Fri, Nov 4, 2022

Kroll's Security Concepts Podcast

Kroll’s Enterprise Security Risk Management subject matter experts have come together, alongside special client guests, to host a podcast series discussing the world’s most pressing security challenges.
Episode 20
Threat Management Programs on the College Campus: Assessing and Understanding Physical and Cyber Threats

In this episode, Matthew Dumpert and Chris Palmadesso of Kroll's Security Risk Management practice and Timothy Gallagher of Kroll’s Cyber Risk practice are joined by Robert DiGenova, Deputy Chief of Police at the Stevens Institute of Technology, to discuss the importance of understanding and responding to threats on the campus and in the university environment, as well as understanding the data behind these threats.

Passages from the Episode

Best Practices – Threat Management on a College Campus

“Can each of you name those best practices in today's threat management for colleges and universities, that you feel our listeners should be made aware?” – Jeff Kernohan

“Well, I think, it starts from the boots-on-the-ground, police officer, just being out on the street on the campus, being observant to their surroundings, walking around campus, talking to people daily. So, the community views them in a way that's open and friendly. But, at the same time, if there are concerns that are observed by the officer, they can report those concerns and take the steps that a police officer would take, if they viewed any type of threat, or potential threat. I think that's the first step that our officers would take part of. Also, one of the things that we do pretty well here at Stevens is that, if there is a potential threat and we feel, once we've gathered the information, one of the first things we're going to do is we're going to look to investigate all threats or potential threats. That's a multidisciplinary approach through our law enforcement partners, they are internal at Stevens and externally.”

“But it's also with our staff members at Stevens, that are equipped to work with us, to follow up on concerns related to students. One of the things that we have, here at Stevens, is a very effective CAPS program, which is our Counseling and Psychological Services. And we also have a Behavioral Threat Assessment Team that if we found, or we believe that there was a student in crisis potentially, and there were some warning signs, we would convene as a group and we would discuss, "Is this somebody that the CAPS folks are aware of and have had some prior interactions with?" Where we can create a game plan from there, to first ensure the students mental health is being addressed and just as importantly, and maybe more importantly, is to address any immediate safety concerns for the campus, that we would have to react to. So, I think that multidisciplinary approach within the university, allows us to get a jump on any potential dangers, or security concerns that we may be faced with, but at the same time not overreacting and handling a situation that's best for our students here.”

“The other thing to threat mitigation is preparing for the what if? And that comes through training. We're fortunate that we have a lot of experienced officers that represent 16 different police departments throughout the state, and with that comes a lot of experience in helping us to put together training programs for our officers and for the Stevens community that marry up with one another, where the community knows what to expect from our police response. And the same with our police officers, that this is the training that the community is receiving.”

“We all know what happened in Texas very recently, with the active shooter situation. That's something that we train for on campus. We train for it with our police officers, and we train all of our Stevens community members, through live trainings and now during the onboarding of employees they receive active shooter training, and all incoming freshmen get a live training, where we focus on the Avoid, Deny, Defend, similar to Run, Hide, Fight. But, building those principles of safety and campus safety, it helps us to have an opportunity, right? When the students and new faculty come onto campuses, to lay the groundwork for the safe community that we want to present.”

“So, some of these other best practices that I spoke about, were able to kick into gear and the community understands what actions that we will take in cooperation with our school administrators, where we're all working together to serve the community the best, to make for our safe campus and to make sure that our students that are here, are taken care of and go on and have productive, healthy lives at Stevens and beyond. I mean, that's our focus and our goal and those are the efforts, where it ties in best practice. It's an expansive response, but I think when you tie all those things in together, one aspect helps us to get to the next step and to make it for the safest campus that we can have at Stevens.” – Robert DiGenova

“That’s a good point with regards to training and outreach to students, to faculty. Really, if you're to ask that question, Jeff, it's just really not an easy answer. I know you had said you were going to give us an easy one here. I think that, looking at threat mitigation strategies as we approach the campus security model, is really the training part that Bobby talked about, but understanding the indicators. What are the indicators of suspicious activity? And how have they evolved over time? So, if you're to ask me, based on my background and before Kroll, really looking at the evolution of the threats and how they're impacting campus safety and security. I think 20 years ago, before 9/11, and then 20 years after, it really looks very different, the threat environment. The school shootings, active shooters, cyberattacks, terrorist attacks, and then you're also dealing with a university like Stevens, where there's a very large city with New York City across the river and Hoboken over there.”

