Post on 14-Jan-2016
Tabletop Crisis Exercise2014
1
Exercise Objectives• Improve property’s familiarity with Security &
Terrorism Countermeasures & Assurance Toolset v 2.7
• Test property’s ability to monitor external events that may impact the hotel’s security posture
• Test property’s ability to increase its security posture as a result of external threats
2
• Review/practice procedures for upgrading property’s security posture
• Identify gaps that leave property vulnerable to predictable and preventable external threats
Exercise Objectives
3
Scenario Background
4
The most recent Oxfam International report on Political Capture and Economic Inequality concludes "Almost half of the world's wealth is now owned by just one percent of the population, and seven out of ten people live in countries where economic inequality has increased in the last 30 years.
5
The World Economic Forum has identified economic inequality as a major risk to human progress, impacting social stability within countries and threatening security on a global scale."
6
This is a time of great social and political turmoil around the world as protests in dozens of countries focus on the plight of the poor, the unemployed, government inaction or overreach, oppressive policies, violence against women, or inequality.
7
In some cases, those protests have turned violent as in Ukraine (government policies/oppression), Venezuela (government economic policies/oppression, Turkey (domestic violence), Saudi Arabia (government mismanagement and discrimination against women), Ecuador (government mining policies), Brazil (inequality), and South Africa (plight of the poor).
8
Many other countries including the U.S., Canada, Taiwan, China, Thailand, Mexico, France, and the United Kingdom have seen large-scale social protests.
9
ScenarioA major non-governmental organization has announced a “Day of Action” protest for your city. This group has a mainstream faction that simply wants its voice to be heard.
10
However, several outlying radical elements have been involved in recent violent protests resulting in substantial property damage and non-fatal attacks on political and business leaders.
11
The “Day of Action” was chosen to coincide with a conference of one of the countries major political parties.
12
Your property is booked full for the conference although yours is not the primary venue for the conference functions or the major party figures. The current security level for your country is “medium.”
13
Two weeks ahead of the conference your security team notices that there are very suspicious people that seem to be loitering around entrances and around the loading dock area of the property. They never stay too long and haven’t bothered any guests coming or going into the property, however one associate noticed one of the men seemed to be making notes. Security associates have noticed several different men exhibiting this behavior.
14
This morning, your security team informed the MoD that there was some graffiti sprayed around the loading dock and on some of the sidewalk areas in front of the property.
15
Discussion(30 minutes)
16
Discussion
• With your team, discuss the actions you would consider taking based on this information from the Security Team.
• Is your current security posture appropriate to the events on the ground?
• Include the questions on the next three slides in your discussion.
• Write the actions on a flip chart/white board.
17
Questions• What does the Starwood Security & Terrorism
Countermeasures & Assurance Toolset recommend be done in this situation?
• Additionally,–Does your plan have protocols in place to
notify local law enforcement –When was the last time local law
enforcement toured your property?
18
Questions
–What, if anything, should you tell associates about the activity observed by the security team?–When was the last time associates received
a security/threat briefing?–Do these activities meet the threshold for
increasing your property’s security level?
19
Questions• Is your property meeting the standards
outlined in the toolset?
– Identify any gaps and discuss potential ways to close the gaps with the team.
20
A week before the day of action and the start of the political party conference, Starwood reports that hackers have stolen guest data including credit card information and reservation records for more than 200 properties, including yours.
21
The information includes information on current guests and upcoming reservations for the next three months.
22
News of the Starwood data breach is being carried on all major cable news channels and spreading quickly over social media. Your hotel is receiving dozens of calls from concerned guests. The number of calls is making it difficult for your staff to take care of their other responsibilities.
23
Crews from several local television stations arrive and ask if the GM or someone from the hotel can talk to them on camera about the hacking.
24
The catering manager informs the MoD that the company that delivers clean uniforms for kitchen and banquet staff reported that its delivery truck was broken into and that the uniforms for your staff were stolen.
25
Discussion(30 minutes)
26
• How would you inform current guests about the data breach?
• Would you talk to the media or refer them to corporate? Why did you make the choice you did?
• How would your property handle payment from guests if their credit card information was compromised?
Discussion
27
• What are you going to do regarding the stolen uniforms?
• Are there any changes to your employee arrival procedures that you would change based on this event?
28
Discussion
• What support would you expect from corporate? List expected support on flip chart
• Be sure to identify any gaps or vulnerabilities with your current systems and procedures.
29
Discussion
Two days prior to the “Day of Action,” the property’s trashcans outside three entrances are stolen. CCTV coverage of the entrances shows several men stealing the trashcans simultaneously around 11:30 pm. Local law enforcement believes it is likely a simple prank by high school boys or a local college fraternity.
