Counter Surveillance Part 3
Surveillance Detection Operator
The surveillance Detection operator, also known as a Behavioural Detection Operator or Counter Surveillance Operator are the plain clothed boots on the ground operators who's sole role is to look for and spot potential threats either before they get to your door or if you have a business which is open to the public; while they are in /on your premises.
In part two I wrote about familiarizing yourself with your environment, getting to know the ebb and flow, the everyday life of your T.A.O.R, well it's these operators who will be building up this picture of normality.
Their main job is patrolling the T.A.O.R and identifying potential threats and many who come into this role are under the impression that a patrol means you have to be walking around. Many managers are under this impression too. A patrol can be on foot, in a vehicle or static. For example, take a seat at a cafe close to your business, observe people, listen to what they are talking about, sit near people working on phones, laptops, Ipads, writing in notebooks or taking photos of your building. Are they working? if so what on, is your business location, the area or nearby businesses mentioned, are photographs being uploaded onto computers?
Does the same person visit the cafe often, at what times, how long do they stay there for and what can they see from where they are sitting?
One thing to mention here are 'Triggers'. Does a location give good views of your building, if so it may be a place where a surveillance operator would plot up and here they may 'Trigger' (Inform) of movements of security personnel or of their intended target etc.
If so then find a vantage point from where you can observe this place from, remember the surveillance operator will be on the lookout for any surveillance detection operators so choose your time wisely if you are going to be static for any period of time in a trigger point.
Noticing changes in appearance can be difficult at times and changing clothes is easy, reversible jackets, different coloured hats, glasses and even trousers carried in a bag, all easily interchangeable. The hardest item to change though are shoes, so if you are going to notice something about someone who piques your interest then note their shoes. Having said this, changing is also something the Surveillance Detection operator should also be doing, how many of you do this?
Case file. After a young girl had been followed we looked at the CCTV footage. Once she had spotted the man following her and she took a video of him he immediately changed jackets, different style and colour and left the area.
For communications; absolutely no hard wire earpieces and i'm not a fan of wireless ones either, why? it means you have to carry a radio which can compromise you, you can't carry a load of belt kit doing this job. see hostile recce story below. The best way to communicate is by group Whatsapp between D.S, CCTV, Intelligence analyst and the D.S Manager. Everything is instant and all can be kept up to speed on current events. Keep your kit to a minimum, phone, note book and pen, small bino's or monocular.
Case file: Hostile Recce, three men approached the estate while a CPO was on stag at a main drive-in entrance. Two of the men broke off to circumnavigate the estate while the third man approached the CPO and started to chat to him. While chatting the man patted the front of the CPO's chest area a couple of time on both sides of his chest. The threat was pretty high on the Principal and this was a definite attempt to see if the CPO was wearing body armour. The questions asked were not relevant to the estate or the area and the men were dressed like off duty or ex-mil, police types.
Patrols should be kept to a short duration, no more than one hour, as with the CCTV operators; short duration's keep you more focused. If manpower allows then when one or more D.S are on patrol then others should be on a break this way you keep dominating the ground.
Interview techniques. I have two trains of thought on this point. Both work and your circumstances and tactical situation will dictate what you do. Interview techniques though; need to be practiced, you have to be confident and be able to think fast to formulate questions to be able to catch someone out while questioning them. This is called Cognitive Overload, asking similar questions with minute differences to see if there are any discrepancies in the answers given.
Depending on your organisation, it is advantageous to have multiple people trained in behavioural awareness and surveillance detection. On close protection teams, uniformed security in department stores, museums or hotels etc.
1. S.D spots suspect, informs everyone by Whatsapp, approaches and interviews suspected person. This is taught as a standard procedure and is OK if manpower is in short supply.
2. S.D spots suspect and informs everyone by Whatsapp.. A different, but S.D trained operator then approaches to interview the suspect. The original S,D operator then observes the surrounding area to see if anyone is watching.