“You've got multifaceted issues with identifying criminal trends and the evolution of the threats that might impact each university. I think from a university perspective, the most valuable part of it, is understanding the evolution of these threats and really being on top of what the government's pushing out. Whether, it be from the National Counter-Terrorism Center, from Department of Homeland Security, from the FBI. What are they pushing out, that we could, at the campus security level, consume, aggregate and then actually analyze and tell a story to key decision-makers? But, with regards to all that evolution, I mean, I can't speak to the cyber thing, because we've got Tim Gallagher on here, who's the subject-matter expert on that. From multifaceted techniques, tactics and procedures of terrorism and regular criminal events. I really think, that just keeping up to speed on those indicators of what would be consistent of an attack, or suspicious for reporting, is just incredibly vital. Tim, from the cyber perspective, would you agree with what I'm saying there from your days in the FBI and what're doing now with Kroll?” – Chris Palmadesso

Cyber Threats on College Campuses

“Yeah, saw it off from both sides. From the FBI side, as well as from where I am at Kroll right now. Obviously, the cyber threat is 24/7 and it's global in nature. And the same way bad actors online, are looking to attack Fortune 500 companies, they're looking to attack universities as well. And why is that? Colleges and universities are aggregators of data, aggregators of research. And sometimes, you have a hospital on campus as well, and it's just an opportunity for bad actors to target a victim, who they can threaten through a sense of urgency, like looking to make a demand for money, or looking to hold data hostage, because it's absolutely integral to the operation of the university, that they have the data. So, that's where the bad actors are going, they're looking to lock up that data, or to extort money to get it back up and running again.”

“Combating this cyber threat on your campus, there are some best practices that you can follow. Number one, I'd have to say patching and updating. There's vulnerabilities in software, which come to light from time to time, which the bad actors know about and they'll know that if there's a back door into a software program, they'll try and get into it and exploit the opening and wreak havoc on your system, on your cyber network at your college. Multifactor authentication, just putting another step into the process, where a code is sent to your phone when you log in. Another step in the process, I realize that it slows things down, but really, it does wonders for locking down your cyber system. And then, backing up your data, in the event that you do get hit, that there is a cyberattack, we can work with you to restore your system to where it was, based upon the data that's been stored in a manner that can be utilized in the remediation process.” – Timothy Gallagher

Stevens was hit several years back and there were some folks who did not back up their data as they should have and learned the hard way. But, everything you mentioned, I mean, that's something best practice, our IT and cyber folks are on that, securing certificate-based Wi-Fi access systems and the multifactor authentication. These are all things that we have in play. One of the other resources that have been offered to any Stevens community member is free antivirus software for their personal devices as well.” – Robert DiGenova

Preparing for Unpredictable Threats

“I'd like to amplify one of the things that Chris said, regarding picking up on red flag indicators of potential violence. It's important, especially in the campus environment, to know that threats can present in unpredictable ways and these red flag indicators that we talk about, may be very, very subtle. There's so many threat vectors out there and valuable threat intelligence can come in from just about anywhere. The important part going into these types of engagements, is having the sophistication of knowing where to look, gathering that information, so that trained threat management professionals can connect the dots and assess for additional needs and assess for trends. Trends can present in weird places, but if you take the time to look, and some organizations have the ability and the bandwidth to do this internally, some need help from a third party. However, it gets done, collecting that raw intelligence, collating it and fully assessing it, is critical. If we can identify early on what's called the pathway to violence, that somebody is prepared for and is indicating their willingness to commit violence, early intervention is always best and oftentimes that utilizes far fewer resources.” – Matthew Dumpert

