For several years there have been discussions and analyses of a shift in terrorist targeting from hard to soft targets. The recent attacks in Paris and Brussels, as well as the 2008 attack in Mumbai, all included so-called soft targets. When we in the West talk of “soft” targets, we clearly mean those sites lacking easily recognizable security features (gates, guns and guards). Conversely, government and private sector sites with standoff distances, high walls, access controls and armed security personnel are usually viewed as “hard” targets. While this may be accepted nomenclature within the security industry, we do not believe our adversaries necessarily share the same view of these target sets.
Since the 1970s, terror groups have shown time and again they are capable of hitting “hard” targets — be they embassies, military compounds or government centers. The reason for this is simple: they study the target extensively before attacking. Once a terror organization decides a target is worth attacking, they will surveil and collect intelligence for as long as it takes to devise a plan that circumvents existing security systems and/or procedures. At TRAPWIRE, our operations teams have conducted similar surveillance operations against hundreds of critical infrastructure sites across the US, many of which were deemed “hard targets.” At nearly every site they discovered, through basic surveillance techniques, security vulnerabilities that could be exploited to launch a successful attack. The point is, our surveillance teams have a very different notion of what constitutes a “hard” target. More importantly, their notion is likely shared by those conducting terrorist surveillance operations.
If you talk to an experienced surveillant, they will tell you that a “hard” target is not a location with high walls, vehicle barriers and armed guards, but one that makes the collection of intelligence on that site difficult or even uncomfortable. By this they mean a site where the personnel have excellent situational awareness and a basic understanding of how surveillance operations are conducted; where security procedures and patterns are randomized and therefore more difficult to predict; where employees will approach you if you engage in the types of suspicious activity associated with terrorist or criminal surveillance, such as photographing CCTV cameras or vehicle and pedestrian entrances. We can assure you, there is nothing a surveillant fears more than being noticed and approached during an operation. Such an approach could take your site off a terrorist’s potential hit list.
Our surveillants have also learned that often the easiest sites to surveil are those with excellent physical security features. This may seem counterintuitive, but it is basic human nature. Personnel at supposedly hardened sites feel secure and become complacent, lulled into a false sense of security by the very features they think will protect them. This is a serious mistake as it makes these sites easy prey for a surveillance team. Regardless of the level of security at your location, ensuring your personnel have good situational awareness and the determination to report suspicious incidents is a must.
For those of you who fit the conventional definition of a soft target, you can make yourself a hard target in the eyes of an attacker without adding any traditional security systems. Train your employees to spot and report suspicious activities. Encourage them to engage suspicious strangers in conversation to determine why they are at your site. If you have CCTV cameras, ensure that they can provide coverage of your surroundings, pointed out towards the perimeter where surveillants operate, rather than straight down at an entrance. These steps help take away one of the key elements of any successful terror attack: the ability to discreetly collect intelligence on the target. The goal of every security program should be to spot and prevent the attack, rather than attempt to mitigate the damage on the day of the event.