UPDATE: New FOIA Requests Are Updated!!!

Sooo, I'm kind of back on my Freedom of Information Act "grind". This time, I've grown curious about how Reedy Creek Improvement District aka Disney World interacts with law enforcement. I've heard various reports that most law enforcement-related dispatches are relayed through Florida Highway Patrol and Orange County. I'm less curious about shoplifting dispatches (I'm surely, mostly klepto-tourists seeking crimes of opportunity) and more curious about the more serious incidents that either go reported in the media or that don't.

Here are snippets of the new requests so far:

Title of Request	Agency	Date Submitted
FHP Emergency Dispatches	FHP	11/19/2016
Orange County Emergency Dispatches	Orange County Sheriff’s Office	11/19/2016
Disney LEA Mutual Aid	Reedy Creek Improvement District	11/19/2016

I'll keep you posted should something more concrete develop. The plan is to write a piece on what I find in the FOIA documents to give more a robust picture of Disney's security via publicly available information. If anything, I'm sure there will be a number of interesting data points to be discussed in the replies.

As always, the best place to keep up-to-date on any FOIA requests I do is here or the link above. Also, Muckrock is an AWESOME place to discover not just my requests but other people's as well. If you see anything noteworthy in my requests, please feel free to reach me via the "Contact Me" link above.

Why Murder-By-Semi-Truck Could Be A Thing You Need To Mitigate

I'm not an alarmist. Or at least, I try not to be. Personally, I prefer a rather "Vulcan" approach to many things in security. As the youngsters say, "Logic rules everything around me." Actually, that may not be the "exact" wording but you get the drift. That said, I do have a fair amount of "Holy sh*t!" moments. While reading Rumiyah #3 (An English-language e-magazine for ISIL) and coming up on their murder-by-semi-truck tutorial, I tried to suppress having such a moment. I succeeded, mostly because I realize the tutorial was somewhat incomplete from a tactical perspective. That's not to say the message isn't effective or wouldn't possibly motivate ISIL members to strike. I see its inclusion as both for propaganda and potential triggering for an upcoming attack.

Oh, you read that whole "murder-by-semi-truck" bit correctly. Here's what they actually said - "Though being an essential part of modern life, very few actually comprehend the deadly and destructive capability of the motor vehicle and its capacity of reaping large numbers of casualties if used in a premeditated manner. This was superbly demonstrated in the attack launched by the brother Mohamed Lahouaiej-Bouhlel who, while traveling at the speed of approximately 90 kilometers per hour, plowed his 19-ton load-bearing truck into crowds celebrating Bastille Day in Nice, France, harvesting through his attack the slaughter of 86 Crusader citizens and injuring 434 more."

There's a lot we, as security professionals, can glean from this. Have no worries, I won't be divulging "state secrets" or imparting tactical clues. There are merely my observations. Take them for what they're worth, as your mileage could very well vary.

1. Large vehicles are vogue for jihadis still. In fact, one of the key criteria they attribute for an "ideal vehicle is a "load-bearing truck". Even though, speed and "controllability" are also highly desirable, they suggest operators steer clear of SUV's and small cars. Obviously, they're looking for something that can handle a lot of weight.
2. The Nice attack is seen as successful. Notice the vehicle should have "double-wheels" because it gives "victims less of a chance to escape being crushed by the vehicle's tires". Also, I noticed the inclusion of having a secondary weapon as a means of ensuring additional casualties and "increasing terror". Pretty telling.
3. Crowd mitigation is really freaking important, stupid. Look, folks. I know I harp on this a lot. I get it. I do. But they pretty much say it - "In general, one should consider any outdoor attraction that draws large crowds." Notice the bit about crowds.
   

   

   Image include in Rumiyah #3. Notice the large crowd. Just saying.

4. Attribution is really freaking important, stupid. The last few ISIL-related attacks (either by the group or attributed by them) have included language using the phrase "soldier of the Islamic State". Almost every attack committed by a Western-based attacker who hasn't gone to Syria, ISIL has claimed responsibility using this phrase. So no surprise here when you see it in Rumiyah #3 - "I am a soldier of the Islamic Sate!" Why do they do this? To sum it up - they're a holy anointed apocalyptic cult whose proximity to Allah can only determined by their ability to seemingly kill at will. If that's not clear enough, they do it for street cred. You gotta have bodies to make it in the terror game, folks.
5. Large crowd size does not always equate to certain specific targets. Located in the fine print was this gem - "All so-called “civilian” (and low-security) parades and gatherings are fair game and more devastating to Crusader nations." If you're a security professional who has to mitigate threats to a parade route but you're not in New York, you may assume you're in the clear. Yeah, you're dead wrong about that. It's about the casualty count. If your parade route could have a large number of people along it with limited egress points and insecure access control to the street, you could be in the same boat, if not worse than New York. As I always say - it's not a matter of IF but WHEN. Mark my words. Be vigilant.
6. It's not just about parades, stupid. What other "targets" are they looking at? Glad you asked. ISIL says "Outdoor markets, festivals, parades, political rallies (We got any of these coming up soon? Asking for a friend.), large outdoor conventions and celebrations (Got any tree-lighting ceremonies?), and pedestrian-congested streets (High/Main streets)" are all legit targets. Yep. Here comes your "Oh sh*t" moment. Stop it. Relax. Now, go mitigate.
7. Fail to take this kind of attack seriously, at your peril. Let me put it bluntly. Nope, let me just leave what they said here - "The method of such an attack is that a vehicle is plunged at a high speed into a large congregation of kuffar, smashing their bodies with the vehicle’s strong outer frame, while advancing forward – crushing their heads, torsos, and limbs under the vehicle’s wheels and chassis – and leaving behind a trail of carnage."

