We got you covered.

How Situational Awareness Enhances Protective Operations

Must Read

Some essential skill sets in the protective operations world do not get as much attention as others. To be effective in protective operations, protection personnel must be students of situational awareness, systematically observing and assessing their environment.

The ability to use observation skills to proactively examine the environment and spot potential threats in time to avoid or mitigate them is a crucial responsibility of protective agents. And this skill is one of the many critical technical aspects of protective intelligence.

The previous emphasis on deterrence and response by protection teams has given way to a more proactive and practical approach. And this approach relies heavily on observation skills coupled with an understanding of the methodology that terrorists and criminals use most often. Specifically, focusing on one of our enemy’s most significant weaknesses – surveillance activities directed at our protectee.

Situational Awareness and Protective Operations

Personnel involved in protection — as a member of law enforcement, a security officer, or a protective agent — need to have specialized training in situational awareness to ensure that they can recognize and appropriately react to any potential threat in the environment.

The most critical aspect of situational awareness is that we must practice its principles religiously until they become a part of one’s subconscious. Only then can we focus on specific duties like protective operations and remain switched on to possible threats to our protectee as well as to ourselves. Only if we can adequately “protect ourselves” will we be able to protect others.

Protective Intelligence

There are a variety of activities, strategies, and skills that protective operations personnel use to determine threats and take proactive measures to prevent or avoid an incident. This begins with a thorough threat analysis for the protectee as well as research on the specific threats in the areas where the protectee will operate.

Besides threat analysis, the protection team needs to actively work in the environment, conducting route planning and analysis for every movement of the protectee.

Route analysis is the tactical examination of the environment from the point of the view of an attacker looking for surveillance points, potential attack sites, and any hazards which may cause harm to the protectee or impact the ability to move the protectee from one location to another securely.

Protective intelligence is a critical factor. As the US Secret Service preaches, no protection activity is more effective than the protective intelligence (intel/threat recognition and advances, etc.) done in preparation for the operation.

A Change in Strategy – Countersurveillance Teams

If I were to describe the top level of protective operations, I would have to mention the use of surveillance detection (SD) by protection team members and the possible addition of countersurveillance (CS) personnel to augment the protection team. These surveillance-focused elements became relevant in response to several successful terrorist attacks on notable figures in the 1980s and 1990s.

Until the early 1990s, protective operations operated on the “Iron Box” philosophy that protection was accomplished by target hardening and using security personnel and armored vehicles. This was the standard operating principle of deterrence and hard skills reaction to any threats to a protectee. Hence, the “Iron Box.”

While this method did hold a level of deterrent effect, a determined and intelligent enemy could counter the protection plan by increasing the number of attackers to neutralize the security agents and/or use anti-armor weaponry to defeat the armored vehicles.

Shortcomings of the Iron Box

The problem with the Iron Box methodology was exemplified when a West German terrorist group, the Red Army Faction (Baader Meinhoff Gang), assassinated Deutsche Bank President Alfred Herrhausen in 1989.

Herrhausen’s protection detail and armored vehicle did not prevent his death and clearly showed that the Iron Box method was no longer effective.

The security industry needed a new model to address the threat of sophisticated criminal and terrorist groups. A thorough study of the terrorists and their methods revealed that they were all using a variation of a terrorist planning an attack cycle and that there were weaknesses within this cycle that could be exploited to prevent or mitigate a terrorist attack. The defect was in the requirement for terrorists to conduct surveillance on the target to acquire the data necessary to plan and execute a successful attack.

This attack cycle was later found to be in use by organized criminal elements and even active attackers/shooters. By understanding the methods used by these groups to target and attack their victims, a new strategy was created to exploit the weaknesses in the attack cycle, precisely the surveillance requirements of the attackers.

protective operations

Surveillance Detection in Protective Operations

To target a protectee, an attacker must know where the protectee is located, when the protectee is moving and when the protectee will arrive at a location. At a minimum, the attackers must be aware of the protectee’s site early enough to prepare to act. While more sophisticated attackers can gather this data electronically, at some point, all attackers must employ “eyes on” the target.

Surveillance Detection (SD) in the protective operations world involves specific activities that help us determine if a hostile element is surveilling our protectee (or our security personnel). For example, they could be doing so to collect information that will later be used to plan and execute any of the following:

  • attack,
  • assault,
  • assassination, or
  • kidnapping.

