Applying the Intelligence Cycle in our New Days of Rage
Learn how the time-tested framework can help you understand and manage threats that may arise during this election cycle
Former President Donald Trump survived a second assassination attempt by a sniper, this one on his golf course. In Springfield, Ohio, Gov. Mike DeWine has sent in state troopers after extremists began marching through town, and a week of politically motivated bomb threats prompted school closures. Political violence, which reached a high point in the “Days of Rage” that lasted from 1978 to 1972, may be re-emerging in the U.S. But what does that mean for companies?
In the popular imagination, political violence is often akin to a “black swan” event. It is rare, exceedingly devastating, and has shocks that last generations: the assassinations of John F. Kennedy, Robert F. Kennedy and Martin Luther King Jr., or the hostage-taking of American citizens and a CIA station chief in Lebanon.
Corporate security professionals are unlikely to face this type of event. To my knowledge, no CEO has faced a sniper attack on U.S. soil. But the U.S. right now is a stew of risk factors: a polarized electorate with little middle ground, high-profile CEOs taking the unusual step of entering into public discourse through social media, and ongoing efforts of extremist groups of all stripes to recruit and increase their ranks through digital media.
As a security professional, you must be aware of how this environment impacts your threat landscape. The intelligence cycle, a time-tested framework used by law enforcement, the military, and the gamut of three-letter agencies, can help corporate security professionals understand and manage additional threats that may arise during this election cycle.
The Intelligence Cycle
The Intelligence Cycle consists of five phases, from planning and direction to dissemination. Let’s examine how each phase might be applied to manage election-related threats.
01
Planning and direction
First, identify what your organization needs to protect — people, assets, reputation, and property. A baseline threat assessment is critical because it helps you understand shifts in your organization’s unique threat landscape. Political risks can alter this landscape because of geography or industry. For example, in the context of political violence, organizations with downtown offices might see risks associated with nearby protests or potentially dangerous events. Organizations, executives, and board members involved with controversial public figures or industries could face another set of risks. You have to be specific about how political violence might manifest itself and the risks it poses to your organization. If your executives have inserted themselves into the culture war via social media, you need to identify how this might pose a threat to the executive and the company and develop a way to collect information about these threats.
02
Collection
Identify the resources at your disposal to monitor for risk. Data and information-gathering processes are crucial. Technology can help security teams sift through large volumes of information from social media. One misstep I see many companies make is that their data collection focuses exclusively on themselves. It is important to identify industry-specific threats. One way to do this is to monitor risks to competitors and whether there is increasing chatter about them online, and whether the industry practices are being cast in a political light. But information gathering isn’t exclusively digital. Does your organization have a way to identify planned demonstrations near your building that may impact travel to and from the office?
03
Processing and exploitation
We often talk about finding signals in noise, but this stage of the intelligence cycle might best be described as making signals from noise. In other words, raw information must be converted into a digestible, analyzable format. It needs to be aligned with the organization’s priorities. For instance, if your company has ties to controversial political figures or industries, you might gather data to see if there is an increase in negative social media chatter. But rather than turn over raw social media posts, you might document the number of threats or categorize the threats that it can identify as carrying a higher risk than others.
04
Analysis and production
You’ve monitored social media for potential threats. What’s the trend line? Analysis is the heart of the intelligence cycle. It requires us to examine data for actionable insight. Think of an event from the recent news cycle: the plot by Islamic State – Khorasan (IS-K) to attack a Taylor Swift concert in Vienna. From the singer’s perspective, canceling more than one show in the city was prudent, given the unknowns of the situation. However, that data point may also have been important to other performers. Is there a risk of public attacks on other large events? We don’t really know. It’s hard to understand the impact of one-off events, but it’s the security professional’s job to package intelligence in a way that lets others make decisions.
05
Dissemination
The final stage of the intelligence cycle is about ensuring that the right people receive the right information at the right time. Effective companies often have cross-functional working groups to handle this process, ensuring that information is not only getting into the right hands but balanced with other concerns. Imagine, for example, that an investigation into threats made on social media aimed at a high-profile CEO turns out to be the work of an employee frustrated with the CEO’s political stances. Investigators may need to get information to human resources, but the legal team, the executive protection team, and the others. The working group should have a plan for who gets informed of what types of threats.
The right tools for the job
Most companies today use a range of disconnected tools to monitor for and mitigate threats, from access control logs to social media monitoring. But disconnected tools like this make managing threat data overwhelming, and political risk may increase the volume of information exponentially.
Effective use of the intelligence cycle requires using the right system for the job — one that’s specifically designed to centralize and manage extensive data effectively. These platforms are essential not just for gathering information in on place, but for transforming it into actionable intelligence that can be swiftly acted upon in fast-changing scenarios.
