In the case of security services, having good people is even more critical.  The protection of lives and assets lies directly in their hands.  Although choosing the right person for a job is important, subsequent training is absolutely critical.  Without effective training, even the right people will not do a good job.  And with effective training, even weak workers can come up to speed.  Above all, when an employee really knows the mission, is well trained and empowered to act, expects to be tested and appreciates that testing will improve his skills … this is a highly motivating combination.  Nobody is satisfied with being mediocre at their job.  Raising the bar while giving an officer the tools to succeed improves both job performance and satisfaction.

It’s not enough to tell a guard “observe and report.”  He needs to be familiar with the explicit threats to the environment he is protecting.  In that specific context, what would be suspicious?  If he needs to approach someone, how should he engage them?  What should he say and why?  What is the best way to pose the questions?

Well trained guards with a sense of purpose and confidence in their abilities are happier guards.  The result is that turnover rates are reduced.  Clients see and appreciate the difference.  The bottom line improves.  There are a lot of security companies out there vying for business.  Offering a superior product – in the form of a highly trained security officer – is a fantastic way to beat out the competition and build a positive reputation in the marketplace.

The Israeli approach to security across venues is based on a logical, threat-oriented methodology.  Emphasis is placed on the human element conducting threat assessment in the context of suspicion indicators.  Israeli security personnel are well trained and constantly tested to insure quality performance.  For this and more, the opportunity to speak openly and at length with the crème de la crème of security professionals is invaluable. It’s the obvious destination for learning new tricks of the trade.

Students who take Chameleon’s seminars leave Israel with effective tools that they can share and knowledge they can disseminate, back home.  Many techniques represent a cost savings and surprisingly to some, improved customer service.  New training energizes an organization and does offer a return on investment.  In addition, attendees profit from networking opportunities.  And let’s face it, it’s an exciting and fun week.

For more information about Behind the Scenes of Israeli Security Ops: full itinerary, hotel, clearance and other information, please link here. http://chameleonassociates.com/SeminarTour13/index.php

In 1945, the Russians gave U.S. Ambassador Harriman a gift of an intricately carved wood replica of the Great Seal of the United States.  This goodwill gesture was delivered by school children.  The seal was displayed in his office in Moscow for seven years until 1952, when an electronic countermeasures sweep discovered that the seal was bugged.  The CIA, which was initially confounded by the workings of the device, dubbed it The Thing. It had no power or active electrical components.  Eventually it was determined that a radio signal on the correct frequency would activate the small device, remotely, a technology that made it very difficult to detect.  Léon Theremin, a Russian inventor who created this first electronic listening device, was highly awarded by his country for his achievement.

Later in 1960, Ambassador Lodge revealed the device at a session of the United Nations (see picture) to expose Russia’s spy agenda and counter that country’s complaints about U-2 plane espionage.

Whether on a national scale, or in the public or private sectors, eavesdropping can reap huge benefits for the perpetrator.  Technological innovation has exploded since The Thing was debuted.  Digital media in the form of telephone and data transmissions, email, texting and computer activity make the pond in which eavesdroppers fish more like an ocean.  Eavesdropping technology has likewise advanced, rendering spying relatively easy and inexpensive.

I wonder how many of our readers who have commissioned an electronic sweep, actually found a bug?  Although the statistics as to how often spying succeeds in catching a big fish, are low, the risks are very high indeed.  Just think of the kinds of conversations that take place across the globe in board and conference rooms where strategy is designed and critical decisions taken.

Making cyber and electronic sweeps a part of a comprehensive security system makes sense.  It’s not paranoia, it’s prudent.

Springfield, MA holds the dubious distinction of offering the cheapest supply of heroin in the U.S.  It is a poor, crime-ridden community plagued by gang violence.  But a fresh program has been underway there that adopts counter-insurgency methods used against terrorists in Afghanistan to be deployed in community oriented policing (COPS) on the local Springfield streets.

Previously, residents lacked trust in and therefore did not engage with law enforcement. By not calling in police when a crime took place, they were passively supporting the criminals.  It was common to see a gang member riding a motorcycle, an AK47 hanging off their back.  In a way, the situation was not unlike that of a third world warzone.  Taking advantage of a community that is failing economically and politically fragile is a tactic common to both criminals and terrorists, alike.  The Arab world, not surprisingly, has a word for leverage-able civil unrest and chaos:  “Fawda.”

