Belgium: Crisis & Continuity Management

15 July 2015

The New Paradigm for Chief Security Officers

The role of a director of security, especially with the added spectre of terrorism, takes a different road with the new trends in lone wolf attacks (as famously experienced recently in Boston, Canada, France, and other parts of Europe). These acts involve self-initiated attacks by individuals, with no demonstrable planning or coordination from a larger organization. As such, this type of threat is challenging traditional ways of securing our environment.

Blast at plant in Southern France. (AP Photo/Stringer)

In Belgium, after the January 2015 Charlie Hebdo attack in France, Belgian Counter-terrorist units blocked what was described as a jihadist plot to stage a “grand scale” attack in eastern Belgium. Two gunmen were killed and another wounded in preemptive raid that resulted in a shootout near the German border.

There are 4 levels of terror threats in Belgian defined by the Coordinating Unit for Threat Analysis (OCAD). After this anti-terrorism operation, Belgian authorities raised the national alert level from two to three on a four-point scale. Belgium is such a small country that they say you can tour the entire country with one diesel refuel. However, it is one of the biggest diplomatic countries; and is a member of major international organizations like the European Union and NATO – both of which are headquartered in Brussels, Belgium.

After raising the treat level to 3, a tense atmosphere could be felt in Brussels, as several police cars could be seen rushing through the city at high speed and with loud sirens. A series of false bomb threats happened during this period. The list of places that had to be evacuated included the European Parliament, the Belgian paper that ran Charlie cartoons, the Belgian Newspaper Le Soir, and one of our company sites.

In my capacity as Director, Crisis & Continuity Management at GSK, a science-led healthcare company, we had already raised our threat level with different security measures, however, an anonymous document was found in February, stating the deposit of a bomb in one of the production buildings at our Belgium site – we had to evacuate 5000 employees to ensure their security.

This experience was different than my previous evacuations in Canada. It was the first time that I needed to operate a crisis committee in a level-3 threat environment – it was not a drill, I had to take into account the possibility of a real bomb. I could not rely on any background experience in this situation. The level of stress was suddenly a factor my decision process, and our crisis committee members were also on edge.

Lock down after terror attack on gas factory.

Even though you prepare to stretch beyond your comfort zone when working in security or law enforcement, decisions have to be made with confidence and trust in the crisis team.

We handled the events in stride but, reflecting afterwards, I realized that, even though I began my career as an operative for the Canadian Security of Intelligence Service (CSIS), I had never been as close to terrorism as what happened while managing crisis and continuity for a private company.

Lessons Learned
One of the best practices, after any big incident, is an After Action Review (AAR). The main purpose is to learn from the experience and take the lessons learned to the next step, or to accomplish related tasks more effectively the next time. Basically, the AAR helps to assess what went right, what went wrong, and create an understanding of what needs to be improved so that a revised list of actions can be developed.

After almost two months at Level 3, the terror threat level dropped back to Level 2. Then in June, after four months of peace in the European countries, a delivery driver with links to ISIS reportedly decapitated his boss, Herve Cornara, before ramming the delivery van into gas cylinders at a gas factory that was often on his route, in an attempt to blow up the building. Cornara’s head was found pinned to the gates between two ISIS flags at the American-owned Air Products gas factory in Saint-Quentin-Fallavier.

All this occurred not far from Belgium and marks a continuation of radical Islamist terrorist attacks in the West. The attacks in Europe highlight the need to fight a different kind of threat: the phenomenon of ‘homegrown’ radicalization.

Police block a street in Verviers, Belgium, on 15 January 2015 after an anti-terrorist raid. (Photo: OLIVIER HOSLET, EPA)

While it might initially appear to us that jihadist terror organizations are a comfortable distance away, in Africa and the Middle East, the fact is, terrorism today is never farther away than a plane ticket or click of the mouse in your neighborhood.

No longer is this a concern of only national enforcement entities. As a security director, our No. 1 concern is now the lone wolf: a person who has become radicalized, perhaps in their own living room, by reading or watching terror propaganda.