Remember the 'Come on'. This is why an S.D operator should not get involved in any emergency drills. Was the fire alarm set off on purpose, is anyone watching the evacuation, who is watching the muster point, who is watching EMS vehicle parking areas etc. This is the S.D's job in these situations, Keep your S.D's undercover.
Case file: Surveillance. A surveillance van was stationed across the road outside a secure parking garage at a Principals residence. CCTV spotted the van and tasked two CPO's and an S.D to investigate. The two CPOs investigated the van and the S,D patrolled the nearby area. It was a 'Come on' The surveillance team was further down the road where the S.D spotted them taking photos of members of the Close protection team. The S,D in turn took photos of the surveillance team's vehicle, number plate for future use.
This is why i prefer multiple operators as part of a team. Remember, those who are wanting to attack are in the planning phase of the attack cycle and at the CTR - Close Target Recce and possibly hostile recce/penetration testing stage just prior to an attack. This is where your Behavioural Awareness & Surveillance Detection trained operators earn their pay.
For our 5 day level 3 Behavioural Awareness and Surveillance Detection course check out www.vipatacticaltraining.com for future course dates.
COUNTER SURVEILLANCE PART 2
In this second part of counter surveillance, we are going to look at setting up your counter surveillance operation. Just remember it is not only important for a business to have a counter surveillance program but concerned citizens, those who may have had to move because they are being stalked, or those who have been targeted or may be targeted because of age, gender or employment for example.
The setting up and the first 6 months are the most important and is where the majority of the hard work will take place. This set up time could be shorter if you already have an operation in place but it is an ad-hoc operation and not a dedicated one. The time frame for a private citizen will depend on the threat you are facing and your location but will be no less in-depth in its set up.
This set up phase of your operation is about learning about your environment, the ebb and flow everyday normality within your Tactical Area Of Operations.
Below are a few pointers to take into consideration:
* What sort of businesses are in your area?
* What delivery vehicles arrive at these businesses and at what times?
* What time do local businesses open for business, what time do staff and where do staff arrive, what entrance do they enter, are the premises guarded and does the business have external patrolled?
* What time does mail get delivered to your business and local businesses, are the mail personnel always the same, do you have an example of their I.D card and other businesses I.D cards?
* Where are the public car parks; are they manned, or road side car parking spaces, are they pay and display or parking disc, how often do traffic wardens patrol the area?
* How many residence parking spaces are there, where are they located and what does their parking badge look like?
* What sort of other vehicles frequent your area, depending on your location will there be construction vehicles, motorbike or vehicle couriers, law enforcement or EMS etc.?
* What people populate your location and specifically your business premises. Are they office workers, factory workers, tourists, market traders, garage mechanics, construction workers etc? who would stand out from your baseline?Do you know what your baseline is?
* What are the quiet times, build up times, busy times, slow down times and quiet times again, what is the environmental routine at these times, how long does each phase usually last for etc?
* Are there regular homeless people in your area, what do they look like, do they change from person to person, do they change location, if they disappear at times; then for how long, what clothes do they generally wear, do they use local amenities, shops, bathrooms etc?
* Where are the fire muster points of local businesses, if the muster points are close to your site then who clears these areas after a building evacuation?
This is only a short list of what you need to know to be able to be in tune with your TAOR. Without this, you will never be able to spot the abnormal from the normal and this is why you need a dedicated team of security personnel to carry out this role. The same reason why having an ad-hoc system will not work.
You will notice i mentioned residential parking spaces, pay and display or disc parking spaces and delivery vehicles among others. Your control room or your counter surveillance room should have an enlarged wall map or large digital screen map of your TAOR and an extended area. Your map should be populated with information such as business types, parking spaces, both residential and public with vehicle make, colour, registration, name of owner etc. Delivery vehicles which park up for periods should be noted as
well. Your initial set up is going to produce an immense number of photographic and video evidence of normal environmental life in your TAOR which all adds to your intelligence gathering operation.
