Suspicious Incident Awareness – Part 3: External Factors

This instalment will address external factors that may expose your organization to security risks via tactics aimed at exploiting vulnerabilities. This is by no means an exhaustive list, but it may highlight a consideration that requires additional attention. I am calling these factors “external” because they usually originate from without the organization, and even though we cannot eliminate their occurrence there is much that we can do to prepare by planning and rehearsing response operations in order to mitigate the impact on business operations.

The prevalent external threat is intentional targeting of persons, businesses, or facilities under your protection. This targeting may be done surreptitiously or overtly, and its success will, in part, depend on the security features and capabilities of the intended target, the capacity of the individual or group of conspirators, and the ambition and execution of their plan. Surreptitious targeting is intended to be covert in nature, and the perpetrators largely hope to achieve their goals without being detected. This type targeting usually intends to sabotage business or facility operations by interfering with critical facility infrastructure, aspects of physical security operations, and IT infrastructure. Other types of targeting include forms of vandalism that may be more of a nuisance, but nevertheless require a response and have an associated cost factor. In the most extreme of circumstances surreptitious targeting may be intended to have life threatening consequences.

One of the more recently publicized types of covert targeting is colloquially referred to as “swatting”. This refers to the acronym S.W.A.T. popularized by film, television, and video games, which stands for Special Weapons and Tactics – a specialized police unit responsible for responding to high-risk emergency incidents such as shootings or hostage situations. Although not all “swatting” incidents can be described as typical, the goal of the perpetrator is to cause panic or an apprehension of danger to life and property. The ensuing level of response by the authorities is the culminating factor in this type of attack. A “swatting” event can be anything from a fictitious bomb threat to a report of an active shooter or a mass casualty incident; all such reports must be investigated. “Swatting” incidents tie up your resources, slow down or completely halt your organization’s business operations, and expose customers, visitors, and employees to risks through unnecessary lock-down or evacuation procedures. Detailed planning and thorough rehearsals of emergency procedures such as bomb threats, suspicious packages, lock-downs, sheltering in place, and evacuations should assist in mitigating the impact and speed up return to normal operations.

When considering covert targeting exposure I would be remiss to ignore copy cat incidents. These often occur within a short time of a real emergency or mass casualty incident, or as has been the case recently, a “swatting” incident. Copy cat incidents may be genuine attacks, or they may take the form of “swatting” incidents. In any case, it is imperative that security managers keep up to date on recent events and prepare their front-line and supervisory staff for the possibility of responding to emergencies, whether they are real or not. Advanced planning and preparation is the best way to minimize loss of life and property during real emergencies, and to lessen the impact of fabricated ones.

Overt targeting is intended to elicit a direct response and garner publicity for an issue or a cause that an individual or a group perceive worthy, or in extreme cases to terrorize the public at large. This type of targeting may take the form of a protest, and may involve tactics aimed at disrupting business operations. Persons engaged in overt targeting may initiate a campaign of negative publicity aimed at the target organization, likely over social media. Most low-level overt targeting will require a tactful response on the part of the security manager to address the concerns of the organization. However, we cannot discount the potential of security threats from individuals who may use the opportunity to carry out acts of sabotage or terrorism. In some instances overt attacks will not come with any advance warning, and last minute planning and preparation will be unlikely to lessen their impact. This is why advance consideration of such events is crucial to the safety and security of your organization.

Overt attacks in extreme cases are far worse than the surreptitious “swatting”, fabricated bomb threats, or fake suspicious substances or packages. Active shooters or improvised explosive devices are examples of mass casualty emergencies that will have a profound effect on the operations of your organization during and long after the conclusion of the event. The potential for this type of incident is low, but it remains; even in the slightest. Public venues, mass assembly facilities, retail shopping centres, schools, and office buildings are all likely targets; some more likely than others, and none with enough foresight to have such advance warning as to avoid all risk. Without sounding alarmist, any organization with a professional security program should be planning and preparing for the, albeit, unlikely possibility; because if in the past there may not have been enough reason to, currently there is very little reason not to.

Security managers should develop and maintain sources of intelligence respecting matters that may affect business operations of their organization. Explore all possible sources of information and reach out to public safety agencies in your area to keep up to date. Open source information may provide alerts of threats to critical infrastructure. Cooperation with security departments of organizations or businesses housed in the same or neighbouring facilities may provide valuable information, and foster a mutually beneficial association. Conferencing with managers of other departments within your organization may provide information about facility and personnel issues. The Human Resources department should be regularly consulted on personnel issues. It is not uncommon for current or former disgruntled employees to, in severe cases, present a security threat to other persons or property. Organizations must have in place a policy to deal with workplace violence and harassment, and take every precaution to protect workers from hazards from within and without the organization.

This is just a small glimpse of a vast subject matter that may affect the security of your organization. A thorough understanding of the mechanisms of the many different factors of concern will provide you and your staff with the tools to recognize suspicious incidents or behaviours, and help you decide on the course of action and the intensity of execution of a response that will enable you to mitigate the severity of an attack on your organization. In the fourth and final instalment of this series we will address issues of planning and preparation, and discuss lessons learned from past events.

Paul Koscinski is Public Safety & Security Specialist at National Life Safety Group.