In March 1829, the White House in Washington, DC was opened to the public for the first post-inaugural reception of President Andrew Jackson – who quickly left an immense and increasingly inebriated crowd by slipping out a back entrance. A letter from Margaret Bayard Smith to a friend provides an eye-witness account:
“What a scene did we witness! … No arrangements had been made, no police officers placed on duty and the whole house had been inundated by the rabble mob … Cut glass and china to the amount of several thousand dollars had been broken in the struggle to get the refreshments, punch and other articles had been carried out in tubs and buckets … Ladies fainted, men were seen with bloody noses, and such a scene of confusion took place as is impossible to describe … This concourse had not been anticipated, and therefore not provided against.”
Fast forward to late 2014. In November, my college-age son took advantage of an opportunity to visit the White House with a small group of classmates. Two months earlier, Omar Gonzalez had taken his own opportunity to visit the White House – by scaling the fence, traversing the lawn, entering through the front door, and walking through the interior before being subdued. These two modern-day visits to the White House provide an interesting glimpse into current practices, both good and bad, in physical security – and demonstrate that even 185 years later not all contingencies are always anticipated, or provided against.
What a college student had to do to visit the White House, as experienced by my son:
- Obtain an invitation from someone who had already been approved for access to the White House – i.e., you have to have an “in”
- Provide his name, address, date of birth, and social security number to the Secret Service at least one week prior to the visit – i.e., for pre-visit screening
- Be accompanied at all times by the host, with their access credentials
- Pass one at a time through two checkpoints, where government-issued identification (e.g., a driver’s license) was cross-referenced with the pre-approved list of visitors for that day
- Pass one at a time through a room to be “inspected” by a trained canine
- Pass one at a time through airport-style security – i.e., a body scanner, and a belongings scanner
- Refrain from texting or taking photographs while inside the premises – and in fact, his attempt to sneak a selfie with a portrait of Ronald Reagan was swiftly shut down
How Omar Gonzalez was able to visit the White House, according to the Department of Homeland Security Report on the White House Incursion Incident of September 19, 2014:
- Although Gonzalez was recognized from previous incidents with the Secret Service, officers did not engage him or notify the operations center because at the time he was not exhibiting any unusual behavior
- An officer announced over his portable radio that someone had jumped the fence, but did not make any additional broadcasts because he did not want to talk over other responders
- Gonzalez climbed the fence in a section where an ornamental spike (a “trident”) was missing
- An officer in the operations center, based on the alarms that had been set off by Gonzalez, announced over the radio that a jumper had entered the grounds – but did not have the capability to override normal radio traffic, and his transmission was not broadcast to officers inside the White House; he did not make additional transmissions because he wanted to keep the frequency clear for other responders
- Other officers did not see Gonzalez as he climbed over the fence, because their view was obstructed by a construction project
- Two armed officers ran towards Gonzalez within seconds after he climbed the fence, but they determined that he appeared to be unarmed and that the use of lethal force was inappropriate
- Gonzalez evaded the two armed officers by entering the bushes, which surprised the officers because they believed the bushes to be too thick to be passable
- An officer stationed on the North Lawn with an attack dog did not realize that an intruder had made it over the fence, because he was sitting in his van talking on his personal cellphone; he did not have his radio earpiece in, and had left his second tactical radio in his locker
- After giving Gonzalez the required verbal warning about the canine, the officer commanded the canine to apprehend Gonzalez, but by then Gonzalez had passed through the bushes
- Another officer on the grounds had trouble seeing Gonzalez, because his view was obstructed by bushes
- An armed officer stationed outside the North Portico doors ordered Gonzalez to get down, but did not see an indication that Gonzalez was armed or presented a threat that warranted the use of lethal force
- The armed officer mistakenly assumed that the North Portico doors were locked, and that Gonzalez was trapped – but Gonzalez entered through the unlocked doors
- The communication system by the North Portico entrance had been muted, and the officer stationed inside attempted to lock the doors but was knocked backwards by Gonzalez as he barged in
- This officer tried twice to take down Gonzalez physically, but was unable to do so because of the disparity in size between them; she attempted to grab her baton but mistakenly grabbed her flashlight; she then drew her firearm and gave Gonzalez verbal commands, which he ignored
- An officer inside the White House managed to take Gonzalez down, assisted by two other officers who responded to the noise after just completing their shifts on a lower floor
- Several officers outside the White House, who were unfamiliar with the layout of the building, waited to line up in a tactical formation before entering, by which time Gonzalez had already been subdued
You should read the DHS report for more detail, but this provides a basic outline of the many deficiencies in training, communications systems, real-time decisions by staff, and use of pre-incident intelligence about Gonzalez in the response to the incident of September 19. Perhaps not quite the “scene of confusion as is impossible to describe” that occurred in 1829, but a scene of considerable confusion nonetheless.
I’ll admit to being a novice in matters of physical security – but it seems to me that regular testing of any physical security plan is essential to help identify what elements work as intended, what elements don’t work as intended, what elements could be improved, what elements could be eliminated, what elements should be added to deal with issues that were not originally envisioned, and so on. Borrowing from common practice in the area of cyber security incident response, these tests or exercises would commonly include:
- Checklist reviews – responsible participants review the response plan independently, and identity any elements that they feel should be added, modified or deleted.
- Walk-throughs – responsible participants go over the response plan as a group; the additional benefit is to raise the awareness of all participants about the overall plan and their respective roles and responsibilities. This is sometimes referred to as a tabletop review, because the participants are usually gathered around a table.
- Simulations – responsible participants will execute the response plan under a specific, planned scenario; the additional benefit is the ability to test both the plan and the reaction of the participants in a “live” scenario.
The ultimate test, of course, is an actual incident – from which an honest, fact-based, post-mortem review provides invaluable insights into what needs to improve, just as the Department of Homeland Security has done.
To find out more about security incident response, check out the Aberdeen report When Your IT Hits the Fan: Why Your Organization Needs an Incident Response Capability