Detecting when correlation is no longer coincidence


By: Joshua Gideon 

When speaking about attacks in the Dignitary Protection or Protective Security world, many of us have heard people say “you can’t stop a determined attacker intent on killing you.” Although I do understand the point the statement is trying to make about not being able to plan for everything, I feel compelled to challenge traditional wisdom and say I disagree. “Can you detect a determined attacker intent on killing you?” With the techniques and knowledge we have today, I would say, “without a doubt, yes!” What if the determined attacker can be detected or recognized? Wouldn’t it seem possible to be able to put things in place to stop them? Again, I say, “Absolutely, yes!” Besides distancing themselves from failure, I believe statements like “you can’t stop a determined attacker intent on killing you” reflect a defeatist attitude that stems from poor threat awareness training.

On a daily basis, in some shape or form, we are all under surveillance. It may be nosey neighbors with non-hostile intent; it may be loss prevention at your local retail store, or even the local career criminal scoping you out. With this type of surveillance, the experts will advise that the way to detect it is to benchmark an area and look for things that are out of place. Looking for the unknown car parked across the street, or the person jogging in the rain, or some other obvious clue that tells you that person or object is out of place and may be trying to gather information on you

Anomaly based threat detection methods like this work great when dealing with amateurs. They typically follow a fairly predictable pattern and, in context, this method usually works well under those conditions. However, what about the professional? What about those who are calculated and go to great lengths to blend in? How do you detect the professionals that go to great lengths to not look out of place? What about those determined attacker’s intent on killing you at whatever the cost?

To answer the question of how to stop a determined attacker, we have to have a strategy. It’s only fair that if a determined attacker uses a strategy, that we use one to detect them. One of the more efficient strategies is using correlation. Correlation takes a few shapes and forms, but it really boils down to being observant enough to detect patterns and determine when they are no longer a coincidence. Sometimes these may be very obvious; sometimes they may be very subtle.

For instance, you are out on your morning walk and you notice a white van you don’t recognize seeing in your neighborhood seemingly following you and before parking at a house. Anomaly methods would say it was out of place and suspicious. However, let’s assume that the vehicle had “Joe’s Plumbing” on the side of it. It would be very easy for us to dismiss it as a lost plumber looking for customer’s house. However, the next day, you see the same white van driving on a different road on your morning walk route and stopping at a different house. Again, this could be reasoned as a coincidence and that the plumber has yet another customer in the area. On the third morning, the same van shows up in a different place. At this point, it becomes suspicious. If on the forth morning (or towards the end of your run on the third morning) you again see the same white van behind you, you have a correlation.

The principle goes like this: If you see something once, it is likely normal. If you see the same thing again, it’s a coincidence. If you see it one more time, it elevates it to suspicious. If seen one more time, you have an undeniable correlation.

Although the white “Joe’s Plumbing” van in the example could be dismissed using Anomaly based threat detection methods, the correlation method is much more difficult to dismiss. A professional attacker determined enough to go to the trouble to impersonate “Joe’s Plumbing” to blend in is an extremely dangerous attacker. Knowing and detecting these correlation methods is critical to stopping these types of attackers.

Attackers that are “intent on killing you” do have weaknesses and there are threat detection methods such as correlation that can be used to detect and prevent an ambush-based attack. This is just one of many threat detection methods used in the world of personal security. If you would like to know more, join me at one of my Threat Awareness Workshops across the Country. Please visit NoSoftTargets.Com for workshop dates and available seats.