We've all been there, something out of the ordinary happens and we know it should be checked out - but we just don't have the time or resources to bother with it. Since it's not a direct threat, or since we're not being specifically asked to look into it, it goes to the back burner with all the other "I should check into this - someday when I have time" items.
Yesterday, we had a power failure at a major student center. Nothing was reported stolen, no criminal activity suspected or even really thought of, just the bizarre absence of power for a few hours. The high voltage guys are looking into it - but it happened yesterday and as of now there is no apparent reason for the power outage that lasted a few hours.
When looking at security, a huge factor to me is the ability to recognize potential avenues of approach or resources that can be exploited for criminal reasons. Sometimes, even though we try to cover everything in risk and threat assessments, everyday problems pop up and are excellent tests of security and safety procedure / provisions. In this specific case,convenience and basic safety were compromised, but what if a political activist was giving a lecture in the student center's theatre? What if there was a controversial art exhibit on display? What if the institution's access control head end was located on site? (it should be protected by UPS on top of generator power - but hey, not everyone knows that). These could be things at risk for all kinds of attack, ranging from harassment to physical threats to property destruction to gaining publicity. A power outage would definitely provide an avenue of approach to anyone wising to do harm.
Now, I'm not saying that we should drive ourselves and everyone crazy trying to investigate things like this as they happen... But we should have some kind ofmechanism in our operational plan to look into them. Think how beneficial it would be if it was a secondary duty for junior security supervisors, investigators or similar folks to already know that they need to be checking on anomalies. Since no criminal activity is initially on the line, it's a low pressure, real world training opportunity for the junior staff member to interact with other institutional divisions and investigate. There just needs to be a solid tracking and reporting process that can be referenced if theabnormalities turn into a trend, or if a serious vulnerability is exposed.
