What Really is Suspicious Activity?

Sharing appropriate information among all employees will help people better identity suspicious behavior and go beyond stereotypes. The bottom line: Identify and track people beyond their looks.

Every security program today calls for security personnel and even employees to report “suspicious activity.”

Most security programs have some level of explanation of what they define as suspicious activity; yet it rarely goes beyond providing some bullet lines for security personnel and employees to evaluate.

An unidentified person taking photographs of facility assets certainly falls within the scope of suspicious activity as does someone attempting to breach the perimeter of the facility or gain access without authorization. What is often missing in defining suspicious activities is that many times suspicious activities are not so overt.

Often proprietary and contract security personnel are tasked with watching for activities that may indicate criminal activity or even worse, terrorist activities. The fact that a terrorist organization will most likely conduct surveillance on a facility to evaluate its potential for targeting is commonly understood; but the training on the characteristics of those activities is not taught enough. In most companies security comprises only a small segment of the overall employee population. Yet it is the security personnel that are expected to detect suspicious activities alone.

GO BEYOND STEREOTYPES

Chief security officers are missing a great opportunity at enhancing security effectiveness when they do not engage and train all employees to recognize suspicious activities. The understanding of what constitutes suspicious activities and what should be recognized as an indicator of suspicious activity must also be taught.

CSOs may not be using assets effectively if they fail to teach how an adversary operates. The belief that security personnel will automatically recognize suspicious activity is a myth.

The understanding of the components of suspicious activities as it relates to the terrorist threat requires that everyone – to some degree -- learn the methods of the terrorist. The Al Qaeda Manual (hereafter referred to as the “manual”) should be an excellent resource for every security professional and security manager in the United States and abroad. The training and methods of operations provided in this document clearly show that normal security processes will more than likely not be able to detect true intelligence operations by a terrorist cell. Reading the chapters of this manual clearly shows that defining suspicious activities goes well beyond our normal interpretations.

One of the biggest mistakes security officials can make it to stereotype the threat.

If looking for a “Middle Eastern looking male” to fit the profile every time, then security is setting itself up for failure. First, the average “Middle Eastern looking male” probably assumes to many of a person with a long beard. However, the manual trains members not to have a beard or carry the Koran. The manual continually strives to teach members that they must take steps to reduce any suspicions of either their identities or their true intentions. Stereotyping based on appearances may overlook true suspicious activities.

UNDERSTAND THE ENEMY’S MO

The manual also trains members on specific considerations of the vehicles they use in their activities. During intelligence collection, members are instructed to use vehicles that are basically nondescript in appearance. Recognizing suspicious activities from this point is almost impossible but there are certain characteristics that could be identified.

As screenings or inspections of vehicles is commonplace, and required at Maritime Transportation Security Act of 2002 facilities that are regulated by the U.S. Coast Guard, there are some training points in the manual that may point to suspicious activities.

For example, members are taught to disable the interior light of their vehicle so that detection is limited when opening vehicle doors. Screenings designed to recognize these characteristics should be part of the definitions of suspicious activities. Also, during screenings, employees should look for “props” that are placed by the member in an attempt to establish their story or cover for their activities. Being aware that props could be used is important in evaluating whether suspicious activities are actually occurring. In the case of the Fort Dix “want-to-be terrorists,” they revealed that the use of a camera phone offered them not only the opportunity to capture images but also the means to rapidly delete the images in the event they were stopped by law enforcement.

Within the normal office environment, most employees are oblivious to the potential for suspicious activities.

GET ALL EMPLOYEES INVOLVED

The potential for “force multiplication” exists though in every work environment but it begins with education. Engaging employees to recognize and report suspicious activities not only serves to deter operational activities by a terrorist organization but it can also be effective in deterring other types of crime. Employees that are taught to understand the indicators and report activities can greatly reduce the impacts of crime. For example, probably every one of us has received a telephone call where the caller asks a question that afterwards leaves us wondering why he or she asked that question. The question can be as simple as “what time do you close” or “is Mr. Smith in today.”

How often do we answer these questions without either finding out who is asking for the information or why they need the requested information? While the questions may be innocent, there is also the potential that someone wants to know when the office will be empty and specifically if Mr. Smith is in the office today. Teaching employees the value of information is important in deterring suspicious activities.

Defining suspicious activities certainly includes many overt activities that may occur but we must also understand that those activities generally will not be so obvious. Training our employees and security personnel to understand that the threat is more advanced than we want to believe is critical to enhancing our security efforts. In order to be able to report suspicious activities, we must be able to understand truly how the adversary operates. Sharing awareness information with all employees is one step that not only shows there is a continued threat but it also engages every employee in the security program.

The ultimate goal should be that each company has every employee with an ability to report suspicious activities, not just the security force.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Many of the security screening standards in use today were put in place decades ago. They addressed the threats at the time and employed the security screening equipment that was available.