Seeing through enemy eyes.
The husband-and-wife team watched Sidney Reso for almost thirty days before they attacked. Sitting in a van parked down the street from Reso's suburban New Jersey house, the couple documented the Exxon executive's daily routine, learning his habits and identifying his vulnerabilities. Then, one morning, the couple abducted Reso in his driveway as he retrieved his newspaper, something they had seen him do every morning at the same time. He was shot in the struggle and died several days later in captivity a victim of a kidnap-for-ransom scheme gone tragically awry.
Whether the 1992 incident could have been prevented will never be known with certainty, but security might have detected the warning signs of the attack had the company instituted a countersurveillance program as part of its executive protection measures.
A countersurveillance operation is an ongoing process by which security personnel put themselves in the frame of mind of a potential attacker. They observe and document the executive's daily routine and all usual activity near the executive's house, on travel routes, and proximate to the office and other regular stops. This operation is based in part on the theory that criminals must first conduct surveillance themselves before launching an attack against a corporate executive. Knowing where the likely attack points are and assigning security personnel to watch those areas, security can often uncover deadly plots while they are still in their nascent stage. In the Reso case cited here, for example, a countersurveillance team would probably have noticed the couple's van parked outside the executive's house and traced the license plate number back to the person who had leased the vehicle: a disgruntled former Exxon employee.
When and how often a countersurveillance operation is conducted is based on the company's in-house risk assessment and financial resources. In general, countersurveillance measures are undertaken when an executive has received a specific threat or is about to travel into a high-risk area. They may be more frequent if the official maintains a high profile or works in a high-profile, controversial industry.
Large corporations will conduct such operations periodically throughout the year or during periods of heightened tension. In the early 1990s, for example, armed thieves were kidnapping computer industry executives as one way to steal valuable memory chips.
In addition, a security manager may order periodic countersurveillance operations as a compromise when an executive refuses to use the company's more intrusive but highly effective executive protection services, such as a security driver or personal security escorts. A countersurveillance operation can sometimes uncover information that convinces the executive to use these other services. Reso, for example, was the head of Exxon's international operation, putting him in a high-profile, high-risk position. He also declined to use the security driver who had been assigned to him.
A countersurveillance operation can take anywhere from two weeks to several months to complete. It can be carried out by specially trained in-house staff or by outside contractors, who typically cost about $2,500 a week for a two-person crew.
Training in-house staff may be a more economical approach if a company plans to implement an ongoing, indefinite countersurveillance operation at its headquarters, while outside contractors may be better suited to periods of higher risk or when an executive is traveling. Whether the security manager hires outside consultants or trains the in-house staff for the job, he or she should have a general understanding of what goes into a countersurveillance operation so that such an operation can be properly incorporated into the company's executive protection plan.
Attack points. The first step in the countersurveillance program is to identify all possible attack points where the executive is vulnerable. The security team conducting the operation must start by learning about the executive's daily routine as well as any protective measures that have already been put in place. Next, team members must identify the executive's zones of total predictability and choke points (discussed ahead).
Daily routines. The team should ask to interview the executive about his daily routine. However, if this is not possible, they should talk to all those who live and work with the subject, including family members, secretaries, colleagues, the corporate security manager, and the security driver assigned to the senior official. The questions should be fairly specific and designed to jog the memory of the interviewee and garner as much detailed information as possible. Unless prompted with specific questions, busy executives may not remember everything they typically do during the day.
For example, some questions might be: Do you stop for a cup of coffee or breakfast each morning? Where do you stop and is it usually the same place day after day? Do you have a favorite restaurant for lunch and how often do you go there? Do you belong to a health club? When do you exercise and how often during the week? Do you pick up your children from school, dance lessons, or sporting events?
In addition to doing interviews, the countersurveillance (CS) specialists should get permission to follow the executive for a few days and document his daily routine, a technique known as a "loose tail." This must be done over several days or a week to detect patterns of behavior.
Once these routines have been understood, the CS specialists should talk to the company security manager about any existing executive protection measures in place and whether the principal adheres to these measures. For example, if the executive is assigned a security driver by the company, the team should find out whether the executive uses that driver on a regular basis.
The CS specialists should also make recommendations on additional measures that can be implemented to vary the executive's routine and eliminate patterns of behavior. For example, if the executive stops each day at a bagel store for breakfast, the CS specialist team might recommend two or three other restaurants along the executive's route where he or she can get coffee and something to eat. The CS specialists might also recommend two or three other routes that can be taken between the executive's office and home.
