about:blank

crime&justice
INTERNATIONAL
November/December 2006

· Volume 22 · Number 95

Worldwide News and Trends

Russian P

technology
traPWire

Preventing Terrorism
by R. Daniel Botsch and Michael T. Maness
Special to CJI

It

has become commonplace to declare that the world has changed since the attacks of

September 11th. We are all acutely aware of the new security challenges and threats we face from terror- ism across the globe. Yet, our approach to protecting high-value targets has not significantly changed with the times. We adhere to the traditional approach to counterterrorist security the world over, which is to “harden” the target. Build bigger and thicker walls, install fencing and delta barriers, station armed guards at con- spicuous locations, check all vehicles and personnel entering the facility, etc. This approach, often referred to as “gates, guns and guards,” may mitigate the consequences of an attack, but it will do little to prevent the attack from occurring. The successful attacks on Khobar Towers in 1996 and on the U.S. embassies in Kenya and Tanza- nia in 1998 demonstrated that terrorists can devise ingenious methods to overcome the best of physical security. This is a highly troubling situation, given that we continue to invest heavily in the three “G’s.” The central weakness of this approach is that physical security is typically designed to protect against the actual attack. By focusing on stopping the attack once it is launched, however, we are attempting to counter the terrorist at his point of maximum strength and, conversely, at our moment of maximum vulnerability. This choice, whether by default or design, plays into the

1 of 6

8/25/12 7:19 AM

and much more. taking photographs. Botsch managed a business intelligence unit that monitored political. It is likely that hundreds of surveillance operations were conducted during the months leading up to these events. as well as the London subway attacks (July. Con. In 2001. 2004).ters in New York City. al-Qaeda operatives cased the IMF and World Bank buildings in Washington. Mr. D. Mr. Similar activities preceded the attacksontheAlfredP. and the New York Stock Exchange and Citigroup headquar.sulate in Dhahran. they will often case multiple targets in search of an exploitable vulnerability at a chosen site before moving on to the attack stage. Em. the U. descriptions of employee badges and the lanyards they hang on. the work habits of security guards. and even entering the buildings to probe security. prior to the attack on Khobar Towers. the Balkans and Europe. Maness is the Director of Counterterrorism Services at Abraxas Applications. Michael T. counting the number of persons and vehicles entering a site. Additionally. Prior to joining Abraxas in 2002. For example. Yet the knowledge continued on page 40 Oklahoma City Bombing Crime & Justice International November/December 2006 39 2 of 6 8/25/12 7:19 AM . Inc. the U. the global headquarters of Prudential Financial. and a local market used by the service. New Jersey. R. security. provides a glimpse of the types of information collected by terrorists. As a senior operations officer and field operations manager. estimates of the square footage of glass at one of the high rise towers. maps of outdoor smoking areas used by the target site’s employees. Saudi Arabia (December. Daniel Botsch is a Vice President at Abraxas Applications and the leader of the TrapWire program.S. querying guards and employees.men housed at Khobar Towers. Botsch also served 11 years as an intelligence analyst at the Central Intelligence Agency and holds an MBA from the University of Chicago.C. more recently. 2004). Maness joined Abraxas Applications following service with the Central Intelligence Agency where he directed counterterrorism and security operations in the Middle.about:blank hands of the attackers and cedes a significant advantage to them.S.sures and ways in which they could be defeated. Long before the attack is launched (in some cases years before) the terrorists will case the target site(s) to collect intelligence in impressive detail. The public release in July 2004 of information on al-Qaeda surveillance operations in the U.S. Consulate in Jeddah.bassy in Riyadh.S.Murrah Federal Building in Oklahoma City (1995).drid (March. Their surveillance reports included hundreds of photographs of the targets. in Newark. and. It is clear from the information collected that these terrorists had visited the sites on numerous occasions. 2005).S. and market dynamics for a Global 100 energy company based in London. The terrorists create this advantage through meticulous preparation. details on site security mea.East.. They also cased the U. the attacks on the commuter trains in Ma. economic. a 3-person surveillance cell from Saudi Hezbollah cased the target site on 40 separate occasions over a period of at least 18 months. embassies in Kenya and Tanzania (1998). Mr. on the U. more specifically through the practice of extensive pre-attack surveillance of the intended target. he was instrumental in combating alQaeda’s operational units in the immediate wake of 9/11.

