Close protection is a highly chaotic world. There is a unique intersection between physical and digital intelligence, and real-time analysis of environments, people, and conditions by on-the-ground members of a security detail. Traditional concepts such as advanced site-reconnaissance, movement and resource planning, principal schedule management, and the evaluation of physical site/location considerations – like angles, entries/exits, distribution or access of the general public, etc. – are all relatively the same as they always have been.
However, the speed at which digital intelligence can be gathered, organized, and disseminated in near-real-time has created an opportunity to enrich traditional intelligence and integrate it into many phases of the operation. This offers more relevant data to be used to make safe and effective decisions for the principal. Let’s talk about some of those integration opportunities below.
Pre-Event/Operation Recon & Planning
Prior to an actual event or principal engagement, physical security teams spend a significant amount of time planning the moving parts of an operation – scheduling, staffing, transportation, location security, and so on. A lot of this is still done using traditional methodologies such as “how big is the event space?”, “how do we get from A to B?”, “is the public going to have access?”, etc. While these empirical metrics are the cornerstone of a close protection plan, public sentiment around the event, known threats, or chatter leading up to the event can have a major impact on how those traditional plans are either rolled out or modified to best protect your executive.
Platforms like Media Sonar make the monitoring of web intelligence automated and alerting on new discoveries time effective and intelligence-gathering comprehensive.
Web Intelligence has grown in reliance and usage in security verticals such as cybersecurity, corporate security, and brand security over the last handful of years. Its usefulness in the arena can be equal in physical protection applications, although it’s yet to be as common as an application. Platforms like Media Sonar make the monitoring of web intelligence automated and alerting on new discoveries time effective and intelligence-gathering comprehensive.
Close protection teams “know” everything or as much as they can, from the side of the principal. Their behaviors, their schedules, their wants/needs. What close protection teams “don’t know” is everything on the other side of the fence and how it’s impacted by the emergent nature of human behavior. That’s where pre-event reconnaissance and intelligence gathering can help set the most effective security strategy more in stone.
Search social media, blogs & deep/dark web for indicators of attack
Media Sonar allows for targeted queries to be crafted, saved, and alerted on so security teams can collect a wide array of contextual information about their principal, the event, and anything else of interest surrounding the mission. This can be anything from news media to even more actionable sources, such as social media, discussions, and forum boards. The more behavioral indicators that can be found ahead of time allows for effective changes to a templated security strategy for an event.
Alerts are far more effective than manual searching
Truth be told – there are teams out there that already spend a great deal of time manually searching digital sources for intelligence that can influence the end-state security plan. Problem is – most are still doing it, operative word, manually. Manual processes ensure that time is only linearly used as a security researcher can only handle one search at a time.
Media Sonar allows for concurrent queries to run at the same time, each with alerting features to draw the attention of a researcher only when there are new hits to their contextualized/focused queries. This not only collects better information to turn into intelligence, it means more can be gathered in a shorter amount of time and less effort for the user who is collecting it.
Intelligence enrichment can help adjust plans ahead of time
While the military adage of, “no plan survives the first contact” often holds true in how things tend to play out, it doesn’t mean it’s the desired strategy – especially in chaotic, complex situations and environments. When something goes south in the real world, any and all advantages that can benefit backup plans are welcome.
Discovering a specific indicator of attack before it happens allows protection specialists to a) account for it in a plan ahead of time, and b) prepare mentally for a tangible threat, above and beyond the recognition of all randomly possible threats that a templated plan would account for.
Movement- and Resource-Planning and Management
Close protection – as a concept – actually isn’t (gasp) rocket science. That is not to belittle the craft, it’s just a straightforward mission at heart. Allow your principal to do their job and live their lives as safely as possible, with as few restrictions to their behavior as possible. Get them to where they need to be, on time while being respectful, polite, and considerate to their wants and needs.
At the end of the day – it is their life. Teams often have to deal with the changes to the plan and whims of the principal – how their day will proceed, where they want to go, and how they want to get there, and when. Web Intelligence can assist in these areas – especially as requests and changes emerge based on the principal’s desires.
Active-scanning of traffic issues
For the most part – most local principal transportation will be done on the ground. That means all the same trappings of ground travel that worry morning-commuters need to be considered and accounted for by security teams. Sure – your team may have a concrete handle on what to do if the convoy takes direct fire – but do they know about the traffic jam that’s 3-minutes up the road or do they know about the freeway closure that’s been planned for this week? Media Sonar detects contextual data related to news reports and social media chatter that can inform the team’s travel route, timings, and detours. These queries can be set up ahead of time, with alerts presented to intelligence collectors in near-real-time.
