As we see repeated incidents of targeted violence occur, the common theme of pre-planning leading up to execution of the attack strategy comes to light. For some reason though much of what should help us discern between a person of concern and the average citizen is lost in the cluster of information circulating. Moving the needle beyond dialogue to effective identification and mitigation strategies requires a change in our culture that will inevitably take time to occur.
A peer of mine made an insightful comment yesterday, “continued attacks will drive greater fear of personal safety and by its nature improve situational awareness”. I would urge everyone to consider that comment. How many more senseless attacks will need to take place before we, as a society, decide that we need to invest in improving the education of the public to make a positive change?
This education must include a clear understanding of the public’s role in Tactical and Operational Threat Assessment (TOTA™). Behavioral-based threat assessment has proven its effectiveness over the years, but many times there appears to be a disconnect between what is considered situational awareness and longer-term assessment of an individual’s propensity for violence. The reality is, they are interconnected and understanding this bridge is essential to identifying persons of concern early. We cross this bridge within the threat assessment community. On the other hand, practitioners of protective security operations work within the framework which means that the criticality of linking individual behaviors and activities to longer term threat assessment is sometimes lost in the noise. Below is a sample outline that I utilize in training our customers and teams:
- Behavioral indicators – These are observable behaviors that fit into the “see something say something” context however we need to take it to a more granular level. Reporting obvious security risks such as a person with a gun or an unattended backpack are fundamental. Elevating the value of behavioral indicators requires that the collectors raise their concerns for the individual or group based on things that “just don’t look right”. Executive protection professionals have been trained in this concept for decades; to recognize persons that are behaving in a manner that doesn’t fit the context of the event. For example, a security specialist may notice an individual acting abnormally during behavioral stimulation (questioning designed to elicit information regarding their purpose) or coworkers of the would-be offender may see early signs of fixation. Individually they may not mean much, but collectively they suggest an unhealthy obsession may be developing. For instance, the killer of Christina Grimmie, a 22-year-old singer who made her name on NBC’s “The Voice”, was someone that presented behaviors that concerned his coworkers.
- Activities of concern – Beyond the behaviors, we may see observable actions by the individual that are indicative of pre-attack preparation. The attendee at a concert who is preoccupied inappropriately with the entertainer’s routes in and out of a conference hall, suggesting perhaps pre-attack surveillance activity. Perhaps they are positioning themselves in proximity to a security vulnerability, loitering along a route of travel, engaging in abnormal levels of tactical training and preparation. These activities may suggest identification with a “mission”. For example, if we analyze the photo taken from the Christina Grimmie concert, we pick up that everyone in attendance appeared to be wearing t-shirts and shorts – clothing suitable for a concert in the Florida humidity. However, the killer was wearing a t-shirt, pants and a long sleeve shirt over his t-shirt. Was this to conceal a weapon? Were there observable behaviors he may have demonstrated upon entry to the venue that suggested he was fearful of his hidden weapon being discovered?
- Pathway indicators – The pathway to violence is a term widely used within the Association of Threat Assessment Professionals (ATAP) and coined by Steve Weston and Frederick Calhoun in their book Threat Assessment and Management Strategies: Identifying the Howlers and Hunters. This may lead to some confusion by those not specifically trained in behavioral assessment though. Perhaps we should think more about it as a meandering trail in the woods rather than a pathway. As the perpetrator moves along the trail, signs of a final destination may become more and more evident. They may deviate from the path periodically but eventually their fixation drives them to the obsession that has consumed their life at which point it is hindering them from normal lifestyle activities. It is at this juncture or pathway that indicators begin to collectively build where we can see the evolving mission.
- Person of concern identification – At this point the individual begins to become identifiable as a person of concern. Up to this timeframe, the security and law enforcement professionals engaged are working with a lot of noise. A myriad of persons has come to their attention. They must discern as to whether they are individuals or group members acting together or simply odd coincidences. As they clear through this fog, the team is increasingly able to begin their investigation into the person of concern and collect valuable information to inform their protective intelligence program.
- Assessment of propensity – Now that the person of concern is identified, the assessment of their propensity for violence can begin. This living investigation is ongoing and not a snapshot in time. It must also be considerate of the fact that we are investigating the actions of a human. Therefore, our assessment must be able to put behaviors in context to the individual’s situation. Social, familial and employment situations that all impact their frame of thinking.
- Mitigation planning and execution – As the assessment continues, the process of identifying a management strategy begins. This scheme will evolve with the assessment and changing dynamics of the person of concern’s behaviors.
It is in the mitigation and planning execution phase that I see a disconnect many times between protectors and the threat assessment community. The protectors see this as a snapshot in time. They encounter an individual that is behaving abnormally at an event. He/she is sitting outside of the security boundary, observing principles come and go, dressed perhaps in attire that doesn’t fit the event (behavioral indicator). This individual then moves closer to proximity of a vulnerable point in the security strategy, such as a controlled point of egress for the principle (activities of concern). The collective actions begin to form what the protector sees as the emergence of pre-attack planning operations and the evolution of a pathway (pathway indicators). They now officially are recognized by the security team as a person of concern (person of concern identification). They may approach this person and engage in some behavioral stimulation to see if they can identify their intentions (assessment of propensity). They then make an instant evaluation and design a management strategy. Perhaps they remove the person from the event or create a “be on the lookout” (BOLO) on the person. And this is where it ends.
For the professional threat assessor, this is just where we start. Certainly, the behavioral and activity indicators feed into the bigger threat assessment however we will want to look beyond this snapshot and investigate the person of concern. We will look for other intelligence that may suggest this isn’t their first rodeo (i.e. previous events, attendee information and photographs may help feed the protective intelligence effort). Perhaps this person follows the organization or principle on social media.
Further investigation may discover details on their personal identifiable information and a formal investigation may be suggested based on the significance of the behavior. All of this then feeds the assessment and design of management strategies that truly can mitigate future violence. Resources are not committed typically to the creation of a comprehensive threat mitigation strategy. Due to influence by the consumer and their budgets, security teams assign visible security people to every vulnerable point. Few, however, dedicate a resource to the protective intelligence function. Someone who can analyze all the clutter coming in from the security operation and turn it into operational intelligence. So, we sit, and we wait until the offender shows up. And we wonder why the security team didn’t stop the attack. Positioning the program to be reactive will only get us reactive results.
As a threat assessment professional, I encourage you to take the evolution of the security industry seriously. Advise your clients that they need to put dollars towards protective intelligence and the training of all personnel to make them better observers.