The new approach was the brainchild of Massachusetts State Trooper Mike Catone, a military veteran who had deployed in a counter insurgency unit. In military fashion, a mission action plan was developed, a special unit carefully vetted and thoroughly trained was then embedded into the community.  The overarching goal was through charm, brute strength and perseverance to establish trust and develop a spirit of collaboration with residents.  Once positive relationships were established, and trust achieved, the law abiding citizens who are after all in the majority were working with the PD to fight crime, together.  The program’s success is measured in part by the spike in calls to the police about incidents and a flood of tips.

A weekly “local elders” meeting is held in Springfield which mimics those held with village elders in Afghanistan.  Representatives from across the community share information and collectively problem solve.  Data from the intelligence brought in from all collectors is then mapped by university students involved in the program.  The data plotting enables police to identify the criminal network hubs, force out leaders and break criminal links.

Counter insurgency has had a poor track record in Afghanistan and well, everywhere.  Hanging out in a native village, counter insurgency forces are at best tolerated as big, white Christian conquerors.  There, they straddle an awkward divide between being warriors and community social workers.  They will never constitute a real, accepted part of those communities.  In towns like Springfield, however, they are an authentic part of the picture.  Although  in this instance the term “counter insurgent” is a misnomer, these tactics have a better chance of success in countering gang-related and other crime on a local level than they did in Afghanistan.

See the CBS Sixty Minutes story here:

(And to think we were worried about West Nile virus!)

Aldrich Ames, arrested in 1994 for spying that resulted in the death of ten CIA agents, passed two polygraph tests while working for The Company.  Ana Montez passed the polygraph test she was given when she first joined the DIA.  Once it was revealed that she was a spy for Cuba, polygraphs were used as part of her interrogation.

Polygraphs are readily available but not commonly used.  In places where the polygraph is not part of regular assessment procedures, there is a stigma associated with giving such a test.  The implication in those instances is that the subject is not to be trusted or is potentially guilty.

Some folks are naturally anxious; their nervousness can lead to false positives.  Guilt grabbers are prone to feel guilty just at the mere thought of doing something wrong, skewing test results.

But how do people who do have something to hide manage to beat a lie detector test?

The polygraph tests for autonomic arousal.  It assumes that emotional response will result in physiological changes in blood pressure, pulse rate, perspiration/skin conductance, muscle movement and respiratory conditions.  A pretest is conducted by the operator to review the subject’s medical history and identify possible skewing factors like arrhythmia or a breathing irregularity.

Operators ask three kinds of questions: relevant, irrelevant and control, in order to establish a baseline.  Relevant questions might include What is your name? And Have you ever eaten a French fry?  Relevant questions are the important ones like Did you steal the car?  Did you leak the information to the press?  Control questions are compared to the relevant ones and ask something about which most people would say yes, although they may well be uncomfortable with the honest answer. For example, Have you ever cheated in a game?

The operator’s skill in crafting questions and assessing the person as the test unfolds is key to the test’s success.  It can be a game of cat and mouse.  A test taker will try to beat the machine by regulating his emotions and related biological response.  He might try to foil the machine by using antiperspirant on hands, forehead, nose and underarms before taking a test.  Here the idea is to constrict the sweat glands that galvanometers register as a sign of lying.  He might keep his answers to “yes” and “no” and avoid making explanations or getting into details that could tip the scale.  A test taker might also try to establish a positive rapport up front with the operator to create cognitive dissonance in the operator’s mind.  Gosh, he’s such a nice guy he could never do this horrible deed.  It’s probably easier to beat the operator than it is the machine.

There are many different kinds of lies: white lies “no, you really do look good  in that dress;” lies to protect someone else “My brother was with me that evening;” lies for fun “I dated George Clooney when I lived in Italy and was working as a model;” malicious lies “I had nothing to do with the murder.”  A good liar will be able to deliver any misinformation with uniform detachment.

Of course, just as a lie detector test is infallible, so too are the methods that might be employed to try to beat the system.

So what do you think…?

Whether the attack goes beyond evil aspiration to action is another matter.  We have been just plain lucky that widespread evil intent has not been more successful over the past decade as it was to horrific effect in Boston, yesterday.

It is odd to me that the public or the media need to wait to be told that the blasts were perpetrated by terrorists – either a group or a lone wolf.  It is somehow odd that the president needs to officially proclaim that the attack was indeed terrorism.  That there could be a split second doubt in anyone’s mind as to the nature of the event reveals a fear of acknowledgment.  An avoidance of the realities we currently face.

