November 16, 2020
Despite dedicating the majority of my life to protective intelligence in the private and public sectors, I still find it hard to believe when I see companies that have thousands of employees and dozens of offices and facilities — but a scant few physical security professionals using legacy tools and processes to try to keep the business harm-free. It's almost an exercise in futility.
In the 1980s and '90s, when I was a special agent in the counterterrorism and protective intelligence division in the Diplomatic Security Service at the Department of State, we did the best we could to organize and analyze intelligence by scouring through hundreds of cables, paper documents, and files. Decades later, physical security and safety professionals are gathering time-sensitive and sometimes life-saving insights, but still using paper records and manual processes, unnecessarily limiting their ability to more efficiently detect, link, and mitigate threats.
Sure, change isn't easy. When things have been working "just fine" and management thinks it's "good enough," getting an organization to try new processes and tools is a challenge. Adopting new ways to address physical threats may, to some, feel threatening and costly. But for far too long, although it's not intentional, corporate physical security teams have been reactive, and only after something bad occurs are they given the resources and investment they truly need. For holistic physical security programs, change must focus on augmenting and enhancing existing operations with new technology platforms that can efficiently scale the identification, investigation, assessment, monitoring, and management of physical security threats.
Protective Intelligence — Then and Now
Historically, eyes, ears, and acute observation kept physical assets safe. We would spend hours looking and watching for pre-operational surveillance to unpack the attack cycle. In gathering protective intelligence, teams would store data in command-post hotel rooms, surveillance cars, and handwritten logs. After an incident, we would record each event's specific details, which became data for future use. Detecting and vetting a threat on the street was challenging and inefficient. Institutional memory was the norm.
Information was passed via cables and memos and sometimes via the diplomatic pouch — a slow and tedious process. We got our first glimpses of digital transformation in the 1980s with Polaroid cameras, Sony VHS tape recorders, and Motorola radios and pagers. As more sophisticated technology and mobile applications were developed, the idea of transmitting intelligence via a pager headed for retirement, and a new era of physical security emerged. Physical security technologies and innovations also appeared due to catastrophic embassy attacks, kidnappings, and aircraft bombings.
Bridging Digital Transformation and Physical Security
According to Gartner, 82% of CEOs have a digital transformation program underway. And yet, physical security is still often perceived as "guns, guards, and gates." But we know today it is much, much more. The recent detection of a plot to kidnap Michigan Governor Gretchen Whitmer and the arrest of those involved was, of course, due to tremendous efforts by law enforcement. Virginia Governor Ralph Northam was also considered, which doesn't surprise me. In every case I've worked, the bad guys always look at multiple targets. While they are looking, they are usually the most vulnerable to detection. Many threatening signals were found on social media, and FBI undercover informants played an essential role.
Health and economic challenges have converged. Global workforces under hybrid office-home corporate structures have also emerged. Retail safety requirements are heightened. The scope and scale of liability for companies not actively and holistically monitoring for growing threats has increased dramatically.
We must bridge generations: those who developed, tested, and proved the value of protective intelligence, and those applying technology and data to bring a new level of expediency and effectiveness to protection. As organizations undergo digital transformations, physical security teams that embrace digitization can automate mundane work and use their creativity and insights to enhance their approaches, minimize liabilities, and usher in a new era of advancing safety.
Many corporations believe that their current security program is good enough. But I would argue that we are at an inflection point. The threats we face are dynamic, emerging, and global. We are rapidly approaching a new frontier that allows for mobile applications and massive amounts of real-time physical threat data to be structured into single, easily maneuverable platforms that are more than good enough; they are what human lives and livelihoods deserve.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023