Personal Observations on the Evolution of Protective Intelligence | #emailsecurity | #phishing | #ransomware


“We memorized them and if they were in the crowd they were brought to everyone’s attention.” 

– Former U.S. Secret Service agent Jerry Blaine, The LANCER (JFK) Detail (email exchange on January 29, 2021)

Author’s Note: Special thanks to Scott Stewart and Mike Parks, protective intelligence professionals who were with me in the trenches from the beginning and contributed to this article. 

Introduction 

The protective intelligence model was developed and implemented by the U.S. Government, in support of protective operations. In 1998, we transitioned the model into the private sector, and it is now deemed to be among the “best practices” in the protection of CEOs, corporations and executives.

The Backstory 

In the 1980s, I was fortunate to have been part of the original unit in the State Department’s Diplomatic Security Service that recognized the need for protective intelligence and outlined my time there in my memoir, Ghost (Random House, 2008). 

In sum, we always did a good job of investigating attacks around the globe, but investigating attacks never prevented the next incident. In the 1980s, the tempo of attacks was relentless, including horrific embassy bombings, hijackings and kidnappings. Operationally, we were global smoke-jumpers, one day in Madrid and the next day in Bangkok, investigating threats and terror attacks. That high tempo of attacks against diplomatic targets began in the 1970s with the kidnappings, hostage-takings and murders of our diplomats in Beirut, Khartoum, Kabul, Islamabad and Tehran.   

In breaking down terror attacks, there was the one constant – the threat actor always studied the target before attacking, a concept called pre-operational surveillance. In the same timeframe, we began training in counter-surveillance (CS) – looking for the threats outside the protective bubble by identifying anyone who was attempting to conduct pre-operational surveillance. Our logic was simple: if we could identify the threat actors while the adversary was conducting surveillance, which in those days usually meant watching by foot or from a car, we could interdict or disrupt the attack cycle. One of the more interesting aspects of our CS development was recognizing that certain aspects of surveillance detection used to identify hostile intelligence services actions could be applied in the field of protection, like blending into the environment, cover for action, looking for behaviors such as lurking, photography, and time and distance variables.  

Counter-surveillance became the key ingredient for the foundation of protective intelligence. Ultimately, we were creating concentric rings of security, pushing the security perimeter outside the physical structure of the building or the protective detail. In principle, the concept is simple.  But in practice, it takes training, the right kind of team members, acute observation skills, and the ability to blend into the landscape. Our agents didn’t wear suits and Ray-Ban sunglasses. They were dressed down in street attire and blended into their surroundings. Some were bike messengers and others sat at bus stops. It was a lonely job. 

When Mike Parks of our unit wrote the first memo explaining the concept, our operating premise to sell the idea was entitled, “Protective Intelligence Counter-Surveillance or PICS”.   PICS became the acronym. When we rolled out our first teams, the agents’ radio chatter referred to the CS team as “pixies,” because we were out of sight and would mysteriously appear, but we were always there watching their backs for trouble. (Of course, “cop humor” might also have been behind the nickname, but either way, I think we earned our keep.) 

The Early Days 

In the United States, two federal agencies were at the forefront of the concept of protective intelligence and threat analysis: the U.S. Secret Service and the State Department, Office of Security, known as SY. In the 1960s and 1970s, tragedy forced change for both U.S. Government agencies driven by Congress and various Congressional investigative commissions responding to political assassinations, terror attacks, kidnappings and bombings. For example, the Warren and Inman commissions changed the operational landscape for both organizations for decades to come. Other U.S. Government agencies have protective intelligence teams, to include the U.S. Capitol Police.  The Los Angeles Police Department has long been recognized as having a tremendous threat assessment group focused on celebrity stalkers.

At the time of the Kennedy assassination, the main job of the USSS Protective Research Section (PRS) was to collect, process, and evaluate information about persons or groups who may be a danger to the President. PRS was small, comprised of 12 specialists and 3 clerks. The unit was responsible for creating “flashcards”, 3×5 index cards that depicted persons of interest. Protection agents carried the flashcards in their suit pockets and studied them during their downtime. The agents memorized the faces of the BOLOs or persons of concern, as former special agent Jerry Blaine from the Kennedy detail told me. As one can imagine, this must have been a daunting task.

The Secret Service PRS team also kept detailed manual records on persons of interest (POI), since the historical threats directed towards the President of the United States came from lone shooters, like Lee Harvey Oswald, Squeaky Fromme, Charles J. Guiteau, Leon F. Czolgosz, Sarah Jane Moore, John Schrank, and Guiseppe Zangara. Interestingly, except for Oswald, very few had a history of violence, as the Warren Commission noted.  

