10 things EP providers and their clients need to know about surveillance detection

September 22, 2015 - By Ivor Terret

Tags: ,

Executive protection providers and clients have recently experienced an upsurge of interest in surveillance detection (SD). We’re seeing more articles and blogs posted on the matter, and we’re fielding more questions on SD than ever before. AS Solution has provided surveillance detection (SD) agents for a number of our clients for years. We also hold SD training courses for agents working in both the private and public sectors. This blog is not an SD how-to; there are already plenty of those on the web, some accurate, many less so. Rather, we aim to address the ten most common questions we hear about SD, especially as it concerns executive protection efforts in the US private sector.

1) What is surveillance detection?

SD is a series of covert procedures and tactics that are designed and implemented in order to confirm or deny whether there is hostile surveillance of a principal, place or event. SD takes place over a given period of time and, where relevant, over distance. The aim of SD is to prevent a hostile act before it happens by identifying the surveillants and thus enabling disruption of the attack in the planning phase.

2) Why does SD matter?

Most attacks require pre-attack information to succeed.

For that reason, hostiles need to be in the field to collect and/or verify information. The presence of hostiles in the field is the Surveillance Detection Agent’s (SDAs) or Surveillance Detection Enabled Agent’s (SDEAs) opportunity to detect them prior to the actual attack, and thus disrupt the attack before it happens.

3) What type of protected objects is SD suited for?

Any object (persons, fixed sites, events, etc.) that is under significant potential threat may be suitable for SD operations.

4) When and where should SD be conducted?

SD activities may be a 24/7 function or they may be conducted at select times. Often, SD activities are added to traditional corporate EP programs on an ad hoc basis due to heightened risk scenarios.

The addition of SD to a protective detail is particular to each assignment, so divulging the precise variables that warrant it should be considered an OPSEC violation.

5) Aren’t SD, counter surveillance and covert protection the same thing?

At the risk of splitting hairs, not exactly.

SD is responsible for actively discovering hostile surveillance, whereas counter surveillance (CS) is tasked with actively preventing hostile surveillance as well as conducting surveillance operations on the hostiles themselves. In other words, SD strives to detect hostile surveillance while CS aims to negate hostile surveillance. So while there is indeed some crossover, SD is more passive than CS.

For the most part, Surveillance Detection Agents (SDAs) or Surveillance Detection Enabled Agents (SDEAs) conduct SD operations based on the existing environment. Counter Surveillance Agents, on the other hand, often attempt to control or modify the environment to one extent or another in order to prevent hostile surveillance.

Covert protection refers to tactics used to protect the principal, place or event while concealing the true function of the agent. While the covert protection agents should indeed be aware of surveillance, they are primarily concerned with preventing a hostile act. Should an attack be imminent, they act as an interdictory force to create time and distance between a threat and the protected object.

I have come across some private sector details who refer to SD as CS as covert protection. This can be confusing to principals, detail managers, team leads and the agents themselves. Whereas a Surveillance Detection Enabled protection detail has the skillset and knowhow to conduct SD operations, an SD agent is not equipped to, nor responsible for conducting protective operations as an interdiction force.

6) Who conducts SD?

In the public sector SD operations are conducted by dedicated Surveillance Detection Units (SDUs), which are comprised of specialist SDAs.

In the private sector, however, there is only a small handful of dedicated SDUs. Most SD operations in corporate EP are conducted by protective agents who have undergone specialized SD training. Unfortunately, we also see private sector SD operations carried out by agents with no dedicated training; of course, such operations are largely ineffective against a genuine threat.

7) How is SD different in a corporate environment?

The dedicated SD agent is typically distanced from the principal, and observes the red zone from the outside in. This is in order to detect surveillance from outside the red zone, where surveillants may be. As such, the SDA is typically not in a position to react to imminent threats in an interdictory manner.

As most private sector EP programs do not possess the budgets required for dedicated SDUs, the concept of SD-enabled agents (SDEAs) was born and developed. Protective agents (whether they are covert, low-profile or overt) who are SD-enabled are trained to detect correlations over time and distance which may indicate hostile surveillance. They may detect surveillance while working in a close protection role, or they may be moved from a close protection role to outside the red zone if circumstances dictate. In other words, they are trained both to look outward to detect potential threats, and to look from the outside in as required.

8) Who should run SD operations?

Only experienced Surveillance Detection Agent team leaders or managers should run an SDU or an SDE protective detail.

9) What is the role of data analysis in SD?

The data analyst is key in mapping correlations which may indicate hostile surveillance.

The data analyst may be a dedicated function within the unit, or it may be a field agent with additional responsibility. Lack of a data analysis greatly reduces the value of Surveillance Detection Reports (SDR’s) and reduces the effectiveness of the SD field effort. Consider the field agents as those tasked with bringing all the ingredients to the kitchen and the data analyst as the chef who knows how to transform the raw materials into a finished product.

Data analysis is the missing link of private sector SD. Unfortunately, many private sector SD or SDE details do not include a data analyst function.

10) Who should teach SD?

SD should be taught by former or current SD field agents with field and teaching experience.

SD employs a highly specialized skillset that cannot effectively be learned from instructors that have not actually worked a significant amount of SD assignments, had successes and made mistakes. Knowing how to impart knowledge – combined with the experience of success and failures in the filed – makes an effective SD instructor.

SD is not the end all and be all of protection strategies

Protective strategies should be the outcome of thorough risk, threat and vulnerability analyses (RTVAs). There is no one-size-fits-all solution, and certainly no one has an unlimited budget.

The Security Master Plan is the document which describes in detail both the strategy and the tactics to be used in order to mitigate identified risks (as identified in the RTVA). SD may be a part of the Security Master Plan, but it is only one component of the overall strategy – and very seldom the entire strategy.

When used as an integrated element in corporate EP, corporate campus security or corporate events, however, the SD function can be a powerful means of enhancing the overall security of the principal.


Ivor Terret

Vice President

Ivor Terret, a preferred specialist partner of AS Solution, is currently based in Israel, where he was a founding member, team leader and instructor of a government Surveillance Detection and Covert Security Unit tasked with protecting Heads of State and Strategic Sites. Prior to joining the unit, Ivor was the first in South Africa to lead a security organization securing 60 medium to high-risk sites in Cape Town.

In addition, Ivor has designed and implemented security master plans for covert counter-terror units and high-risk facilities and has consulted on a myriad of projects including business parks, hotels, residences, high-risk facilities, and factories. Ivor brings over 23 years of international counter-terror experience at both the official and private sector levels. In addition to consulting and operations, Ivor has instructed hundreds of students including high-risk facility security teams, government covert VIP units, government surveillance detection units, hotel security senior management, aviation security personnel and senior management, specialized law enforcement and counter-terror units as well as corporate EP and SD units.

Ivor is an authorized counter-terror instructor meeting the standards for counter-terror security procedures as set forth by the Israeli Police Force. Ivor served as a combat soldier in the IDF for a total of 13 years (including reserve duty) as well as in the Israeli Police Force in the Old City of Jerusalem. Ivor holds an MSc in Security and Risk Management from the University of Leicester where he was awarded the esteemed Dissertation of the Year Award for his research. Ivor was the elected Chairperson of the ASIS Israel Chapter in 2016.