Active Shooter Situations & Why Your Organization May Need a Protective Intelligence Program

According to the FBI in its April 2018 report titled, “Active Shooter Incidents in the United States in 2016 and 2017,” attacks have spiked significantly in the last several years. Below, they have been broken down by the settings in which they occurred:

• 17 - Business/commerce environments (8 offenders were current or former employees)
• 14 - Open space locations
• 7 - Educational environments
• 4 - Healthcare facilities
• 3 - Government properties
• 2 - Residences
• 2 - Places of worship
• 1 - Public transportation

*50 Total Incidents

During the course of a protective security specialist’s day-to-day mission, they are required to constantly make mental contingency plans for numerous situations that may arise. While some are tasked with securing facilities or physical infrastructures, not all security professionals do this work. Many are mobile security consultants and facilitators that guide a C-Suite Executive, or HNW client throughout the day, making that executive safer and more productive.

While executives are very mobile, our colleagues are also tasked with keeping them safe in the workplace, where they spend a significant portion of their time. In the FBI study noted above, 8 of the 50 incidents were related to current or former employees targeting their coworkers. Active shooter detection and prevention is a crisis issue that certainly falls within the preventative scope of both executive protection professionals, as well as corporate security / asset protection teams.

From this we make several observations. First, those teams have overlapping areas of interest. Second, they would be better served by communicating more closely & sharing intelligence with each other. And lastly, we can use these events to better educate ourselves, not to simply draft responses to an attack, but rather to strengthen our ability to detect and disrupt a plan before it becomes an issue.

After a mass shooting, we systematically deconstruct the incident in order to determine if any indicators were telegraphed by an offender prior to an attack. We do not do this to criticize those who had an incident occur on their watch, or to otherwise place blame. We do this because we have decided to make it our personal mission to protect others. Similar to the NTSB (National Transportation Safety Board) responding to an air disaster, our teams respond to these situations by methodically dissecting what we could have done differently, or how an offender could have been detected earlier in the cycle. In approximately 87% of the workplace and school shootings we have studied, several or more pre-incident indicators were present – yet they were either missed altogether, ignored, or the intelligence was lost in translation (if translated at all).

In the world of protective intelligence, “No news” never translates to good news. We understand that pre-incident indicators and signals are prevalent, and the work required to sift through them and connect the dots is arduous. Additionally – if we are being honest with ourselves, we will not always recognize a threat simply by sight. But with a solid understanding of what pre-incident indicators to hunt for, we will recognize a potential threat based on behaviors, a spike in signals, anomalies, and other measurable activities.

With the growth of digital technology, security teams now have an unprecedented opportunity to monitor, predict, and prevent analog threats – at scale. (Analog threats meaning those threats in the physical world, not solely confined to cyber space)

“The goal of every security team, law enforcement organization and educational institution is to manage threats before they occur, threats that can harm personnel, assets and confidence in the organization.

The U.S. is experiencing an unprecedented rise in criminal activity. The development of programs within organizations, to proactively examine risks and to protect them from offenders before incidents occur, is the most prudent step organizations can take for their safety & security.”

— Richard Marianos, Ontic Sr. Strategy Director and Former Assistant Director of ATF

While active shooter incidents are statistically rare, and are an extreme example, they serve as a reminder of the critical role protective intelligence programs can play in preemptively protecting our coworkers, business leaders, and preserving the stability of our clients’ core business functions.

First, what is a protective intelligence program?

It is generally a subset of the organization’s asset protection responsibility, where security professionals proactively identify, assess, and mitigate threats. As we have addressed previously in “What is Protective intelligence? – A Point of View,” protective intelligence is made up of several key components: countersurveillance, investigations, data analysis, and organizational management. Organizations’ protective intelligence programs proactively assess internal actors (potential workplace violence, stalking, etc.), external actors (inappropriate pursuers and various persons of interest), malevolent organizations (activist groups and hate groups), and much more.

Does every organization need a protective intelligence program?

