People tend to look on this insurance as a way to pay ransom. That's not exactly true. What K&R insurance provides are the services of professionals to assist with the abduction, including engaging in negotiations. K&R premiums vary and are based on the number of staff covered, whether they are international or national, the countries being worked in, and the coverage amount ($3 million is a good number, but a broker may limit an organization or business to less). Small and medium sized humanitarian organizations often do not have K&R insurance (whether because they don't know it's available or they believe budgets won't allow for it). This can put an organization and its staff at a high level of risk if they are working in a country where abductions are not rare events.

What roles do the employing organization, the family, and government (host and country the staff member is a citizen of) play in working with a K&R response company? Who ends up making the decisions?

It's easier to answer this question based on circumstance. For instance, if the victim is an American citizen, the FBI will provide assistance. However, it's in the detail of "assistance" that things become delicate. The FBI, or a government representative from most Western nations, will not engage in negotiations. This means when phone calls and messages are being passed back and forth with the abductors, it's not the FBI who is actually involved in the negotiation. Without hesitation, they are present and provide remarkably beneficial advice. But the actual discussions are accomplished by others. With international staff these negotiations are generally handled by professional response personnel who are associated with K&R insurance providers. In the case of national staff, the discussions may be carried out by the individual's family. I find that each event is different in certain processes, and gravitate toward the best way to handle the negotiation. At times, a family member is simply too emotional to be able to provide negotiations. Consequently, the insurance company responder may be the person who handles it.

So back to our kidnapped American, or other citizen from a Western nation. That nation will most likely be involved in some manner with the response. If the victim is from an emerging country, the response team from the organization's insurance company will have a much more prominent role. Also, it's important to note that I have rarely seen an incident involving the kidnap of either a national or international staff member that did not have the element of extraordinary cooperation between all parties. As in every situation, things start off a bit slow but very quickly people come together to accomplish the goal returning the victim to his or her family.

If you could give humanitarian workers three pieces of advice for avoiding being abducted, what would they be?

1.Vary your routine. It doesn't have to be overly burdensome or continuous, but ensure that if anyone is watching you they are never able to establish that you travel the same road daily, shop in the same market on the same day of the week, attend some type of social event at the same time, etc. As simple as this sounds, it is the one measure that will keep a staff member as safe as possible from a kidnapping.

2. Be observant. Most people, in fact I believe all people, have an intuitive sense for danger. Living in a safe society tends to diminish this sense. But if you're in a complex environment, listen to that inner voice and pay attention to it. It's easy to disregard attentive caution because no one wants to appear to be overly cautious or become embarrassed about a hunch that proves wrong. You need to override those feelings instead of overriding your intuition.

It's interesting. I've found that when I talk about safeguards to international staff who are working in a complex environment and they have their children with them, I have their absolute attention. However, if I were to speak to the same people when their children weren't around to worry about, and gave them the same advice, they wouldn't be paying as much attention.

3. Recognize your uniqueness. I'm amazed at the number Americans who I have met over the years who have spent time in places such as Afghanistan, Iraq, Mexico, or other high-risk environments who believe because of their tenure or ability to speak the language they can disregard many of the basics elements of personal security. This is simply not so. Particularly, in Middle Eastern nations, a foreigner is a foreigner and it begins and ends with that. The sad truth is that the majority of international staff kidnap cases I've been involved with have fallen into this category. People lived in the country for so long they began to believe they were immune to the same dangers as a consultant or someone who was newly arrived would face. In fact, this attitude made them more of a potential victim.

And if someone finds themselves abducted, what are your top three recommendations for getting through the ordeal?

Of course every incident is context dependent, but here are some general recommendations.

1. The first 24 hours are critical. The kidnappers are typically frightened themselves and can be volatile. Being quiet and cooperative is the best way to get through the event. Regardless of what you see and read – if you make a blind rush for freedom, in most cases it will not end well.

2. As soon as possible, attempt to establish your own routine. It may be something as simple as a bit of physical exercise, periods of quiet reflection, or anything that will help keep you calm.

3. Without being obtrusive, try to begin a very subtle dialogue with your kidnappers. Your goal is to attempt to humanize yourself as much as possible. The more you can engage with the abductors on a personal level, the more they begin to recognize you as an individual and consider their actions toward you. This takes time, but will happen. You'll find that some of the kidnappers will have nothing to do with you but there will be others who engage. Think about this and use it to your advantage.

Postscript: If you have additional interest in K&R insurance, check out a 2007 paper written by Meadow Clendenin for the Emory Law Journal. Lots of background on the history, nuts and bolts, and foreign policy implications of K&R insurance.

Afghanistan NATO Kill/Capture Map

2011-10-13T15:03:00.000-07:00

The British newspaper The Guardian just published an excellent interactive map showing all publicized NATO kill/capture missions in Afghanistan. The data is taken from ISAF press releases and goes back to September 2009. Each province is shown with the number of insurgents killed and captured and how often missions occurred. The accompanying article has more detail on the data. If you do work in Afghanistan, you already know which areas tend to be more risky than others and the map isn't going to tell you anything new. What is does though, is give you a sense of the scope and range of these missions, which obviously have a military impact on the Taliban as well as a perceptual impact on non-combatant civilians.

PMC/PSC Code of Conduct

2011-10-12T17:06:00.000-07:00

Private Military Companies (PMCs)/Private Security Companies (PSCs) have gotten a bad rap over the years because of events in Iraq and Afghanistan. Unwarranted civilian deaths, sexual abuse, theft, and fraud have been extensively reported upon by the media. As is often the case, the actions of a few impact the many, even those whose conduct has been exemplary.

If you haven't been keeping up with the PMC/PSC world, the industry came to the conclusion it needed to do something about its image. In November 2010, the International Stability Operations Association (ISOA) announced a voluntary code of conduct designed to raise the ethics and operations standards of its members. Representatives from a number of large security firms were signatories to the code in Geneva, Switzerland. As of the first of this month, 211 companies worldwide have agreed to its terms. That's positive movement.

If your organization uses a PSC, you should check if the company has signed the code of conduct (a list of signatories and more information about the code is here). It makes sense for humanitarian organizations that use armed guards to support initiatives like this. However keep in mind that the code currently relies on companies to self-regulate themselves. ISOA is still working out the details on how violations will be dealt with. The alternative to self-policing is some form of internationally adopted legislation that regulates and monitors PMCs and PSCs. The United Nations Working Group on the use of Mercenaries as a means of Impeding the Exercise of the Right of People to Self-Determination (try turning that into an acronym) has been working on just that since 2005.

PMCs and PSCs are here to stay. If security companies can use a code of conduct to avoid incidents such as the2007 Blackwater Nisour Square shootings in Baghdad (and lesser human rights violations), that's great. If not, its likely public outcry will prompt government legislation and oversight. Time will tell...

LangMedia - A Cool Language Resource

2011-10-07T20:24:00.000-07:00

When I do a security assessment in a country I've never visited before, before I leave I'll spend some time coming up to speed on the local culture and language. There are lots of resources for doing this, but one of my favorites is called LangMedia. It's a project of the Five Colleges consortium (Amherst, Hampshire, Mount Holyoke, and Smith colleges and the University of Massachusetts Amherst).

LangMedia has free instructional material for learning an assortment of languages. And I don't mean just your standard Spanish, French, and Arabic. The Web site seems to specialize in uncommon languages and dialects for many parts of the world where humanitarian work often occurs. Course outlines, practice dialogs, audio files, and lists of additional resources are all available for viewing, listening, and downloading.

One of the most beneficial parts of the site is called CultureTalk. This is a collection of video clips of discussions with residents of many countries. The speakers talk about a variety of cultural topics, often in their own language (written local and English transcriptions are provided). The interview clips feature different people, with a range of genders, ages, and walks of life represented. To give you a taste, here's a CultureTalk page for Yemen. (You can download any of the videos, which makes for great prep on a laptop or tablet during long flights to your destination.)

LangMedia excels at introducing you to common words and phrases, giving you an ear for what a language sounds like, and presenting cultural aspects of places that far surpass what most guidebooks offer. And if you want to get deeper into a language, mentored and self study courses are also available.

If you do international aid work (or are just curious about different cultures), this resource is a must.

Protest /Civil Unrest First Aid

2011-10-04T12:35:00.000-07:00

It's not unheard of for international humanitarian workers to be at the wrong place, at the wrong time, and accidentally get caught in a potentially violent encounter between protestors and security forces. (Or perhaps you're involved with an activist organization, and being part of the protest is the plan.)

Ending up in the middle of civil unrest, whether by fate or design, definitely increases the chances of your being injured. Even peaceful protests in Western democracies have a history of violence where law enforcement has occasionally used excessive amounts of force to deal with crowds.

