Tuesday, June 1, 2010

Reader Comment 05-28-10 Counter Surveillance

Last week we had a very informative reader comment posted to my earlier blog on Counter Surveillance. Jim Lupacchino, from Day & Zimmermann Security Services, provided some additional examples of why a comprehensive counter surveillance plan must be an integral part of a facility security plan; well worth reading. TAPI Jim introduces a term that is new to me, Terrorist Attack Preincident Indicators (TAPI), but jargon in any active industry is always changing. Jim describes this as the “patterns of behavior that are matched with known terrorists methods of operation”. Obviously these patterns are subject to change over time so it is important for the intelligence community to keep us up to date on how these patterns are changing. One thing is certain though, terrorists will continue to need to perform pre-attack surveillance if they want to have a decent chance of conducting a successful attack. This means that a facility with an active and effective counter surveillance program has a good chance of detecting and allowing law enforcement to prevent the attack before those terrorists have a chance to put the facility, its employees or neighbors at actual risk. Training Jim makes another very important point, training is key to an effective counter surveillance program. He also makes a point that I haven’t seen made elsewhere, that training needs to be targeted. He wrote:
“This training is most effective when customized to the roles and responsibilities of various departments. From Sales to Shipping, threat based awareness will take different forms reflective of the unique function's environment.”
While everyone needs to be aware of suspicious behavior near the facility boundary, there are other types of pre-operational intelligence gathering that may only be detectable by specific departments within the company. Sales personnel need to be aware of orders for Theft/Diversion COI from unusual or unexpected customers or unusual delivery locations. Human resources personnel need to screen job applicants to prevent workforce infiltration. Receiving personnel need to be aware of unusual questions about inbound shipments and receiving procedures. Every department is going to have specific counter surveillance requirements. I want to take an additional opportunity to re-emphasize a point I made in the original blog posting. Every high-risk facility needs to expand the perimeter of their counter surveillance program as far beyond the physical facility perimeter as possible. This means that they need to solicit active participation of the surrounding community. Of course the facility should already be talking to the community as part of their community right-to-know program, but facility management needs to actively ask for counter surveillance assistance from their neighbors; it is in the best interest of the locals to prevent a successful attack on the facility. Law Enforcement All of the best pre-attack counter intelligence information in the world is totally useless unless it is communicated to law enforcement. Waiting for the suspected attack to happen, even with increased on-site security ready to ‘repel boarders’ is still asking for a successful attack. One thing that the military has long understood is that there is never enough intelligence to provide 100% assurance of being able to defeat an attack. No, the only real way to prevent the possibility of an attack that actually results in the release of hazardous chemicals is to interdict the attack well beyond the perimeter fence. Since facility security forces have no authority to act off-site, facilities need to rely on law enforcement for these interdiction operations. This requires the sharing of counter intelligence information with local law enforcement personnel as early as possible. High-risk chemical facilities need to establish an active counter intelligence relationship with local law enforcement. Law enforcement needs to be made aware of the counter surveillance activities at the facility and in the local community. Actively involving the police intelligence collection effort in the facility counter surveillance plan will significantly extend the facility intelligence perimeter.

1 comment:

Red Team said...

You mention counter-intelligence with relations to law enforcement, however, it is not just local law enforcement that conducts and/or disseminates intelligence. The facility employees, contractors and vendors need to be part of the actual counter-intelligence.

Conducting surveillance of a facility can get a potential adversary only so much useful information. Social engineering tactics by adversary agents are another means of gathering useful targeting intelligence. Employees/ contractors and vendors need to know what is sensitive information. A relatively unassuming person can strike up a "harmless" conversation with an employee, and gather some very useful intelligence.

Employees should know what can be talked about, and what can't. As part of their security awareness training, employees should be encouraged to come forward with incidents were they have possibly been approached by a person asking sensitive questions. This information needs to be relayed to the proper security manager.

/* Use this with templates/template-twocol.html */