Countering Threats to Correctional Institution Security

Identifying Innovation Needs to Address Current and Emerging Concerns

by Joe RussoDulani WoodsJohn S. ShafferBrian A. Jackson

Some threats to correctional institutional security — e.g., violence, escape attempts, contraband — are as old as the institutions themselves, while other threats — e.g., computer hacking, synthetic drugs, cell phones, drones — have evolved with societal and technological changes. Many of these threats present risks to public safety as a whole. In light of the ongoing challenges the corrections sector faces in countering these threats, RAND researchers convened an expert workshop to better understand the challenges and identify the high-priority needs associated with threats to institutional security.

Unfortunately, resource and staffing challenges limit the ability of correctional institutions to adapt to shifts in threats and to adjust security and staffing strategies over time. Furthermore, a perpetual lack of empirical data hampers efforts to effectively develop interventions to address threats. Addressing the research needs and developing the tools and resources — as prioritized by the workshop participants — is one route to providing correctional institutions the support needed to confront security threats going forward.

Key Findings

Expert workshop participants identified 11 high-priority needs for preventing threats to institutional security

  • Understaffing is a major threat; staffing ratio standards are needed, as are recruitment and retention strategies to meet these standards.
  • Supervisors need better training and a manageable span of control in order to properly develop staff.
  • Tools are needed to identify staff prone to compromise.
  • Better technology and best practices are needed to detect drugs, cell phones, and weapons.
  • Fully electronic mail systems should be explored to reduce the influx of drugs and protect staff and inmates from harm.
  • Research and testing centers are needed to evaluate emerging technology solutions to threats (e.g., cell phones, drones).
  • Administrators need greater awareness of cyber threats and information technology–related risks and need increased capacity to address these risks.
  • Best practices are needed to balance inmate access to technology for reentry purposes with security concerns.
  • Best practices are needed for security threat group management.
  • Technology is needed to automate analysis of inmate communications.
  • Best practices are needed for the development of continuity of operations plans.


  • Inadequate staffing in terms of numbers and/or quality is a direct threat to institutional security. Innovative strategies are needed to attract recruits, and processes are required to screen out individuals who may be prone to misconduct or compromise. Supervisors are key to improving officer engagement and job satisfaction, which can support retention efforts.
  • Drugs, cell phones, and non-metallic weapons were identified as the types of contraband that pose the greatest threats to institutional security. The group argued for better technology options for detection and the exploration of best practices to search staff and visitors. The viability of purely electronic mail systems should be explored to reduce the influx of drugs entering institutions through physical mail. Finally, national data are needed on the extent of the problem in correctional facilities.
  • Security threat groups (STGs), or gangs, continue to plague correctional institutions. Research is needed to identify best practices to manage this difficult population. Technologies to efficiently analyze inmate communications and identify associations based on inmate movement patterns would help control criminal activity. Furthermore, institutions need to do a better job of sharing information on STGs with counterparts across the country, as well as with law enforcement agencies.
  • The correctional institution of today faces threats that were likely not anticipated a few decades ago. Many institutions have incorporated information technology to support operations, but few have the resources or foresight to anticipate and fully address the associated cyber threats. Institutions need greater awareness of these threats and greater information security specialist capacity. Furthermore, because it is becoming more important to allow inmates access to technology to prepare them for reentry, it is critical that institutions understand best practices for managing cyber risks.