Shortly before January 6th, we released a post about some of the preparations that should be made ahead of the obvious and widespread intelligence that protests would most likely go awry and create the potential for violence and disruption. In fact, we reported the potential for violence at over 85% probability. There was very little ambiguity as to the nature of the threats and they were fairly localized across time and space.

So how does what happened in DC on January 6th happen? It’s a combination of poor intelligence, poor reaction to intelligence, and continued adherence to “reactive” security approaches. The subsequent massing of tens of thousands of national guard troops leading up to inauguration only makes the decision makers look more foolish and incompetent.

When will security program managers finally understand the proper utilization of intelligence and data driven decision making?

No one has a crystal ball and those that claim to be able to predict all calamities are irresponsible and fake. However, there are times when overwhelming evidence exists for the high probability of threats to manifest and cause the resulting risk to skyrocket.

The US Capitol region is one of the most secure locations on this planet. There are multiple, well-funded and well-equipped agencies defending some of the most important “assets” America has. Many intelligence outlets, including internal to the government, pointed to potential plots, chatter, and possibilities of attacks and criminal activities AT the capitol building and surrounding area.

So how do the capitol police respond? They emplace some weak barriers, install a skeleton crew of security elements, and choose not to employ even slightly upgraded surveillance technologies that many F500 companies would consider basic deployments. Even if no security experts provided a 100% probability of attacks on the Capitol, at what point do decision makers take the threat and risk intelligence seriously?

Many security program managers, corporate security, physical security contractors, and C-suites are simply just “winging it.” In the face of unprecedented domestic, cyber, and other existential threats, the response to increased budgets or improvements to security coordination and programs continues to be muted. “Our margins are too small, we can’t respond to every potential threat, the optics won’t look good, we don’t have time for this, or we’ll just have to see what happens,” are common and famous last words before a crisis. “Insurance will cover it” is another.

Threats are dynamic, so treatments and preparation for these threats should also be fluid and adaptive. Static security programs will be predictable and overcome. Security programs not based on substantial planning, intelligence, and analysis are doomed and reliant on good fortune to save them. There are also significant gains to be made in resource allocation, efficiency, liability exposure, and readiness, when decision makers take shaping intelligence  and data driven support seriously. We must look inward and outward to fully understand what we are up against and what to do about it. The spending of hundreds of thousands or millions of dollars to “clean up” a mess or demonstrate a “show of security” after the fact, will cost much more as we see on display in the Capitol area now.