The short answer is no. The need for a protective intelligence program is dependent on a number of factors: industry & organization type, threats to the organization’s assets, size and global footprint of the organization, and much more.

Size of an organization is one factor, but it is not the determining factor –

As an example, a HNWI’s family office may only consist of a single commercial location with several full-time staff members, but they might receive more threats and inappropriate contact than some Fortune 500 companies. Additionally, a small size organization involved in aerospace/defense may receive more threats and malicious contact than organizations that are 10 times their size.

Depending on the needs of the organization, as determined by some of the factors noted above, the protective intelligence program might be an in-house function led by a single person or a team of threat assessment professionals & investigators. However, there are also a variety of cases when it is most cost effective and efficient for security programs to outsource the protective intelligence function, rather than hiring dedicated analysts & investigators. Given all of these factors, the need for a protective intelligence program should be evaluated on a case by case basis.

How does your organization stand to benefit from a protective intelligence program?

There are many benefits, of which we will outline in a future post, but a simple key benefit afforded to organizations is this: a means for your security program to be proactive in the protection of your employees, assets, and reputation. That means taking steps to detect, analyze, and solve problems before they materialize into a risk event.

Protective intelligence is the only way that you can be offensive in your approach to protective security – at Ontic Technologies, we refer to this as “Threat Hunting.” The best protective intelligence teams in the world make their own luck by influencing workplace factors, rather than allowing workplace factors to impose their will on them. The more proactive one is, either in the field or behind a keyboard, the more information they find – which then becomes actionable intelligence. The effectiveness of our proactive initiatives is closely related to our own understanding of what signals and pre-incident indicators to hunt for, and where to find them. This is a topic we will be addressing in future posts.

Is protective intelligence really an offensive tool?  Every physical security plan has the same foundation: deter, detect, delay, and respond. Generally, this function does not extend beyond the coverage of a facility’s perimeter of fences & security cameras – but protective intelligence does. A protective intelligence function in an organization makes a focused effort to seek out, assess, and monitor threatening behavior (online and offline). We typically use these findings to not only enhance security, but to strategically deploy resources, or otherwise conserve them. Where other aspects of your security program react to the adversary and try to slow down their activity once the crime has been committed, the protective intelligence function seeks out the adversary while they are still in their planning phase, with the intent to preempt their attack.

Creating and maintaining a protective intelligence program is not easy.

While it may not be easy, it’s also not any easier to accept the risk & liability of NOT having a protective intelligence program in place when your specific situation calls for one. The big challenges we see across the board for protective intelligence programs are those that have mostly to do with data management, in-depth analysis, and collaborative alerting. Our peers have no problem finding great investigators that can perform OSINT research, closed-source research, conduct surveillance, and provide concrete information on which to base security decisions. But where many of our colleagues run into problems, is in maintaining investigative data for long-term analyses, discovering connections between various investigative findings, and in being systematic in seeking out potential problems before they grow unmanageable in size.

Bringing it all together

Protective intelligence is a means for us to identify issues early and to develop safeguards to prevent threats from materializing. Organizations that have not yet established a protective intelligence program stand to benefit from conducting an analysis of their specific organization’s needs, challenges, and mission, in order to evaluate how their organization could benefit from implementing such a program. As for those organizations that already have a protective intelligence program established, they would benefit from analyzing potential weaknesses in their current models. As stated previously, rudimentary data management practices and unsystematic case management strategies are all fundamental issues that we need to attack in order to better protect our organizations’ critical assets.

Do you need help determining your need for Protective Intelligence? Feel free to contact us and we’re happy to help connect you with many resources to help you determine the best course of action for your needs.

Never miss our latest Protective Intelligence updates by following our newsletter.

*Reference: Active Shooter Incidents in the United States in 2016 and 2017, the Advanced Law Enforcement Rapid Response Training (ALERRT) Center at Texas State University and the Federal Bureau of Investigation, U.S. Department of Justice, Washington, D.C. 2018.