Issue link: https://securitytechnologyexecutive.epubxp.com/i/956571
52 SECURIT Y TECHNOLOGY E XECUTIVE • Februar y/March 2018 • www. SecurityInfoWatch.com SECURIT Y MANAGEMENT knew the assailant posed a threat, but chose to ignore or deny it or didn't dedi- cate enough resources to counter it. It is important to understand that creat - ing awareness is not the same as creating fear and paranoia. Paranoia is counterproductive to good security. Indeed the goal of a security education program should be to create a sense of empowerment, not terror. Providing good, solid training to the workplace helps combat fears by showing employees that the security staff is aware of poten- tial threats, has plans in place to mitigate them and lets employees know what they should do in case of an emergency. Protective Intelligence Besides these general steps, there are also some more specific things that security departments can do to help them become proactive and stay left of the boom. Most of those fall in the realm of protective intelligence. A well-rounded protective intelligence program will have several dif- ferent functions, the most basic of which are surveillance detection, investigations and analysis. Surveillance detection is important because all threat actors, to include crimi- nals, stalkers, terrorists, kidnappers, etc. engage in some degree of pre-operational surveillance as part of their attack plan - ning process. Obviously, the length and intensity of the surveillance will vary based on the type of crime that is to be committed. A kidnapper will conduct more surveillance on a prospective target than a purse- snatcher. The surveillance tradecraft possessed by the potential attackers will also vary depending on their background and training. Some may be fairly proficient, but by and large, most criminals possess poor surveillance capa- bilities and are vulnerable to detection – but only if someone is watching for them. The ability to spot surveillance early in the attack planning cycle is why surveil- lance detection and countersurveillance are excellent protective intelligence tools. However, surveillance detection teams cannot live in a vacuum and gut instinct can only take you so far. In order to be most effective, they need to have an analytical capability that can database and analyze their observations as well as investigators who can check out any suspicious activity or individuals, to see if they do indeed pose a threat. With- out an analytical aspect to the team, it is difficult for surveillance operatives to notice when the same person or vehicle has been spotted by different shifts, or at different sites. Databasing and ana- lyzing observations are a critical pro- tective intelligence function. Analysts and investigators should also have a feedback loop that provides intelligence to those looking for surveillance. This intelligence can either come from the analysis of surveillance logs, from infor- mation received via liaison outreach to law enforcement, other corporate secu- rity teams, or other means. Analysts and investigators should also provide security personnel and the work- force with critical intelligence analyzing past attacks and incidents and the trends they reveal. Such analysis must be careful to not only focus on the five W's – who, what, where when and why – but even more importantly on the how. By study- ing the tactics and tradecraft employed in an incident or attack, and the plan- ning process required to accomplish it, protective intelligence analysts can help security managers understand the plan- ning process required, and identify places during that process where the assailant is vulnerable to detection. Focusing on the how also helps security managers see where they need to make changes to their security policies, procedures and even equipment to mitigate a similar attack directed against them. One of those other critical func- tions of a protective intelligence team is the investigation and analysis of communicat ions that come f rom About the Author: Scott Stewart is v ice president of tactical analysis for Stratfor Threat Lens, helping corporate securit y leaders and other organizations identif y, anticipate, measure and mitigate risks that emerging threats pose to their people, assets and interests around the world. Learn more at Stratfor.com/threatlens. mentally disturbed or angry custom- ers, employees or other people. Some of these communications are likely to be anonymous and may take some effort to identify the author/sender. Mentally disturbed individuals have long posed a substantial (and still underestimated) threat to both prominent people and average citizens in the United States. In fact, mentally disturbed indi- viduals have killed far more prominent people (to include people such as President James Garfield, Bobby Kennedy and John Len- non) than terrorists. Critically, nearly all of those who have committed attacks have self-identified or otherwise come to the attention of authorities before the attack was car- ried out. Because of this, protective intelligence teams must ensure that no mentally disturbed person is summar- ily dismissed as being "just a harmless nut" until he or she has been thoroughly investigated and his or her communi- cations carefully analyzed. Databasing these communications is also crucial because it allows the tenor of corre- spondence from a mentally disturbed individual to be monitored over time and compared with earlier missives in order to identify signs of a deteriorating mental state or a developing intent to commit violence. Protective intelligence teams will also often consult mental health professionals in such cases to assist with psycholinguistic and psy- chological evaluations. A robust protective intelligence pro- gram, when combined with an educated and alert workforce provide a solid foun- dation upon which security managers can build a proactive security program that keeps them all left of the boom. Complacency and denial are, quite literally, killers.