As a skill set, SD is considered a critical defensive capability for modern protective teams. Within the Attack Cycle, there are usually three surveillance steps (Initial Target Selection, Post Target Selection, and Pre-attack Surveillance). These provide us with the best opportunities to detect hostile surveillance.

Thinking like the attacker, we need to find the most likely surveillance points near our protectee’s work, residence, along routes, near chokepoints, and around all potentially viable ambush sites. We need to analyze potential surveillance points looking for the likely places where the surveillants will be located and the possible methods they may use to blend into their environments. For example, a local park across from the protectee’s residence may provide ample cover for a surveillant.

CIA Countersurveillance (CS) Teams

With the discovery of a serious terrorist threat to the CIA Director and the demise of the Iron Box methodology, CIA security began to focus on threat surveillance. A CIA countersurveillance (CS) team was created in 1993 to specifically look for the terrorist surveillance signature.

I was one of this unit’s first members, which also appears to be the first countersurveillance team that the US Federal government employed. The team worked directly with the CIA Director’s Protection Detail, but in this new capacity, we often operated independently from the detail.

Nevertheless, to ensure coverage and coordination, we maintained constant communications with the detail to ensure they knew our location, what we were doing, and how we would support the Director’s movements.

This CS element became an essential part of the protective operations efforts at the CIA, augmenting advances and protective intelligence investigations. In situations where protection teams were unfeasible, or there was a significant threat, the CIA often utilized a specialized Counterterrorism Surveillance (CTS) Unit to look for the terrorist surveillance signature on our personnel in hazardous environments.

These CTS units were a totally clandestine element in the CIA’s arsenal until a brief revelation of the unit’s role in finding and documenting Carlos the Jackal in Khartoum, Sudan, in a book written by Billy Waugh titled “Hunting the Jackal.” The only “officially approved” exposure of this unit and its activities were in my book, “GUARDIAN – Life in the Crosshairs of the CIA’s War on Terror,” where I discuss my time working in the CTS unit in Europe, the Middle East and Southeast Asia.

Protective Operations CS Teams

If adding a protective countersurveillance team is an option, there are some definite advantages for the protectee and the protective detail alike.

CS teams — dedicated to advance type activities and overwatch positions during protection activities — provide the highest possible protection envelope. By combining the best protective operations techniques with the best surveillance techniques, we can saturate an area in advance, recognize threats or potential threats, and adjust the plans before the arrival of the protectee. This is the best “avoidance” capability and allows the team to be proactive (not reactive) to any threats – a primary goal of the protection team.

The US Secret Service felt that if the protection team had to react to a threat, they had failed on several levels – protective intelligence, advances, etc.

Staffing appropriately is critical for the success of any element within protective operations, and this is no less the case with a CS element.

Personnel with experience in covert operations or surveillance are ideal for this work as long as they receive thorough training in protective operations methodology. In addition, all protection team members must know how the other elements will support each other to prevent mistakes and gaps in coverage.


Protective operations agents need to have some formal training in situational awareness (observation skills and principles, etc.) as this is the most fundamental aspect of protective intelligence. Protective agents also need to learn the characteristics associated with terrorist groups and other threats in the environment, emphasizing understanding the attack cycle and behaviors associated with surveillance activities.

Several organizations provide training courses available, as well as some exceptional books on related subjects:

  • “The Gift of Fear” by Gavin de Becker
  • “Left of Bang” by Patrick Van Horne

For example, the Arcuri group has a 4-hour Situation Awareness Specialist® (SAS)​ course as well as a 5+hour advanced course, the Advanced Practitioner (SAS – AP), which specifically addresses the terrorist attack cycle, and protective operations and the characteristics associated with terrorist surveillance (behavioral signature).

If staffing and resources allow, the protection team can add a specific countersurveillance element to look for and investigate potential hostile surveillance activity. All these elements are proactive and fall under the protective intelligence umbrella.

Sign Up for Our Newsletter

Get the latest news and articles from EP Wired.

Latest News

Digital Executive Protection and the CPC 2023

In the lead-up to the highly anticipated Close Protection Conference in Dallas this December, we had the privilege of...

More Articles Like This

Download Advance Work: Route Survey

    Download Advance Work: Restaurant

      Download Helicopter Extration: Landing Zone

        EP Career

        Your registry of the best opportunities in executive protection.

        EP Directory
        The right place to explore EP companies.