Security plans are evaluated, first and foremost, by how well designed they are, and by their appropriateness to address the threats, taking into account the secured organization's particular characteristics.
In a routine combat situation, forces are deployed one facing the other, each having an equal opportunity to plan and implement defensive and offensive actions. The party that is more skilled will destroy and conquer, while preserving its assets. However, security is a different type of combat; it is not a level playing field; it is not about attacking, but rather about defending human lives and assets. The adversary, on the other hand, attacks; it does not defend. Each side's starting position is significantly different from the other's. Furthermore, the adversary benefits from a strategic advantage – he does not have to achieve success in each attack. Even after repeatedly failing, if he achieves his goal once, he will have attained complete success. In contrast, if the security unit fails once, even after thwarting dozens of attacks, its failure will be eternal and absolute.
On a tactical level, the adversary benefits from the advantage of surprise. He also enjoys the advantage of preparing for an attack that he will execute at a point in time of his choice, against a target of his choice, at a location of his choice, implementing his preferred mode of operation; while the security unit must be prepared at all times, at all locations and most importantly – ready to effectively respond to all the adversary's possible modes of operation. Additionally, the adversary benefits from the fact that security units find it difficult to maintain a high level of preparedness during prolonged periods of routine activity. On the other hand, security units benefit from the advantage of quality, belief in their cause and their close familiarity with the environment they operate in, and their command of the secured site. If we add to human advantage to our side of the equation, it is more or less balanced.
He who plans ahead best will win.
Once the potential adversaries have been identified and defined, and the threats graded from high to low, the analysis of the of the adversaries' possible modes of operation (PMOs) form the basis for designing the security response. The expression "security as reflected in the adversary's PMOs" does not only mean that the security plan is measured in the quality of the response to the known PMO, but also, and perhaps – mainly, in our ability to determine all his PMOs. As good as the security system may be, it is totally worthless if the adversary manages to implement the one and only PMO that the security system has not been designed to address.
The Assassination of the Prime Minister of Spain – Admiral Luis Carrero Blanco.
On December 20, 1973, when exiting a church in Madrid in which he had been praying, the Spanish Prime Minister Luis Carrero Blanco was assassinated by members of the ETA terrorist organization. The terrorists planted a bomb in a tunnel that was dug under the road on which he was being driven, and detonated using a remote controlled activation mechanism. The Prime Minister, his driver and bodyguard were all killed, and four others were injured.
Luis Carrero Blanco, a former admiral in the Spanish navy, was known for his nationalist beliefs and his militant approach to political separatists, such as the Basque movement. He was appointed Prime Minister in 1973. Since his ties with supporters of the monarchy were no secret, the appointment was considered as a step taken by General Franco in preparation for reestablishing the monarchy in Spain – an idea that was considered as a provocation by many among the silent public majority Spain in general, and by separatist organizations like ETA, in particular.
Holding a key position in the regime, and in view of the threats he faced, the security arrangements implemented to protect Admiral Carrero were at a scope worthy for the head of a fascist state (although it was General Franco, and not him, who headed the pyramid). Admiral Carrero was protected by national guardsmen at a scale of a brigade. His residence and office were surrounded by fences, with massive military presence. His car was always escorted by a security convoy, headed by two motorcycles that led the convoy and ensured that the road was free of obstacles. These were followed by a police car and a military armored personnel carrier. Behind the official car carrying the Prime Minister drove another armored personnel carrier, followed by another police car. Admiral Carrero always sat in the back seat of his official car, with his driver and bodyguard sitting in the front.
Every Sunday, Prime Minister Carrero prayed at the same church in which he had been praying for dozens of years. He was driven to the church and back along the same route each time. The intersections were closed to traffic several minutes before his convoy crossed them. This was Admiral Carrero's routine for years, since the days prior to his appointment as Prime Minister. It may be assumed that in view of the massive security arrangements implemented, those responsible for his security did not regard this regular pattern as problematic.
On the way to church, the convoy passed Juan Bravo Blvd. ETA noticed an ad in the paper offering a ground floor apartment for rent on this boulevard, and seized the opportunity. A young man approached the landlady and rented the apartment, paying cash for 6 months in advance.
Over a period of several weeks, the terrorists dug a long tunnel from the apartment to the center of the boulevard, and planted a bomb of dozens of kilograms of explosives. Two electrical wires connected the bomb to the apartment, to enable remote detonation.
On December 20, 1973, when the Prime Minister left the church and was on his way home, as his official car passed above the lethal bomb, the terrorists detonated it. The vehicle was propelled above the adjacent four story building, and landed in its back yard. The Prime Minister, his driver and bodyguard were killed instantly. The adversary fully achieved his goal. Security failed miserably. Its failure is, as stated above, complete and everlasting.
The lessons learned from this incident may be classified into tactical ones and strategic ones.
