Disrupting Hostile Reconnaissance

Organisations face a variety of threats: terrorists, activists, corporate or state-sponsored spies and criminals. While these threats and their aims may vary, hostiles are united in their desire to succeed. Recognising they may not get a second chance to achieve their aims, hostiles will typically plan carefully. Generally, the more sophisticated the attack the more complex the attack planning, and consequently the greater the information requirement and reconnaissance need.  

This activity can be described as hostile reconnaissance. CPNI defines it as “Purposeful observation with the intention of collecting information to inform the planning of a hostile act against a specific target.” Hostile reconnaissance is a vital component of the attack planning process. 

The information gathered is typically used by hostiles to assess the state of security and likelihood of detection; to assess vulnerabilities in security and to assess likelihood of success.

Understanding hostile reconnaissance in the attack planning process gives security managers a crucial opportunity to disrupt by creating a perception and/or assessment of failure by hostiles in two main ways:

  • denying them the ability to obtain the information they need from their research because they simply cannot obtain it, or they could but the risk of detection to achieve this is too high
  • promoting failure – both of their ability to conduct hostile reconnaissance (they will not be able to get the information, they will be detected) and of the attack itself

These effects can be achieved because in the process of conducting hostile reconnaissance the hostiles are making themselves vulnerable to detection. 

Protective security strategies can therefore be focussed in the following manner to:

  • DENY the hostile the opportunity to gain information
  • DETECT them when they are conducting their reconnaissance
  • DETER them by promoting failure through messaging and physical demonstration of the effective security.

This approach will play on the hostiles’ concerns of failure and detection.

The key to DISRUPTION comes from understanding the information hostiles need, and where they are going to have to go to get this and their state of mind. This, in turn, is dependent on understanding the threats in a way that enables prediction of likely attack scenarios.

CPNI has developed guidance to disrupt hostile reconnaissance while having a reassuring and recruiting effect on the normal site user. Guidance also covers utilising existing protective security resources such as CCTV control rooms, security officers and other important resources, such as corporate communications and employees, more effectively to disrupt hostile reconnaissance. The guidance is based around six core principles. The pages below provide more information.

Action Counters Terrorism (ACT)

CPNI is proud to support Counter Terrorism Policing’s Action Counters Terrorism (ACT) Campaign which encourages the public to help the police tackle terrorism and save lives by reporting suspicious behaviour and activity. Please visit the ACT website for further details.