For an example of how we resist reality, take the July 4^th, 2002 attack at Los Angeles International Airport where Hesham Mohamed Hadayet, armed with two guns and a hunting knife, started shooting travelers at a ticket counter.  That he chose to do this on Independence Day was not coincidental.  That he chose to kill people at the El Al Airlines ticket counter was likewise not coincidental but no doubt a factor that limited fatalities to two people.  The armed El Al security agent moved quickly to neutralize him.  Authorities claimed at the time that this was an isolated incident.  It took a year before the FBI and DOJ officially concluded that Hadayet was trying to make a political statement in favor of the Palestinians and that he was a terrorist bent on becoming a martyr.  It was not an isolated incident.

In the decade since 9/11, the roster of terrorist events – many unsuccessful or still in the planning stages but nonetheless – is in fact lengthy: Ft Hood, the Times Square bomb, Seattle Jewish Federation, the Portland Christmas Tree guy, Aurora Cinema, the Underwear Bomber and so many more.  And that is just in the U.S.; worldwide incidents number in the thousands.

Chameleon website traffic statistics skyrocketed today, as did general requests and inquiries.  Clients who had been sitting on proposals chose today to call and say, hey let’s move forward with the program.  But what is different today than last week?  I don’t believe we can afford to be reactive.

Here’s another kind of reactive that I just don’t understand: in response to the Boston bombings, police were put on high alert all over the place.  It was ‘all hands on deck.’  For what?  Absent solid intelligence of a widespread plot that includes Southern California, why should the Boston Marathon bombing serve as a stimulus to a response in, say, San Diego?  It is an embarrassing, knee jerk reaction that does not serve us well.

So often, students at Chameleon trainings lament that although the proactive threat mitigation methods we outline seem great, their company’s management won’t go ahead unless something big happens.  But something big is already happening.  In New York.  In Washington, DC.  In Los Angeles, CA.  In Portland, OR.  In Fort Hood, TX.  And in a city near you.

Oakland has seen 20 to 40% increases in murders, rape, robbery and burglary over the last few years.  In fact, it has one of the highest murder rates in the nation.  While Oakland, a city of about 400K residents, was never considered particularly safe compared to other cities in California, things have definitely taken a turn for the worse.  One reason for the spike in crime is the sharp decline in its number of police forces.  There’s been an exodus from the demoralized department leaving it severely understaffed.

Oakland has reached out to the Highway Patrol and neighboring Sheriff Departments for help, but it’s not enough and that certainly does not constitute a permanent solution.  Various crime consultants including William Bratton former Chief in Boston, NYC and Los Angeles, have been brought in to help find solutions. One solution at the top of the list is to bolster community policing.

As defined by the DOJ COPS, community policing is “a philosophy that promotes organizational strategies, which support the systematic use of partnerships and problem-solving techniques, to proactively address the immediate conditions that give rise to public safety issues such as crime, social disorder, and fear of crime.”

Although a community policing advisory board has been in effect in Oakland since 1996, other problems have challenged its effectiveness.  The hope is that new initiatives will succeed where others have failed.  These include recruiting civilians to handle administrative tasks that will unchain police officers from their desks and put them out on the street.  Another strategy is to chisel out three new districts and have their police captains work more closely with community groups, actively establishing better rapport between police and the neighborhoods they serve.

Meanwhile, some Oakland homeowners have put into action their own crime initiatives.  A couple of the more affluent areas are pooling their resources to hire private security patrols.  The trend for such private security service is up across the country, in areas that are financially depressed and experiencing higher crime as a result.  These private patrols provide far more manpower than these homeowners would otherwise have enjoyed.  Such officers are typically armed, uniformed and ready to intervene.

There are plenty of potential problems with having civilians take over the role of police.  There are questions of training, legal liability and the unequal distribution of security which most people consider a right rather than a privilege.  But, for now, the presence of private security patrols in these neighborhoods serves as a strong deterrent and may well help turn the tide, overall.

Global uber dependence on all things digital has prompted the creation or expansion of military cyber commands in many countries.  The US Cyber Command has been officially active since 2009.  Its stated mission is that it “plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.”  What is new and potentially controversial is that the director of the NSA, Gen. Keith Alexander, has stated that 13 offensive cyber warfare teams, analogous to battalions or squadrons, will be ready by 2015.

