Sunday, May 23, 2010

Counter Surveillance

Long time readers of this blog will be well familiar with my consistent calls for high-risk chemical facilities to establish counter surveillance programs as part of their security planning. Two internet articles, one from London and one from here in the US, from last week take a brief look at formal counter surveillance programs established by government agencies look at some of the issues that face such programs. Security Guard Interactions The program in London provides training to local security guards in how to deal with individuals taking pictures or making sketches of public buildings. The article points out the concerns of civil rights activists that the program has security personnel and police unlawfully stopping people for doing nothing more than taking pictures, hardly an illegal activity. Anyone setting up a counter surveillance program needs to take care to ensure that their legitimate security efforts don’t trample on the civil rights of the public. While taking pictures of chemical plants is less likely to be an action taken by simple tourists, there are still a number of legitimate reasons for people to be taking such pictures. Chemical safety and environmental activists all have a politically protected right to take such pictures as long as they don’t trespass on facility property. There is nothing wrong with security personnel talking with such off-site observers as long as care is taken to ensure that nothing in the actions and demeanor of those personnel that would indicate an effort to ‘detain’ the off-site personnel. Politely asking who the people are and why they are taking the pictures is unlikely to raise civil rights concerns. Crossing the line by demanding to see identification or blocking the movement of individuals or their vehicles until the police arrive should be avoided unless there is some other clear indication of obviously illegal behavior. Extensive training, vetted by company legal staff, needs to be provided to security personnel interacting with non-company personnel. Having said that, taking pictures of a high-risk chemical facility is an action that might be an indicator of a pre-attack terrorist planning process. Terrorist would need that type of detailed facility information to conduct target selection and planning activities. Identifying people conducting this type surveillance activity is a key part in preventing terrorist attacks. This makes identifying personnel taking pictures of a chemical facility a key intelligence activity. General Public Observations The second article looks at providing training to non-security personnel to report suspicious activity. The program sponsored by DHS relies on the fact that people working in the community have a better chance of observing suspicious activity than intermittent police patrols. They may spend more time in a single area making them more attuned to what is normal and what is abnormal. High-risk chemical facilities can utilize local neighborhood organizations to perform a similar function. The facility neighbors have a strong self-interest in helping to detect potential terrorist attacks that would directly affect the local population. Since management needs to be talking with these same people on emergency response planning matters, they might as well be asking these same people to help identify unusual individuals that show an interest in the operations of the chemical facility. To be effective any such observation program needs to include a reporting procedure that is simple and encourages participation. A phone number needs to be made readily available to the local population. More importantly there needs to be a positive person on the receiving end of that phone call that knows how to ask questions to draw out additional details. A voice message system is unlikely to inspire continued participation. Facility employees can be trained to accept these calls, but it would probably be more effective if trained security or law enforcement personnel handled this.


Jim Lupacchino said...

Thank you for raising this critical topic. The concepts of detect, deter, delay, defend is embedded throughout the Risk Based Performance Standards within CFATS, specifically RBPS 1 – Restrict Area Perimeter, RBPS 2 – Secure Site Assets, RBPS 3 – Screen and Control Access, RBPS 4 – Deter, Detect, and Delay, RBPS 5 – Shipping, Receipt, and Storage, and RBPS 6 – Theft or Diversion.

Experts agree that the most critical component of anti-terrorism effectiveness is recognizing Terrorist Attack Preincident Indicators (TAPI). Those patterns of behavior that are matched with known terrorists methods of operation.

For example, in August 2007, The FBI is asked for the public’s help to identify two men who had been seen acting suspiciously aboard Washington State ferries recently. Passengers had seen the men on multiple ferry rides, taking photographs of ferry doorways and found in areas of the ferry where passengers were not normally located. An alert crew member took a photo of the two men which was later published in the FBI Alert notice. Newspaper editors wrestled with the photo-privacy issue, television stations ran the photos.

The crew member who took the photo did so based on the suspicious behavior of the two passengers. The crew member possessed a threat level awareness particular to his or her environment. Puget Sound’s ferries were the nation’s No. 1 target for maritime terrorism.
The behaviors matched the known terrorists methods of operation. The alert crew member responded to those behaviors by taking the photographs of the two passengers.

Turn now to the CFATS covered facility. Much like the ferry crew member, security officers and plant employees must be educated to establish a threat based awareness specific to terrorist techniques. This training is most effective when customized to the roles and responsibilities of various departments. From Sales to Shipping, threat based awareness will take different forms reflective of the unique function's environment.

Traditionally, security officers have had the primary responsibility of monitoring and controlling the access points of the property. Now, in order to detect the Terrorist Attack Preincident Indicators (TAPI) and the incipient stages of hostile surveillance, active monitoring of the perimeter, clear zones, assets and restricted areas is essential. Compliance and operational security requirements demand a threat-based counter surveillance plan as a component of the facility security program.

A threat oriented security force enabled with technology and empowered by plant policy is the first line of defense in meeting the challenges of protecting CFATS covered facilities.

Jim Lupacchino
Director, Operational Support
Day & Zimmermann Security Services

PJCoyle said...

For my response to Jim's comments please see:

/* Use this with templates/template-twocol.html */