2022 Predictions: Q&A with Juliette Kayyem
We sat down with advisory board member Juliette Kayyem to talk about safety, returning to public events, and the role technology plays in providing security as crowds return to public venues.
As background, Juliette is as a national leader in America’s homeland security efforts across government, academia, journalism, and the private sector. She is a professor at Harvard’s Kennedy School of Government, where she is the Faculty Director of the Homeland Security Project and Security and Global Health Project.
She presently serves as a CNN National Security Analyst as well as CEO of Grip Mobility, a technology company looking to provide transparency in the rideshare industry. Juliette has spent more than 20 years managing complex policy initiatives and organizing government responses to major crises in both state and federal government. Most recently, Juliette was President Obama’s Assistant Secretary for Intergovernmental Affairs at the Department of Homeland Security.
Juliette is the founder and primary consultant of Kayyem Solutions, LLC. Her team provides strategic and operational advice in resiliency planning, risk management, mega-event security, infrastructure protection, and cybersecurity. These companies have included AirBnB, Zemcar, UPS’ Americans for Securing All Packages, CyPhy, Evolv Technology, as well as numerous financial, educational, and retail clients where she provides advice and training. Kayyem is the author of Security Mom, a memoir that explores the intersection, and commonalities, of her life in homeland security and as a mother. Her upcoming book, The Devil Never Sleeps will be published in March 2022.
Q. What do you think will change in the security industry over the next 12 months?
A. When I think about security, it’s really about secure flow. It can be about the secure flow of networks, goods or people, for example. Everybody wants security, but you also have to let people be together. The faster and more reliably you can do that, the more security becomes integrated into how we want to live.
Over the next 12 months, I believe there will be a growing acceptance of risk mitigation. For a long time, we deluded ourselves into thinking that risk elimination was possible, yet this is not really how security professionals think of things. Instead, you want a variety of efforts to minimize risk in a world that’s always going to have risk. For example, consider COVID-19. Even if you’re vaccinated, there are lots of other actions you’re going to take depending on risk factors such as being immunocompromised or around others that aren’t vaccinated.
There’s also a certain level of risk when you go to concerts and events. It’s not just COVID-19, there’s also the risk of active shooters and the potential for a climate event such as a big wind or flash flood. This is why it’s really important that we view ourselves as mobile and become more comfortable with a variety of tactics and techniques that will minimize risk as we get together again, especially in crowds.
Q. Due to COVID-19 and the rise in mass shootings, what do you think Americans are willing to do now to enter public places?
A. As security has changed over the years, Americans have become more sophisticated about it. Making places safer is part of a network of things going on where a sophisticated event host or entity uses a variety of tools and resources to ensure a safer environment. It’s not just one tool, it takes a toolbox to mitigate security risks. Yet sometimes the way we talk about security is a binary notion of safe or unsafe. The popular discourse on the topic has been to commercialize fear. While there’s no perfectly safe place, we have an obligation to make it safer to go to public places and I think the American public gets that.
Q. In terms of the public’s willingness to go through a screening process, where do their attitudes about technology converge and where do they diverge?
A. What you have to keep in mind is that security was built to keep the public from conveniently moving from point A to point B. Whether it’s traditional surveillance, cargo, or a security review that requires a driver’s license for a person to enter a building, these protocols exist precisely for inconvenience.
Technology will converge with the American desire for convenience, speed, and flow. And that’s not a bad thing as long it’s part of a risk reduction philosophy. In that way, technology is going to make security more integrated into the fabric of how we want to live rather than a nuisance.
Where they diverge is in privacy. Thinking about what it means to live in today’s world with this much information can be worrisome. Technology is trying to do things to protect our identities, but I think there’s a certain amount of discomfort about where technology is taking over privacy. Much of it is simply generational as even my kids sort of laugh at the idea of privacy. Nothing is private anymore!
Q: Do you believe over the next 12 months that we’ll see adoption over hesitancy when it comes to prioritizing physical security?
A. I hope so. I’ve been working in security my whole career, and one of my biggest fears is that there’s still a separation between cybersecurity efforts and physical security efforts. The thought that the security threats either go after the wires or they go after the people is jaw dropping.
As we saw with the Colonial Pipeline incident earlier this year, a cyberattack is going to have physical consequences and we have to be prepared for that. Since no single piece of technology is going to stop all bad things from happening, we have to get better at what is known in the security industry as “all hazards planning.”
In some ways, COVID-19 may have the potential to drive this. Since we have all become so dependent on our networks there’s a growing realization that we can’t bifurcate network security from physical security.
Q: Do you think there’s a frustration in the industry that physical and cybersecurity have not yet converged? If so, do you see it happening?
A: Yes, I think the market is demanding the convergence. We’ve had major hacks such as Sony and Solar Winds and most of the time it was about stealing information. Going back to the Colonial Pipeline incident, I think we’ll look back on it as a pivotal point in thinking about response capacity. If you remember, once it was determined to be a ransomware attack, Colonial’s only option was to shut down its entire system for six days. Prior to that, they never seemed to contemplate that an attack on the wires would have physical consequences.
I also think that company boards and insurers are demanding the convergence of physical and cybersecurity and we’re seeing more of it. Also, customers and employees will start to demand it. In my consulting work, companies have been instituting new security mandates and discovering just how much employees want it. When these companies increased their security, recruitment efforts improved significantly. For example, at United Airlines, once they instituted new safety mandates, they received 20,000 applications for approximately 2,000 flight attendant positions.
Q: We talked about security progression over the past year, do you think we’ll see any regression?
A: I think we’re going to regress as more people get together in person. When we’re together, there’s inevitably more risk. As venues fully open, there’s a risk in dropping our pandemic behaviors such as wearing a mask. During the pandemic, we didn’t see a drop off in gun violence, but we did see a drop off in other kinds of threats. It’s these types of threats that make us realize that we might not be as safe as we could be.
Q: How can we facilitate action without a lack of policy? Is it the responsibility of the businesses?
A: The experience of feeling safer is something we should capitalize on even if the government is not demanding it. Yet if a place becomes too much of a hassle to get into, people stop going. And if it feels too vulnerable, people also stop going, as demonstrated by Evolv’s recent research. It is a fine line, but there are ways to find the sweet spot and have a market deferential. For example, technology like Evolv’s is customer friendly and we’re seeing the market demand for it.
Q: Has COVID-19 changed the security threats that we currently face? If so, how?
A: I think the pandemic has made us less safe in tactical ways. The reliance on the Internet and technology to communicate is a vulnerability that we didn’t have before. And some of the consequences of frustration and isolation through COVID-19 has led to a lack of goodwill as tension and violence increase.
On a larger geopolitical scale, COVID-19 has made us more vulnerable because of our inability to respond adequately for large portions of it and this impacts how we’re perceived by the world. It’s an irony that while the United States still remains a dream and vision for the world, particularly our immigrants, we are fragile in the context of COVID-19 and January 6, for example.
Q. Are there specific domestic or international issues we should be keeping our eyes on that impact safety?
A: I do worry about the lack of common respect for the Constitution. If you scratch the surface of our politics today, it feels like violence is right there. That concerns me as a security specialist because of the potential for radicalization, the use of weapons, and the vulnerabilities of our public officials. This is something we have not addressed adequately. While we have addressed the political and legal fights, they aren’t actually about violence and the threat of violence in our society.
Despite all this, what gives me hope is that 77% of all eligible Americans are now vaccinated. The vast majority of Americans still think about their responsibility to each other and this makes me happy.
To read more about Juliette, visit her website and follow her on Twitter.