Repositioning of support resources
Your principal injects the intention of showing up to a local protest rally into their schedule, 1-hour before they declare they want to attend. The team sends advanced resources to the location to scout the physical environment and get a “feel” for the human nature at play. Ten minutes before the principal is to move, the location is changed in real-time. Your team struggles to rush advanced resources to the new location, but is able to arrive in time before the principal, but essentially at the same time as the main group along with the principal.
While getting eyes on the location is ultimately imperative, no matter the plan – doing so at the same time as the principal sets up for a large bag of unknowns and emergent possibilities. This is where any form of contextual web intelligence can be useful. The collection of such does not require a physical body at a location to collect it. It travels at the speed of computing and collection. Any social chatter about these kinds of things can help inform advanced or main-teams before they ever step foot on the ground.
Combating the emergent nature of the principal’s free-will
One of the most common forms of emergent plan modifications comes in the form of the will of the principal, considering they are the boss. Except for when strict security protocols take overriding precedence, the principal is able to carry out their days how they wish. This includes things that weren’t on their schedule or accounted for in the original security plan.
In a lot of cases, the information won’t change the fact the detour is happening – but in the case where an active threat-cue is found, it can be the difference between overriding the principal based on solid security concerns, or walking into an ambush.
Leveraging web intelligence such as social media chatter can allow for intelligence collectors in an operations center to better feed contextual and actionable information to ground teams, as they deal with, said changes. If they’re needing to go to a new location that wasn’t originally planned, information and social conversation about that location can be collected and presented to help give a security team an idea of what exactly they’re walking into before they walk into it. In a lot of cases, the information won’t change the fact the detour is happening – but in the case where an active threat-cue is found, it can be the difference between overriding the principal based on solid security concerns, or walking into an ambush.
Day of Event Security Management
It’s the day of the event/engagement – the day where all the planning beforehand reaps the reward of everything going just as planned, with no issues. Wait. That doesn’t sound correct. We meant the day where you throw all your best-laid plans and security assumptions to the pack-of-wild-dogs that is human nature to see if it survives being potentially torn apart. FTFY. Let’s explore some ways Web Intelligence can be utilized to help control the chaos of public, emergent events while protecting your principal.
Managing the chaos of a public appearance
At the end of the day, when a security situation unfolds in front of a close protection team – it’s already too late as it’s happening in real-time. The success of the team at that point purely depends on their ability to handle that dynamic situation and secure their principal. Anything that can give the good guys an advantage in this reactive environment can be the difference between life and death. Day-of monitoring of social media and news media content can be a useful source of contextual, human-based information about the environment and people you’re operating in and around. A social media post detected – whether seconds, minutes or hours before human behavior actually emerges, in reality, can be what determines the ultimate success or failure of the mission. This gives security teams back one of their most valuable resources – time.
Social Media as a pre-attack-indicator force-multiplier
One of the most direct ways a close protection team can predict an attack is by using their eyes, ears, brain, intuition, and experience to gauge the environment they’re in and the people who fill it. The problem is, this evaluation of the situation happens in real-time, and attackers will generally only be known the moment they decide to act on their plans. Some of these potential threats will act as many humans do online – they’ll talk. They’ll share their feelings and plans with the world, sometimes even if no one is apparently listening. Assessing the behaviors and pieces of content helps fill the gaps missed by the eyes, ears, and brains of the security teams on the ground.
When these breadcrumbs are detected and evaluated early the security team can adapt the security plan, add more security resources, or even outright cancel your principal’s involvement in the event. Sure, the lead-time between detection and event might only be minutes. But in the world of principal security and potential violence, minutes can be as long as a lifetime.
Combating the emergent nature of the principal’s ego
Humans are storytellers – and in our modern world, that generally means sharing online to some degree. Whether your executive blogs or posts to social sharing media like Instagram, Twitter, or Facebook – it’s all information that could be useful to a potential threat. Keeping abreast of what your principal is putting out into the world can help allow a security team to evaluate that information for its security contexts and adapt their own plans based on how that changes the threat landscape. Is your principal a famous movie star attending a movie premiere – and just posted to Instagram about arriving at a location that wasn’t officially named in the premiere advertisements? Well, any potential threats that may be monitoring your principal’s social feeds just found that out.
Humans are storytellers – and in our modern world, that generally means sharing online to some degree. Whether your executive blogs or posts to social sharing media like Instagram, Twitter, or Facebook – it’s all information that could be useful to a potential threat.
Again – as a security team, it’s not your job to ultimately tell a principal they can or can’t do something potentially innocuous, even if you see it related to some security context. You can’t control their ego, but it can be an advantage to at least be aware of the information they’re putting out there.