The diligent NGO security practitioner identifies and understands threats and determines best responses. If there's a good probability that you or a staff member may be impacted by civil unrest violence, it makes sense to know what to expect and have a basic knowledge of protest first aid.

Unfortunately, standard first aid courses don't teach you how to treat exposure to tear gas and pepper spray or what happens if you get hit with a rubber bullet or some other less-than-lethal projectile.

The best place to learn such things is from a street medic. Street medics are people with varying amounts of medical knowledge and skills who volunteer and support large protests. Street medics trace their roots back to the American civil rights and anti-war movements of the 1960s. They're out in the streets with protestors or run clinics just outside of protest areas. Thanks to the work of street medics all over the world, there's a large body of knowledge on common protest injuries and how to treat them.

Whether you advise staff members in countries prone to civil unrest or you're planning on getting involved with the emerging Occupy Wall Street (and elsewhere) movement, here are some Internet street medic resources to explore (if you're not into activism, just focus on the practical information and treat the political opinion and commentary as just that):

Seattle Street Medic Collective, Black Cross Health Collective (on hiatus), Rosehip Medic Collective - Pacific Northwest (U.S.) street medic groups with good collections of reference material.
List of Street Medic Organization Web sites (international) - Some out of date sites.
Street Medic Wiki - An editable compendium of reference information, news, and photos.
A Protestor's Guide to Less-Than-Lethal Police Weaponry - A comprehensive guide to crowd control technologies and techniques, new and old, used throughout the world.

New Tourniquet Design

2011-09-30T10:16:00.000-07:00

Coming from an emergency medical background, I recommend humanitarian workers in conflict zones carry what cops, the military, and PMC-types call a "blow-out" kit. This is small first aid kit that contains gloves, a tourniquet, compressed gauze, and some type of a blood-stopping bandage (also known as a pressure dressing). In case of a gunshot wound, explosion, or any event that causes serious bleeding, the kit can be used to save a life (your's or someone else's). You can bleed out from a bad arterial wound in two minutes, so stopping severe bleeding quickly is critical.

Although tourniquets are taught to be a tool of last resort in many first aid classes, they've become primary and proven lifesavers in conflict zones. Thanks to the wars in Iraq and Afghanistan, tourniquets have vastly improved in design and function. There are a number of different types available, including windlass, ratchet, and compression (check out Chinook Medical for examples).

There's also a brand new tourniquet that just appeared on the market that falls into the "why didn't I think of that" product category. Essentially it's an oversize plastic zip-tie. Called the Cobra Tourniquet it's advertised as simple to use, fast, lightweight, and relatively inexpensive. I'm waiting for some military and independent trials before recommending it for blow-out kits (SOFT, CAT, and TK-4 are still the best tourniquets out there, in my opinion), but it looks interesting. I'll update this post when I see test results.

There have been quite a number of medical advances in battlefield trauma treatment in the last decade - including the rapid use of tourniquets on severely bleeding extremities. These new military protocols and products are gradually being adopted by civilian emergency medical providers and will eventually be incorporated into standard first aid classes. That said, Always have training to go with the medical gear you're carrying. If you're interested in learning first aid that's applicable to conflict zones, I'd recommend (at least in the U.S.) looking for Tactical EMS/First Aid classes. These are targeted to law enforcement and security contractors, but the skill sets are also applicable to NGO staff working in harm's way. I've heard some humanitarian training organizations are starting to offer classes that go beyond standard first aid. I believe this is long overdue. More on that in a future post.

LRA Crisis Tracker Map

2011-09-29T09:29:00.000-07:00

Earlier in the month I posted about an interactive map that tracked drug violence incidents in Mexico. I mentioned it would be nice to have similar maps available for other conflict zones where humanitarian organizations work. I got an email from FHI 360 security director Norm Sheehan, that Resolve and Invisible Children are doing just that. They've released an interactive map Web site that provides information on LRA (Lord's Resistance Army) attacks in central Africa.

The map is linked to a database of reported LRA incidents, compiled from UN, NGO, and media sources. Data ranges from 2009 to the present. Whats cool is that the information is nearly real-time, with new reports of LRA activity being updated hourly (the HF radio early warning system in DR Congo is linked into the system).

I'm a "map guy" and really have to give the creators of this tool some serious credit - it's very well designed and implemented.

If your organization is doing work in South Sudan, Central African Republic, or DR Congo this resource is a must. If you're not operating in Africa, you should still check it out. I suspect it's a glimpse of what will be common within the humanitarian community in the very near future.

Social Media and Security

2011-09-25T11:25:00.000-07:00

I want to spend a few minutes talking about social media. That includes blogging, tweeting, forum posting, and friending. Many humanitarian security practitioners don't give social media much thought. But let me give you some real world examples I've encountered where social media went wrong and security issues arose (names, locations, and organizations aren't revealed for obvious reasons):

Blog posts about upcoming program site visits (including dates, destinations, and routes) in an area noted for banditry
Blog posts that revealed the location of an ex-pat humanitarian worker's residence (the staff member later left the conflict zone country when a Western intelligence agency warned an abduction was being planned)
Photos posted on a personal Web site that showed the inside of a field office (including the location of the safe)
An interview that appeared in an online magazine where a staff member discussed the details of refugee camp security measures
A Facebook page belonging to an ex-pat staff member working in a Muslim country that contained culturally insensitive photos and comments

Good security practice is all about reducing risk. Yet in each of the above cases, not enough thought was given to the security implications of online activities and the potential impact to individuals and the employing organization. (I personally believe there's a tendency for many people to treat the Internet as a separate reality that seldom, if ever, intersects with real life.)

To reduce exposure to possible consequences, a good social media policy that spells out what is acceptable online behavior is a must. In tandem, educating staff about some of the risks to themselves and their colleagues from unmindful use of social media is also essential

This falls more into a human resources versus a security responsibility within most organizations (but shouldn't stop a good security practitioner from making others aware of the risk). If your organization doesn't have a social media policy (or wants to see how others are dealing with potential issues), check out this great, free resource that provides a database of over 170 social media policies from business, non-profit, and government.

Postscript: While on the subject of social media. The Mexican drug cartels are increasing their attacks on bloggers. Listen to a recent NPR story and see this news account about a female blogger being decapitated. I wonder if this type of activity will become more widespread (in varying degrees of violence) outside of Mexico and outside of a drug cartel context. It bears watching, especially in developing country conflict zones where actors' Internet savvy is often significantly underestimated. 9/27/11 - It's not just cartels putting the squeeze on bloggers. The State of Veracruz just passed a law that makes social media illegal if it undermines public order.

Google Crisis Response

2011-09-19T10:41:00.000-07:00

Google is involved in a number of worthy environmental and humanitarian causes. One of the lesser known projects is the Google Crisis Response Team. This is a small group within the company that makes critical information more accessible during natural disasters and humanitarian crises (the team maintains a Web site here). There are many elements of Google technology that can be put to use during a crisis. Check out this recent Google.org blog post where Nigel Snoad, the team project manager, discusses tools and resources that you may be able to put to use.

I'm all for having good technology at my disposal during events which require crisis management (tools like Google Earth have become indispensable to me for planning). My one caveat though, is you should always treat a technology-based solution as just another tool in your larger crisis response toolbox. In my opinion, having solid problem-solving and decision-making skills, that aren't dependent on a specific tool, is what's really essential. That foundation, coupled with a good understanding of the strengths and limitations of each of your tools (whether hi-tech or low-tech), will make you an infinitely more effective crisis manager.

Waffles and Disasters

2011-09-15T21:36:00.000-07:00

I remember driving through the windy and rainy remnants of Hurricane Ivan in 2004. I was in a convoy of vehicles headed to Pensacola, Florida that was part of a federal disaster medical response. The power was out everywhere and nothing was open. Then the lead SUV radioed that a restaurant up ahead had cars in the parking lot. We all pulled in and surprisingly enough, the fast food place was open for business (they had a generator running and offered a cash-only, limited menu). We wolfed down some hot food, thanked the manager, and were on our way. Everyone commented on the amazing resilience of a small restaurant in the middle of nowhere.

I didn't know it at the time, but that little Waffle House was part of a larger, well-crafted disaster plan. The Waffle House restaurant chain rates as one of the best disaster prepared businesses in the United States. Operating in the hurricane-prone South and Mid-Atlantic regions, the company has pre- and post-disaster plans for keeping its 1,600 restaurants open (or getting them quickly reopened). Providing customers with reasonably priced, hot food when nothing else is available is part of the privately held company's business model. And it works. FEMA even uses Waffle Houses as part of their disaster assessments – if a Waffle House isn't open someplace, they know conditions in that area are bad.

