Proactive Security Programs Help You Stay Left of the Boom

March 13, 2018
Security professionals must create an inclusive culture of awareness and preparedness to meet organizational threats

As a child playing the hand-slapping game I quickly learned that action is always faster than reaction. A clever kid may try to game the system a bit by anticipating the opponent’s move and proactively moving, but that proactive move is an action itself, and not a true reaction.  I am certain that most of you reading this now also learned this same lesson at an early age, either by playing athletics or other games.

This observation we made as children has been confirmed by a number of scientific studies conducted at places such as the Force Sciences Institute. When it comes to an armed attack, studies have conclusively proved that action is ALWAYS faster than reaction. Once the knife is moving, the bullet fired or the bomb initiated, all law enforcement and security officers can do is react. Sometimes luck or the incompetence of the attacker – or perhaps a little of both combined with divine intervention – may save the target of an attack. But let’s face it, it is always better to see the attack developing and take action to stop it before it can be launched.  And like the aforementioned kid trying to gain an advantage in the hand slapping game, this leads us to the need to be proactive. Don’t get me wrong, reaction drills are vitally important to any world-class security team. Attackers have an even better chance of success if security forces are not alert and well trained. However, it is always preferable to take action to stop an attack before it is launched rather than depend on reacting to an attack in progress.

With that in mind, let’s examine some of the basic elements that contribute to a good proactive protective security program.

Education

 The first and most critical element is education. This includes teaching employees about the general and specific threats that are facing them. General threats include things like workplace violence, criminality, intellectual property theft, protest activity and grassroots terrorism. A specific threat would be information that a certain actor is planning or has threatened a particular type of activity against a specific target. Such education not only needs to be provided to security managers and personnel but also to the workforce in general. A group of employees practicing good situational awareness can be an incredibly powerful collective security tool.

I learned this lesson the hard way shortly after I left the U.S. State Department. I was assigned to work a red team operation against an executive protection team. I did a great job staying out of sight and off the radar of the EP team, but unfortunately, I got burned by a plain old office worker who spotted me lurking in the parking lot and called security to alert them to my presence. I had gotten tunnel vision and was focused on the principal and EP team. Unfortunately, I had not been careful about how my actions appeared to outsiders. Criminals often make this same mistake. Security forces only have so many eyes, even when augmented with cameras and other technological tools. The workforce will always have more eyes and in more places than the security staff.

Attacks do not occur out of a vacuum. Every type of attack requires a planning cycle. Examples include the terrorist attack cycle, the criminal planning cycle, and the human intelligence recruitment cycle. Educating security staff and the workforce about these attack cycles, the behaviors associated with them and points in the cycle where attackers are vulnerable to detection, not only helps them understand that there are threats out there, but how to spot and report them. As a starting point, security leaders should consider disseminating information – perhaps virtually or maybe through short meetings (depending on your corporate culture) to empower staff. The key is empowerment. Making everyone from the cleaning staff to the C-suite aware of the basic threats and empowered to report early and often will lead to a more robust security operation.

Examine the Mindset

 Complacency and denial are, quite literally, killers. When employees (or security officers for that matter) develop the attitude that “it can’t happen here” or “it can’t happen to me,” and fail to practice appropriate situational awareness or flat out ignore warning signs of a pending attack, it can lead to disaster. A good corporate security education program will help employees develop a proper mindset that recognizes the existence of threats and the employees’ responsibility to look for and report them.

And this does not just apply to external threats. In nearly every workplace violence attack there are warning signs, threats or other leakage. It inevitably emerges later that someone, somewhere knew the assailant posed a threat, but chose to ignore or deny it or didn’t dedicate enough resources to counter it.

It is important to understand that creating awareness is not the same as creating fear and paranoia. Paranoia is counterproductive to good security. Indeed the goal of a security education program should be to create a sense of empowerment, not terror. Providing good, solid training to the workplace helps combat fears by showing employees that the security staff is aware of potential threats, has plans in place to mitigate them and lets employees know what they should do in case of an emergency.

Protective Intelligence

 Besides these general steps, there are also some more specific things that security departments can do to help them become proactive and stay left of the boom. Most of those fall in the realm of protective intelligence.  A well-rounded protective intelligence program will have several different functions, the most basic of which are surveillance detection, investigations and analysis.

Surveillance detection is important because all threat actors, to include criminals, stalkers, terrorists, kidnappers, etc. engage in some degree of pre-operational surveillance as part of their attack planning process. Obviously, the length and intensity of the surveillance will vary based on the type of crime that is to be committed. A kidnapper will conduct more surveillance on a prospective target than a purse-snatcher. The surveillance tradecraft possessed by the potential attackers will also vary depending on their background and training. Some may be fairly proficient, but by and large, most criminals possess poor surveillance capabilities and are vulnerable to detection – but only if someone is watching for them. The ability to spot surveillance early in the attack planning cycle is why surveillance detection and countersurveillance are excellent protective intelligence tools.

However, surveillance detection teams cannot live in a vacuum and gut instinct can only take you so far. In order to be most effective, they need to have an analytical capability that can database and analyze their observations as well as investigators who can check out any suspicious activity or individuals, to see if they do indeed pose a threat. Without an analytical aspect to the team, it is difficult for surveillance operatives to notice when the same person or vehicle has been spotted by different shifts, or at different sites. Databasing and analyzing observations are a critical protective intelligence function. Analysts and investigators should also have a feedback loop that provides intelligence to those looking for surveillance.  This intelligence can either come from the analysis of surveillance logs, from information received via liaison outreach to law enforcement, other corporate security teams, or other means.

Analysts and investigators should also provide security personnel and the workforce with critical intelligence analyzing past attacks and incidents and the trends they reveal. Such analysis must be careful to not only focus on the five W’s – who, what, where when and why – but even more importantly on the how.  By studying the tactics and tradecraft employed in an incident or attack, and the planning process required to accomplish it, protective intelligence analysts can help security managers understand the planning process required, and identify places during that process where the assailant is vulnerable to detection. Focusing on the how also helps security managers see where they need to make changes to their security policies, procedures and even equipment to mitigate a similar attack directed against them.  

One of those other critical functions of a protective intelligence team is the investigation and analysis of communications that come from mentally disturbed or angry customers, employees or other people.  Some of these communications are likely to be anonymous and may take some effort to identify the author/sender. Mentally disturbed individuals have long posed a substantial (and still underestimated) threat to both prominent people and average citizens in the United States. In fact, mentally disturbed individuals have killed far more prominent people (to include people such as President James Garfield, Bobby Kennedy and John Lennon) than terrorists.

Critically, nearly all of those who have committed attacks have self-identified or otherwise come to the attention of authorities before the attack was carried out. Because of this, protective intelligence teams must ensure that no mentally disturbed person is summarily dismissed as being “just a harmless nut" until he or she has been thoroughly investigated and his or her communications carefully analyzed. Databasing these communications is also crucial because it allows the tenor of correspondence from a mentally disturbed individual to be monitored over time and compared with earlier missives in order to identify signs of a deteriorating mental state or a developing intent to commit violence. Protective intelligence teams will also often consult mental health professionals in such cases to assist with psycholinguistic and psychological evaluations.

A robust protective intelligence program, when combined with an educated and alert workforce provide a solid foundation upon which security managers can build a proactive security program that keeps them all left of the boom. 

About the Author:  Scott Stewart is vice president of tactical analysis for Stratfor Threat Lens, helping corporate security leaders and other organizations identify, anticipate, measure and mitigate risks that emerging threats pose to their people, assets and interests around the world. Learn more at Stratfor.com/threatlens