In the first article of this series, where I discussed access control, I gave an example of a pen-recorder I caught on an individual who was trying to sneak it into a highly secured shareholder’s meeting. I explained how the pen itself was small and hidden, but suspicious indicators about the individual who was carrying it were already noticed in the Outer Circle, and that he was flagged for extra special screening before he ever made it to the Inner Circle, access control station.
Well, there was actually another layer to this story, an additional protective circle that began before this individual (and a few others) ever even made it to the Outer Circle – an intelligence circle.
The fortune 100 corporation we were working for, placed (and still places) a great deal of importance on protective intelligence – and for very good reasons. The intelligence about specific individuals who were going to get themselves into the meeting by legitimate means (acquiring share ownership and signing up for the meeting) was actually picked up on social media. Not only did we gain vital intelligence about their intentions, we even knew how many of them would be coming, and who they were.
Having all this intelligence did not in any way diminish the need for, or the importance of, the Inner and Outer Circle relationship. Based on their appearance and behavior alone, these individuals would have been flagged for extra scrutiny – even if we didn’t have detailed intelligence on them. But the fact that we did, not only made our job easier, it added an extra bit of pin-pointed accuracy that you usually don’t get in conventional security operations. This accuracy not only applies to the extra thoroughness with which the access control officers screened these individuals (which led to my finding the pen recorder on one of them), but extended itself to various measures that were covertly taken in the meeting itself (which I will not discuss here).
Pretty much every movement that opposes a corporate or political organization has an online presence, which usually includes various social media pages and forums where members discuss and organize the actions they intend to take. Most often, these actions are no more than peaceful protests, but occasionally, there are also plans to infiltrate events in order to disrupt them, secretly record them, get access to key individuals, etc.
Another case where we received that kind of intelligence happened a few years ago, before a large political event we were protecting in the Silicon Valley. The details we got were very precise, and included the name and even the photo of an individual who belonged to a student organization that vehemently opposes our client. We even knew by what legitimate means the individual intended to enter. We advised our client to not let him into the event, but were told that for public relations reasons, he was not to be turned away. We were instructed to screen him well but allow him to enter. The individual was picked up by our Outer Circle operators as soon as he neared the convention center where the event was taking place. The Outer Circle operators relayed this information to our Inner Circle access control officers, who did a very thorough job checking him through the metal detector gates (they even made him take his shoes off). The individual was then let into the venue, where, unbeknown to him, our covert internal security element kept him company during the entire event.
Intelligence will always have a certain cool, sexy aspect to it. When you see it in the movies it’s usually the intelligence gathering side that’s glorified rather than the receiving and implementing side of things. But having been on both sides of this, I can say that there are few things more immediately satisfying than utilizing good, solid intelligence to get surgical, pin-pointed security results.
A few words on protective intelligence
Protective intelligence is the interesting juncture where you begin to expand outwards from direct physical protection, and enter realms like online presence, remote information collection, open sourced information, communications and surveillance detection.
A good way to visualize this idea is to think of reactive mitigation as your inner most circle of physical security. Around this, we extend a larger circle of proactive prevention, and around that circle, we extend an even larger circle (one with an undetermined size) of protective intelligence.
In a well written article by Kristin Lenardson Schwomeyer and Charles Randolph (two of the most highly regarded leaders in the field of protective intelligence), an important distinction is made between intelligence and information. Intelligence, the article explains, is information that is contextualized for your needs. “You discern what information is actually important to your principal and the detail; this turns the information into intelligence”. The article also emphasizes the need to diversify your sources of information – to not depend on any single source by itself.
In the spirit of diversifying your sources of information, I’ve always been an advocate of expanding intelligence gathering into the field in order to better connect the cyber and open sourced dimension to the physical reality on the ground. It’s not that remote intelligence collection isn’t important – on the contrary, that’s where you want to start – and I’ve given two examples (out of many more) where this worked very well for us. But in many other cases, especially where we have little to no remote intelligence, adding a field component to your intelligence sources is a good idea.
The field component of your protective intelligence effort (usually SD) can provide two very important functions:
- It can collect vital, accurate information about unfolding events, situations and activities in real time; and draw on-the-spot inferences from what’s actually happening in the field. No open or remote source can currently provide this.
- It can verify the accuracy of your open sourced intelligence by means of physical observation – in real time. Open sources can be very important, but until they are put to the test – until you have evidence from the field – they essentially provide you with unsubstantiated claims. If you never see how open sourced intelligence does or doesn’t physically manifest itself in the field, how will you verify if it’s good intelligence?
As more people learn about circles of security, we continue to shift the security industry out of a passive, defensive posture, and into more of a proactive one. We’ve discussed how we want to surround our assets with an Inner Circle of control and filtration. We’ve discussed how we want to surround that circle with an even wider one of visual deterrence, early detection and exposure. Now let’s surround that one with an infinitely large circle of intelligence, one that includes both remote sources (electronic, cyber, OSINT, etc) and field sources (surveillance detection and field observations).
Please consider supporting Protection Circle by going to my Patreon Page.