Protective Intelligence is the process for collecting and assessing information about persons who have interest, motivation, intention and practical capability to do harm.
The following is a real-world example of how effective protective intelligence helped to reduce risk and prevent violence:
“Wally” had been coming into work at 9am and leaving at 5pm for the past few years, so it flagged as unusual when a random audit of his key card activity showed that he had been arriving several hours earlier these past few weeks. A deeper look into his key log revealed that the month prior he had been staying later – well after everyone had left. Another review of the locations where Wally had used his keycard to gain entry showed that he had regularly entered into parts of the building he had no reason to be. Some of them were areas of sensitive research and development. A red flag was raised.
A week later, a human resources audit raised another: Wally had been passed over for a promotion three months earlier. A decision was made to pull-up Wally’s internet activity. His online history showed he had been engaging in some browsing and social media communications that could only be described as “unfavorable.” An investigation and threat assessment was authorized.
While it’s true that there is no particular “offender” profile, observable behaviors such as the expression of a grievance, acquiring of weapons, research on how to breach security protocols, conducting surveillance, and developing a plan, are all predatory behaviors common among those who intend to initiate a targeted attack.
There are five important factors to keep in mind when it comes to the safety and security of an organization:
1. Those who wish to do harm do not just “snap.” Targeted violence is the result of an identifiable and observable process of thinking and behavior that when identified, assessed, and managed has been proven to prevent violent outcome.
2. Violent offenders do not make direct threats toward their intended target…but they do express their intent to others they believe will be agreeable, supportive or even sympathetic to the ideas that they can “do something” to resolve their grievance. The expression of these grievances increasingly takes place via social media.
3. On the pathway to violence, those who wish to do harm must first engage in some form of research and planning to determine the likelihood of success for their intended action.
A key component to to bringing a threat assessment case toward peaceful resolve is identifying the subject’s attack-related behavior. These are the self-identifying patterns on the pathway to violence that include research, planning, weapon acquisition, training, and logistical considerations. The research and planning phase provides the best protective intelligence to determine if the subject poses a realistic threat that is likely to escalate into violence. This phase also offers the most observable monitoring of the time, money, and effort, being invested in the subjects willingness to do harm. This phase is crucial in determining if the offender will continue on the path toward violence or if they will transfer their ideation toward a more easily accessible target.
It is important to keep in mind that to the violent offender, likelihood of success is the most significant factor in the decision to move forward with their intended action.
This is one of the predominant factors as to why schools are so frequently targeted by their own students and why workplace violence offenders attack their own offices. The offenders know these locations well. They know the terrain. They know the active-shooter response plan. They know the layout of the structures. They know what the security response is likely to involve. They know how effectively access control is regulated, and they are able carry out a “dry run” rehearsal without raising much suspicion.
4.There is a difference between a threat which has been made and those who pose a threat.
Of the two, posed threats are of greater concern. For the most part, those who verbally express threats have made a conscious decision to employ fear and intimidation rather than violence. Those who pose a threat are of a much greater concern as their self-identifying behavior is consistent with actions that are commonly associated with violent outcome.
Think of it in terms of driving in traffic. The person who yells and screams bloody murder as you merge into their lane is expressing a threat, but otherwise poses no harm. Conversely, the person who clenches the wheel, grinds their teeth, and stares at you intently as they start following you home is exhibiting predatory behavior that poses a threat.
In an organizational setting, the difference between expressed threats and posed threats is especially common in scenarios involving “bomb threats.” The purpose of a bomb threat is to instill fear, panic, and disruption – not to physically destroy their target. If the intent was to physically harm their target, they would not call in the threat. A would-be-offender who is able to acquire the materials, build the bomb, secretly gets the bomb inside their target area, emplacing the device, and then successfully escapes after without incident would not go through all of that hard work only to undo it all with a phone call.
5. Effective Threat Assessment is about a “Totality of Circumstance.”
This means the focus should be more on the concerning patterns of behavior that occur over the course of space and time rather than the assessment of a specific incident in the context of a singular occurrence.
In the case of Wally, the protective intelligence process was able to identify behavior patterns, internet activity, and social media postings that made it clear that he posed a realistic threat to the safety and security of his colleagues. It was not a singular inconsistency that was the greatest cause of concern, so much as it was that there were multiple inconsistencies observed over space and time.
For Wally, his attack ideation was born from a grievance that stemmed from a series of destabilizing personal life issues which included not getting the promotion he felt he was entitled. Fortunately, Wally’s underlying issues of anxiety and depression were issues mental health professionals were well trained to handle and his case was able to be managed toward peaceful resolve.
But what if there had been no process in place? Would it have resulted the way we have seen too many similar scenarios unfold? The ability for any organization to effectively collect protective intelligence information is of critical importance to preventing greater concerns. In this example, Wally was able to get the help he needed, but had he been left unchecked, there was little doubt his intended actions would have been catastrophic to the company and his colleagues.
Protective Intelligence has far reaching applications, not just in helping to prevent targeted violence, but also in helping to prevent, industrial espionage, policy violations, harassment, stalking, disruptive practices to productivity, and unfavorable social media activity.
After the incident with Wally, the organization made appropriate enhancements to their internal security program. By compartmentalizing the more sensitive areas of the office, they were able to restructure access control from “free to roam the store once inside the door” to one more grounded in an “authorized personnel only” approach. They also implemented anonymous peer-assessments into the performance reviews of their employees, and increased the frequency of audits for both departmental and personnel practices.
The assessment and monitoring of behavior patterns is not a new practice. Similar techniques have been utilized by investors for years to chart the market trends of central banks and financial institutions. Comparable methodologies are used by the military to identify destabilizing geopolitical realities which often precede terror concerns. Only recently has the everyday use of digital and technological applications in the workplace allowed for the human resource process to to effectively reduce risk and prevent violence.
We as a society can no longer afford to operate in a world where we simply hope that nothing will happen, and then solely rely on the response of others to save us once something does. Doing nothing is a choice. Today’s schools, business, and organizational practices require a preventative approach to safety, and the best preventative policy begins with an effective protective intelligence program.
Spencer Coursen is a nationally recognized threat management expert who has an exceptional record of success in the assessment, management, and resolution of threats, domestic and global security operations, investigations, policy authorship, and protective strategy.