30
Discussion(20 minutes)
31
DiscussionHow do the events of the last 14 days impact your property’s readiness for the major event that is now two days away?
Talk with your team about potential additional security measures you might take based on what has happened and the large event that is coming up.
32
• Is the current security level (medium) set for the country adequate based on your discussion?
• What do you need to tell associates? • Would you communicate anything to the
guests about the security environment?• Do you agree with police that it is simply a
prank?
Questions
33
Questions• Is your CCTV system adequate to meet your
property’s security needs?
• What areas (if any) are not covered by your CCTV system that you or your team feel should be covered?
• What is the major barrier to improving your CCTV system?
34
A delivery driver arrives with packages for a guest one day before the “Day of Action.” The driver is in the uniform of the delivery company, but appears disheveled and arrives with the package about two hours earlier than the regular delivery driver. 35
The package is for a guest scheduled to arrive the next day. The front desk associate receives the package reluctantly, but informs her supervisor that the package and the driver were out of the ordinary.
36
• One day before the majority of your guests for the conference are scheduled to arrive, all of the reservations are cancelled. One of the guests whose reservation has been cancelled calls to request a room upgrade and is unhappy to learn that she has no reservation. She insists she did not cancel her reservation.
37
On the day before the conference begins, several guests report to the front desk staff that they were followed by two men after they left the hotel for a business meeting.
38
Discussion(15 minutes)
39
DiscussionDiscuss with your team if your current security posture is appropriate and what additional measures or layers of protection would you consider adding given the events of the last two weeks.
Refer to the Security & Terrorism Countermeasures & Assurances Toolset References and keep a list of additional actions.
Questions• What does the property executive team need
to do at this point? • Do the events of the last two weeks constitute
a crisis? If so, why? If not, why not? • Have you or are you considering raising the
threat level for your property? Please discuss why or why not with the team.
• Has your staff been adequately trained regarding mail and package delivery?
41
Questions
• Does your property have adequate back-up information/computer systems that are accessible locally?
• What assistance do you need from corporate to reinstate reservations that disappeared from the system?
• What should the front desk staff do regarding the report of guests being followed?
42
Questions
• Do you or your team have any concerns regarding your staff’s ability to cope with these events?
• What additional training (if any) would you like to provide to your staff so that they are better able to cope with a situation like this?
43
The day the conference begins, protestors march down the street toward your property. Meanwhile, the driver of the hotel’s shuttle van to the airport reports that the van was stolen while he was dropping an elderly guest off for her flight and went inside for just a moment. He notified airport police of the stolen van.
44
As the demonstrators move down the street, groups of protestors break off and begin to smashing windows and throwing rocks and Molotov cocktails at police. A police car is torched.
45
As the protestors get to your property, they begin smashing windows and a group of demonstrators try to push their way into the lobby through police that have gathered to attempt to protect property.
46
The protestors breach the police line and enter the hotel, damaging property and knocking several guests down as they rampage throughout the first floor. You can see blood coming from a gash on the head of one of the guests.
47
The power goes out in the area around your hotel. The back-up generators kick in and restore power to the most vital areas. The protests continue and are becoming increasingly violent.
48
Seven of your guests and five staff members have been injured at your property. Additionally, many staff could not make it into work because of the protests. The police have told you that the streets will not be re-opened for at least another 24 hours. The hotel van has not been found
49
Discussion(45 minutes)
50
Questions
• What security measures did you consider enacting before the protest?
• What should you do if the van approaches the hotel?
• If local law enforcement is overwhelmed by the protest, is your security staff adequate to protect the property and your guests?
51
• What actions are required after police clear the lobby of the protesters?
• Who will provide assistance to the guests and associates injured?
• Who at Starwood do you notify and how?• Work with your team to create a plan for how
you will manage guests at your property for the next 24 hours based only on the staff currently working?
52
Questions
• How will you inform guests of events and communicate what you would like them to do?
• In retrospect, did you appropriately assess the increasing threat level to your property and take appropriate actions?
53
Questions
Lessons Learned
This exercise should reinforce several lessons:• Focus on risk prevention, not just response• Refresh Duty Managers about
Emergency/Crisis procedures• Renew training on handling dangerous good
and suspicious packages• Remind all employees to report anything
suspicious
54
Lessons Learned (cont.)
• Update emergency contact card to capture new people and phone numbers
• Important to keep up-to-date Volume I Preparation of the Emergency & Crisis Management Plan
• Important for all executive team members to review the four volumes of the Emergency & Crisis Management Plan
55
Final Question
• What additional lessons or gaps have you identified in the course of this exercise?– Capture the lessons learned and discuss how gaps
will be closed
56