Protective Intelligence can be described as the process of gathering and assessing information about entities that may have the intention and capability of harming you, and utilizing this information to protect your assets.
As more and more individuals and corporations have begun to realize that early preventative measures are preferable to emergency reactive ones, many organizations over the last decade or so have begun to adopt a more proactive approach towards security. And once you start down the positive path of proactive prevention, you’re likely to reach some form or another of protective intelligence.
Protective intelligence is the interesting juncture where you begin to expand outwards from direct physical protection, and enter other realms like online presence, remote information collection, open sourced information, communications and surveillance detection. A good way to visualize this idea is to think of reactive mitigation as your inner most circle of physical security. Around this initial circle, we extend a larger outer security circle of proactive prevention, and around that circle, we extend an even larger circle (one with an undetermined size) of protective intelligence.
From my experience, one important factor that needs to be improved in many protective intelligence contingencies is their field component – the connection between the cyber or open sourced dimension and the physical reality on the ground. Without in any way denigrating the importance of open sourced or otherwise remotely obtained intelligence gathering and analysis, there is always a need for intelligence to also be gathered from the field. It’s not that remote intelligence collection isn’t important. On the contrary – that’s where you want to start. But this first resort shouldn’t be your last and only one. As I had detailed in an earlier article, hostile planners do indeed use open sourced intelligence in their Hostile Planning Process, but they don’t stop there – they follow it up with field intelligence, i.e. surveillance. So if hostile entities know better than to only rely on open sourced intelligence, why would a protective intelligence contingency not do at least as much?
What is intelligence?
In a well written article by Kristin Lenardson Schwomeyer and Charles Randolph (two very experienced and highly regarded experts in the field of protective intelligence), an important distinction is made between intelligence and information. Intelligence, the article explains, is information that is contextualized for your needs. “You discern what information is actually important to your principal and the detail; this turns the information into intelligence”. The article also emphasizes the need to diversify your sources of information – to not depend on any single source by itself.
The points I’m trying to make here are that, a) when it comes to physical assets, a very important source of information is the actual situation in the field; and b) your ability to discern between what is or isn’t relevant or accurate depends on a certain amount of field verification.
It ultimately comes down to what questions you want answered. If you want to find out what people are saying about you online, or who’s been researching, coordinating and communicating about you lately, then cyber or open-sourced avenues might very well provide you with the answers you’re looking for. But if you also want to find out whether anyone has been physically surveilling your corporate headquarters, the residences of your executives, their routes to and from work, your special events, or any other important asset (remote databases, employee transportation vehicles, etc.), then you’re going to need another – more physical – avenue to answer these types of questions.
The field component of your protective intelligence effort (usually SD) can provide two very important functions:
- It can collect vital, accurate information about real-world events, situations and activities in real time, and do so in conjunction with a professional analysis of what it means (oftentimes on the spot). No open or remote source can currently provide this.
- It can verify the accuracy of your open sourced intelligence by means of physical data – in real time. Open sources can be very important, but until they are put to the test – until you have actual evidence from the field – they essentially provide you with unsubstantiated claims. If you never see how open sourced intelligence does or doesn’t physically manifest itself in the field, how will you know if it’s good, verifiable intelligence?
I have lost count of how many hundreds of private and public sector open-sourced or otherwise remotely collected intelligence reports I or my clients have received over the years. These reports can, of course, be very useful in their own way. But in most of the cases where they’re not also accompanied with, or supplemented by, a field intelligence component (usually SD), they provide not much more than vague and general BOLO alerts and security advisories that don’t always leave you with much to go on. If all you’re looking for is to revise some theoretical threat matrix to present to a security committee then that’s fine, but if you’re interested in proactive prevention of harm to your physical assets, you’d be well advised to incorporate a surveillance detection or protective surveillance function into your protective intelligence program.