it is often determined in post-attack investigations that the terrorists indeed were observed while planning their attacks.S. the suspected surveillant’s behavior. While much of its work is in the national security realm. The strength of TrapWire is the simplicity of the collection for. it also represents their pri. for the last three years.about:blank technology continued from page 39 that these surveillance operations were underway did not come from the security personnel protecting these buildings. The system this group devised is called TrapWireTM. but no one was able to connect the dots in a manner that allowed for attack prevention. which allows for the easy attachment of video clips of the suspicious activity to the event report. and a description of any individual or vehicle involved. government sites.mats. In fact.tify the location and time of the event. The objective was to offer civilian facilities the type of surveillance detection and counterter. intelligence officers shortly after the attacks of September 11. Once the event is entered into the database.rorism capabilities found today at high-threat U. their activities can be detected by security personnel and others at the target facility in the normal course of their duty. Suspicious activity reports from all facilities on the TrapWire network are aggregated in a central database and run through a rules engine that searches for patterns indicative of terrorist surveillance operations and other attack preparations. The structured data input mechanism enables collectors to quickly iden. and it prom. All of this information was discovered on al-Qaeda computers after a raid on one of the group’s safe houses in Pakistan. and intelligence analysis to create a system capable of detecting the terrorist’s pre-attack activities and thereby provide advanced warning of pending attacks. Abraxas was formed by former senior U. This problem has been the focus of our company. as well as valuable insight as to when the attack will occur and against which facility vulnerability. TrapWire collectors can enter suspicious activity reporting.ises to provide information on precisely which facilities are being targeted for attack and by whom. The structured reporting format instills a level of discipline on collectors and facilitates data mining. combined with the sophistication of its rules engine. TrapWire does this by providing a structured format for reporting on suspicious activity near a facility. Abraxas Applications. To collect the information needed to carry out a successful attack. 40 Crime & Justice International November/December 2006 3 of 6 8/25/12 7:19 AM . the company also offers products and services targeting the private sector security and intelligence market. the surveillance activity. only without the significant cost associated with those programs. In the spring of 2003. the terrorists must approach their targets on multiple occasions and for extended time periods.” into the system in approximately 60 seconds. or what TrapWire terms “events.S. TrapWire is integrated with a site’s existing video surveillance system. During these casings. surveillance and surveillance detection operations. the TrapWire rules engine analyzes Crater caused by the detonation of car bomb at Khobar Towers. Abraxas assembled a team with extensive experience in the areas of counterterrorism. inset. While this preparatory activity increases the effectiveness of the terrorists on the day of the attack.mary vulnerability.