I give Waffle House some serious points for planning, logistics, and execution (key elements of any emergency response). Check out a recent Wall Street Journal article and the associated video for more.

Mexico Crime Map

2011-09-13T11:03:00.000-07:00

If your organization is operating in Mexico (or you're thinking about a winter holiday there), be sure to check out the Wikinarco interactive drug-crime map. Arrests, assassinations, shoot-outs, and which cartels operate where are all plotted on a zoomable Google map. In addition, crime statistics over time (starting in January 2011) are charted and you can click on an incident to get detailed information. The user interface is in Spanish, but even if you no hablo it's still fairly easy to use and understand. I'd love to see similar, conflict zone-related maps for other places humanitarian NGOs work - this would be a great ANSO project.

9/16/11 - Running Web sites in Mexico such as the one above can be dangerous, as evidenced by recent cartel threats and murders.

Security Focal Point Rant

2011-09-10T18:13:00.000-07:00

If you're not familiar with the term Security Focal Point (or Safety and Security Focal Point), it refers to a staff member in a field office who has some degree of responsibility for safety and security. Often these responsibilities are grafted onto existing jobs such as logistics, administration, or program management (sometimes with added pay, sometimes not). The title has crept into the humanitarian community's lexicon over the years and is widely used. Attend a class or presentation on NGO security and I guarantee you that SFPs or SSFPs will be mentioned. These days you can even get a Security Focal Point certificate from some training organizations.

For some reason I've been thinking about this term lately and I've come to the personal conclusion that it really smacks of bureaucracy and class distinction (especially when applied to local and national staff). Just what exactly is a focal point? Why not use a more descriptive and easy to understand title such as safety and security coordinator or safety and security manager?

I'm not certain who first coined the term (although it does have a UN-ish ring to it). Maybe it came about because coordinator and manager titles are typically associated with higher pay levels. Or perhaps it was an attempt to differentiate professional security staff from the part-timers (that's a rant for another day). Or maybe it was a control thing in helping to keep safety and security centralized at the headquarters level. I don't know.

I do know that if you're entrusting someone with safety and security responsibilities, the very least you should do is give him or her a descriptive title that conveys meaning and respect. For me, a vague, ill-defined buzzword just doesn't cut it anymore.

Does your organization have a good reason for using Security Focal Point as a title or is it just going along with the crowd? Post a comment.

Decreasing Distracted Driver Danger

2011-09-06T14:19:00.000-07:00

Getting drivers and staff members to wear seat belts is a low-hanging fruit safety measure. Vehicle accidents account for a significant number of humanitarian worker injuries and fatalities, and using seat belts is a simple and effective way to mitigate risk.

Once you get an effective seat belt policy and program in place for your organization, you can further reduce risk by raising awareness of the dangers of driver inattention. This is a bigger issue than you may think. In 2009, an estimated 20% of vehicle crashes in the U.S. were a result of driver inattention. You've probably heard that talking on a cell/mobile phone while driving can cause accidents – one study showed that using a cell phone while driving, whether hand-held or hands-free, delayed a driver's reaction time as much as having a blood alcohol concentration of .08 percent (the legal limit in the U.S., Canada, and U.K., but legally drunk in most other countries). Phones are just the tip of the iceberg. Lots of research has been done on other activities that can distract a driver and prevent him or her from seeing and/or responding to something that could cause an accident. Here's a chart from a study that shows the percentages of crashes with fourteen common sources of driver distraction (one or more distractions may have been present in a crash):

Any activity that takes a driver's focus away from the road can increase risk, but as you can see, some are more risky than others. (While much distraction research tends to be U.S.-focused, it's reasonable to assume the basic findings apply elsewhere in the world.)

Considering the accident statistics, developing a distracted driver education program for your organization and adding appropriate policies (such as no cell phone use while driving) is a worthwhile investment that could save lives.

The U.S. Department of Transportation has an excellent Web site (www.distraction.gov) with lots of information including research and workplace educational material.

Inside the WikiLeaks Cables

2011-09-02T08:06:00.000-07:00

Yesterday I posted about the unredacted U.S. government diplomatic cables that had found their way onto the Internet. I suggested that humanitarian organizations doing international work should review the content to see if they are mentioned. There hadn't been much NGO-related material mentioned in the cables officially released by WikiLeaks, but I suspected there might be in the unreleased cables (Update - as of today, WikiLeaks has released all of the cables).

My hunch was correct. In skimming through the cables there is a large volume of communications about international NGOs and the UN. Some of it mundane (program reports), some of it controversial (country director opinions of host governments and leaders), some of it concerning security incidents (a few that I'd heard about through the community grapevine and others I hadn't). For example, here's an extract from a 2006 cable about the security situation in Darfur:

SUBJECT: DARFUR: NGO PRESENCE UNDER THREAT
--------------------------------------------------
NGOs Operating Under Increasingly Harsh Conditions
--------------------------------------------------
3. (C) A variety of occurrences over the past three months underscores the tenuous security environment faced by non-governmental organizations (NGOs) operating in Darfur.
The nature of the events and their severity are increasing; the potential for further deterioration during the holiday season put NGOs at increased risk. This is particularly true in the Gereida area of South Darfur, a town along the strategic Nyala ) Buram road that has seen ongoing conflict for more than two years between tribal militias, rebel groups, Sudan Armed Forces, Popular Defense Forces (PDF), and Janjaweed.

4. (C) Several recent events reflect this trend (Refs A and
B):
-- The rape, apparently designed to send a brutal warning to international humanitarian workers, of an Action Contre la Faim (ACF) expatriate worker;
-- The rising pace of vehicles car-jackings ) with 20 vehicles being stolen during the past month;
-- The selective theft of communications equipment and computers (Ref A), which impedes the ability of NGOs to conduct their normal activities, report on conditions, and communicate with outsiders;
-- The interrogation of CARE International workers, including regarding their private e-mail messages (Ref B);
-- The withdrawal of NGOs from Darfur and relocation of 400 humanitarian assistance workers so far in the month of December alone (Ref C); and
-- The decreased overall ability of the international community to deliver essential services and commodities for internally displaced persons (IDPS) in Darfur.

----------------------------------------------------
MFA: NGOs are Politically Manipulated, Need Courage
----------------------------------------------------
5. (C) During a December 21 meeting with State Minister of Foreign Affairs Ahmed Ali Karti, Charge Hume underscored the gravity of recent security events in Darfur, particularly in the Gereida area. The theft of a dozen vehicles, withdrawal of Oxfam and ACF, and sexual assault of a humanitarian worker jeopardized essential services and goods for 100,000 IDPs. Karti accused NGO workers of over-reacting, and not having the courage to remain in environments they knew to involve risk. Irritated, he stated they knew of Darfur\'s problems and were paid to do their work despite poor security. There is no perfume or roses in Darfur, he added, and NGO workers should refrain from reporting every wrong they encounter. The Sudanese Government cannot help them; they should return when there is stability. Finally, he accused NGO workers of \"trying to play politics,\" and being manipulated to send a \"political message.\"

Material such as this is interesting from a historical perspective, but my primary concern is about information that could increase risk to an organization and its staff. Unfortunately, this is also present. One organization I work with had the names of a few local staff members listed in a cable; discussing security conditions and their opinions of anti-government factions. Another cable mentioned how programming activities might be beneficial to military information operations. While this organization works hard to maintain its neutrality (including no military involvement) and uses an acceptance strategy, erroneous perception can be damning. The organization's headquarters and country management team are now reviewing selected cables, determining possible impacts and appropriate responses.

Considering some of the things I've read in the cables relating to the humanitarian community, I now feel even stronger about the need for international organizations to check if they are mentioned and in what context - especially since the full set of cables is now easily searchable at CableGateSearch. It's a worthwhile exercise to play "what-if" the media, host governments, or anti-government actors are also reading these cables. Certainly nothing may come of it, but it's always better to be prepared in case it does.

WikiLeaks Leaked Cables Update

2011-09-01T10:35:00.000-07:00

In an earlier post, I suggested that security practitioners might want to pay attention to the content of leaked U.S. diplomatic cables in case information about their organization was present. Since perception can become reality, there's a chance the mention of an organization in some context might increase their risk exposure. Web sites such as CableDrum and CableGateSearch allow you to easily search for text in the cables that WikiLeaks has officially released.

Up until now, WikiLeaks has tightly controlled the flow of the compromised cables and hasn't released all of them. But as of yesterday, the entire, unredacted collection of cables (over 250,000) was unofficially leaked and has found its way onto the Internet (much to the dismay of WikiLeaks). 9/2/11 Update - There's a great description of how the encrypted cables were compromised here.

