Surveillance, as I’ve previously explained, is a wide, deep and varied field, which in turn means that the strategies against it are no less wide, deep and varied. And though there are endless ways of looking at this field, and endless categories, subcategories and combinations of categories, in order to properly discuss this subject, we simply must start at some fundamental point.

The best way I’ve found to start discussing the strategies against hostile surveillance is to define four general categories:

Attack deterrence

Attack deterrence is the idea of painting an unwelcoming picture for hostile surveillance to see.
Security should try to make it clear to the hostile entity, as it conducts its surveillance, that the target in question is not an easy/desirable one; making it more likely that the hostile entity will either abandon its plan or take it elsewhere.

This simple and effective strategy doesn’t necessitate any type of specialized training on surveillance detection. It can be achieved through strong visible security presence, breaking of routines (whenever possible), Physical barriers, solid access control, and generally maintaining a high level of awareness, vigilance and professionalism.

In some cases, concealing the access control process can also help harden the target as this will make it harder for hostile surveillance to collect information on it – thereby making it harder to formulate a plan around it.

Another effective, if somewhat less conventional, set of actions that can help deter an attack are various activities that are difficult for the hostile surveillance entity to see and/or understand. Activities such as randomly photographing certain areas and people around the target, sporadically writing down license plate numbers of random vehicles in the area, etc. The random nature of these actions is precisely the point. Hostile surveillance operatives are not likely to assume that such activities are randomly performed for no good reason, which will force them to try to understand them better. Security, after all, is a major factor for hostile entities to understand and plan for, and the simple act of trying to understand such random activities will, at the very least, lengthen the process of surveillance; causing the hostile entity to increase its costs and assume more risk.

This shifting of the cost/risk-benefit ratio should further raise the probability that the hostile entity will either abandon its plan or take it to a different target that can be more easily understood.

Remember, the inability of security personnel to identify hostile surveillance, does not necessarily mean that the target is left completely vulnerable. Though this strategy might not guarantee safety (nothing actually can), it makes it much more likely that the hostile entity will simply select a different and less secured target as it follows its hostile planning process.

Surveillance Deterrence

Surveillance deterrence takes all of what was detailed in the above section, and adds another layer that provides the appearance of an active attempt to expose surveillance. This does not actually mean that all security personnel must be trained in surveillance detection, it’s enough that it appears that way in order to make it much harder/less desirable for a hostile surveillance operative to conduct surveillance on the target.

Surveillance deterrence can be achieved by combining a number of actions that will be viewed unfavorably by hostile surveillance operatives. Perhaps the most basic of these is an active projection of visual control over the area around the target, along with an attempt to detect and acknowledge any person spending any time in the area, or even just passing through it, regardless of whether or not they seem suspicious.

It’s important that a particularly large amount of attention be paid to the vantage points around the target. These vantage points can be located, assessed and plotted out by a surveillance detection professional, performing a service called Surveillance Mapping.  after Surveillance Mapping is complete, conventional security officers – not even necessarily well trained ones (as is very very often the case) – can be instructed to pay close attention to these locations. These instructions should include random visits to these vantage points, performed as often as possible, along with casual acknowledgements and even polite verbal engagements of people who occupy them, whether or not they appear suspicious.

Keep in mind that a well trained surveillance operative would probably assume a vantage point only after having established a solid cover and cover story, making it unlikely that he/she will be exposed by a conventional security officer. Nevertheless, when even a skilled surveillance operative is observed, acknowledged and verbally engaged, security will immediately seem more deterring; raising the probability that the hostile entity will either abandon its plan or take it to a different target where it will not be detected, much less acknowledged and engaged by security.

Surveillance detection (SD)

Surveillance detection is the attempt to covertly determine if hostile surveillance is being conducted, and if so, to collect general information on the hostile surveillance entity (time, location, appearance, actions, and correlation to the target).

SD operations must be conducted in a covert manner – every bit as covert as hostile surveillance, if not more – because the person who is being detected is him/herself trained in covert methodology. For this reason, no connection between the SD operator and the target, or the target’s security force, should be apparent.

In order to detect the subtle indicators of hostile surveillance, SD operators must first be well versed in surveillance operations. Generally speaking, these indicators consist of various types of subtle correlations to the target, and possibly some subtle mistakes that might only be apparent to an SD operator who knows what to look for. It’s possible that the detection of these subtle indicators will take quite a bit of time, requiring a number of fully dedicated SD operators; which is one of the reasons why SD operations are so costly and rare.

Because of the costs that are associated with surveillance detection, SD is a measure that is usually employed for the purpose of pursuing a hostile surveillance entity, rather than simply deterring it, and one of the ways to pursue hostile surveillance is with counter surveillance.

Counter surveillance (CS)

Counter surveillance is a follow-up measure that is taken only after hostile surveillance has been detected. CS basically turns the tables by conducting surveillance on the surveillance in order to collect as much detailed information on it. It must therefore be conducted in at least as covert a manner as SD, if not more so, since CS will probably need to observe, and possibly follow, hostile surveillance for even longer periods of time.

Counter surveillance, since it’s even riskier and more costly than SD, will usually be conducted for the sake of even more follow-up measures (discovering who the hostile surveillance entity works for, collection of evidence for litigation, investigation leading to arrest, etc.).

Now that we’ve covered the four basic strategies for dealing with hostile surveillance, let me make what I’m sure will be a contested claim, and inform anyone who is dedicated to conventional or even low profile security that surveillance detection and counter surveillance are not exactly open to you.

I hasten to add that this has nothing to do with skill or experience, and everything to do with the necessity to operate covertly. The strongest tool at the disposal of the conventional security officer – deterrence by appearance – is also the thing that disqualifies the officer from covert operations, if only because everyone knows who and where the officer is.

Let me make it very clear that in no way does this detract from the tremendous importance of conventional security; nor is it impossible for conventional security to detect hostile surveillance. There have, in fact, been numerous cases where this has happened, and we should keep in mind that not all hostile surveillance is conducted at such a high level.

Additionally, there is such a thing as SD-enabled security, which is a bit of a subcategory hybrid (which will be discussed in a later article). Nevertheless, it’s unwise to depend on exceptions and to only prepare for best case scenarios. It’s important to be honest about one’s operational and legal capabilities, and formulate realistic and dependable strategies that take this into account.

Thankfully, the first two strategies – attack deterrence and surveillance deterrence – are not only available to almost any security officer, they probably account for the vast majority of preventative interventions.

In the next article, I’ll discuss how almost any security officer can execute these strategies, and contribute to the prevention of hostile attacks.

Learn more about this subject—and many others—in my master class on Hostile Activity Prevention. 
Utilizing Israeli know-how and delivered by me, Ami Toben, this online course teaches actionable, time-tested methods of prevention, detection and disruption of hostile attacks.