The dramatic escape and recapture of three convicted terrorists from Kamiti maximum prison revealed the vulnerabilities of security programs in correctional centers in Kenya and presents us with opportunities to seal gaps in the security system so as to prevent future escapes. For security practitioners, academics and the general public three takeaway points are essential to consider. As we move into the future, identifying and attending to security systems vulnerabilities, integrating technology, procedures and people to treat security risks and embracing shared security governance will be essential to manage security risks.
Primarily, we have learnt that security systems are inherently vulnerable. Theoretical and empirical evidence in security management affirms this point and leadership as well as security practitioners are cautioned not to think otherwise. In fact, it is a fallacy that should be dispensed with for effective security management. Consistent with this mantra is the idea that a risk-led approach is a better strategy of identifying existing vulnerabilities and managing security risks. The approach enables leadership and security practitioners to reliably visualize and determine the likelihood and impact of all threats that can manifest in an organization. With this approach, security risk assessments can be conducted to establish and prioritize risk to an organization and risk profiles to an organization can be updated to reflect changing security and organizational contexts. This guarantees that the existing security regime is current and responsive to emerging and evolving threats. If applied consistently by embedding it in all units across an organization, it can deliver essential capability required to achieve an organization mission.
It is also apparent that to achieve security in high security applications environments such as prisons, over-reliance on the human component is an ancient idea. The integration of technology, people and procedures, known as physical protection system is a more effective and efficient security system. With clear security objectives as informed by the outcomes of a thorough security risk assessment, a physical protection system should easily detect, delay and respond to adversarial attacks.
Security personnel perform extremely well in some security functions such as assessment, an act of determining the cause of an alarm and appropriate course of action. However, evidence indicates that human beings perform poorly in other security functions such as detection and as such, technology should be integrated with the human component to drive security. Additionally, delay and response functions are better accomplished by finding the right tradeoffs among procedures, people and technology. In addition, depending on how the human component is integrated, human beings can either be the strongest or weakest link in a security risk management program. Thus, inducing the right mix between technology and people should accomplish security objectives in a more effective and efficient manner.
Finally, the role played by the community and multi-agency team to rearrest the Kamiti trio is indicative of the fact that, today’s security problems are too way complex to be handled by one agency. Future security problems will be better handled by leveraging knowledge, skills, expertise, experience, technology and input of a collage of agencies, experts, academics and communities. This generally reflects that idea that security is multi-faceted and diverse in practice. Thus, let us strive to develop a national security risk management framework that is all encompassing. In the words of Sir Robert Peel, the police are the community and the community is the police.
As is the custom in security management, let us take lessons from this prison escape by conducting a root cause analysis. This way, appropriate improvements can be made to guarantee an effective and efficient security program in the future. Besides, today’s security practices have been informed by past security incidents.
Dr. Mwai Kariuki
Security Risk Management Consultant