“It goes down to that preparation and training and the, what if? Because, if you are planning and discussing the, what if? And studying prior cases and doing after action reports, that we do for every incident here at Stevens and including some of the cyber-related incidents we've had, you develop a plan, so that next time, that you're prepared to handle it as best you can. And going back to the whole interdisciplinary behavioral threat assessment approach that, if there are threats, if we hear somebody talking about potential, whatever the threat is, the cyber end, we have a very vibrant cyber security team, so we're going to be tapping into their resources to see what we can glean from that and obviously our county, local state, federal partners as well, to get access to any communications that are being sent. So, hopefully, we can get ahead of it and take the steps necessary to stop any threats, or like I said, a lot of times it goes back to mental health and young adults that just need that type of help, where somebody needs to intervene at that right time.”

“The crucial thing is to get to that, before the person acts out. And that's something that we're very conscious of and aware of and do our best to put ourselves in the best position we can to be successful, to have successful outcomes. And that successful outcome is nothing happening and nobody knows, it's just another day for everybody that's walking around campus, or in Hoboken and that's the goal every day.” – Robert DiGenova

“When there could have been something else. When there could have been something that really you guys nipped in the butt, because of planning. It almost sounds like, Stevens is capable of approaching their plans, dusting off their plans and adjusting them to the current threat environment. And that's what I'm hearing and that's what I see at your university, that's wonderful. Matt had mentioned the third-party review of plans and policies. I mean, that is a very important aspect. If you don't have the capability like Stevens has, to look at those plans, dust them off and update them to the current environment, then you know what? You're going to have a lot of students unfortunately, looking and worried about the risk that might be involved. I mean, worried about going to school. I mean, that's essentially what you're trying to mitigate, in terms of threat, is just you should be in a safe environment and your team needs to be equipped with modern plans and sophisticated methodologies to respond to any an event.” – Chris Palmadesso

A Multidisciplinary Approach to Threat Management

“Robert, can I put you on the spot? You mentioned the multidisciplinary approach. I think, I know the answer to this, but when you talk about a campus environment, you've got a lot of people of a lot of different developmental levels, you've got a lot of changes going on, sociologically, psychologically, within the person, within the group, within the university. What other types of departments are you leaning on for information? In the business side of things, at the corporate element, we're looking at multidisciplinary teams comprised of a cross section of our client base. We do the same thing at higher education. But, I'm interested for you and your team at Stevens, recognizing all the different pressures that your students and your faculty and your staff are under. Who else is contributing to this conversation and getting you the information that you need? And who are you providing that to, as well? What's the multidisciplinary team look like for you?” – Matthew Dumpert

“Thank you for asking that because it is a good question. And I think, it shows that we're doing our best to cover all angles. It starts with our student affairs, deans and administrators there who have a good sense of what's going on in a typical student's life. You also have our council, we have our CAPS team, which is our counseling and psychological services that are seeing students regularly who may be experiencing different challenges, different levels of challenge, and they're bound to secrecy unless there's a potential threat. We have our folks, that deal with the graduate students, that's a whole different population and they're aware of individuals having different difficulties. Oftentimes, there's incidents that are not police-reportable, but that are being handled from an administrative end. And again, whether that's the undergraduate staff, whether it's the graduate-level staff.”

“So, those people are key to a discussion about a particular individual, because what we find more oftentimes than not, is this person has come on the radar before for something else. Where they've had to intercede on the student's behalf, that maybe having a difficulty, maybe there's a problem at home, or whatever the issue is. Maybe, the student's a victim of some sort, that was not police-reportable, but has to be reported through the school. So, when we start these conversations with these folks, they're often telling us about situations and incidents that have not been police-reported, that we don't know about. That will quickly help for us to get a pretty good understanding of, ‘Okay, this gives us some context.’”

