Body Scanners Installed in L.A., Tested in Other Locations

Security scanners that screen passengers entering stations and terminals are being tested around the country and have been installed in subway stations in Los Angeles. The Associated Press reported that the machines scan for both metallic and non-metallic objects. They can detect suspicious items from a distance of 30 feet and are capable of scanning more than 2,000 passengers per hour. About 150,000 passengers ride on the Metro’s Red Line daily and the subway system counted more than 112 million rides last year, the AP said.

The New York Times reported that the federal government has been studying the technology for 15 years. The Transportation Security Administration (TSA) partnered with the Los Angeles transit agency on the project, helping the agency test and vet security technologies. The devices purchased are made by the company Thruvision and can be placed at locations throughout the transit system, officials said.

According to the Times:

Officials in Los Angeles said that riders need not worry that their morning commute would turn into the sort of security nightmare often found at airports or even sporting events. The portable screening devices, which will be deployed later this year, will “quickly and unobtrusively” screen riders without revealing their anatomy and without forcing them to line up or stop walking, they said.

“We’re looking specifically for weapons that have the ability to cause a mass casualty event,” Alex Wiggins, the chief security and law enforcement officer for the Los Angeles County Metropolitan Transportation Authority, said Tuesday. “We’re looking for explosive vests, we’re looking for assault rifles. We’re not necessarily looking for smaller weapons that don’t have the ability to inflict mass casualties.”

On Aug. 14 the scanners were tested in the Port Authority Bus Terminal in Manhattan, where in December a man set off a crude pipe bomb in an underground subway passageway, injuring himself. It is estimated that the Port Authority serves about 8,000 buses and 225,000 commuters daily.

As the Risk Management Monitor reported, the TSA also tested body scanners in New York’s Penn Station in Manhattan in February and has conducted tests at Union Station in Washington, D.C., and at a New Jersey Transit station during Super Bowl XLVIII, the AP said.

Cyber Insurance Strategies Explored: RIMS Report

High-profile data breaches have been making headlines recently, and their damage can transcend industries, which is why cybersecurity is often a top priority for risk managers. With many traditional insurance policies no longer responding to or outright excluding cyber events, risk professionals must understand their options to ensure the organization is protected in the event of a data breach.

A new report by RIMS, A Guide to Cyber Insurance, provides a roadmap for determining the type of coverage risk managers need in the fast-changing world of privacy, data protection, and cyber risk management. The study serves as a reference for risk professionals who are exploring options to effectively manage cyberrisks that are uncovered or not addressed by the organization’s existing risk management program.

Topics include:

  • The cyber insurance application process
  • Procurement of insurance
  • Management of cyber claims
  • Third-party coverage
  • Litigation strategies, and other pertinent details

“While cyber risk management policies are necessary for every organization, reducing a category of risk to zero is impossible,” the report notes. “Cyber insurance can help cover the gaps between a robust risk management program and any remaining risks.”

The report also features case reviews in the areas of cyber policy coverage litigation, negligence, computer fraud, technology errors and advertising and personal injury coverage. “While the overall decision-making process is much the same as with other litigation decisions, certain factors are more complex in the cyber insurance context compared to other insurance disputes,” the authors note.

The Guide doesn’t only focus on insurance. It also features helpful tips when implementing a strategic risk management program characterized by a cybersecurity framework. Pre-event planning and preparation, penetration testing and response ideas are offered as well.

“Following the purchase of some form of cyber coverage, risk professionals need to be prepared for the worst: a cyber event and any resulting claims,” the report states. “An organization needs to understand both the risk it faces and the coverage options available to ensure that the cyber policies it purchases provide the necessary coverage when it experiences the inevitable data breach or other cyber events.”

A Guide to Cyber Insurance is authored by Bradley Arant Boult Cummings law firm members: Dylan C. Black, A. Kate Margolis, G. Benjamin Milam and Emily M. Ruzic.

The report is currently available to RIMS members. To download the report, visit the RIMS Risk Knowledge library at To learn about other RIMS publications, educational opportunities, conferences and resources, visit

RIMS Report: Establishing and Communicating ERM

Recent trends indicate that management is being consulted more than ever by executives and boards who are looking for information that can aid in decision making. This has moved the value of enterprise risk management (ERM) to the forefront, to give the board an overall view of the risks the company faces.

A report just released by RIMS, Risk Communication to the C-Suite and Board of Directors: Visualizing Enterprise Risk Management Information, explores ERM and offers risk managers strategies to use to determine what they report to decision-makers.

According to the report:

“Without robust information about risk, directors cannot offer effective oversight. Therefore, management should carefully evaluate the format and purpose of board risk communication with consideration to risk governance responsibilities, risk appetite, and the intersection between risk and strategy. This process also ensures that the risk information is of value to the management team as well and not simply ‘paperwork.’”

In order to be proactive, boards have expressed the need for specific information, the authors noted, but with “understanding of risks” and “oversight of risk management” cited as the most important areas for board improvement, “risk managers need to be strategic in the way they disseminate information. What you pass along should be presented carefully so that an executive can easily understand and prepare to translate for stakeholders.”

