Planning for the Expected – Preparing for the Unexpected

In an increasingly complex world, successful organizations and companies may well be those who will build or acquire a capacity to respond, react and recover quickly and effectively from natural or man-made hazards. In fact, resiliency may constitute a competitive advantage and a mean to sustain and pursue the mission of these organizations.

We live in a hyper connected world, where speed and interdependencies are increasing exponentially, fueled by science and technologies.[1] We are overwhelmed by the numerous sources of information and challenged in finding what is essential. This certainly makes for an exciting life, but it also creates a great deal of uncertainty. As if this was not enough, rare climatic events are increasing in frequency, while cyber and terrorist attacks are spreading over every part of the world.

Security risks cannot be totally eliminated. We are unable to predict when or where the next rare natural hazard may hit us nor are we able to thwart all terrorist attacks, such as witnessed in Paris, Brussels, Istanbul, New York, New Jersey and Ottawa. Intelligence and the crunching of big data are by far our best lines of defense but even equipped with the best available intelligence and information, our systems are breached.


In this context, security professionals must stress the importance to plan for the expected and to prepare for the unexpected, by increasing the reliability and resilience of their organization. [2] They must also be able to communicate how smart investments in security can become a source of value creation for their organizations, particularly when it enhances collaboration, coordination and improves communications.

During my career, I was confronted to a number of crisis and significant events that required a great deal of collaboration and communication within our organizations and with our numerous partners and stakeholders. These included the great ice storm of 1998, the tragedy of 9/11, the war in Iraq, the SARS epidemic, the attempted attacks on North American carriers in 2006 & 2009 and the Winter Olympics in Vancouver in 2010.

These first hand experiences have taught me that our effectiveness in responding to crisis and emergencies is invariably assessed by the speed and accuracy of our actions. We are also judged by how we make the best possible decision based on the best available information at any given time, especially at the integrated command centre (ICC).

Seeking the best available information is an important component of our decision making process, but so is the necessity to communicate and share information or guidance to all stakeholders, based on their assigned roles, responsibilities and their need to know. More and more often, this also includes conveying information to the general public, as recently exemplified in Brussels and New York, where social media messages shared with the public, eventually led the authorities to identify and arrest the suspects.


Pushing the right information to the right person in real time will empower employees and partners to make the best possible decision at their level and to accomplish the tasks that have been delegated to them, in compliance with legal requirements and corporate procedures.

As part of a collaborative and effective approach to manage such incidents, real time bidirectional communications are an essential component of an effective incident management approach. In order to understand the importance of acting rapidly and effectively, let’s take a look at two recent terrorist attacks and how quickly these events unfolded.

managing-crisis-6 managing-crisis-7



I want to stress the fact that I’m not criticizing any of the decisions made by the authorities during the management of these tragic events. I simply want to explore how decisions made under stressful and time sensitive conditions can be assisted by using new innovative technologies, that promote enhanced communication and collaboration, to “connect the dots” between events, people and dependencies.


The attack on the Canadian Parliament, 22nd October, 2014 in Ottawa:

  • At 09h50: Michael Zehaf-Bibeau shoots Corporal Nathan Cirillo at the National War Memorial, near the Canadian Parliament;
  • At 09h52:23: Bibeau accesses the Parliamentary grounds;
  • At 09h52:36: the first 911 call is placed;
  • At 09h53:16: Bibeau hijacks a car;
  • At 09h53:23: the RCMP (police) is in pursuit;
  • At 09h53:46: Bibeau enters the Central Block of the Parliament Building;
  • At 09h53:57: the exchange of gunfire between Bibeau and security officers start.
  • At 10:20 the RCMP sends a message that the NCRCC has been activated.[3]
  • These events took place within a period of 4 minutes!


A number of reports were subsequently tabled by the Canadian government to review the incident. Most of the recommendations pointed to three areas that could be improved:

  1. Operations (planning, incident management):
  2. Communications (internal & external stakeholders, public awareness) and
  3. Governance (roles, responsibilities, procedures, decision making, controls).


The attack at Brussels, 22nd of March, 2016:

  • 07h55: the 3 terrorists arrive in a taxi at the terminal;
  • 07h58: the first bomb explodes and the second bomb goes off 9 seconds later;
  • 08h20: rail transport to the terminal is halted and road to the airport are being closed;
  • 09h04: Belgium raises the terror level to its highest level;
  • 09h11: a bomb goes off in Brussels Maalbeek metro station;
  • 09h27: all public transport in Brussels is halted;
  • 11h15: Eurostar cancels its operations between Brussels and London;
  • 12h20: Facebook activates its “safety check” for parents and friends;
  • 17h30: shortly after the suspects’ photo was released, a taxi driver contacted the police to state that he had picked up three passengers in Schaerbeek.


In the case of the Brussels airport, a number of post incident reviews are also underway to see what if anything could be improved or done differently in the future. If you have been involved in such reviews, you may have noticed some commonalities in the questions that were asked and the areas probed during these assessments, such as:

  • What were the scenarios that were included in Threat and Risk Assessment (TRA)?
  • How quickly and accurately were we able to receive and communicate key information?
  • Were roles and responsibilities clearly defined, available and understood by all?
  • What information was available for decision makers and what was missing?
  • Were we able to control and confirm when actions were taken and by whom?
  • Were we able to log and capture all actions and communications?
  • Were our incident management capacity and our business continuity program aligned?
  • Finally, how did we glean and monitor information from social and traditional media?


The speed and accuracy of our response is not limited to terrorist acts, it extends to natural hazards and criminal acts as well. In 2013, the FBI published a study[4] concerning active shooters, in which they found that in 60% of the cases, the incident ended before the arrival of the police and in 70% of the cases, the events unfolded within a period of 5 minutes!

So how can we improve the speed and accuracy of our managerial response, while promoting collaboration and enhancing communications? Part of the solution may reside in today’s innovative and enabling technologies. For the most part these technologies are leveraging the high percentage of smart phone users around the world, including Canada, the US, Europe and the general preference for data utilization over voice. In North-America, smart phone penetration has reached 80% and in Europe it is expected that the number of smartphone users will exceed 765 million in 2019.

These new technological tools could enable your employees and stakeholders to access response plans and critical information in real time with personalized response plans, using a secure app on their mobile device. This could allow you to push “mass notifications” to employees and stakeholders, and receive communications from them based on their locations and need for help.

It could also automatically confirm the actions taken by your staff and even communicate with them directly by phone, simply by clicking on their profile from your position at the ICC?

You could retain full visibility over multiple unfolding incidents, so you can make informed decisions that accelerate your recovery and bring all related communications together in one central interface, a virtual hub to accompany and complement your physical ICC?

There is no doubt that by investing in resiliency and acquiring the right tools to manage incidents, crisis and emergencies, security departments will be able to demonstrate how smart investments in security technology can contribute to value creation and the acquisition of a competitive advantage for their organization, enabling it to sustain its mission in very turbulent times.

Yves Duguay, MBA, IAS.A, CSSP

President, HCiWorld and member of Cobalt’s Advisory Board

[1] Weick, Karl and Sutcliffe, Kathleen (2015), « Managing the unexpected: Resilient performance in an age of uncertainty, 3rd edition». Wiley, New Jersey, p. 12

[2] Ramo, Joshua Cooper (2016), « The Seventh Sense », Little Brown and Company, New York, N.Y., p. 11

[3] Obtained from:

[4] Blair, J. Pete, and Schweit, Katherine W. (2014). A Study of Active Shooter Incidents, 2000 – 2013. Texas State University and Federal Bureau of Investigation, U.S. Department of Justice, Washington D.C. 2014.