Predictability zones. Once all reasonable measures are in place to vary the executive's daily behavior patterns, the CS specialists can identify zones of total predictability and choke points. Zones of total predictability are locations that the executive cannot avoid, regardless of how well the executive varies his or her daily behavior. Choke points, on the other hand, are places along the executive's pedestrian or vehicular route where he or she can be stopped with relative ease and attacked.
Predictability zones typically include the executive's residence and workplace and, to a certain extent, the neighborhoods immediately surrounding these locations. A residence and workplace must be defined broadly. A residence, for example, may be a home, hotel, resort, or weekend hunting camp. The workplace may be an office or conference center. It is in these zones of total predictability that an attack is most likely to occur because the assailant knows that, eventually, the principal must enter them. An assailant need only know at about what time the target will arrive.
Choke points include elevators, narrow or one-way streets, bridges or underpasses, and construction zones. The CS specialist team should recommend that these choke points be avoided altogether whenever possible. However, if the executive cannot or will not avoid choke points, these areas must be added to the locations that must undergo closer routine scrutiny.
Gathering information. To gather additional information about choke points and predictability zones, countersurveillance personnel should be stationed at these locations for several hours per day. The operation must last at least several days and preferably one to two weeks. The longer a surveillance team is in any one place, the more familiar the team becomes with the location and the better it is able to identify whatever doesn't belong.
The team should observe and record descriptions of vehicles, people, and activity. Observations would include the arrival and departure time of residents, contractors, and service providers; the opening and closing times of nearby businesses or schools; and the traffic volume and flow through these areas. Particular attention must be paid to any activity that appears to be a reaction to the presence, arrival, or departure of the principal; these actions may be an indication that preplanning surveillance is underway or that an attack on the principal is imminent.
In addition to passive observation, the countersurveillance team may be required to interview people at various locations to determine what is "normal" in that environment. For example, if the executive attends the theater every Friday, the CS specialists might talk to the production company's security manager to determine what type of activity is typical on a Friday night.
To ensure that relevant data is being collected during the countersurveillance, the team should develop a standardized checklist of details to be observed. The form, for example, can be broken down into categories, such as persons observed or vehicles observed. The checklist should include such things as the person's sex and complexion; the color and style of dress, jewelry, and shoes; and the time the person arrived and left the scene. Vehicles should be described by brand and make, color, approximate age, condition, and license plate number. A space should be allowed for additional notes or diagrams, giving personnel a chance to become more specific, such as describing rust or dents on a vehicle. This space should also be used to describe the nature of a scene observed. For example, security personnel might note something like: "A male and female bought lunch at the ABC Deli, then walked to the park to eat. When the CEO of the XYZ Company walked by, the couple got up and followed him to his office."
One form should be used for each person, couple, or vehicle that moves through the environment. Care must be taken when compiling handwritten notes and diagrams. Sloppy notes and diagrams are often difficult to decipher and can hinder the process of transforming the raw data into usable intelligence. One way to ensure readability is to have the form, which shouldn't be more than one-and-a-half pages, made into a computer document so that items will be typed, not recorded in script. Countersurveillance personnel can enter information directly into a laptop computer as they observe various occurrences in an environment.
Other useful equipment includes a microcassette recorder, which allows security personnel to take verbal notes (to be written down after the operation is over) while they observe a scene; a 35 mm camera with an 80 mm zoom lens for taking pictures of suspicious activity; binoculars; and communications equipment such as cell phones, radios, and alphanumeric pagers in the event that the countersurveillance team notices an attack in progress and needs to call police and other security personnel for immediate backup. The team should also have spare batteries, film, and tapes.
Analyzing data. The cornerstone of an effective countersurveillance operation is the ability to transform raw information into useful intelligence. This metamorphosis occurs when the notes and checklists from various choke points and predictability zones are turned over to a data analyst for review. This person goes through the information to determine patterns and unusual changes in the environment.
It's important that only one person be assigned to receive and analyze raw data. Assigning two or more people often leads to confusing and inconsistent findings.