Control rooms have a D.O.B, a Daily Occurrence Book and your counter surveillance operation should also have one of these. If as a private citizen you are undertaking an operation of this kind for self protection purposes then you should keep a D.O.B too.
Your TAOR should be split into roughly four quarters, each colour coded. Patrols are logged in your D.O.B, start and finish times, the area to be patrolled, any occurrences, what actions were taken, who was informed and signature of manager. Along with patrol reports, incident reports and intelligence reports the D.O.B is an integral part of your overall information gathering system. The D.O.B is also a quick reference for the location of counter surveillance operators should they need to be tasked to other areas due to operational requirements.
Manning - how are you going to run your operation? if you are a business then you will need operators in a number of roles, or if your budget will not stretch to individual roles then multiple roles may have to be covered by one person:
* Counter Surveillance Manager
* Counter Surveillance Operators
* Intelligence Gatherer & Analyst
If you are a private person you are going to have to fill these roles by yourself, but as it is on a much smaller scale this can be easily accomplished.
We have only covered a small amount of what is required to run a full counter surveillance operation and you can see why it may take up to six months to get this operation up and running fully.
Always remember - ABSENCE OF THE NORMAL, PRESENCE OF THE ABNORMAL!
In the next blog post we will have a look at each of the individual roles mentioned above.
Unfortunately what I have found is that many businesses do not go beyond their front door when it comes to protecting their property. This then may compound any procedures which may be in place as you are now going to have to 'React' to immediate threats and not 'Respond' to threats which have already been seen prior to arriving at your location.
In part 1 here; we are going to look at the 'Attack Cycle', the procedure whereby the professional terrorist and major criminal fraternity will carry out an attack on a target, and to some extent how the lower levels of the criminal class, the thieves, muggers and, burglars for example will employ some of these procedures.
Apart from the criminals who will commit crimes on the spur of the moment most attacks will be planned, from here on in, an 'Attack' may mean a terrorist attack using high or low tech weapons, it may be a gang of pickpockets targeting a busy shopping mall or if you are in a high rise building it may be base jumpers wanting to jump off the top of your building. Many will go through the full 'Attack Cycle' while some may only follow parts of it depending on their intent.
Escape / Martyrdom
Although we need to deal with every aspect including intelligence gathering, in regards to this blog on counter surveillance we are concerning ourselves with the 'Planning' phase of the attack cycle.
The 'Minimanual of the Urban Guerrilla' by Carlos Marighella states that for the guerrilla, 'His information service must be better than his enemy's' and that 'Surveillance must continue up to the moment of attack'.
Knowledge of the enemy, who they are and how they move (security personnel identification and movement around a location) , knowledge of terrain (local ground appreciation) approaching location, escape if needed and Police/military responses. This all entails reconnaissance of the selected target and surrounding areas.
The Planning Phase
The planning phase is broken down into four phases:
Close Target Recce
Penetration Testing (If required)
Once again depending on who is targeting your location they may or may not go through all of these phases.
Google maps is an excellent tool for not only conducting route reconnaissance for those of us who use it for initial route planning within the close protection field, but for an attack; with ground appreciation it may also go some way in dictating what type of attack is to take place, what vehicles are to be used, where can they parked, roadside or underground, is it disc zone, parking meter or full residential parking. where are the dead ends, one way streets, are there bollards blocking roads and are there any road works etc.
Not only will this give various routes onto the target and routes of escape but will also help in starting out from as far away from the target as possible, the starting point of the initial recce.
Within security we have (Or should have) ever decreasing circles of security, security in-depth as it were. For someone targeting a location they have the opposite, they have ever increasing circles of attack with the smallest circle being where the actual attack will take place.
Google maps and online surveillance will help with this planning. Take your location, where is the furthest point that your location can be observed from? This is the starting point of the attackers next phase, The Initial Surveillance.
I've taken The London Eye as the example below. You can see here that this location can be seen from across the River Thames, gives lots of routes in and out by vehicle, on foot and by boat. So the furthest point out is from where your first circle of protection must extend to..