“That, we can look at things maybe more from an investigative safety concern, while we know that the student's best interests are still being taken care of by the school administrators and the counselors that are involved. And from that team approach, that's where we develop a game plan. And again, safety first and making sure that our campus and everybody here, the Stevens community, is safe. That's our first priority. But, at the same time we're also looking out for the student who may be in crisis.” – Robert DiGenova

“You brought up such an important point, that I want to highlight for our listeners, who might not be familiar with the threat management space. And that's the notion of police-reportable. So much of the work that gets done in the threat management space are those things that fall below the threshold of criminality, right? It's not yet prudent to call the police, we haven't connected all the dots. Violence is not imminent. The goal of threat management is to identify that there may be an issue percolating, that somebody has an underlying grievance and that there may be some indicators that violence may be planned. And it's a very soft science, but it's very important to highlight for our listeners that so much of the work that we do is in identifying these things, assessing the potential for violence, devising mitigation strategies and mitigation plans, so that we never have to call the police. That option is always, always, always there and should always be used if violence is imminent. But, it's so important to highlight what you brought up and that's being police-reportable and all the work that gets done prior to crossing that threshold.” – Matthew Dumpert

“Are there any last-minute things that you guys want to get across to our listener?” – Jeff Kernohan

“On the cyber threat, I really appreciate the opportunity to speak about how we can integrate with the campus security force and the police. However, when we come onto the campus, ways that we can help out, something we can do, is work on endpoint detection. This is a trip-wire that we're able to put in, through software, onto computers throughout the university campus. This way, when foreign actors, or threat actors, even domestically, try and get into your system, that it sets off an alarm, "Hey, this person should not be on your system." And pings back to a SOC, to a center, to give an early warning system. And that's the type of thing that we work with universities on. And then, also, Bobby mentioned before, doing drills, tabletop exercises, is something that we definitely work with on college campuses.”

“And the best part about that, is that, as Bobby talked about, cyber being a team sport, this is where we're able to integrate in the entire response, to a cyber incident. We're bringing everybody in, having that response plan that you wrote. So, we tell all of our campuses, "Have a plan, test the plan, try and break the plan." That's exactly what we try and do. You have your cyber response plan, we'll do a tabletop, bring everybody into the room, get together. And then, as it starts to unwind, you start to look around the room and realize, "Wow, wait a minute, there are people who are not here, who need to be here. Different aspects of our campus security apparatus that aren't here." And every time you do it, you'll learn from it. The plane gets that much tighter. And that's something that we enjoy working with universities on, to help lock their IT network.” – Timothy Gallagher

“And I think that, you go back to training again, where the, what if? And all the different scenarios. And when you vet all that through and you include everybody at the table that belongs to be there, during your tabletop exercises. When it's actually "Showtime," the game ends up being at a slower pace, where you're able to understand and make good decisions, because you've done this already, but you've done it in the training setting, that has you ready for the actual event. And I can't emphasize the importance of that aspect enough, in doing what we're all talking about and what we do when we strive to do on a day-to-day basis” – Robert DiGenova

“And just to piggyback on what Tim said, so much is done in the proactive space of threat management and goes unrecognized and unnoticed by the vast majority of campus and higher learning populations. And there's no time like the present. We don't know when the next manifestation of violence is going to happen. And we're constantly working with our clients to be proactive in nature and like Tim said, doing the tabletop exercises, reviewing policies and procedures, reviewing operating procedures, and looking for those holes, looking for those gaps and proactively plugging them. That, to me, is the most important part. And the work that we do with our clients in that space, to me is incredibly gratifying. So, I'm really happy to be able to share this with our listeners today.” – Matthew Dumpert


Talk to a Kroll Expert

Kroll is ready to help, 24/7. Use the links on this page to explore our services further or speak to a Kroll security risk management expert today via our contact page. 

Sector and Industry Specific Services

Kroll experts provide security services tailored to the needs and specific contexts of diverse industries.

Business Continuity, Resilience and Disaster Preparedness

In today’s fast-paced world, disruptions can happen anytime. Kroll’s full suite of business continuity, resiliency and disaster preparedness capabilities is designed to prepare your enterprise for unexpected risks and maintain competitiveness throughout the full lifecycle of any disruption.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Webinar Replay | Active Assailant Preparedness Webinar with Security and Risk Management Experts

Webinar Replay | Active Assailant Preparedness with Security and Risk Management Experts

Webinar replay on proactively identifying, preparing for and responding to active assailant threats in the workplace, hosted by Kroll Security Risk Management Managing Directors and Crisp, a Kroll business.

Know more