When suspicious items are detected, they should be immediately referred to either the countersurveillance team or corporate security staff for further investigation. For example, in one recent case, the analyst noticed that a yellow van with the same license plate number was described by two separate countersurveillance teams at two different locations. Adding to the suspicion, the analyst noticed that the van was at both locations at the same time as the protected executive. The analyst had an investigator trace the license plate. As it turned out, the van was registered to the county government and was used for checking fire hydrants. It was pure chance that the van showed up at the same location as the executive. It is not unusual for a suspicious item to be a false alarm, but it is well worth security's time to check out any such questionable observations.
Electronic databases. Another advantage of requiring that countersurveillance teams use computers to record their observations is that the data can then be analyzed electronically. For example, the analyst could use a database search engine to check all references to a "yellow van."
Though there are several database programs in various stages of development, we are not aware of any dedicated to countersurveillance that are yet available as off-the-shelf software. However, security professionals can use generic programs like Lotus 1-2-3 or Microsoft Access to create user-friendly countersurveillance databases.
Response. Based on the information that was collected, analyzed, and investigated during the countersurveillance operation, a response plan must be implemented. While the CS specialists might make some recommendations, the specific executive protection measures are usually left to the corporate security manager who is responsible for protecting the company's top decision-makers. The countersurveillance operation is designed solely to provide information for making the best decision.
Whatever the response, it must be adequate and appropriate without turning into overkill. Imagine the consequences of asking the local police to investigate every "suspicious" person or vehicle that is discovered. The security manager will also lose credibility if he or she frequently asks the executive to change his or her itinerary without providing a reasonable explanation.
When properly performed, countersurveillance operations add depth to a company's overall executive protective strategy, which may make the critical difference between early warning of an attack and reaction to it after the fact. This slight advantage can save the executive's life - and the company from the trauma of a ransom situation or worse.
RELATED ARTICLE: CHOOSING A TEAM
Who should conduct the countersurveillance operation? The security manager has three choices: trained in-house staff, members of an advance team, or an outside consultant who specializes in these operations.
In-house staff. In a relatively stable environment with a minimal amount of travel, it may be possible to task physical security personnel, such as security guards or officers, with gathering information around the principal's home or office and then forwarding it to the protective detail for analysis. These individuals should be trained and given adequate time to develop their skills. Training programs are available from outside consultants in which officers learn basic information-gathering skills. Two-day programs can run about $250 an officer, while more detailed, three-day sessions can cost $750 per officer or more.
Using in-house staff is less expensive than other options in the long run. Additionally, a company can use in-house staff indefinitely. The downside is that most companies do not have the resources to hire officers whose sole duty is to conduct countersurveillance. As such, countersurveillance operations are just one of several responsibilities of each officer, which can make the staff less efficient at detecting suspicious activity, say, outside corporate headquarters.
Advance team. Another option is to add countersurveillance to the duties of an executive's travel advance team. While this arrangement can be fairly effective, as some aspects of advance and countersurveillance operations are complementary, it does present some problems. To maintain the integrity and effectiveness of both the advance and countersurveillance operations, two or more people should be assigned these responsibilities, especially when faced with a hectic itinerary and extensive travel.
Contract service. Hiring a contractor experienced in countersurveillance operations can be effective when extensive travel is required. A local operator generally has a greater knowledge of the operational environment, existing or evolving local threats and, oftentimes, specific locations and routes that the executive will be using. There is also a greater degree of flexibility when contracting these services. As threat levels change, the tempo of countersurveillance operations can be increased or decreased as necessary. Contractors can be costly, though. A two-person team can cost as much as $750 per day, while weekly rates can run about $2,500.
The security manager should, of course, check references and take other steps to ensure that the contractor can perform the needed job. Doing so may be difficult, however, since many former clients insist on remaining confidential. The security manager should also ensure that the contractor has any licenses that are required by a state or locality. (Not all states or counties require licenses for countersurveillance operatives.) It's also important to check the experience of the contract firm's staff as well as the type of equipment the contractor uses (do analysts work with pens and pads or laptop computers with sophisticated databases?).
Joseph Autera is the founder and president of SECON, Inc., of Edison, New Jersey, a firm that provides personal security and executive protection consulting services. Michael Scanlan, CPP, PPS (personal protection specialist), CST (certified security trainer), is the vice president of operations with SECON. Both are members of ASIS.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||countersurveillance should seek out the attacker's perspective for executive protection to be effective; includes related article on choosing a team for executive protection|
|Author:||Autera, Joseph; Scanlan, Michael|
|Date:||Apr 1, 1999|
|Previous Article:||Inn flammable?|
|Next Article:||Get with the program.|