I'm not going to debate the legality or ethics of the release of this information. Only that the genie is out of the bottle, and anyone with a small amount of technical ability can now access the full set of cables.

A compressed version of the cables is currently available from various BitTorrent sources or can be directly downloaded (at the moment) from John Young's Cryptome disclosure site. The ~360 MB file is compressed in 7z format, you'll need a copy of the free compression utility 7-Zip to open the file. It uncompresses to a whopping ~1.7 GB text file. This is too large to open in Word or Excel for viewing (Excel's maximum number of lines is a bit over 65,000 and Word is constrained to around 100MB files but is also limited by system memory). So you'll either need to split the file into manageable chunks using a text file splitting program (such as HJSplit) or use a suitable text file reading program (Large Text File Viewer is a good, free Windows option). 9/2/11 Update - A colleague tipped me off to a much better and faster free program for viewing and searching large files. It's called Cream, a modern version of the old VIM programmer's editor, and is available here.

Searching through the entirety of such a large volume of unindexed data is a slow process (figure up to multiple hours for each text string you're interested in, depending on what program you're using). The search is going on in the background though, so you can be working on other things, checking the progress periodically and then clicking to search for the next instance of the text if it's found.

I suspect in the very near future someone will index all of the cables and put up an easy-to-use search Web site. But in the meantime, if you want to see if your organization is mentioned in any of the leaked cable traffic, the above information should help you get started. 9/2/11 Update - In response to the leak, WikiLeaks has now officially released all of the cables (with no redactions). They are available for browsing here or on CableGateSearch for full-text searching. I've written a follow-up to this post here.

Aid Worker Security Report 2011: Spotlight on security for national aid workers

2011-08-31T19:49:00.000-07:00

Humanitarian Outcomes recently released its 2011 repor t on the state of aid worker security (the last report came out in 2009). I'll shamelessly quote verbatim their key findings below to entice you into reading the details in the full 28-page PDF document. Kudos to Abby, Adele, and all involved for the excellent research and analysis. Your work is valued and appreciated.

2011 Key Findings

The past two years show a downturn in violence against aid workers that spiked in a small number of conflict contexts beginning in 2006 and peaking in 2008.
The recent decline in attacks is mainly due to the shrinking presence of international aid agencies in the most violent settings, Somalia in particular, rather than improving security conditions.
The incidence of aid worker kidnappings continues to rise dramatically, and the use of major explosives has emerged as a tactic of violence in a small number of settings.
Despite overall improvements in aid agencies’ security risk management, national aid workers perceive continued inequities in security support compared with their international counterparts.
National aid workers, while less subject to major attacks per capita than international aid workers, nevertheless form the majority of victims, and their specific security needs require more attention.

Somalia Report

2011-08-02T09:47:00.001-07:00

If your organization is doing or considering doing work in Somalia (or if you just want to stay up to speed on events) I highly recommend you check out Somalia Report. Founded by war correspondent/journalist Robert Young Pelton (author of "The World's Most Dangerous Places"), this no-holds-barred news site cuts through mainstream media fluff and provides good on-the-ground commentary and analysis. The site's been running for a bit over six months now and has provided a continuous stream of top-flight information that's relevant to humanitarian security practitioners in the Horn of Africa region. Somalia Report is currently free and makes for a good online reference paired with Suna Times (probably the best Somali produced English news Web site).

Possible sat phone alternative

2011-08-01T17:06:00.000-07:00

DeLorme is a U.S. firm that got its start making paper maps, then got into digital maps and software, and now makes handheld GPS receivers in addition to maps. I've used their products over the years and they're pretty good with excellent customer support. The company recently announced a new product that may provide an affordable alternative to sat phones for field use. inReach is a small device that serves as an interface between an Android operating system cellular phone and the Iridium satellite network. It provides two-way, text-based communication through the mobile phone (an iPhone compatible version is supposed to be in the works). In addition the gadget also has GPS navigation and mapping functionality.

Pricing is supposed to be around $250 US for the device, with monthly plans starting at $9.95. This is considerably cheaper than an Iridium sat phone (around $1,000) and $30 to $40 monthly fees, plus airtime. Scheduled availability is sometime in the fall of 2011. There's more information about inReach, including photos, here.

Technology always looks good on paper before it's released and it's best to wait a bit and pay attention to the early reviews before purchasing a significant number of new electronic devices.

As a note, one downside to Iridium is coverage is blocked in certain parts of the world due to U.S. regulations (currently that includes Taliban controlled Afghanistan, Cuba, Iran, North Korea, Syria, and Sudan). I suspect Thuraya, which has more of a foothold within the humanitarian community (and so far has offered more rugged handsets) will also get into this market and other similar, competitive devices will emerge. Speaking of Thuraya, the British TV show Gadget did an un-scientific comparison of Iridium and Thuraya handsets last year. Check it out on YouTube.

How Not to Do Safety and Security

2011-05-12T08:40:00.000-07:00

If you haven't been following the US Congressional hearing on the victimization of Peace Corps volunteers, read this disturbing AP news article. This is a classic example of why thinking about and implementing safety and security is so important. While there are always two sides to a story, for a large and well-funded organization to behave in the manner described is appalling. What is especially pathetic is this situation has been known about for years, but officials chose not to do anything about it. In my opinion, a humanitarian organization has a moral obligation and duty to mitigate risk as best as possible for its staff members and to support them following an incident. To do anything less, runs counter to basic humanitarian principles. You always look out for your people...

WikiLeaks

2010-12-07T11:28:00.000-08:00

The USG cables that are being leaked by WikiLeaks provide a remarkable look behind the scenes at U.S. foreign policy and how the Department of State operates. There have been some interesting mentions of intelligence gathering targeted at U.N. and non-U.S. humanitarian organizations. While the main WikiLeaks site has been shut down, a large number of mirror sites have popped up.

It would be prudent to monitor the cables as they are released for any mentions of your organization and its activities. While personal names are being redacted, there is no guarantee organizational identities will be removed. The main security concern is depending on the context in which an organization is mentioned, groups may erroneously perceive some type of affiliation with USG, thus increasing risk - ranging from potential negative publicity to targeted attacks on facilities and/or staff. At the present there is a Web site that allows you to perform keyword searches of all publicly released cables. If the site is taken down, it's likely others will take its place and I'll update the link.

One other thing to mention. An encrypted, gigabyte-plus "insurance" file containing the unedited cables and other unreleased material has been available via BitTorrent since October. If anything happens to Julian Assange, supposedly the encryption key will be made public, providing anyone who downloaded the file with the raw information. Whether this is a bluff or not, remains to be seen. If the data is released, it's a forgone conclusion media outlets and both political and armed anti-government groups will be promptly mining it.

PS - USG has warned federal employees that since some cables are still classified, reading them is breaking the law. No word on if or how this stance may apply to organizations being funded by USAID.

FEMA training

2010-03-10T12:13:00.000-08:00

Following its actions during Hurricane Katrina and other recent incidents, the US government's Federal Emergency Management Agency (FEMA) doesn't have the most sterling reputation. In fact you may be wondering why I'm even mentioning them here.

Not to be an apologist, but part of FEMA's problem is post-9/11 the agency was pushed outside of its core areas of expertise. FEMA is an administrative, bean-counting, check writing agency - and isn't half bad doing this job. FEMA is not a response agency and has failed miserably just about any time its been put in that role. But hey, that's politics, right?

One of the administrative tasks FEMA does very well is to provide training to emergency managers and response personnel. In addition to instructor-led classes the agency also has an extensive independent study program offering a variety of online courses.

A number of these courses are very applicable to humanitarian organizations and safety and security practitioners and I'd encourage you to visit the Web site to check them out.

In the next post I'll be discussing something called the Incident Command System (ICS) - which FEMA offers several courses on. In my experience I've found some NGOs don't really have an effective management structure in place to handle large-scale or complex incidents. In such cases I often recommend adopting ICS or something based on it. More on this later, or check out the IS-100 course to get a head start on the next blog entry.

GPS and cameras in Afghanistan

2010-02-25T13:58:00.000-08:00

Wired's Danger Room has a short article on work-for-pay programs in Afghanistan. And I quote:

"So how do you track cash-for-work in a place like Helmand, where fighting still rages? John Stephens, who manages programs in Afghanistan for the U.S. charity Mercy Corps, came up with one solution: Use cameras with GPS to verify aid projects in insecure places where expatriate staff can’t oversee projects in person."

