CEO Handbook: Parcel Bomb Defense

Letter bombs sent through the mail addressed to key European economic figures rattled the global financial industry last week, sending a wave of fear over corporate executives that a similar situation could be easily replicated in the U.S.

A day after a terrorist group claimed responsibility for the letter bomb addressed to Deutsche Bank (NYSE:DB) CEO Josef Ackermann last Wednesday and intercepted without incident by authorities at its Frankfurt headquarters, a similar package exploded at Italy's tax agency.

The bomb injured Italy's tax collection head, Marco Cuccagna, who suffered injuries to the hands and face and had to undergo surgery.

“It’s very difficult to look at the outside of a package and determine whether it contains a threat, because the bad guys are not stupid.”

- Tom Bauer, SVP of SoBran

The same Italian-based group that claimed responsibility for the explosives- and shrapnel-filled parcel in Germany said it was also behind Friday's explosive delivery outside of Rome.

The group, calling itself the Informal Anarchist Federation (FAI), warned in a letter that there would be three explosions targeting banks and bankers as part of its latest campaign, which comes a year after it sent package bombs to three Roman embassies, badly injuring two people.

The warning and explosion has shaken financial officials around the world, fueling worries that other parcel bombs sent by the terror group may be en route. On Monday, three days after the Italian explosion, there is still no word on where that third package may be, if there is one.

“The whole idea is fear,” said Tom Bauer, who designed the mail security system for the U.S. Department of Homeland Security.

Bauer, who leads the technology arm for a company called SoBran that specializes in mail handling and chemical, biological, radioactive and nuclear (CBRN) threats, offered some key tips to help companies around the world defend against the threat of parcel bombs.

Step 1: Ease Fears, Move to Remote Location

To calm employee concerns, companies that feel they may be at risk of a serious outside threat need to recognize employees are in jeopardy and take steps to ease concerns by screening parcels before they even arrive at the office, Bauer said.

Companies should process mail at a remote location using all modern CBRN screening methods so that a rogue package does not have the potential to interrupt operations, cripple infrastructure or hurt employees, Bauer said.

After all, even a small bomb could have the ability to blow away an office, a floor or even an entire building, he said. It just depends on the sophistication of the bomb-maker.

“The best way to deal with fear is to remove the threat,” Bauer said.

That way, when mail is delivered to employees, the company can ensure that it is “as safe as it would be otherwise,” Bauer said. Of course, without opening every single package, there can never be a 100% guarantee all packages are completely risk free.

Step 2: Look Out for Surprise Packages, Be Wary of Official Return Addresses

Companies should also be on the lookout for unexpected packages.

Parcel bombs often go undetected until they arrive at their desired location because the regular mail system simply does not have sophisticated screening methods, or just doesn’t screen at all. So, even if a package appears to have a legitimate return address, it’s not necessarily trustworthy.

Take the Deutsche Bank parcel, for example, which appeared to be arriving from the European Central Bank. Professional parcel bomb makers understand that to get life-threatening mail through the system the package has to look legitimate.

Authorities speaking on condition of anonymity told the Associated Press that the bomb that exploded in Italy on Friday was sent in a yellow bubble envelope and was mailed to the organization’s office on the outskirts of Rome.

“It’s very difficult to look at the outside of a package and determine whether it contains a threat, because the bad guys are not stupid,” Bauer said. “They know what they have to do to get the package through.”

Step 3. Screen as Thoroughly as Possible, Call Authorities 

Companies should screen all mail, at the very least using an x-ray machine, Bauer said.

However, since x-rays can really only detect metals and high-dense objects typical of bombs, other chemical and biological threats like anthrax may still make their way into the office unless more sophisticated screening methods are used that can detect traditional biological agents.

Lastly, but most certainly not least, companies that identify a parcel as a potential threat should immediately call authorities to investigate further and transport the parcel to a safe location to be tested or detonated, Bauer said.