A van pulled up in front of a mid-sized factory in Tampa, Fla. The driver went inside and told the receptionist he broke down and a tow truck was on its way. The factory happened to be a bomb manufacturer with Department of Defense contracts. Its staff was well-versed in security procedures. The receptionist asked for the name of the tow company and the estimated time of arrival. Then the driver left. When the reported 30 minutes had passed and no tow truck arrived, the receptionist called the tow company, who reported no scheduled pick-up at that location. Her next call was to 911.
The Tampa Police Department (TPD) was already years into a formal critical infrastructure (CI) protection program. In partnership with surrounding jurisdictions, it had prioritized thousands of assets, forged public/private relationships, and conducted hundreds of site assessments. In fact, TPD CI program managers Doug Pasley and Ray Green (both now retired) had just assessed that bomb factory two months prior, working directly with the owner. They learned the factory was located on top of a major fuel line connecting the seaport and the airport, and its neighbors included a major chemical manufacturer and natural gas facility. TPD flagged this address as a high-priority asset in its regional CI system; 911 call takers had access to this information and noted the address’s importance when the receptionist’s call was received. An expedited response revealed the van’s tag was registered to someone on a terrorist watch list and a bomb dog alerted near the van. SWAT and bomb teams were deployed and an evacuation was initiated. It was, however, the arrival of the CI program managers on scene that gave the factory owner relief. Cpl. Pasley explained that this relief came not because of power or resources, but because with their arrival the owner knew the importance of his site and its risk would be accurately communicated. Ultimately, the van’s driver was taken into custody by local police and the FBI.
While this type of CI program success story may not yet be commonplace, the case for building and maintaining a CI program certainly is evident to most public safety officials. It can be more difficult, however, to build this case to external stakeholders your program depends on. These external stakeholders may be providers of staff, data, funding, or cooperation. State and local jurisdictions have taken many paths to justify and build their programs, but a key step may be as simple as formalizing your CI program with a clear purpose statement and written set of goals or objectives. Not only will these elements add a level of structure and direction to your program, but they will likely lead to a more meaningful, credible, and sustainable program. Use simple, direct statements, write them down, and know them – be ready to easily communicate your CI program’s purpose and goals to your leadership and partners.
Some of the world’s most successful organizations understand the importance of setting goals and objectives not only to appear formal but to actually increase performance. Whether it’s Google’s use of Objectives and Key Results (OKRs) or the U.S. Navy SEALs’ use of micro-goals, these high-performing groups commit to a set of goals and aggressively work toward them.
Objectives and key results (OKR) are meant to assist a program to establish measurable, aspirational goals or objectives that can be tracked over set periods of time. The OKR framework has been around for decades, but after its adoption by Google, several other high-profile tech companies followed suit and it is now a popular tool. In short, employees set goals that align with organizational goals; goals should be challenging, transparent, and flexible. For each goal, the program or individual also sets up several measurable results that are tracked.
Navy SEALs (and former Navy SEALs) often write and speak about the importance of planning and setting goals; in addition to long-term aspirational goals, however, they also emphasize the importance of short-term, achievable goals, or micro-goals. They focus on what can be accomplished in a few hours or a few days, to ensure they are continually making forward progress. It is the attention to this combination of long-term and short-term goals that make them so successful. But regardless of type, they always have a set of clear goals in mind.
Formalizing Your Own CI Program
Step 1: Identify the purpose of your CI program.
CI programs often fall into one or more of the following purpose categories:
- Providing situational awareness
- Informing public sector decision-making
- Increasing private sector resilience
- Aiding intelligence gathering and dissemination
If you can determine with which of these (or other) categories your program aligns, you can then set goals and objectives for your program. New or under-funded programs are rarely successful when they attempt to take on too much at once. Consider defining your purpose more narrowly at first so that you can achieve concrete progress, gain credibility, and then expand incrementally. After you determine your purpose, refer to it widely and consistently.
Step 2: Form and write down goals or objectives.
If you are fortunate enough to have multiple staff in your CI program, hold a brainstorming session. Have all parties suggest goals they believe are achievable, with effort, over the next year (or some other time period you determine). Once everyone has offered all of their ideas, prioritize them. Which three or four or five do you think will have the most impact? Do you have the resources you need to achieve them? If not, what are you missing? Be specific so you can make justifiable arguments. If you are not sure where to start, the table below offers some sample goals that align with the CI program purpose statements offered in Step 1:
Step 3: Measure and Present Your Progress
At regularly set intervals, review your goals with yourself or your team (if you have one). What concrete progress have you made? Do emerging conditions require you to adjust your goals? Package this information and present it to your leadership. Begin with your clearly defined purpose. Follow this up with your set of formal goals. Explain how you set them – who was involved and why you settled on the goals you chose. Now review your progress and be specific – in 3 months we catalogued all of the public-sector buildings in our jurisdiction into a single database with their 24 hours points of contact, as well as the power plants and water plants that supply them. Now explain what remains to be done this year. End with an explanation of the additional concrete progress you can make with additional resources – again, be specific. With one additional staff dedicated 50 percent to our program, we can identify the same information for private-sector assets in three sectors. With $24,000, we can build a map-based dashboard to display this information throughout the EOC and run reports on demand.
In the end, make sure you can answer these questions:
- What is the purpose of your CI program? Why does it exist?
- What are your plans for the year?
- What have you accomplished so far?
- What do you need to be even more successful?
Make sure all the members of your program are in sync and don’t be afraid to re-visit your goals as conditions change. And, very importantly, when you have a success story – no matter how big or small – share it with your partners so all parties can learn and benefit.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email HSTodayMag@gtscoalition.com. Our editorial guidelines can be found here.