"The idea is simple: If an area is too dicey to send in expats, Mercy Corps sends in Afghan staff with GPS cameras — either a Nikon point-and-shoot, or a Garmin handheld GPS with built-in camera — to verify that the projects are actually being undertaken in the right places, so they can pay wages. The data is then uploaded to a Google Earth–style program, so Mercy Corps — which implements USAID projects — can track projects and their participants."

Let me get this straight. National staff is being sent into potentially hot conflict zones with a digital camera and GPS and told to take pictures? I hope there's a little more to this story in terms of risk management. I suspect packing a Western camera and GPS receiver around the Helmand Province might just be viewed as spying by the Taliban. What do you think? With some potentially nasty consequences for the Afghan employee. On the surface this sounds like using national staff as, excuse the pun, Canon-fodder.

Any readers from Mercy Corps that are hip to the details care to comment?

Using the Likert Scale to Assess Risk

2010-02-14T19:59:00.000-08:00

Humanitarian security practitioners often use impact/probability charts like the following one to determine levels of risk. You take a potential incident and mark the chart where the impact and probability intersect. It's a handy tool for allowing you to assess and prioritize a number of different threats. (The process of doing this with every possible negative incident you can think of is called bulletproofing.)

I've always thought this type of an impact/probability chart is a bit simplistic and doesn't really give you enough granularity to make the best, informed decisions. Instead, I use a variation based on the Likert Scale. In the 1930s, psychologist Rensis Likert developed a way to measure attitudes consisting of either a 5 or 7 point scale - 7 points gives you a higher degree of accuracy.

You don't need to be a math or stats-guru to use a Likert Scale, it's actually quite simple to implement and understand (an especially good feature when explaining the rationale for security decisions to management). For risk assessment, here's how it works.

For probability, use the following ratings:

1 - Very improbable
2 - Improbable
3 - Somewhat improbable
4 - Neither probable or improbable
5 - Somewhat probable
6 - Probable
7 - Very probable

For impact, use these ratings:

1 - Very insignificant if it happens
2 - Insignificant if it happens
3 - Somewhat insignificant if it happens
4 - Neither significant or insignificant if it happens
5 - Somewhat significant if it happens
6 - Significant if it happens
7 - Very significant if it happens

Take the rating values for a possible incident and multiple them together. For example, let's say the potential of someone stealing office supplies at a large NGO's HQ is probable (6) but insignificant (2). That gives the incident a value of 12.

Compare that to the potential of a staff member being abducted in a certain conflict zone. Let's say it's somewhat probable (5) and very significant (7) if it happens. This incident tallies up as a 35.

The higher the number, the more time and effort you should devote toward preventative and contingency measures.

You can make this particular Likert Scale even easier to use by multiplying the total by two. When we multiple probability by impact we start out with a possible range of values from 1 to 49. If we multiple by two, the range then goes from 2 to 98, which is close to the familiar 1 to 100 scale. From a cognitive standpoint it's easier for someone to relate to a score of 24 for the pencil thief incident and 70 for the more dire abduction scenario.

You can get good quantitative results quite quickly by plugging the numbers into a spreadsheet and then sorting after you're finished.

It's worthwhile to mention that two heads are better than one (usually), and it's useful to have several people that are knowledgeable about the operating environment work up incident ratings. You can either go for a consensus view or simply take the average of the different responses and use that as your rating.

Give the Likert Scale a try and see if it works for you.

Haiti Satellite Imagery

2010-01-14T10:48:00.000-08:00

Google Earth now has up-to-date satellite imagery (taken January 13, 2010) of the Port-au-Prince area of Haiti. You can turn the layer on and off to compare the amount of damage with pre-earthquake imagery.

Our condolences to the friends, families and co-workers of those lost in the disaster.

Harvard Africa Map

2010-01-04T10:18:00.001-08:00

I admit it. I'm a map junkie. The more maps I have access to wherever I'm working, the happier I am. If you or your organization is operating in Africa, I highly recommend you check out Harvard's AfricaMap project. This online map incorporates all sorts of layers (including economic, social, and environmental information) with the familiar Google Maps interface. Of particular interest is the ability to display U.S. and Russian topographic maps as background layers. This is a great planning and general information resource. The site is currently in beta (there are a few bugs and it can be slow) but it's very usable. Look for more features and data layers as the project goes forward.

Electronic maps

2009-12-27T10:05:00.000-08:00

Good maps are an indispensable part of effective humanitarian safety and security efforts. Knowing where you are and how to get from point A to point B is essential for day-to-day operations as well as emergencies. You probably already know about Google Earth and its Web-based cousin, Google Maps, which both provide free and detailed satellite imagery for many parts of the world (with coverage expanding monthly). But you may not know about the Open Street Map (OSM) project. The goal of this community effort is to offer a free, public database (and map) of all the world's roads and streets. Volunteers enter map data for areas which then becomes part of the OSM data set. You can access the maps online or print them out. Keep in mind OSM isn't just for developed countries; there is a growing amount of map data for places humanitarian organization staff often find themselves.

Besides the obvious benefits of OSM, I want to mention two benefits that may be useful for technologically savvy security practitioners.

First, it's possible to use OSM map data to create maps you can upload to Garmin GPS receivers. Check out this link for a list of maps that have already been converted as well as instructions for making your own maps.

Second, there is an affiliated project called Walking Papers. This Web site started out as quick and easy way to create printed maps that use OSM data. It's recently expanded its functionality and offers a simple way for people to add updated information to the OSM database. It works like this. You print a map then hand draw in detailed features. Once you've finished your enhanced map, scan the map, save it as a JPG file and upload it to the Walking Papers site. Your scanned map appears and you can use a simple, drag-and-drop editor to add roads and points of interest that will become part of the OSM database; which everyone will have access to. It's slick, and recently I've seen UNHCR-related data starting to appear on Africa maps thanks to Walking Papers.

Some thoughts (and resources) on abductions

2009-12-12T11:34:00.000-08:00

Many humanitarian organizations rarely plan for staff member abductions (if you want to sound security savvy, call it K&R, for kidnap and ransom). While some large humanitarian organizations use security companies (Control Risks Group is popular) for handling abduction incidents and negotiations most NGOs don't have the budget to put a firm on retainer or the knowledge and/or training to handle an abduction by themselves.

It's a no-brainer that any NGO doing international work should include discussion of abductions in their policies and procedures. Staff abductions are very complex, emotionally charged, and potentially life threatening events. It pays to be responsive and have well thought out plans in place instead of being forced to improvise on the spot.

Unfortunately, classes for handling abduction incidents are few and far between and there's not a very large body of references on subject. So what's a humanitarian security practitioner or senior manager that wants to be better prepared to do? Here is a brief reading list on the subject with a few thoughts.

One of the few books devoted to dealing with abductions (not including victim autobiographies, which can also provide useful insights) is Kidnap for Ransom: Resolving the Unthinkable by Richard Wright. The book is an excellent introduction to all topics relating to kidnapping and includes a number of case studies as well guidelines and checklists. The price may be a bit steep for adding a copy to your personal reference collection ($79.95 for a 230-some odd page volume), but don't let that stop you since the book is available through most inter-library loan systems.

When it comes to crisis negotiations, Christopher Voss is one of the most experienced negotiators in the business. Voss was the FBI's lead international kidnapping negotiator and dealt with a number of high profile cases (since retiring, Voss started a negotiation consultancy called the Black Swan Group - a reference to Nicholas Nassim Taleb's popular book on unpredictable events titled The Black Swan). Voss' negotiation strategy was greatly influenced by Jim Camp's business negotiation book, Start With No. Voss argues that kidnapping and hostage taking are business-oriented in nature and that business negotiation concepts and techniques can be successfully used during abduction incidents.

Aside from Camp's book, another good source of information is just about any class, book or paper that has come from Harvard's Program on Negotiation; or its affiliated instructors. This well regarded program delivers some of the best and brightest thinking on negotiations of all types - including important work on inter-cultural dealings, a critical component for successful resolution of an overseas abduction.

It's been my experience that even following successful abduction resolutions, many NGOs like to pretend the incident never happened. Policies and procedures may never be fully reviewed or if they are, the information never filters down to the field. While I understand the negative PR aspects of full transparency and the potential for encouraging future abductions if details of a ransom are disclosed, it's seems rare that an incident is used as a teachable moment for an organization. In most cases a clear lack of situational awareness and/or disregarding security policies led to the abduction. Case studies and real-world "lessons learned" capture people's attention and get them to think. Don't neglect making some good out of an abduction by seeing if you can use it to prevent similar events from happening in the future.