Vehicle Assaults in Terrorist Attacks
Create bar charts

Product Review: Sighthound

One of the first topic areas that caught my eye was video analytics. As a video surveillance monitor for a lot of my career in physical security, I felt I had a good grasp on why most surveillance systems fail to detect bad guys as much as they should. If you're a physical security professional, you know where that weak link is as well - the monitors. Yup. It took me less than six months looking at video screens most of my day to understand most irregular events fail to go noticed or are properly assessed. This happens for a variety of reasons:

• Monitor fatigue. This happens when a monitor stares at a screen for too long and either falls asleep or becomes easily distracted. We're humans and no one likes gazing at an empty parking lot for hours on end. So, the mind begins to wonder and bad things can happen. If you'd like to learn more about monitor fatigue, this is a great resource. - https://en.wikipedia.org/wiki/Alarm_fatigue (I know it's Wikipedia but as a primer, it's not too shabby)
• Monitors are expected to recognize irregular events in a huge ocean of regular benign events. That parking lot I mentioned before could have 400 cars in it and thousands of people coming and going. If mixed in with benign events, irregular events can appear to be okay and fit with the norm. This explains why some folks can get robbed right in front of a camera and no one notice.
• There are too many "rules" to remember and act upon on too many feeds for a single monitor. Sometimes, with human monitors, too much video is just as bad as driving into someone else's headlights.

Where else are all these problems more demonstrative than in a home security environment? I have friends who have 6 or more cameras on a home and they call themselves "monitoring" those feeds constantly. No, you're not. What I find most often is the direct opposite - they're monitoring one or two cameras, maybe. The others go either unwatched or constantly recording over each other. So what's the solution to ensure all the feeds are being monitored and reporting and recording events as they occur?

Sighthound is a software application that acts as a monitoring platform with an embedded analytics package. You can not only monitor your feeds from various cameras but you can also have those feeds report only when "rules" are broken which include:

• A person entering a zone.
• Someone leaving a zone.
• Motion inside a zone.

The feeds can be viewed remotely. You have to pay for that feature, though, there is a trial version which includes this for 14 days. Given recent issues with Internet of Things being exploited for DDOS attacks, I highly recommend changing whatever default passwords that are on your cameras, ensuring the firewall on your router is working, and updating the firmware on the device. If you can run a scan to see what ports are open on your machine using the scanner at https://iotscanner.bullguard.com and close them, if possible. Also, check out routing the camera through a DNS provider like DynDNS.

I digress. While you can have the software email you or send a notification to the smartphone app, you can also have it do a myriad of options through IFTTT. The possibilities are almost endless from there. Oh and perhaps the most creative option and one I particularly like is the ability to execute a command should an event be triggered. For example, you could set it to send you a snapshot of the event and then shutdown your computer. Why is that cool? If your PC is full-disk encrypted, then you have just ensured a key mitigation piece is activated. You also have a picture or video of the event and can determine if you need to respond further.

What I like most about Sighthound is how quickly it responds to events. Almost 5 or 10 seconds after an event, I received a notification of the event and was able to view a snapshot. That's pretty cool when you consider how costly an enterprise system can be offering the same service.

There are some things I'd like to see it offer in the future:

• Security options. I'd like to password protect my remote feeds. This maybe here already and I just missed it. If so, I feel like this is kind of an understated feature.
• More event triggers. It covers the basics but I'd like to see triggers for things noise detection with those cameras that offer audio in their feeds.
• Possibly some interoperability with other devices. I'd love it if it could network with other sensors through the home and capture those events as well. Some proprietary device systems already do this but I'd like to see something that would allow me to work with events involving a smoke detector and my camera.

Overall, I THOROUGHLY love Sighthound. It has tremendous potential and is extremely affordable. I hope this is a new movement within the home security surveillance sector. I'd like to see less machines that can't or won't cooperate with other devices to successfully mitigate potentially dangerous events. It isn't perfect but I find it is certainly a great step in that direction.

As of now, I haven't reached out to the Sighthound team for an interview. I will soon, though. I'd love to hear what more they have to offer.

If you know of any other physical security applications or devices you'd like me to review, contact me via the "Contact Me" link above.