While not exactly a circle, the red outline gives you (The Surveillance Detection Operator) your Tactical Area Of Responsibility and the attackers first phase, his Initial Surveillance. From observing from the furthest distance you can get a good lay of the land, watch road, river and pedestrian traffic at different times of the day or night to give the best options for approaching and escape, if escape is an option.
Working inwards towards the target; the attacker is going to look for lay-up points, a lay-up point is a place where he might leave his vehicle for ease of escape or to meet others coming in to do multiple person recce's. It may be secluded or in the open, does he need to change clothes multiple times throughout the day? Does have kit for various aspects of his recce which he needs to travel back and forth for?
Close Target Recce
We are now getting to the more dangerous phases for any attacker as they now have to spend time in the targets immediate vicinity. Identifying security patrol routes, patrol times and security posture, security and staff entrance and exit to the building, delivery procedures etc. Camera locations, areas covered and type of camera if seen. Security and staff activity around the external of the building, do they wear uniforms, ID Badges, name tags, or have lanyards with ID cards attached. Are security and staff private vehicles parked on site or nearby, who do they belong to?
If a VBIED is going to be used, where can it be parked where it will be less suspicious and still hit the target, car, transit, flatbed?
If it is a terrorist cell how many entrances are there to the building, how do you access the outer entrances, can roads be blocked, can entrances be manned by cell members?
Just remember, George King, a 19 year old spent months scoping out security on the shard so he could climb the outside of the building to the top on the 8th July 2019.
Does your location have shops, cafe, restaurants where you can be observed from? Who's watching, how long have they been there, what are they drinking or eating if anything?
Depending on who is targeting you a penetration test can be simple or complicated. Is it just a walk around the premises inside a shopping mall, museum or art gallery. This might the first stage of the CTR, Watching security, cameras, staff accessing back of house, who are the managers, names, genders etc. Listening to conversations for information, starting conversations with staff members or security members.
If they need to get back of house how would they do that? Tailgating is still the easiest method but how about a meeting with a company member for a job interview or as a salesman or representative,
Here the attacker may also start a scenario which will trigger a security response or to flush out any SDOs. Set off a fire alarm, have someone start a fight or other commotion, leave a suspect package lying around. or have someone loiter in a suspicious location.
How would you do it?
This is just some basics for you to consider, put yourself in your enemy's shoes when planning your SD operation, from thieves, pickpockets, demonstrators, activists, base jumpers, urban explorers all the way up to the terrorist. You have to be good all of the time!
The Superyacht and Megayacht, floating palaces, residences either owned by or chartered by your principal or future client.
Whether berthed, anchored off shore or while out at sea, it is quit possibly the least protected and most difficult residence you will have to protect, as well as protecting those on board.
At present; the security of these vessels has not been a big concern of designers and owners alike at the initial planning stage.
Basic systems such as CCTV are standard; because up until now the low level threat against these types of vessels, namely theft of on board kit and equipment has meant everything else is as an add on and any upgrading of security systems and procedures is driven by the threat against the owner, the cost of purchase, fitting and maintenance, in comparison to the risk of the threat actually happening.
As you are well aware, you can never fully achieve 100% security at all times and on these vessels it is even less so, with chinks in the system that we can either do nothing or very little about.
Let me just say here that there are two different objectives while on board. One is the security objective by the security team and the other is a safety objective by the crew and one sometimes does not complement the other.
Here are some basic lapses that offer access to the vessel in one form or another:
A minimum of 1-2 doors must be left unlocked at all times, by maritime law. Safety in mind - not security.
Untrained or security/threat blind crew, especially when the principal or security team are not on board.
External workmen, again while the principal or security team are not on board have easier access to all areas of the vessel.
Whilst in dry dock for general maintenance or specific repairs the vessel is vulnerable to a number of threats. If your principal has a high enough threat against him/her it is essential that on completion of work in dry dock a thorough electronic, explosive and contraband sweep is carried out.
But let's get back out onto the sea and look at systems that can help you better protect your vessel from attack.
