In last week's On Security, I talked about the threat posed by skilled and imaginative terrorists who are capable of conceiving, planning and conducting sophisticated attacks. Countering these novel means and tactics takes an equally creative approach to crafting security measures.
This idea dovetails nicely with a presentation I gave Sept. 14 at an InfraGard conference in Orlando on the dangers and limitations of using information found on the internet. The key point of my talk was that although a lot of data is available online and can be used by those planning an attack, there are also critical pieces of information that cannot be found on any website and can be gleaned only through physical surveillance.
Where these two topics intersect is the terrorist attack cycle. No matter how innovative a terrorist planner is or how sophisticated his tradecraft, he is still bound by the constraints inherent to the attack cycle. Furthermore, though information found on the internet can greatly assist terrorists and reduce the amount of physical surveillance required, gaps between what is available online and what is needed to plan an attack remain. By identifying and monitoring these gaps, security personnel can detect attack preparations in time to stop a plot in its tracks.
The Importance of Information
But before we can discuss how to target and track information gaps, we must first understand how that information relates to the attack cycle as a whole.
Information is essential to the terrorist attack cycle because, in many ways, it enables planners to move from one stage to the next. The phases of the cycle build upon one another as actionable intelligence, which is based on information, accumulates. Intelligence also becomes more focused and specific as the cycle progresses. When identifying potential targets, for example, the information needed may be as general as a list of people. But as the planner narrows down the list, more detailed information is required to determine which target is most vulnerable and the best type of attack to use. Information like where the target lives and works, and what security measures are in place, must be obtained so that planners can determine whether they are capable of launching a successful assault.
Once the target has been chosen, even more specific intelligence is needed to plan the attack. Gathering such information often takes more effort, including surveillance to learn daily routines and pinpoint predictable times and places that the target can be confronted. These opportunities are frequently found in commutes to and from work, recurring appointments or planned events announced on social media. Knowing that the target will be in certain locations at set times, planners will then evaluate these possible attack sites for their merits: Do they offer an attack team the access, cover and concealment required to execute the plot and hide or escape if necessary?
Finding the Missing Pieces
Information is clearly vital to every stage of the attack cycle. Security practitioners (or even targets themselves) who are aware of that can then concentrate on figuring out what information about the buildings or people they are protecting exists on the internet. Data can be culled from websites, social media outlets and paid searches by information aggregators — the results of which can be quite shocking to those who have never used them.
Once this information has been collected, it must be reviewed with an eye toward how it might be used by attack planners to spot and exploit vulnerabilities.
How useful a piece of information is might depend on the type of target being protected: The intelligence needed to attack a person is very different from that needed to assault a factory.
After the information has been assembled into a mosaic based on the attack cycle, the next step is to find which pieces of the emerging picture are missing. The bits of information needed to conduct an attack that couldn't be found online represent the things that a would-be assailant must learn by other means — in all likelihood, by surveillance.
Going on the Offensive
Knowledge of these gaps should not simply be filed away for later. Rather, it is an excellent opportunity to take deliberate action by looking for signs of pre-operational surveillance. Security professionals can determine where someone would have to look to find the missing information and then monitor those locations using countersurveillance operatives or electronic surveillance equipment, such as cameras, that can be coupled with a system for flagging and recording activity in sensitive areas. Of course, cameras are not a tool unique to security personnel; hostile parties can use them as well. Earlier this year, Islamic State members in Belgium used hidden cameras to watch a victim and his residence. Security professionals therefore must look for hidden cameras in addition to operatives performing surveillance in key areas around the principal or facility being guarded.
An alternative option is to "heat up" those areas with more security resources, discouraging potential perpetrators from monitoring them in the process. Depending on the resources available, protective details could even use some combination of the two tactics, heating up some areas to force surveillants to observe other locations where they can be more easily detected by security assets stationed there.
Because information gaps must be filled before an attack can be planned, minding them in this manner gives security teams a chance to identify hostile surveillance and disrupt the attack cycle in its early stages. And as every security professional knows, acting proactively to stop an attack is far better than reacting to one that has already happened.