The State Department’s SY/TAG unit had a similar mission, but they were focused on terrorist groups, such as the Black September Organization. In December 1976, the SY Threat Analysis Group (known as TAG) was created within the Department of State, along with the SY Command Center, driven by the March 1973 hostage-takings and killings of Ambassador Cleo Noel and Deputy Chief of Mission Curtis Moore, along with a Belgian diplomat, at the Saudi embassy in Khartoum, Sudan.

The Modern Days 

After the bombings of the U.S. embassies in Beirut and Kuwait, SY became the Diplomatic Security Service in 1985, and the Counterterrorism and Protective Intelligence (PI) Division was created to supplement the Threat Analysis Division with an investigative approach. The unit was based out of headquarters, but operational in the field. Its primary mission centered on intelligence, threat briefings, threat investigations and counter-surveillance in support of protective operations, special events and for the Secretary of State’s international trips. Early protective details included the Middle East Peace Conferences, United Nations General Assemblies, visits of foreign dignitaries like Mikhail Gorbachev, PLO Chairman Yassir Arafat, the British royal family and the Olympics in Atlanta. Even in the early 1990s, warnings to “Be on the Lookout” – also known as BOLOs – of persons of interest were typed, photocopied and passed around by hand. The whole process was very similar to how the LANCER detail operated when it protected President Kennedy in the early 1960s. 

The Secret Service has always been recognized as the gold standard in the protective intelligence space, especially in the threat assessment and management space. The integration of analysts, threat analysis, and psychologists into the management of threat cases provided a holistic approach to the field of threat mitigation. In 1998, the Secret Service created the National Threat Assessment Center (NTAC) to provide research and guidance into the protective mission. Also, in 1998, the Secret Service produced “Protective Intelligence & Threat Assessment Investigations:  A Guide for State & Local Law Enforcement”.

Protective Intelligence Moves to the Private Sector

In 1998, we transitioned the protective intelligence model – to include the creation of the first dedicated protective intelligence analyst in the industry – into the private sector, in support of protection for a major technology company and its high-profile founder. Scott Stewart – now the VP of Intelligence at Torchstone Global – was the first protective intelligence analyst. Word spread to other Fortune 500 companies and the next thing I knew, we were explaining the concept to many others. At its core, the PI approach is perfect for the protection of CEOs, families, children, estates and executives. Discreet protection is especially popular because it creates doubt and confusion among potential bad actors while giving protectees the gift of leading their lives unencumbered by obtrusive “goons with guns” style protective details. It also works very well in the protection of home offices and headquarters facilities. What we lacked during that time was innovative technology to help, aside from slow GPS tracking capabilities for vehicles, which was unobtrusive and informed our protection efforts. Excel spreadsheets were our most used databases and the investigative work was often slow, sometimes outdated and labor-intensive.   

Protective Intelligence Today

Digital technology has transformed protective intelligence, leaving behind the 3×5 index cards and typewriters that were once our primary tools. I like to call it holistic or umbrella protective intelligence now. License plate readers, image matching, continuous monitoring, crime and weather alerts, threat assessments, integrated systems and workflows, have all been transformative. The human failure of missing a signal from an observation post or gatehouse can be eliminated in many cases using technology. Step-by-step workflows inside platforms can also help you make sense of a threat and ensure your team has a consistent response. Threat actors can be databased and automatically updated with new signals and actions, including geo-fencing areas so you can track the proximity of threats. Real-time alerts have always mattered, but now technology is truly watching your back. 

Protective intelligence is a living, evolving endeavor. At any given moment, the same technology that enhances our work is also accessible to threat actors. We have ample evidence that the more sophisticated among them use it to great effect. Look at the October 2016 home invasion and robbery of media personality Kim Kardashian by a sophisticated criminal group. The incident almost certainly used a combination of old-fashioned, eyes-on surveillance and very modern eavesdropping of her online communications to time their attack when her security was not present. Staying ahead of the technology curve is critical – the bad guys are doing it too.

The post Personal Observations on the Evolution of Protective Intelligence appeared first on Ontic.

*** This is a Security Bloggers Network syndicated blog from Blog Archive – Ontic authored by Fred Burton. Read the original post at: https://ontic.co/blog/personal-observations-on-the-evolution-of-protective-intelligence/



Original Source link

Leave a Reply

Your email address will not be published.

twenty eight + = thirty one