This article was written by TrapWire Director Michael Maness, who served two decades as a senior operations officer and field manager with the Central Intelligence Agency conducting covert counterterror and counterintelligence operations on behalf of the USG in more than a dozen countries.
Just about everyone has heard the terms “hard” and “soft” targets. The media coverage of the recent terror attacks in France, as well as domestic terror and violent protests, repeatedly points to the focus on “soft targets,” with the implication being that a lack of defensible perimeter or armed guards automatically deems a location a soft target. But is that always the case?
For thousands of years we have designated something a hard target when we have surrounded it with high walls, armed guards and, more recently, electronic detection equipment. But is that how a terrorist, criminal or anarchist would define a hard target? Not always. If someone with the proper motivation and resources decides your facility is worth attacking, they will often study you — even for a relatively short period of time — and devise an operational plan to achieve their goal. (I would argue most of us viewed the Twin Towers and the Pentagon as hard targets prior to 9/11.) And therein lies the crux of the problem: too often, after we’ve “hardened” a target we deem the location secure, and trust that those who would prey on the site will view it the same way too. To compound the situation even further, by focusing all our resources on the newly hardened perimeter, we too often ignore the operational environment around our site, giving the criminal element free reign to study our buildings, employees and security features without fear of discovery.
As an operations officer for the CIA, I was often called upon to run surveillance against foreign targets. High walls, armed guards, and metal detectors rarely deterred me. But an inquisitive security guard, nosy employee, or local resident hanging out of their window watching the street below would give me pause for concern. Even with a solid cover story to explain my presence in that particular location, if I was noticed more than two or three times, I would most often opt to abort the mission, or at least hand it off to someone else who had not been burned. Over the past fifteen years, our TrapWire Red Team has conducted hundreds of surveillance and penetration exercises on behalf of our clients against critical infrastructure and “hard targets” across the US. We’ve succeeded in gaining access to sensitive sites, despite their use of state-of-the-art security measures. In those rare instances where our team was discovered it wasn’t a high wall, CCTV camera or armed guard who thwarted us, but rather a non-security employee, contractor or astute neighbor who viewed our activity at the site as suspicious, and reported it.
Fortunately, this focus “outside the wire” is a security posture that most soft targets in this country can employ, with minimal expense and little disruption to normal business flow. Not every location, business or school will have the ability to construct high walls, purchase additional stand-off distance, or hire armed security personnel. And throwing up plywood to cover your windows is probably going to have little deterrence to a well-motivated group that’s already been studying you. You can, however, train your employees to be more situationally aware and to report things that don’t feel right. No one understands their immediate area better than you and your employees. Use that area familiarity to your advantage. Become that additional set of eyes-and-ears for your own protection and to assist local law enforcement. This refocus on situational awareness of your immediate surroundings, and a willingness to report suspicious activity — coupled with traditional physical security features where possible — will provide a holistic security posture that can result in a true hard target.