Military map symbols

2009-11-22T18:04:00.000-08:00

If you've ever worked with U.S. or NATO military units in conflict areas and either peeked at or used their maps, you know they're filled with all sorts of strange symbols. The bad news is if you've never served in some country's army, good luck figuring out what all of the non-intuitive squiggles, boxes and colors mean. The good news is all the symbols are standardized (NATO APP-6a, to be exact) and there are public references available that tell you what they mean - for example, here's a link to a recent U.S. Department guide. If you're into maps by necessity or curiosity, be sure to check out Tom Mouat's MapSymb site, which includes lots of information on military map symbology including downloadable TrueType symbol fonts.

Blast-proof wallpaper

2009-11-19T08:25:00.000-08:00

Selecting residence and office sites in conflict areas always presents a challenge for humanitarian organizations - especially in places where bombings are a part of the threat model. Sufficiently hardening a structure can be a costly and labor intensive endeavor, but a new technology developed by Berry Plastics may change that. Called X-flex, the product is a composite film that can be applied like wallpaper to reinforce structures from external explosives blasts. Don't just think bombings, though. X-flex is also suitable for strengthening buildings in hurricane and cyclone-prone regions. Check out the product video for more info.

New Somali pirate threats to NGOs?

2009-11-15T10:30:00.000-08:00

Only humanitarian organizations that use cargo ships in the Indian Ocean have had to worry about the threat of Somali pirates. That may be changing with the recent hijacking of a commercial aircraft in the Puntland region. According to a Voice of America news article, members of a pirate gang commandeered the plane, in hopes of holding it and two German journalists for ransom. The incident was peacefully resolved by security forces, but it begs the question of whether increased naval pressure in the Gulf of Aden is forcing pirates to look elsewhere for revenue - such as kidnapping Westerners. (Despite stepped up patrols, it's instructive to point out that according to Lloyds List the pirate's success rate in taking ships and smaller vessels has surged to over 50%.) Readers interested in piracy are encouraged to check out a recently released book by Peter Leeson called "The Invisible Hook: The Hidden Economics of Pirates." Leeson takes an economist's look at 18th century piracy and provides fresh perspectives on why pirates behaved and operated as they did. His historical account is fascinating and entertaining and provides insights into what is happening off the Somali coast today.

U.S. State Department Death Database

2009-11-14T09:31:00.000-08:00

The U.S. State Department hosts a little known online database that tracks non-natural deaths of U.S. citizens outside the United States. Select a country and date range to get a list of fatalities (including location, date and cause) is displayed. The database is regularly updated and goes back to 2002. This is a very useful tool for providing an element of risk context for various places in the world.

We're back (and recruiting)...

2009-11-14T09:15:00.000-08:00

After a lengthy hiatus, the NGO Security Blog has returned. Look for new posts on a variety of humanitarian security topics coming soon.

We're also looking for a few humanitarian security practitioners who would like to contribute to the blog - either openly or anonymously (if you don't want your organizational affiliation disclosed). If you have the time to make two or more posts a month on relevant topics, send an email to ngosecurity at gmail dot com and let us know you're interested. This is a great opportunity to share information and discussion with the humanitarian community.

JM

How to Survive a Disaster

2008-06-01T08:53:00.000-07:00

Nice article from Time by Amanda Ripley, author for the forthcoming book "The Unthinkable." Ripley has interviewed a number of survivors of various types of disasters and her book looks like a winner in terms of case studies and lessons learned.

Manuals (CIA and NGO)

2008-05-07T09:57:00.000-07:00

Today is midweek manual day, and here's a quick selection of interesting manuals to read.

At the top of the list is the CIA's Psychology of Intelligence Analysis by Richards J. Heuer. This is a must read if you're into critical thinking and the inner game of security. It covers information gathering, analysis and the various biases that can creep in and influence decisions. The content presented in this manual should be taught in every introductory humanitarian security course.

Next up, Charlie writes in with some links to a few humanitarian security manuals and resources:

http://www.frontlinedefenders.org/manuals/protection

http://www.frontlinedefenders.org/manuals

http://www.aidworkers.net/?q=advice/security

http://ec.europa.eu/echo/evaluation/security_review_en.htm

(A few of these may seem familiar, but it's good to mention again for new blog readers.)

Cyber attacks on NGOs

2008-05-07T09:42:00.000-07:00

Maarten Van Horenbeek is a computer security researcher who is studying cyber attacks launched against humanitarian organizations (he wrote the article recently mentioned in this blog on electronic attacks against pro-Tibetan groups).

If you suspect your organization has been targeted, or you know of an organization that has, Maarten would like to hear from you. He's interested in attack methodologies and can help with analysis. (It's important to note that at times these attacks may not appear to be direct, and can easily be mistaken for a random virus or generic hacker activity).

Contact Maarten at: maarten @ daemon.be

Five security tools for Windows, Linux and Mac

2008-04-26T08:00:00.000-07:00

Ars Technica has a good and easy-to-understand article on essential security programs for Windows, Linux and Mac computers. Great, free tools for locking down your own or others' computers.

Saving NGO Security Scenario Videos

2008-04-05T15:22:00.000-07:00

Over the past six months I’ve posted a weekly scenario with a YouTube video clip to get you thinking about various safety and security situations.

Time commitments are going to decrease the frequency of future scenario posts, but in the meantime I want to show you how you can save scenario videos to your PC. These videos are great for classroom training or presentations. Just load them onto a laptop connected to a PowerPoint projector and you're ready to go. (Feel free to use any of the scenario text to go with the videos.)

First, click on this link to go to an index of the scenarios. On the index page, click a link to bring up the scenario. Once a scenario is displayed, follow these instructions:

In the bottom right hand corner of the video window is a Menu button. Click it.
The video temporarily shrinks and the URL of the video displayed. Click the Copy to Clipboard button (this copies the YouTube video URL to your clipboard).
Go to the keepvid.com site. (There are a number of Web sites and programs that can save YouTube videos to your PC. Google save youtube for more options.)
Paste the YouTube video URL saved in your clipboard to the text box at the top of the KeepVid Web page.
Click the Download button.
Two options are displayed - .flv Low Quality and .mp4 High Quality. Click the link of your choice to start downloading. (A file named get_video is saved. Rename it to something a little more meaningful.)

The .flv format saves the video to your hard drive in Flash format. You’ll need a video player to play the video. I recommend VLC, which is free, at: http://www.videolan.org/vlc/

The.mp4 option saves the video to your hard drive in MPEG format, which is playable by QuickTime, Windows Media Player, and other common players.

That’s it. You can apply the same steps to save any other YouTube video you want to keep. Happy downloading... JM

NGO Security Training Directory

2008-04-03T21:04:00.000-07:00

Based on several requests, I'm compiling a humanitarian security training directory. If you, your business, or your organization provides security-related training to the humanitarian community, send me contact information and a brief description of the type the training you offer (or simply a link to your Web site). I'll be posting the directory in the coming weeks.

10/8/11 Update - This idea really never took off, sorry...

NGO Security Scenario #25: One Day in April

2008-04-01T08:10:00.000-07:00

You are relaxing after work in a karaoke bar in the capital city of a country that's been plagued by unrest. There have been several attacks on foreigners and last week an American-owned hotel was bombed. The crowd around you seems anxious for some reason. As you sip a beer, the bar suddenly plunges into darkness. As you reach into your pocket for a small flashlight you hear a strange but familiar sound. Click the play button below to see what happens next.

What do you do? Share your thoughts by clicking on COMMENTS below (and Happy April Fools Day).

NGO Security Scenario #24 - Media Fallout

2008-03-23T11:20:00.000-07:00

Following the abduction of a group of South Korean aid workers in Afghanistan, you are quickly brought in as a consultant to advise the organization they were volunteering for. The Taliban kidnappers have threatened to kill one of the aid workers unless their demands are met. The incident is dynamic and the South Korean and Afghan governments have yet to become largely involved. You believe the situation can be resolved and that negotiations as proceeding in good faith. As you sip your morning tea, a news report with the following video appears on the hotel room television (click the play button).

An official is quoted that the military has just recovered the body of one of the Korean aid workers. This is the first you've heard of this report. Your mobile and satellite phones both start ringing at the same time. There's loud knocking at your door. What do you do? What are your priorities? What actions will you advise the organization to take next? Share your thoughts in the COMMENTS below.

Cyber Attacks against Tibetan NGOs

2008-03-22T09:10:00.000-07:00

So let's say you work for an NGO that's managed to irritate a government. And I don't mean cause minor irritation, as most organizations do or have done, but serious irritation, where a government (or proxy) decides to use its resources to mess you up. Not the typical expulsions, detainments or arrests, but really sneaky stuff.