the trainees are sensitized to the best locations from which to case their facility. video systems.gence needed to change the balance of forces between the terrorists and site security personnel. and other factors effecting such operations. the best times of day to surveil. This training vastly improves the quality of reporting and the probability that surveillance activity will be detected. The terrorist modus operandi for planning an attack begins with the leadership tasking the surveillance cell to find a suitable target for technology port facility in the Miami region on 9 October at 9:43 am. the network will operate on a reciprocal basis. each facility on the network will decide for itself how widely its information will be shared. access control systems. it provides the intelli. etc. that information be provided indicating the target type and region. It is important. If possible. etc. TrapWire is a significant step toward changing our approach to counterterrorism security in the post-9/11 world. Any patterns detected – links among individuals. the terrorists’ point of maximum vulnerability.sharing policies. to targeting the terrorists during their pre-attack surveillance operations.” Each facility can decide for itself how it will be described. Combining TrapWire with existing security infrastructure – security personnel.about:blank each aspect of the report and compares it to all previously-col.lectors will be available in computer-based modules later this year. This allows Abraxas to incorporate the environment surrounding the facility into the training by providing realistic scenarios on how the facility’s neighborhood will be used against it by the terrorists. Also note that the facility is referred to as a “port facility in the Miami region. enabling them to begin investigations into the suspected surveillance cell. This system moves beyond physical security to provide greater situational and environmental awareness. As a result. probable deterrents to the terrorists. no one outside this facility will receive any information on possible vulnerabilities or other security issues at this site. government facilities in high-threat areas to prevent attacks on their people and assets. how a terrorist organization. – will shift the advantage to those on the defense and dramatically increase the return on investment of existing security infrastructure. The effectiveness of the TrapWire system is dramatically in. The TrapWire system comes with training in terrorist surveillance practices that teaches security personnel. With regard to information. from which location. This can be done by refocusing our security resources from protecting against what will happen on the day of the attack. They can incorporate some of the best practices developed by U. attack. This allows other facilities on the network and law enforcement authorities to gain insight as to the sector or region targeted by the terrorists. the training is done at the site to be protected.creased through the sharing of suspicious activity reporting. or criminal group. conducts surveillance operations. the defenders’ point of maximum vulnerability.ers by exploiting the terrorists’ vulnerability. Ultimately. The facility in question will receive additional information. including which facility vulnerability was under surveillance. vehicles or activities – will be reported back to each affected facility. The leaders may 4 of 6 8/25/12 7:19 AM . and other potential collectors.” However. Those protecting critical infrastructure and other high-value sites can now turn the tables on the attack. This information can also be shared with law enforcement organizations.S.lected reporting across the entire TrapWire network. Refresher courses for col. however. More importantly.

etc. at each there is a round opaque (black) tinted camera in the ceiling.inbuildingTrapWire. and their modus operandi.S. the probability of detection stays at 10%. medium build. 5’11” – 6’2”. The sharing of security-related information requires a change in our traditional way of doing business. . early thirties. suppose that the terrorists case eight facilities in an effort to find a target with a suitable vulnerability. However. the probability of detection increases to 57%. Inc. we now know who they are. as well as information on the timing and focus of their activities. However. and threats are considered sensitive and/or proprietary. facing completely downwards. Moreover. The type of threat report shared across the network would include the following type of data: “A white male. any associated video clips. corners of the (facility). vulner.” — Excerpt from a Terrorist Casing Report cycle. Let us also assume that the probability of detection of surveillance activity is 10% at each facility.Outside there is only one visible one. The surveillance cell will then begin to canvass the targets in what is known as the “Target Assessment” phase of the surveillance surveillants were doing Financial. they are not the long-range type and are obviously looking mostly at what may be coming in and out. etc. This is the kind that can rotate inside and look in any direction whilst the person that it is focused on is unaware that ‘all eyes are on him’. First.pend on the professionalism of the surveillants and the observation skills of the security personnel protecting the targets.. if the facilities share their threat data.. Information on security. However.. the system only shares informa. it is a mathematical certainty that the probability of detection can be significantly increased through the sharing of information. wearing sun glasses was seen videotaping the vehicle entrance to a provide guidance to the surveillance team “Cameras: In the... In essence.ability of detection increases again as security personnel now have descriptions of the individuals and vehicles involved in the casing operations.). the prob.C. government building. and other financial targets in 2001. once the surveillance cell is detected and the information is communicated across the network of eight facilities. Apparently.about:blank regarding the target type (U. For example. brown hair. at least by sight..Abraxas included several features designed to overcome the reluctance to sharing security information. New York City. peering at what appears to be a staff entrance. chemical facility.abilities. clean shaven. This is probably what the al-Qaeda against the headquarters of Prudential 5 of 6 8/25/12 7:19 AM .) and/or the target’s geographic location (Washington D. and usuallyforverygoodreason. The probability of their casing activity being detected at each site would largely de..tion on threats to the facility. If the eight facilities operate in isolation.

about:blank Crime & Justice International November/December 2006 41 6 of 6 8/25/12 7:19 AM .

Sign up to vote on this title
UsefulNot useful