The Lost Principles of Security

By Col. Thomas Bovet
 Protection From Within
Since the beginning of warfare, from Troy to Dien Bien Phu, there has never been a fortification that hasn’t been breached by attacking forces. The problem remains that “defense” is only one of many possible tactical options. Once an organization hunkers down behind barricades, it can only react to actions imposed upon it. Every successful attack exists of two main elements: force and surprise. The surprise part aims to take away the defender’s chance to organize and to scramble together countermeasures. This becomes even harder when the weakest elements of a defender’s security encounter overwhelming force.
Imagine: you run security for a major shopping and entertainment center, complete with hotel, restaurants, cinema, and a children’s play park. How will you defend your complex? Attention will first go to dealing with the mundane, such as thieves and pickpockets, punks and hooligans, graffiti artists and lost children. Probably you will put in place similar measures as other premium property owners did around you: CCTV cameras and people with radios and wires in their ears. Since you don’t want to set up screening gates at all entrances and cannot check every shopping bag in a mall, you are resigned to “intervention” when trouble shows up: reaction and defense. After all, you don’t really expect a terrorist bomb-threat.
The problem with most of those protective practices is that they are born out of a prevailing understanding of the local security situation. Many of those protections are based on common assumptions – and often include wishful thinking, along those lines:
There was never a terrorist attack in this town. Why should we be targeted? Our corporate profile or activities are not controversial or offend anyone. There are more “juicier” potential targets out there.
None of those arguments should allow defenders to lower their guard. The whole point of a terror attack lies in the shock to its victims, who believed "it could never happen here.” It is not important what a defender believes can, should, or should not happen. What matters is what potential attackers think.
So, what can you do from within your facility?
First, remember that you can never discourage a determined, intelligent extremist with a mission. Unlike financially motivated thieves who choose the softest possible target, terrorists like al Qaeda need to make a spectacle and the conquest of a harder target means greater glory. But there are ways of turning a terrorist organization’s planning of the attack against itself.
Greater chaos requires more careful planning and coordination. That means detailed evaluation and “casing” of possible targets. Carefully designed counter-surveillance techniques can help detect persons who were assigned to check out a facility. Defenders need to train and deploy suitable personnel who have profiling expertise to correctly use the data obtained and to collect relevant intelligence in cooperation with the authorities as an ongoing process. Advance knowledge will strip the attackers, at least partially, of one of their most important means – the element of surprise.
Further security considerations should include the layout plans for a given facility. Subtle architectural changes should be considered to allow potential rescue-commandos better access to critical areas. With careful planning and case studies of the dynamics of past terrorist attacks, an organization could draw attackers into certain preferred areas of its property, where their actions can be better contained or neutralized. Particularly, organizations should research new concepts in the design of lobbies, meeting places, and other areas to reduce risk. Security personnel must be trained and motivated and proactive and dependable—not 200-pound obstacles of ridicule.
The Textbook Trap
The question however persists: Why so many terrorist attacks defeat elaborately arranged security so frequently and in some cases so easily?
The answer: Most protectors fall into the “textbook-trap”.
Security manuals or textbooks are written in order to formulate a set of procedures, thought to be widely practiced or commonly accepted by most peers in that area. The primary government agencies—with input from the general law-enforcement community, the military, and in some cases major private security-related firms—formulate their standard operational procedures (SOPs), rules, and guidelines. They describe “standard methods” regarding subjects such as VIP and object protection, dealing with IEDs (Improvised Explosive Devices), hostage rescue, hijacked targets, firearms training, investigative techniques, and so on.
First, one must understand that the critical policy elements of those manuals are rarely authored by operators or frontline personnel. In order to receive approval from the political hierarchy, senior commanders need to ensure that all operational procedures and training curricula reflect departmental policies. Operating outside the manual bears the risks of being ostracized for violating regulations, even though the operation or measures proved effective. While the principle of covering one’s backside is widely understood, what really makes a “standard” manual against terrorism largely ineffective is the ignorance of its political censors and its inflexible, bureaucratic, and presumptuous approach.
In textbooks, every element must take account of our legal principles, prevailing social sensitivities, such as gender, physical abilities, and the individual rights of their personnel. In short, they must stand the test of political correctness, no matter how special those “Special Forces” may be. The key operating elements of terrorism are chaos, shock, and audacity. In combination, these elements, if successfully realized, will produce the headlines terrorists need to thrive. Formulated security-protocols are mostly ineffective against deliberate chaos and do not prepare for total shock and surprise. Textbooks commonly prescribe measures which can be managed, controlled, and packaged in neat reports. Every disastrous incident, every shocking experience has been turned into a “watershed in the field of security” and leads to the rewriting of manuals and SOPs. However, each new edition is rewritten into irrelevance once the next spectacular attack hits.
The chaos of terrorist attacks does not equal “irrationality” and “randomness.”  This extreme violence is seen as shocking and meaningless by those who work out of the structured and organized world of government agencies and larger corporations. Chaos can be met successfully, not only by careful analysis of the extremists’ past tactics, but by studying their entire concept, goals, and methods and by getting into their mindset.The more your combined security measures resemble one “inflexible and dumb mechanical apparatus,”  which reflects textbook assumptions and only acts on preprogrammed indicators, the least effective it will be against determined and smart adversaries.
The first step is to ensure that equipment helps human resources and not the other way around. Your protective measures should focus on the ability, flexibility, intelligence, and training of the security staff’s actions. You need small and nimble teams of motivated individuals who can think on their feet when faced with unpredictable events and schedules.All team members must receive the same comprehensive training, so they can act independently and without the need to seek approval from a supervisor, if necessary.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.