Read this article about what's happening with Tibetan NGOs. It's been my experience that most NGOs are woefully unprepared to deal with such a threat. While I've encountered a few IT staff members who are security savvy (and a smaller number of security practitioners who are IT proficient), this tends to be the exception within the humanitarian community.

IT and security folks rarely talk. As you both have the interests of your organization in common, jointly discussing this article might be a good way to begin a dialog.

Inside the Twisted Mind of a Security Professional

2008-03-21T08:29:00.000-07:00

Read the article and what do you think? Are we hardwired differently than most of the people we work with and for? Can you teach security mindset? And just how twisted is your mind? (I certainly seem to fit the profile.)

NGO Security Scenario #23 - Accidents Happen

2008-03-16T21:17:00.000-07:00

You're working on a security assessment report at your organization's country office in Egypt. You hear car horns honking outside and look out the window. A broken down piece of road construction equipment is being moved off the street. Click the play button to see what happens next.

The dark colored car belongs to the Country Director who is in a meeting with her staff. What would you do next? Share your thoughts by clicking on COMMENTS below.

NGO Security Scenario #22 - Mr. Sandman

2008-03-09T18:19:00.000-07:00

You are returning to your organization's country office in Sudan. You are on foot and the office is about a half kilometer away. You hear a commotion behind you and turn around. Click the play button to see what happens next.

What would you do next? Share your thoughts by clicking on COMMENTS below.

NGO Security Scenario #21 - The Heat is On

2008-03-02T10:30:00.001-08:00

You are a program manager for a forestry project in South America, spending a few weeks in the Western United States observing wildland firefighting operations. You are at a large fire camp. Drought conditions and high winds have caused several fires to increase in size and become unpredictable. Click the play button to see what happens next.

What are the primary threats? How much risk is there? What actions would you take? As the smoke gets thicker, it becomes difficult to breath. Would placing a wet bandanna over your face help? Share your thoughts by clicking on COMMENTS below.

Note: A PowerPoint presentation (in PDF format) by the Incident Commander discussing the event, with lots of photos, is here. Contrast what you see in the video with the description of the actual incident. The U.S. Forest Service, and the wildland fire community in general, do an excellent job of post-incident analysis and making lessons learned widely known. The humanitarian community could learn a lot in developing similar practices for safety and security incidents.

NGO Security Scenario #20 - Crazy on You

2008-02-24T20:55:00.000-08:00

You're flying from Toronto to London, to catch a connecting flight to India. Mid way through the flight you hear a commotion across the aisle from your seat. Click the play button to see what happens next.

What do you do? Is the situation under control (what observations lead you to that conclusion)? How would you handle a similar situation if it occurred in your workplace? Share your thoughts by clicking on COMMENTS below.

NGO Security Scenario #19 - Roadside Surprise

2008-02-17T16:01:00.000-08:00

You are visiting a project in Afghanistan. Your truck is stopped by U.S. military forces who are in the process of clearing a landslide from the road. A soldier tells you it should be less than 15 minutes before the road is opened. You decide to wait. It's a warm day and you have the windows rolled down. Click the play button below to see what happens next.

What do you do? What threats did you possibly anticipate prior to the incident and what steps did you take to mitigate them when you stopped? Share your thoughts by clicking on COMMENTS below.

NGO Security Scenario #18 - High Seas Horror

2008-02-10T18:43:00.000-08:00

On July 19, 2006, the cruise liner Crown Pacific was sailing off the Florida coast. In calm waters with good weather, the ship suddenly rolled, tipping an estimated 15 degrees on its side. 240 people were injured during the incident.

Here is a security video footage from the ship's casino as the incident took place. This was not a common occurrence and the force generated by the roll is apparent.

Review the last video and comment on human behavior during an unexpected and potentially life-threatening crisis. Which passenger showed a high level of survival instinct? How did the majority of passengers react? What does the behavior of the passengers playing slot machines in the upper right corner of the video suggest? Have you ever been in a crisis situation where you've witnessed similar behavior as shown in the video? Share your thoughts and observations in the COMMENTS below.

New TrueCrypt

2008-02-06T08:43:00.000-08:00

There's a new version of TrueCrypt out - one of my favorite encryption programs for keeping computer data safe. New features in the 5.0 release include: a Mac version (finally), the ability to encrypt an entire Windows hard drive, and a graphical interface for the Linux version. If you're a TrueCrypt user, time to upgrade. If you're not, you should really check it out.

NGO Security Scenario #17

2008-02-03T21:34:00.000-08:00

You are working in an African country that is teetering on the brink of civil war. A peaceful anti-government protest turns violent and is the spark that's needed to ignite the country. Click the play button below to see what is happening in the streets.

What preparations did you make prior to the present situation? Based on the supplies your safe houses currently have, how long can staff hibernate? Landline and mobile phone services have been disrupted. How will hibernating staff members communicate? Share your thoughts by clicking on COMMENTS below.

Custom Garmin GPS Maps

2008-01-31T12:57:00.000-08:00

Garmin makes, what are in my opinion, some of the best GPS receivers on the market. While the company sells a world map that provides a bit more international detail than the default base map that comes with one of their GPS units, the detail is still typically lacking for humanitarian field use (you can purchase detailed street and topographic maps for Europe, Canada and the US, which aren't that much use if you're off the beaten track in Asia or Africa).

Garmin's GPS maps are proprietary. They make money selling their maps, and don't want just anyone creating them. A couple of years ago some Polish hackers figured out Garmin's internal map format and wrote some software that allows you to create your own GPS maps. Over the years, a growing number of free Garmin maps have been produced for some fairly remote parts of the world. Check out this database, where people freely contribute maps they've produced. You might find something useful.

NGO Security Scenario #16

2008-01-27T15:54:00.000-08:00

You are flying from Jakarta to Yogyakarta, Indonesia to visit a program site. The national staff program manager and two international staff from your headquarters are accompanying you. The plane is full and you weren't able to get seats together. The flight is uneventful, until the plane lands very hard. Luggage from the overhead bins starts falling out and the plane comes to a sudden stop. You look out the window and see flames. Smoke is filling up the cabin as you manage to get to an emergency exit. The plane is off the runway in a rice paddy. Click the play button below to see and hear what you experience.

Based on the situation, what do you do? What are your priorities? What threats are present? Share your thoughts by clicking on COMMENTS below.

How to Escape Down an Airplane Slide

2008-01-25T19:33:00.000-08:00

Did you know every 11 days an airliner deploys its inflatable evacuation slide? And that's just in the United States. To help prepare you for such an event, Time magazine has a pretty good how-to article.

NGO Security Scenario #15

2008-01-20T16:33:00.000-08:00

You are working as a security officer in Darfur. This is your first assignment in the region and you have a limited amount of field experience. You are meeting in a town with several other experienced security officers from different organizations when a siren starts to sound. You look up and see a large group of horsemen riding down the street. "Janjaweed," one of your colleagues says. Click the play button below to experience what you see and hear.

How do you determine the current level of risk? What questions do you ask your colleagues? What actions do you take? (If you're unfamiliar with the Janjaweed, click here for context.) Share your thoughts by clicking on COMMENTS below.

Tear Gas/Pepper Spray Resource

2008-01-15T08:43:00.000-08:00

Tear gas and pepper spray are widely used by police and military forces throughout the world to control crowds. Because of the dynamic nature of protests, aid workers may find themselves exposed to riot control agents (if you've never been gassed before, the first time can be very disconcerting). Unfortunately, this topic isn't discussed very much in traditional humanitarian security training and manuals. So to learn more we need to look to other sources, in this case, street medics.

Street medics are independent, trained volunteer medical personnel who support activists during protests. Organized street medic groups have sprung up in a number of Western, urban locations. One of the groups, known as the Black Cross Health Collective, has published extensive information on the effects of and treating tear gas and pepper spray. Check it out.

Kenya Incident Mapping

2008-01-14T09:28:00.000-08:00

Ushahidi is an innovative Web site for tracking security incidents currently taking place in Kenya. What makes Ushahidi unique is anyone can report an incident (either on the site or with SMS) and anyone can view the incident map. This is a great idea and implementation, that hopefully will be replicated in other parts of the world. Kudos to the originators.

NGO Security Scenario #14

2008-01-13T17:38:00.000-08:00

You are walking to your office in Ankara, Turkey. An unexpected winter storm has dumped heavy snow on the city. A couple of blocks from your apartment you hear screaming and shouting. Click the play button to see what you encounter.

Are the bystanders doing a good job of first aid? Based on your training, how would you treat the woman and child? What other threats to safety are present? Considering the environmental conditions, what safety measures would you suggest your organization implement when you reach the office? Share your thoughts by clicking on COMMENTS below.

