Protective intelligence lessons from the U.S. Capitol riot for companies

After a lifetime in the protection business, the one constant in Washington that I’ve learned is that it takes tragedy to force change. The January 6 Capitol riot is not an enigma. This was a clear protective intelligence failure.

The key finding of Retired Army LTG. Russel Honore’s report reviewing how the pillar of U.S. democracy could have been so easily infiltrated is that the U.S. Capitol Police (USCP) must better integrate intelligence into its operations through improved awareness, assessment, sharing, and response capabilities. We can look at effective protective intelligence as a three-part story: Act I is identifying threats; Act II is building those threats into a cohesive profile; Act III is sharing and acting on that information in order to make nothing happen. Applying this framework to January 6 helps us understand how we can and must do better and provides important takeaways for corporations.

Act I: Observe, Listen

Rising extremism, continuing fallout from the pandemic, racial injustice and political issues are all driving an increase in violent threats towards institutions of all kinds, especially high-value U.S. government targets. Given the disparate sources and nature of physical threats, it can be difficult to separate hollow posturing from real danger. One of the most salient recommendations from the Honore Report outlines how to overcome this challenge:

“USCP leadership must actively integrate intelligence functions into the USCP’s daily operations, force protection decisions, and future planning. This will require additional intelligence research specialists and supervisory analysts, training on analytic methodologies and software tools, and the procurement of equipment to accommodate a more robust team.”

Corporate security leaders should also note these recommendations. As compared to the prior year, 69% of security, legal and compliance executives agreed that their company is experiencing a dramatic increase in physical threat activity, according to the 2021 State of Protective Intelligence Report. Mass shootings in Boulder, Atlanta and Orange County, CA just this year highlight how businesses and their customers can become unwitting targets for horrific attacks, ones that have usually been staked out and planned in advance. Companies should also be actively transforming their physical security operations with trained analysts, technology resources and crisis planning in order to protect employees, executives and customers.

Act II: Where’s Waldo?

Ever tried to find Waldo? He’s the red stripe-shirted children’s book character hidden in plain sight within dense illustrations of dozens of people doing dozens of things. Waldo is not difficult to find because he is camouflaged — the challenge is context. Waldo is often surrounded by people and things that do not fit together -- tennis balls, ironing boards and school supplies -- casually confident the noisy page will provide “cover.”

Bad actors are difficult to spot for similar reasons. Piecing together a string of threats to form a cohesive profile is harder still. Fortunately, advances in data intelligence and automated technologies have made it easier to glean a clearer picture from the noise. But only if they’re put to use. Many companies are hampered by legacy systems designed to be nothing more than an investigative tool after an incident has occurred at the facility. The future is proactive systems to help forecast and identify threats.

Honore Report investigators determined “USCP is not postured to track, assess, plan against, or respond to the plethora of threats due to significant capacity shortfalls, inadequate training, immature processes, and an operating culture that is not intelligence-driven.” This is a damning statement this many years after 9-11. As a nation, we need to do better.

Identifying physical threats is not enough. To foster safe operations, security teams must analyze the threat, its connections to other factors, share findings with relevant partners, and formulate a response strategy.

Corporate enterprises need similar protective intelligence capabilities. Based on our research, 91% of security, legal and compliance executives agree that physical security needs a technology-driven industry standard for actively identifying, investigating, assessing, monitoring and managing physical security threats.

Act III: Shared Knowledge is Power

On a practical level, this wasn’t an intelligence collection problem; this was a failure to act on the intelligence collected. This point was further amplified in a USCP Inspector General (IG) report, which found that a Capitol Police intelligence assessment circulated three days before the attack warned Congress was a target and that “Stop the Steal’s propensity to attract white supremacists, militia members, and others who actively promote violence may lead to a significantly dangerous situation for law enforcement and the general public alike.” Yet, the January 5 USCP plan for the protest said that there were “no specific known threats related to the joint session of Congress.” This disconnect from the intelligence collected shows a failure of imagination. Threat assessments are written for the purpose of understanding and preparing for the threat landscape.

Historically, when security failures occur, the protective analysis doesn’t translate into proactive measures. There are lots of contributing factors: culture, optics, internal politics, and the lack of effective physical security measures. At the end of the day, the system alerted, but nobody listened -- which is not surprising in the least. From the 1970s and well into the 1980s, the State Department suffered many similar systemic security failures. Changing mindsets in the protection space is always hard.

January 6 must be a wake-up call not only to government officials but to corporate leaders across the country too. Companies must not wait for threat intelligence to fall in their laps but proactively look for threats and share critical information across stakeholders. To protect employees in their community, business leaders must utilize technology-driven protective intelligence to identify, understand and act to mitigate threats before they become unmanageable.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.