Some question the timing and purpose of the announcement, given that this capacity surely already exists within the U.S. military.  Others are concerned about the legal ramifications of such cyber war  forces who would presumably be obliged to notify (or get approval from) the president or congress before acting.  Will these units be acting covertly or overtly?  What operational procedures will guide this command’s engagement, especially when crossing international boundaries?

The motivation for supporting cyber warfare activities in-house is pretty clear, given the alternatives.  No one prefers to depend on independent hackers to finds flaws and supply exploits, and rely on those hackers not to sell the exploit to multiple buyers or, sell to terrorist groups or other corrupt enemies. Although a large percentage of exploits are purchased from legitimate firms in the code business, it’s a tricky business.

What’s more, who wants to pay $200K for some code that may be rendered obsolete at any time? Unlike a well-maintained rifle that can continue to work for decades, code has a potentially short shelf life.  A piece of code that exploits a yet unknown bug or defect is known as a “zero day.”  Once discovered, the code becomes “one day”, “two day”, until the day that bug is plugged.  Obviously, once the hole which it takes advantage of is discovered, the code more or less ceases to be useful. For example, Stuxnet was quietly doing its work for many years before being discovered but once it was brought to light, it was naturally shut down.

Not surprisingly, the largest buyers of exploits, for the best prices, are from the West in the form of government agencies and large defense contractors. China apparently has in place such a huge number of internal hackers and conducts espionage on such a large scale, that prices for Chinese code are depressed.  The Chinese seem to be managing well enough with their in-house operation.  That’s why trying to ban the sale of exploits, or enact laws to restrict this market are met with pessimism.  One security researcher notes that trying to ban code exploits would have the same success as banning drugs has had on the war on drugs.  Cyberspace is starting to look to me a bit like the lawless, freewheeling Dodge City of the Wild West.  Here’s hoping we can avoid a cyber shootout at the OK Corral.

Among other things, he proposed the need for broadening the scope of intelligence efforts beyond the places in which battles (covert or otherwise) are presently being waged.  The focus needs to expand beyond immediate tactical requirements in conflict zones like Afghanistan and Iraq to support policy making to address global concerns.  The report sets the tone with a quote from General McChrystal who complains that “senior leaders – the Chairman of the Joint Chiefs of Staff, the Secretary of Defense, Congress, the President of the United States – are not getting the right information to make decisions with … The media is driving the issues. We need to build a process from the sensor all the way to the political decision makers.”

If the sequester doesn’t prevent the DCS from getting its required budget and if it continues to enjoy political support, those sensors, i.e. intelligence officers, will be working differently.  And there will be a lot more of them.

At a hearing of the House Armed Services Committee’s – Intelligence, Emerging Threats and Capabilities Subcommittee (now why doesn’t that mouthful have an acronym?) Flynn explained that “demands on the U.S. intelligence system have skyrocketed in recent years, and these demands are only expected to increase.”  His new DCS will take on about 15% of existing DIA case officers.  And per the Washington Post, “When the expansion is complete, the DIA is expected to have as many as 1,600 collectors in positions around the world, an unprecedented total for an agency whose presence abroad numbered in the triple digits in recent years.”

The goal of these increased numbers is to prevent strategic surprises and maintain U.S. competitive advantage in a world of increasing risks on the Asian front and from Africa, and from the cyber or hacking attacks we read about in headlines, every other week.

Maybe more interesting than the numbers is how the existing intelligence services – FBI, CIA, etc., will be working together more, sharing intel and duties, versus working in separate corners of the room.  Indeed part of the shift of which the DCS is a part, involves a trend towards Convergence, where aspects of the civilian intelligence and traditional defense apparatus are merged.  Despite all the criticism post 9/11 about how the result of agencies not working together was a gapping security hole, convergence does not sit well with everyone.  Some people fear that privacy and civil liberties are in danger when the legal authority of military intelligence gets mixed up with the legal authority of domestic intelligence agencies.  Who is calling which shot and do they have the authority to do so?  Or, god forbid, will only one person end up calling all the shots with no checks or balances.

The bottom line to me is that sharing resources and intel can save money and even lives.  Because despite having the very best apparatus, often getting good (accurate, actionable) intel is a matter of luck, of being in the right place at the right time.  If convergence increases our agents ‘luck’, I’m for it.