Tim Compston, Features Editor at Security News Desk and SecurityMiddleEast.com, investigates the way that mass notification technologies are keeping people informed when the worst happens.
When a terrorist attack strikes, a disgruntled employee appears with a weapon, a major fire erupts, or there is some sort of natural disaster, the ability to communicate in an effective, and timely, manner with those in harm's way is, undoubtedly, a critical consideration. Situations can develop extremely quickly and, in some cases, impact more than one location simultaneously adding to the fear and confusion on the ground. In addition to the authorities employing social, and the more traditional media, to reach the public and other stakeholders with their messages we are witnessing the roll-out of a new generation specialised solutions that are designed to deliver targeted, geo-specific, information in a joined-up way.
One approach that has gained more traction over recent years, with mixed results, are specific smartphone applications or 'apps'. In the lead-up to the Euro 2016 tournament in France, for example, one of the major concerns, with so many people in and around the tournament, was how to communicate safety and security messages. To tackle this dilemma the French Interior Ministry decided to rely on the smartphone technology that most fans would have to hand. The solution in question was a free emergency app known as SAIP, which some dubbed ‘the terror app’, and whose origins can be traced back to the Paris attacks last November 2015. The thinking was that if a user was happy to share their location the app – available in French and English – would then highlight ‘unexpected events’ from flooding in Paris to a terrorist-related incident.
Interestingly, the first major test for SAIP came not at Euro 2016 itself but soon after when, on Bastille Day, a truck was driven into crowds in Nice. Unfortunately, according to media reports at the time, the app failed at the first hurdle. In fact the first notification was, apparently, only issued at 1.34 am, more than three hours after the truck attack had actually started. In a follow-up story the Les Echos newspaper said that a message prepared by the local prefecture was actually ready at around 11.15 pm but a technical glitch prevented the app sending out the warning. For its part the French Interior Ministry, who had championed the app, acknowledged the failure and stressed that an action plan was being demanded so that such an incident could not happen again.
Speaking to Imad Mouline, CTO at Everbridge - the global enterprise software company which provides applications to automate the delivery of critical information - for his take on the Nice malfunction, he places it into the wider context of the importance of implementing multiple communication routes: "Ultimately there is a communication piece as part of all of this. Many things have evolved but one thing that hasn't is that communications are likely to break down at some point. There probably has not been a major event or an incident where there hasn't been some level of communication breakdown."
The problem, says Mouline, is that it is simply not possible to anticipate where a communication issue will fall ahead of time: "During Hurricane Sandy some parts of New Jersey lost cell towers so mobile phones were inoperable and in other parts of New York, for example, landline calls couldn't get through because central offices were overwhelmed. Nice was also a pretty big failure - where alerts were delayed two, three, four hours across the board - which is an issue for an event that is going to take a few minutes to come to a conclusion."
Darren Chalmers-Stevens the Director for EMEA at Critical Arc - which develops distributed command and control solutions for large scale sites like University campuses - agrees with the point about not just relying on a single mode of communications: "At the top level, the first thing has to be multi-layered communications, so hitting someone with at least two or three forms of communication." For Chalmers-Stevens this communication can be via SMS, email, and, importantly, push notification which, he points out, is free, secure, and saleable.
He reckons that it has been good to move away from simply being reliant on an SMS-based architecture: “Using SMS is obviously costly so universities [for example] were having to make a judgement call, do I want to send a message to 10,000 students? That [sending an SMS] is going to be a fairly substantial cost and people sometimes were assessing cost versus risk and that was a terrible predicament for them to be put into.”
Chalmers-Stevens adds that social media is an important part of the mix here: "Having an API available so you can tie in to an organisation's social media platforms allows you to get the message out in multiple forms of communication." Alongside this, he points to desirability of SIP - phone system - integration: "In essence you can broadcast messages both in traditional terms but also leverage the entire phone system internally to send a broadcast message over an IP phone."
One historical issue which the latest solutions have now addressed, explains Chalmers-Stevens, was the lack of a tie-in to operational data and where assets - like first aiders – actually were: "In essence you were broadcasting messages out to everyone. That had two consequences, it drew people to a situation that they didn’t need to be involved in and added additional pressure to the security team.”
Looking ahead, Chalmers-Stevens admits that there is never going to be uptake of a message by everyone but by taking what he refers to as a 'funnel' approach, hopefully, the majority can be reached.