Resilience

Core Principles of Threat Management Units

by Michael Breslin

Homeland security is a complex and ever-evolving challenge whose mitigation necessitates the actions and collaboration of personnel across all branches of government and the private sector. This enhanced complexity presents law enforcement, homeland safety, and security professionals with a myriad of challenges due to an environment overflowing with existential and hybrid threats, technological innovation, interconnectivity, and limited resources.

Michael Breslin headshotThe risks faced by the public are real and the dangers posed by those intent to do harm seem to occur on a daily basis. The United States is an open society with hard-fought liberties. These freedoms combined with geopolitical and domestic conditions provide a ripe environment for those lone individuals and bad actors intent on causing harm to disrupt this way of life.

The report, Mass Attacks in Public Spaces – 2017, published by the United States Secret Service’s National Threat Assessment Center (NTAC) provides valuable information about mass attacks in the United States. The report examines attacks, from January 2017 through December 2017, where three or more were injured in public spaces. During this timeframe, 28 such attacks occurred and resulted in the loss of 147 lives and injury to nearly 700 others.

Threat Management Units

In the absence of enough threat management units (TMUs) and the ongoing debate over homeland safety funding and public safety initiatives, the NTAC report was disseminated to the Department of Homeland Security (DHS) Office of State and Local Law Enforcement, Fusion Centers, DHS Protective Security Advisors, International Association of the Chiefs of Police, and the Major County Sheriff’s Association. It provided insights into the targets, locations, and methods of attack. The backgrounds and behaviors of the perpetrators – including history of criminal activity, concerning behaviors, communications, mental health symptoms, stressors, and other factors – were explored and presented by the NTAC report.

Public sector organizations of all types share commonalities in their respective operational missions (e.g., investigative, protective, emergency preparedness, health and safety capabilities). These organizations share in the collective challenges presented by diminishing financial, personnel, and subject matter expertise resources.

Due to these circumstances, the establishment and enhancement of existing TMUs is a vital component required to successfully identify risk factors, create an environment that reduces or prevents acts of violence, and mitigate the threats of violence posed to the public. Law enforcement and public safety professionals serve a critical role in the threat management process. The immediate and effective response to all threats against the public and facilities is essential to the successful execution of this grand mission requirement.

TMUs should deliver a comprehensive, coordinated, and multifaceted investigative approach and response to all threat-based intelligence. An effective and wide-ranging threat management process organized through a TMU results in a timely, comprehensive, and factual based recommendation, assessment, and evaluation of the risk of violence toward the public, facilities, or events.

The threat environment has evolved despite numerous successes of public safety professionals in the identification and mitigation of foiled attempts to disrupt and cause harm. Bad actors and lone individuals prepare daily to hone their tradecraft on new ways to inflict maximal damage and instill fear among the populace. Lone offenders, homegrown violent extremists, international terrorist groups, and transnational criminals pose asymmetrical threats. The internet serves as an available platform for accessing and sharing these severe ideologies, propaganda, and threatening language, which can inspire acts of violence.

Given the number, types, and ways that threats expand, various elements contribute to a successful TMU program. Partnerships and training are two of the most pressing elements that must be continuously reinforced.

Partnerships are crucial because of information sharing, leveraging resources, and best practices. Partnerships create the dependable, trusted relationships needed during a time of crisis. Training reinforces what works and reduces gaps in response actions. Partners have to train with and without each other before a crisis in order to be ready.

Core Principles of Threat Management Units
©iStock.com/FOTOKITA

Lessons Learned From the Secret Service

Following are some of the lessons learned gathered by the author, a former Secret Service agent, who was tasked with solving complex problems in protecting Americans. The lessons were learned during the preparation required in securing high-profile elected officials and managing protective intelligence units and investigations.

Partnerships combined with training are the heart and foundation of a TMU. The revolving nature of ubiquitous threats demand the development by law enforcement, public, and safety professionals of new nontraditional countermeasures. These countermeasures must be both proactive and comprehensive, utilizing the full complement of their investigative and protective capability and fully exploiting global, national, state, and local resources.

Community partnering. All threat intelligence activity – including investigative, protective, social media monitoring, tracking, and trend analysis of suspicious reports and activity – yields more positive results with a renewed focus on community partnering. Paramount in this tool kit is the need for increased outreach and liaison with internal and external partners. Agency leadership should ensure this initiative is conducted in collaboration, coordination, and integration across their organizations. It should also be done in partnerships within the law enforcement, mental health, and education communities with the public and private sectors in the specific communities they serve as well as in a broader geographical context. With this approach, the TMU establishes a holistic approach to the community.