Like the rest of our land based security you have to take a holistic approach and combine elements of electronic, physical and human resources.
Each of these resources will give us time to respond effectively to either attacks or potential attacks.
If you look at the picture below you will note it is split into ever decreasing distances of security. Much like the Coopers colour codes used to enhance awareness of the threats in our environment.
I am not going to go into distances here as that will depend on the environment you will find yourself in.
Firstly there are a few things you can do prior to sailing:
Crew training if your principal owns the vessel. Not really possible on a charter yacht, but an advance can be done to find out the state of the vessel and crew.
Visiting port; threat and risk assessments. Although the vessels management company will have a Company Security Officer I would not recommend a third party doing this for you.
Transit/route/location threat and risk assessment.
There are some electronic systems that will have to be doubled up. Remember the two objectives? Well radar is one of these. The radar on the bridge used by the crew is for the safety of the vessel, so with this in mind a second radar, located in the ops room is for the security of the vessel. Here we have choices, do you want a forward only looking radar for when sailing or a 360* looking radar for when sailing and when at anchor. It may be that you will require a combination of both.
As always there is no reliance on just one set of equipment. While at anchor, tenders can be deployed to patrol the vicinity of the verification area (when not used as safety boats of course).
Subsurface detection of vehicles and divers must also be considered and portable detection devices such as the Cerberus Mod2 or other variants are ideal.
With subsurface threats in mind you also will have to consider the berths and anchorages that are used frequently, hull searches and sea bed searches can be done by divers or drones. For seabed clearance searches a gridded search plan needs to be formulated. Especially so; if your vessel has a fixed anchor point situated close to a land based residence.
Items of equipment such as these give you time to respond to threats at a distance. There are times when these bits of kit are not going to be able to be deployed. It goes without saying that while on board, the ops room is going to have to be manned at all times as well as a standing watch at the stern. If you do not have the manpower or are on the vessel as an individual bodyguard then these bits of kit are of no use.
Your final layer of defence is now on board the vessel. Here the first asset; the security team, the stern will be manned 24/7 on a rotation basis. During silent hours the night shift security, will patrol all decks at various times and will be stationed at the stern to cover the swim platform, the easiest and most likely way someone will get on board. A portable infra red beam can be used to cover the steps leading from the swim platform to the main deck, in event of the beam being Broken a signal is sent to a pager. This is ideal when the security member is patrolling the vessel.
Items at hand should be a powerful hand held torch. Internal mobile phone, radio (If ops room is manned), night vision goggles and video camera.
Escape hatches for the principals berths, only opening one way and leading to various parts of the vessel can be installed alongside submersible escape pods, obviously depending on the size of the boat.
If the vessel is big enough to hold a helicopter then this also can provide another means of escape.
Installing a safe room is possible. The only caveat is that of the vessel sinking.
None of the above is going to work effectively though if you do not have a ships security plan for when the principal is on board. S.O.Ps, 'Actions On' for all eventualities must be planned, written and practiced, not to mention all of the training required to operate items of equipment and your role in the security protection detail.
A few procedures:
Intruder/s on board
Bomb explodes on board
Shots fired on board
Weapons or explosives detected
I have left firearms out intentionally. It took the Commercial sector years to deploy armed riding teams on cargo vessels even after numerous ships were high-jacked. The private Superyacht sector is going to be no different. Yes weapons can be on board but the logistics of actually having them at the moment far out way their need. There will have to be a number of attacks in the Med before having firearms on board becomes the norm.
This does not bode well for those few vessels that will be the first to be attacked by terrorists.
On any 'Action' each security team member must know their role, if not everyone will do what they think they should do and not what they must do. This also goes for the vessels crew.
Do you have your vessels S.O.Ps and 'Actions On' in order?
Does every member of your security team know their role when faced with specific threats?
Vessel protection and protection of the principal while on board requires a full security program, remember it's the principal on holiday, not you!
Paul 'Rock' Higgins