Humanitarian Security Survey

2008-01-10T14:10:00.000-08:00

The Center on International Cooperation is conducting an online survey on the use of private security providers in a humanitarian context.

The survey is for headquarters, field and regional staff of UN agencies, the ICRC, and international and local NGOs. All relevant parties are encouraged to take part. In cooperation with OCHA and in consultation with an Advisory Group composed of UN agencies and International Red Cross/Red Crescent and NGO representatives, the research team has designed this survey in order to compile a dataset of the range of services that private security providers are contracted to undertake and different models of security provision and partnerships. The results of this survey in conjunction with desk-based and field-based analysis of humanitarian actors' use of private security providers will serve as the basis for a comprehensive report due in April 2008. The survey is anonymous, and no individual organization or agency will be cited by name in published findings.

To take the survey, follow this link.

NGO Security Scenario #13

2008-01-06T17:37:00.000-08:00

You are working as a security officer in Beirut, Lebanon. Tensions with Israel are on the rise again; although there have been no military actions. You wake up in your apartment one morning to the sounds of jets flying low overhead. Press the play button to see and hear what happens next.

What would you do? What sources would you consult to get additional information? The land line and mobile/cell phone networks appear to be out. How do you communicate with the country office? Share your thoughts by clicking on COMMENTS below.

Africa Fatalities

2008-01-02T11:26:00.000-08:00

Two French women volunteering for Action Against Hunger in eastern Burundi were shot in their car in the town of Ruyigi. One of the aid workers died, the other has been hospitalized. At the present the motive is unknown.

John Granville, a USAID officer, was killed in a drive-by shooting in Khartoum, Sudan. His driver was wounded during the attack. An investigation is ongoing.

Condolences to family, friends and colleagues.

NGO Security Scenario #12

2007-12-30T15:50:00.000-08:00

You are in New York City; in town to visit the headquarters of another humanitarian organization. You have a morning meeting to discuss security coordination efforts in Darfur. As a taxi drops you off in front of the office, you hear a loud explosion. You look down the street towards the sound. Press the play button to find out what you see.

What would you do? How far away from this incident would you feel safe? Once you reached safety, what would you do? Share your thoughts by clicking on COMMENTS below.

Security Tidbits

2007-12-26T11:58:00.000-08:00

Various humanitarian security topics of note, as the year wraps up...

A Chad court convicted six French aid workers (Zoe's Ark) of kidnapping and has sentenced them to eight years of hard labor. While it seems likely international pressure will either reduce the sentences or transfer imprisonment to France, the court ruling does send a strong accountability message to the humanitarian community.

Chrispin writes in with a link to a nice security manual published by the New Zealand government. Entitled Security in Government Sectors, even though the manual isn't NGO-specific, it's quite comprehensive and has a lot of good information that can be applied outside government circles. Definitely worth a bookmark.

A belated pointer to humanitarian adviser (and frequent commenter to NGO Security Scenario posts) Kevin Toomer's blog. His Web site and blog have been up and running for awhile now, and feature a variety of humanitarian-security content.

NGO Security Scenario #11

2007-12-23T17:06:00.000-08:00

You are taking a well deserved Christmas holiday in Le Fornet, France. After a hard day of skiing, you're ready to relax. Your friend is a few minutes behind when you finish your last run. As you take off your skis, you hear a loud rumbling sound and look over your shoulder. Click the play button below to see what happens next.

What actions would you immediately take? Does the fact the people around you are joking make the situation safe? What will you do after the initial threat has passed? Share your thoughts by clicking on COMMENTS below.

NGO Security Scenario #10

2007-12-16T15:54:00.000-08:00

You are working in the Democratic Republic of the Congo. A national staff driver is taking you and a program manager to a meeting with a government official to discuss security issues with food distribution. You are in an older car, marked with your organization's name and logo. As you head into the city, you encounter a protest and are surrounded by people. They slash the car's tires and break a window. Your driver talks to them, calming the situation down, and they leave. The driver says the police and military are coming, and that the car is in the middle of what looks like will be a violent confrontation. The car can't be driven, and you make the decision to leave the area on foot. The driver is only vaguely familiar with the neighborhood. Press the play button below to see and hear what you encounter.

What is your plan? How will you accomplish it? What are the primary threats? What are you carrying with you that will be of assistance? Share your thoughts by clicking on COMMENTS below.

Terrorist Baseball Cards

2007-12-16T15:44:00.000-08:00

Collecting baseball cards used to be a popular pastime of boys growing up in the United States. And in keeping with that tradition, the U.S. Department of Defense has issued a collection of Terrorist Recognition Cards. Click on a region to see who's who (complete with stats) and who's wanted.

World's Most Dangerous Roads

2007-12-14T14:41:00.000-08:00

A nice Google Map of the most dangerous roads on the planet (in terms of fatality accidents) according to the Association for Safe International Road Travel.

Algeria U.N. Bombings

2007-12-11T14:46:00.000-08:00

Has your organization done a good job in mitigating the threats of car bombs in high-risk locations?

Does your organization have effective response plans in place for all offices that detail how to handle the aftermath of a car bombing or explosion?

Condolences to family, friends and colleagues of U.N. staff members who lost their lives in today's bombings in Algeria.

Hostage Incident Management Seminar

2007-12-10T18:30:00.000-08:00

InterAction is hosting a Hostage Incident Management seminar on January 15, 2008 in Washington D.C. This topic usually doesn't get a lot of coverage in typical humanitarian security training offerings, and it's nice to see InterAction stepping up to the plate to share information. Seating is limited. For more information, contact John Schafer at: jschafer@interaction.org

NGO Security Scenario #9

2007-12-09T14:17:00.000-08:00

The country you are working in has erupted into civil war. All humanitarian organizations are suspending operations and evacuating international staff. Due to the lack of overland evacuation routes, the United Nations and other military forces will be transporting humanitarian workers to safety by air. You are assigned as liaison to the military and will handle logistics issues. You are to meet an officer arriving by helicopter, and then coordinate staff evacuation on that aircraft. You and the staff members to be evacuated are waiting in a field for the helicopter to land. Press the play button below to see what happens next.

What are your first actions following the incident? What are your priorities? Did you take any measures prior to the helicopter's arrival to enhance staff's ground safety? Share your thoughts by clicking on COMMENTS below.

NGO Security Scenario #8

2007-12-02T19:23:00.000-08:00

You are performing a security audit for your organization in Kenya. On your itinerary is a trip to the Kenya-Sudan border to observe a small food distribution program. After a several hour journey with a staff member, you arrive. An excited group of people has been waiting for the truck and the staff member begins distributing the food. Press the play button below to see what happens.

What potential threats do you recognize? What questions do you have for the staff member after you leave the distribution site? What recommendations will you make to senior management based on what you encountered? Share your thoughts by clicking on COMMENTS below.

Online Donation Service Hacked

2007-11-27T21:45:00.000-08:00

Convio, one of the larger Internet donation service providers for charities, was recently hacked and a significant number of donor email addresses and passwords were compromised. Major NGOs using the company's services including CARE and the American Red Cross were among the victims. More commentary on the story is here.

This incident demonstrates the potential for data vulnerability when relying on outsourced IT services. It also shows that a large number of humanitarian organizations were negligent in not notifying donors after the information security breech occurred. While no credit card information was compromised, a risk still exists that stolen information could be used to access banking, retail and other online services. Management should have contingency plans in place to quickly notify donors of any data compromise. Transparency in situations like this is critical.

OLPC XO

2007-11-27T18:45:00.000-08:00

Over the past couple of years you may have heard about the One Laptop Per Child (OLPC) initiative. An effort to put low-cost computers in the hands of third world children. Instead of taking an existing laptop and loading it up with educational software, an entirely new type of computer was designed from the ground up. Rugged, simple to use, a long battery life, inexpensive (relatively speaking), networked-enabled, and able to be powered by alternate energy sources. Production of this innovative computer, called the XO, started earlier in the month. Originally it was only going to be available to governments in large quantities, but until the end of the year you can purchase one in a unique program. It works like this. For $399 (excluding shipping) you buy two XOs. You're sent one, and the other is donated to a child through the OLPC Foundation (the second one counts as a charitable donation on your taxes if you're in the U.S.). Full details on the program, and the laptop, are here or take a look at the video review below.

Why am I excited about a cute little, lime green computer that doesn't run Windows software? For starters, the technology is amazing as is the potential (check out a couple of videos of XOs in use in Peru, India, and Nigeria). I also like the fact this computer fits in more with the spirit of the humanitarian community compared to most other commercial IT products. And finally, from a security standpoint, this just might be the perfect laptop for taking out into the field. Stay tuned for more, when mine shows up.