Protective Security Operations

Joe Autera authored this article approximately 20 years ago for ISDA’s predecessor, Security Driver.Com. At that time Joe was the Director of Security of a multi-national technology concern. Later Joe became the Vice President of Global Security Services for one of the world’s leading providers of crisis management and risk mitigation services to multi-national corporations and non-governmental organizations.

Protective Security Operations Meeting New Challenges Requires Dynamic Strategies

In today’s world, the security professional is faced with the daunting task of designing, developing, and implementing measures to counter an increasingly broad, though still somewhat vague, spectrum of threats. Law enforcement and government agencies continue to release a barrage of alerts and warnings about possible terrorist operations against US and Western interests both within the US and abroad. It seems that every warning is accompanied by the usual caveats about no credible information, no specific targets, and no specific timing or methods of attack. In fact, more often than not these warnings have been disseminated to the private sector through the media long before any official notification has been forthcoming. Developing an effective protection strategy under these circumstances can be, to say the least, taxing.

With federal, state, and local resources stretched to the limit and beyond, it is quite likely that, at least for the foreseeable future, private sector security practitioners will have to rely on their own resources and ingenuity to adequately protect the people, assets, and entities within their area of responsibility. Despite all the rhetoric to the contrary, those of us in the private sector find ourselves in a familiar place, having to fend for ourselves. Unfortunately, the stakes are now considerably higher than they were in the past and are likely to remain that way for quite some time. This heightened risk places an added emphasis on protective security operations that are capable of developing accurate information regarding potential threats, objectively analyzing that information to determine the likelihood of specific types of incidents, and, with limited resources, acting to detect and deter those attacks. Security programs that have proven over time to be effective in identifying, detecting, and deterring a broad range of potential threats emphasize three critical operational areas: protective intelligence, threat detection, and contingency planning.

Unfortunately, the stakes are now considerably higher than they were in the past and are likely to remain that way for quite some time. This heightened risk places an added emphasis on protective security operations that are capable of developing accurate information regarding potential threats, objectively analyzing that information to determine the likelihood of specific types of incidents, and, with limited resources, acting to detect and deter those attacks. Security programs that have proven over time to be effective in identifying, detecting, and deterring a broad range of potential threats emphasize three critical operational areas:  protective intelligence, threat detection, and contingency planning.

Protective intelligence operations provide a foundation upon which the security manager or director can develop and tailor security operations to meet the most prevalent threat or threats. The purpose of these operations is to develop a threat profile, i.e., a compilation of the types of threats the potential target faces, the types of activities that most likely will accompany those threats, and, perhaps most importantly, what information the source of the threat may have with regard to the potential target. It should be noted that the phrase “potential target” is generic and may refer to any individual, facility, or entity that is subject to a possible threat. In order to meet the demand for up-to-date, accurate information, protective intelligence operations must be conducted on an ongoing basis, with the tempo of information gathering reflecting the level of threat. The greater the potential for a threat evolving into an attack, the more critical accurate, up-to-date information becomes to the overall effectiveness of security operations. Previously developed threat profiles must be updated and/or reanalyzed in light of changing circumstances and environments. As new intelligence is gathered, it must be analyzed and compared with previous profiles to see if there is anything that has been overlooked, has become more apparent, or has increased in significance based on the latest information.

The vast majority of intelligence can and should be gathered through open sources such as newspapers, periodicals, and, of course, the Internet. Relationships, formal or informal, with law enforcement personnel may prove particularly useful. And one should not overlook or discount the value of relationships with other security professionals, particularly those in similar industries or facing similar threats; cooperation in this regard can eliminate duplication of effort and reduce the timeline associated with the protective intelligence gathering process. Bear in mind that in order to be productive, such relationships must be viewed for what they are, reciprocal: oftentimes you’ve got to give in order to get.

Threat detection operations are time-tested and have proven to be highly effective when properly implemented. The single most important element of the threat detection operation is an accurate threat profile; if the detection team is not well versed in the prevailing threats, the types of attacks that typically accompany such threats, and what the source of the threat may know about the target, the effectiveness of the operation is dramatically reduced. Absent an accurate threat profile, the scope and focus of the threat detection team become so broad as to make such operations unwieldy and ultimately ineffective. With an accurate and up-to-date threat profile in hand, the operation can easily be configured to meet the prevailing threat(s). In conducting these operations, consideration must first be given to providing adequate coverage of the environment around the potential target during those times or in those circumstances when a given threat is most likely to manifest itself. By their very nature, these operations require a greater degree of flexibility than most other types of protective security operations. In order for the threat detection effort to remain relevant to the overall protective security operation, the tactics and techniques used must allow for changes in the environment or situation. Mobility and communication are the keys to maintaining adequate coverage as the need to reconfigure operations to reflect changes in the situation, environment, or threat arises.

While traditional detection operations rely heavily on putting trained personnel on the ground, the value of technology in support of, or to augment, threat detection operations should not be overlooked; nor should it replace the person on the ground. Low light capable cameras and digital recording technology provide fantastic images. They do not, however, have the ability to assess the “look” or “feel” of a given individual or situation. That is something that only an experienced practitioner can provide. Keep in mind that the only way to maintain proficiency in threat detection tactics and techniques is to perform them on a regular basis, and finding qualified personnel can be a challenge, especially in light of the current situation. That being said, when operations encompass large facilities, multiple building campuses, or even high profile events at large venues, properly applied technology can serve as a force multiplier, adding considerable depth and expanded coverage without significantly increasing manpower.

Contingency planning is no less critical to the success of a security program than developing an accurate threat profile or detecting pre-incident indicators through threat detection operations. If you don’t know what to do once you’ve identified an evolving or imminent threat, all your efforts up to that point have been for naught. And while it is true that you can “what if” a problem to the point of distraction, if one can carry the objectivity that is the hallmark of successful protective intelligence and threat detection operations through to contingency planning, it is far less likely that the protective security operation will be found lacking in the harsh glare of attention that inevitably follows a security-related incident.

The most effective contingency planning models rely on what is referred to as “if/then” logic. These plans are formulated based on an occurrence (the “if”) triggering a previously defined response (the “then”). There are three critical elements to the “if/then” model: when, who, and what. “When” obviously refers to the time frame within which the occurrence takes place. In most instances, the plan for responding to a threat will vary based on when the threat is detected. “Who” refers to the response, or the “then” side of the contingency planning equation. Presuming that a particular incident requires a response, one must identify exactly who will be responsible for directing it, who will mount it, and who will support the primary responders. “What,” of course, refers to the specific actions that will be taken in response to a given incident. For example, if the detection team identifies a threat along the only route available for travel to and from an airport, will the team be used to augment the protection around the CEO being protected, perhaps as a lead or follow car? Or is it best to use them to perform surveillance, which we refer to as a crossover operation, and try and develop more information about the threat, such as where it is being staged from and how far along the perpetrators are in the planning process? Or should they position themselves to interdict the threat should an attack be directed at the CEO’s vehicle? For the security professional who is well versed in contingency planning, the correct answer to these questions can only be found through asking more questions. Is the CEO currently en route to or from the airport? If so, can his vehicle make its way to a safe haven? If not en route, how much time is available to further investigate the situation?

Just like protective intelligence and surveillance detection operations, contingency planning is an ongoing process. The same can be said for the most effective protective security programs. They are ongoing and dynamic, varying protection strategies and tactics as needed to meet the prevailing threat or threats while maintaining the tempo of intelligence and detection operations necessary to identify, recognize, and deter evolving threats.