Community intelligence. The concept of community intelligence as an informational gathering process involving key public and private stakeholders for receipt and dissemination of relevant ground-level information is a tool that should be exploited. Below are some examples of agencies where the professional experience, knowledge, skills, and abilities of their workforce should be fully leveraged and geared toward a singularity of focus. The identification, mitigation, and management of threats toward those whose safety they are charged with safeguarding are very important in the process. With so many places to gather information, the following list is a start:

  • State Fusion Centers
  • FBI – Joint Terrorism Task Force
  • DHS – Office of Intelligence & Analysis
  • U.S. Attorney’s and State Attorney’s Office Liaison
  • Mental and Community Health Centers
  • University and Community College Police
  • School Boards & Associations
  • Airport Intelligence Liaison
  • Homeless Shelters and Community-Based Organizations

Suspicious activity. Each community partner defines “suspicious activity” differently. It is helpful to define and know how every partner defines this term. In the case of building a TMU for the Secret Service, suspicious activity is defined as observed behavior reasonably indicative of preoperational planning related to terrorism or other criminal activity. Community partnerships can be sustained through information sharing of all types of suspicious activity with all law enforcement, public safety, and private sector stakeholders. The benefits include a more fully engaged interagency collaborative. Guidelines to follow are outlined in the Nationwide Suspicious Activity Reporting Initiative led by the National Criminal Intelligence Resource Center. A good checklist to read is “10 Ways to Integrate Suspicious Activity Reporting Into Your Agency’s Operations.”

Individual and shared responsibilities. Law enforcement, public safety and security, government, and private sector agencies have a key role to play in safeguarding the public. However, the role of individuals and their importance in playing an active part in this joint effort cannot be undervalued. The collective goal is the development and enhancement of a TMU with a seamless threat identification and mitigation plan to create a safe and secure environment.

Free resources. The complete leveraging of existing partnerships and capacity by law enforcement and public safety professionals may be accomplished at a minimal cost to the agency. These professionals should build on their trusted partnerships with government and private industry to gain expertise in the realm of threat identification and mitigation. The professional development and immersion of its supervisors and employees in the principles of threat intelligence, investigative principles, and risk management will, in time, permeate the culture and daily practices of the workforce. Law enforcement is increasingly using threat intelligence as a tool for threat mitigation in areas such as school and workplace violence. As such, numerous complimentary resources available – such as associations, newsletters, and alerts – should be tapped.

Multifaceted Training

A robust training program needs to be established in conjunction with a comprehensive outreach program to enhance the skill set and strength of existing partnerships. The establishment of a proactive training methodology is necessary for the conception, development, and execution of public safety planning. The emphasis on training should be addressed by leadership and subsequently reinforced to all civilian, law enforcement, and private sector partners. A multifaceted training program should be developed, consisting of numerous tabletop and dynamic exercises in support of the threat management process.

The tabletop exercises should introduce a range of scenarios that could affect the protected people, facility, or venue. Scenarios should be all encompassing and meant to facilitate responses from law enforcement, fire, medical, emergency management, and legal professionals. The purpose of the training is to ensure a continuity of operations concerning the command and control function, particularly during a multipronged response platform.

A successful training methodology is one that prepares stakeholders for the unforeseen event, despite deficiencies in resources, personnel availability, and time. Professional trainers and those with subject matter expertise can adeptly infuse their professional experience, knowledge, and abilities to complement the skills of a veteran workforce across multiple organizations. A professional training program would help foster a collaborative learning environment to address challenges facing the public safety community.

Training programs focused on mental health, work-life balance, stress and violence indicators, social media monitoring, trend analysis, outreach, and suspicious activity are an integral part of an effective TMU. “The use of TMUs remain the most viable and effective method for recognizing and disrupting planned attacks of targeted violence” (Behavioral Threat Assessment Center, Department of Justice, October 2013).

These lessons learned recommendations incorporate the best practices of information gathering for the expansion of partnerships and training, resulting in improved results and better functioning TMUs. The goal is to expand the reach and effectiveness of law enforcement and public safety agencies’ coverage, capacity, and capability. Implementing these best practices would increase mission effectiveness and improve aptitude to outline and communicate trends in potential violence-related activity, specific threat reporting in the impacted zone, threats to critical infrastructure, and overall situational awareness of intelligence matters with explicit impact on the specific organization.

Michael Breslin is the strategic client relations director for LexisNexis Risk Solutions, government. As strategic client relations director for federal law enforcement, he plays a critical role in further driving the expansion of executive relationships and innovative solutions designed to meet the evolving needs of law enforcement agencies. He has more than 20 years of federal law enforcement experience working with the United States Secret Service and the Department of Homeland Security. Before joining LexisNexis Risk Solutions, he served as deputy assistant director for the Office of Investigations for the Secret Service, where he oversaw the planning and coordination. Throughout his career, he has initiated and managed transnational cyber and financial crime investigations of network intrusions and the theft and safeguarding of data and information from corporate, financial, and government institutions. He helped develop security solutions that protected U.S. and foreign dignitaries and facilities including the U.S. president, vice president, and visiting heads of state. As the special agent in charge of the Criminal Investigative Division of the Secret Service, he led a staff of 153 administrative, professional, technical, and special agents working on counterfeiting, financial, electronic, and cyber crimes. He holds a bachelor of arts from St. John’s University, Queens, New York. He also holds a master of science degree in national security strategy and a graduate certificate in business transformation and decision making from the Industrial College of the Armed Forces, as well as a master of public administration from John Jay College of Criminal Justice.