The professional report highlights information from the National Association of Corporate Directors (NACD), the most recent COSO ERM Framework, and the Corporate Executive Board (now Gartner). Backed by that data, the authors discuss where ERM stands today and, by offering various engagement models and maps, provide suggestions and options for determining:

  • Which executives should receive the information.
  • How to craft the message.
  • Delivery methods.
  • Additional sources of key risk management information.

“In developing a system for delivering key risk information to the board, it must be stated that ERM is not a prescribed science,” the authors wrote. “No two organizations will have the same approach or process for determining what defines key risk information or how it should be delivered.”

The report is co-authored by Julie Cain, senior strategic advisor, information and technology risk management at the Educational Testing Service; Christine Novotny, ARM, RIMS-CRMP, manager risk and insurance for PeaceHealth; and David J. Young, lecturer at the Risk Management and Insurance Program, University of Colorado Denver Business School. The group also presented on this topic at RIMS 2018 Annual Conference & Exhibition in San Antonio.

Risk Communication to the C-Suite and Board of Directors: Visualizing Enterprise Risk Management Information is available to RIMS members only for the first 60 days. After the introductory period, it will become available to the broader risk management community. You can download the report via Risk Knowledge.

Enterprise Risk Management’s Wakeup Call: 10 Years After is also available on Risk Knowledge. Complementary to Risk Communication to the C-Suite, it discusses the importance of integrating ERM into companies’ frameworks as they prepare for the possibility of another financial crisis or a new threat. Read more about the report here.

Amid Wildfires, Calif.’s Emergency Warning Systems Take Heat

Overnight, the Mendocino Complex Fire in Northern California expanded far enough to oust the 2017 Thomas Fire as the largest wildfire in the state’s history. Comprising two joined fires, the Mendocino Complex Fire has burned through 443 square miles in the area north of San Francisco. As of Tuesday morning, the fires burned more than 140 structures, including at least 75 homes, and was 30% contained.

But California’s residents and businesses still should be on alert, as the incendiary activity doesn’t end there. An unprecedented 14,000 firefighters are combating between 12 and 16 wildfires in the state, according to the Department of Forestry and Fire Protection. Particular emphasis is in Northern California, where the fires in Mariposa and Shasta counties continue to threaten residents, businesses, and emergency responders. For 26 days, the Ferguson Fire in Mariposa County has burned nearly 90,000 acres and caused two fatalities. The fire is having a huge impact on areas near and around Yosemite National Park, which alerted the public that it had closed all but two entrances and roads.

Redding, a city 150 miles north of Sacramento, is the site of the Carr Fire, which has been ablaze for two weeks. reported that the fire has caused seven deaths and the destruction of nearly 1,600 structures, the majority of which are homes.

The city of Redding launched an interactive map that provides residents with images of neighborhoods so they can check the status of their homes. Reports indicate that more than 1,800 structures are still in the path of the fire.

Despite such technological advances, many residents have questioned the effectiveness of the state’s emergency notification system, which they rely on for evacuation notices. The California Governor’s Office of Emergency Services currently uses an integrated California Public Alert and Warning System (CalPAWS) Plan to warn the public of danger.

Affected residents in several areas have claimed that they did not receive the CalPAWS evacuation order – including the great-grandmother who perished in the Carr fire in July with her two great-grandchildren. On Aug. 4, California Gov. Jerry Brown held a press conference in Shasta County to discuss the damage. But California’s emergency notification systems—and its unreliability in certain areas of the state—were a central focus of the conference.

Gov. Brown said he would consider legislation to improve alert systems, acknowledging local lawmakers’ proposals in an effort to create a statewide system that requires registration from all residents.

“I think we do need the best alert system we can get, and that’s what I would help the Legislature achieve,” Brown said, according to the Sacramento Bee. “There’s a lot of things we can do, and we can always do more … given the rising threats on the changing of the weather, the climate.”

The Bee reported that a bill with adoption plans for a uniform alert system has been drafted:

The bill, Senate Bill 833, would require counties to automatically sign up residents for a uniform cell phone alert system. It would also fund a standardized system equipped to push out alerts on all forms of media—radio, television, electronic highway billboards and landlines. County emergency managers would be required to undergo annual training on the latest alert technology.

Under such a plan, which would utilize the federal Wireless Emergency Alerts system, they’d have to opt out rather than sign up voluntarily.

Furthermore, the governor said he hopes to overhaul the state’s 911 system, which would de-centralize the calls and notifications to ensure more accurate messaging.

Also on Aug. 4, the White House approved California’s request for a Presidential Major Disaster Declaration to help with the impacts of the wildfire in Shasta County.

“This is part of a trenda new normalthat we’ve got to deal with. We’re dealing with it humanly, financially and governmentally,” Gov. Brown said during a media briefing at the Carr Fire Incident Command Post in Anderson, California. “These kinds of horrible situations bring people together, regardless of the lesser kind of ideologies and partisan considerations.”