What attracts people to join a terrorist group?
It has been suggested that people who join a terrorist group feel a need for belonging, and are looking for acceptance or possibly a new identity for themselves. However, one of the strongest motivations, particularly for the lone wolf, is the desire for vengeance, and is often shaped by a perceived injustice. To fuel these negative feelings, terrorist leaders like to claim the West is hostile toward Islam or in some way repressing Muslims.

In many ways, the various forms of social media serve as a virtual training camp – by instructing how to build bombs, how to join their organization, by sharing information, and creating a sense of camaraderie.

We need to remember that a person does not “suddenly” become a terrorist. Although sometimes a fairly rapid transition, it is an ongoing change process that family, friends, colleagues may notice along the way.

If, collectively, we become aware of how the change is progressing, we can speak up when we observe certain behavioural changes of friends or family, a colleague or employee.

In the business environment, what does the Security Director need to put in place?

A good security program is based on three pillars: prevention, dissuasion/persuasion (barriers, CCTV, procedures), and repression (investigation, sanctions).

GSK facility in Belgium.

Prevention enhances security
An awareness program helps change the mindset of employees and management, facilitating the shift from reactive instinct to an active mode of response. An effective Security Director will anticipate many potential problems to resolve the situation before it occurs. Otherwise, we will always be in a catch up mode of response (repressive action). By improving the vigilance of employees, we develop a responsible partnership by saying: if you see something, say something. One inspiring ‘speak up’ campaign was originally implemented by the New York City Metropolitan Transportation after the 9/11 terror.

Campaigns to raise public awareness about the indicators of terrorism and terrorism-related crime is more prevalent in America than Europe. This mindset is not yet ingrained into the European culture, possibly because Europeans still vividly remember the atrocities of World War II. “See and say” is socially counter-intuitive to what they learned as kids. For a long-time employee, to tell on another long-time employee feels like an intimate betrayal of friendship and trust.

To be effective, the security professional of the 21st Century requires both technical and behavioural skills. By developing the skill of influencing and being successful at establishing an Insider Threat Program (ITP) into the organization, the security director will help the company adapt and protect its people against the insider (potentially terrorist) threat.

One difficulty for implementing an Insider Threat Program (ITP) in Europe, is that we do not know how to define the insider who might become a threat. Europeans tend to react to internal threats when we should be proactive.

Defining the human threat requires a change of perception. We’ve done a good job in protecting organizations from external threats, and the technology for physical and IT protection is constantly improving. Culturally, we tend to rely on technology, but it is important to focus more on people and their behaviour, especially with the new face of lone wolf terrorism. Technology will never be as good as human interaction when working with people.

One difficulty for implementing an ITP in Europe, is that we do not know how to define the potential insider. Europeans tend to react to internal threats when we should be proactive.

I believe that my North American culture could bring an added value by mixing our diversity together and developing a better security solution. In this case, we will end up with a concept of creating an Insider Threat Working Group (ITWG) to put the program in place.

Fortunately no bomb was found at our facility, but the bomb threat certainly tested our protocols and our reactions – the incident is still under police investigation.

This very real threat is why one of my main objectives now is to implement the insider threat program for our company. This is quite challenging, but how inspiring!

Radicalized Canadian Michael Zehaf-Bibeau on the day of the Parliament Hill shootings in Ottawa, on 22 October 2014. 

I feel incredibly fortunate to be in this position and especially, as a North American, being able to work in Europe. Every day, the world brings more risks and has become more complex. This is why it’s necessary to develop strong networks of like-minded colleagues – to benchmark good practices nationally and globally, see what’s working in other companies, and develop new collaborations. I’m convinced that we will succeed if we follow the time-tested axiom: “Alone we go faster, but together we go further.”  

Annick Tremblay is the Director of Security, Crisis & Continuity Management, at GlaxoSmithKline located in Belgium. ‬
© FrontLine Security 2015