"Striving To Thwart Threats"

Title:

Friday, April 6, 2007

ENCOUNTER: AMIT GAVISH
Striving To Thwart Threats
By JENNIFER WARNER COOPER
The Hartford (CT) Courant


Amit Gavish, 30, was recently hired by the Shelton security firm SSC Inc. as senior corporate adviser for international security issues. He specializes in counterterrorism measures.

An Israeli who is in the process of becoming an American citizen, Gavish is a former deputy director of security for the office of the president of Israel.

He served from 2000 through 2004 under both former President Ezer Weizman and the current president, Moshe Katsav. (Katsav is currently on leave as the government investigates allegations that he sexually assaulted women who worked for him).

Gavish has also been a research assistant at Harvard University, where he studied Iran, Iraq, security issues in the Persian Gulf and the Arab-Israeli conflict. He said he plans to relocate from Brookline, Mass., to West Hartford next month.

AMIT GAVISH is senior corporate adviser for international security issues at the

security firm SSC Inc. in Shelton.

Q. Hackers have shown they can breach corporate computer security measures. TJX Companies Inc. recently said that information from at least 45 million credit and debit cards was electronically stolen. But these were thieves, not necessarily terrorists. Are corporate databases vulnerable to terrorist acts, as well?

A. With cyberterrorism, someone can hack into a system to control rails and can derail a passenger train or a train that carries hazardous materials and create an explosion in a metropolitan area without being at the scene. That's just one type of problem. Another issue in cyberterrorism is that of financing. Just as there was criminal activity involved with the TJ Maxx situation, terrorists can breach information technology systems in order to fund their operations.

Also, it is important to note what kind of corporate data is put onto a company's website that could help a terrorist. A blueprint or floor plan of a building and the names, positions and contact information of the employees can help someone who is in surveillance of that company or building.

Q. In your opinion, do businesses pay attention to the Bush administration's color-coded Homeland Security Advisory System? If so, how does a change impact their operations?

A. In my experience, most companies do not yet have an established plan for how they should enhance security in relevance to the color-coded alert system. Many businesses have plans to add more security guards or cameras, something that will feel good, but not really a good plan for what is needed in the difference between when the alert is yellow or red.

Q. Businesses with national and international dealings may have employees who depend heavily upon commercial air travel. Having provided security consulting to a major Northeast airport, would you say that American business travelers are adequately protected against the latest threats of suicide bombers and plastic explosives?

A. Terrorists are fascinated by the aviation industry and how to destroy the industry. Taking down financial institutions and adversely impacting the economics of the U.S. is a goal, and one way to do this is by attacking the aviation system. The issue is how the Transportation Security Administration is dealing with the threat. I think they moved forward significantly after 9/11, but they are not in the place where they are supposed to be, where they can effectively counter the contemporary threats of terrorists. They heavily focus on technology, but poorly train their screeners.

Security is built with three major pillars: technology, the human factor, and policies and procedures, and you must balance between the three. The TSA focuses on technology that can detect explosives, but really neglects the other two areas.

Q. With increased screening of employees, isn't there a danger that even companies with a commitment to equal opportunity employment might end up discriminating against employees or prospective employees based upon religion, ethnicity or country of origin?

A. I don't see a danger of that. There are misconceptions there about profiling.

People talk about Israel using profiling as a system of security. There is a general misconception because we generally don't profile people based on ethnicity or religion; we profile them based on the potential threat that they present. When Israel had a Belgian woman suicide bomber, for example, we did not profile Belgians. You can't do that. But in America, after the bombing of the U.S.S. Cole, you looked for Yemenese. After 9/11, Saudis.

Q. In a study completed in January by Princeton University, 70 percent of those polled felt that "occasional acts of terrorism will be a part of life in the future." Do you agree?

A. Yes.

Q. Do you think that fear has helped develop a new type of security consulting business in the U.S.?

A. In general, the business has changed a lot since 9/11, and was initially very active, but it dropped down again over the past two years, largely because of the fact that nothing has happened and businesses have been spending their money in other areas.

If we are trying to assess how real the threat of terrorism is in the U.S. today, we have to look at [terrorists'] capabilities, motivations and intentions and see if those have changed.

We definitely see no change in capabilities since 9/11. Al-Qaida has been hurt a little bit as an organization, but we are facing more al-Qaida-affiliated groups and others, like Hezbollah.

The question is, has anything changed in terms of motivation or intention to harm the U.S.? Because of the war in Iraq and Afghanistan, with more hatred toward America throughout the Middle East and other countries, the motivation has actually been raised since 9/11. Most experts are talking about "when" something is going to happen, not "if."

Q. What, specifically, will you do as an SSC consultant?

A. I'll be doing risk assessments and helping clients to develop the programs to counter different threats, not just terrorism. We'll help clients install the physical pieces of security, like access control systems. We'll help them realize the importance of the human factor - their security staff - and work with them to put the right policies and procedures in place. These may be different from their existing plans. For example, most companies have an evacuation plan for fires, but not for bombing, which should take into account the possibility of secondary devices.

Terrorism is not a necessary evil that we have to live with. There are many ways that we can be proactive and focus on prevention. If we plan, test and exercise our security programs, we will be able to prevent and mitigate the threat.