The main tactical lesson that can be learned from the above incident relates to breaking routine. Maintaining routine presents the adversary with opportunities to carry out attacks. Furthermore, routine that is maintained over an extended period of times allows the adversary to make long-term plans, avoid hastiness that may lead to exposure or failure, and wait for the opportune moment that will increase his chances of success.
The expression "breaking routine" is often misleading. It is perceived differently by the adversary, by the protected organization or individual and by those responsible for security. For example, an activity that takes place once a week may seem non-routine to the individual being protected and even to the security team, but will most certainly be regarded as routine to the adversary, and he will exploit it. Therefore, when a security agent performs a security search along the access roads to a facility and along its external walls when he begins the morning shift, he should be aware of the fact that he may regard this as an activity that is performed only once a day, yet the adversary will perceive it as a routine activity. Moreover, the security agent must be aware of the route taken by his predecessors and not replicate it (for example, change the order in which points along the route are visited, without reducing the effectiveness of the search itself). It is also possible to create a routine not by the same person, but by different people belonging to the same organization, who conduct routine activity that exposes them as a target to the adversary, without them being aware of it. For example, different representatives of the organization who stay at the same hotel, each replacing the one before him; or a flight crew dining at the same restaurant every day at the same hour. From the adversary's viewpoint, these are one and the same. The targeted flight crew, in this case, maintains a routine, even if it is the first time its particular members dine there. Routine is an adversary, and must be treated as such. It must be resisted – assertively and with determination.
At the strategic level, "security as reflected in the adversary's PMOs" is itself the main lesson learned from the incident. Admiral Carrero Blanco's security team allegedly performed effectively. Attacking a secured target at his office or home appears to be a suicide mission, or in the very least – is very difficult to realize; attacking a convoy also appears to be illogical – this may be perceived to be deterrence at its best. However, the adversary took action in a different manner; his choice of place and time was not surprising, it was the mode of operation that was. When the mode of operation chosen by the adversary is unknown to the security unit, it fails to prepare itself to deal with it, leaving the door open to the adversary.
"The adversary has three PMOs, and he will choose a fourth". Numerous articles have been written about military surprise in battle. The Biblical leader Joshua conquering the city Ai; Alexander the Great with his small army faced the huge Persian army in Gaugamela; Admiral Nelson with the British fleet at Trafalgar, facing the much larger combined fleet of France and Spain – in all of these, success was achieved through the choice of a mode of operation that was based on the definition of the routine and was unanticipated by the adversary. When the adversary chooses a mode of operation that the security unit is familiar with, the equation of opening positions is maintained, and the best side will win. However, when the adversary chooses a mode of operation that the security unit did not take into consideration and prepare for, he can plan and execute an attack with minimal resistance. In most cases, when conclusions are drawn after an incident occurs, it is found that had the security unit been familiar with the method of operation, it would have easily foiled the attack.
In the terror attacks of 9/11, terrorists hijacked four aircraft and used them as manned bombs. If this mode of operation had been one that the US security bodies could have envisioned, all they would have had to do to thwart the attacks was lock the cockpit doors, as was indeed done after the conclusions were drawn. The simplicity of the solution is often apparent post factum
The level of professionalism of the security expert designing the security system is measured, in this context, in his capacity to identify and analyze the possible modes of operation that the adversary may employ, since only then will be able to develop a solution to counter them. Identifying adversaries' PMOs is a qualitative, as well as a quantitative indicator. Here as well, the equation is not balanced. It’s possible, and is usually the case, that the secured party prepares to deal with a wide range of modes of operation, which the adversary has not identified. But if he does identify even only one single mode of operation that the security team did not consider, he stands a good chance of executing a successful attack.
The question therefore arises – how, and using which tools, should we analyze the adversary's PMO in the optimal manner. An attempt to try to think like the adversary is not the right way to accomplish this goal; this should never be done. Any such attempt is a gambler's concept and will lead to an erroneous analysis. When performing the analysis one can, however, benefit from past experience, knowledge of the adversary's preferred modus operandi and intuition (yes, most definitely!). These are important tools, but they are not enough. Disregarding modes of operation that have already been implemented by the adversary is a negligent approach; but relying on the past and failing to anticipate the adversary's creativity in the future is no better. Becoming familiar with the adversary and his modus operandi is also very important, but it does not regard the adversary as a "learning organization" that draws conclusions and is innovative. Intuition is powerful, but also has weaknesses. The way to explore the issue of adversaries' PMOs is rational and structured, and is based on an analysis of their capabilities. Past experience, scrutinizing the modus operandi and intuition are shortcuts that allow us to identify numerous adversary PMOs. The analysis of the adversary's capabilities is the ultimate tool for this purpose.
In order to analyze the adversary's capabilities, we will learn the means, tools and people at his disposal. We will not deal here with the question of the adversary's motivation and will not ask how he thinks. We will examine which weapons he has access to, the period of time he has to plan an attack, his means of financing his activities, his intelligence capabilities, his ability to infiltrate activists into the target area (documentation, use of foreigners, constructing cover stories), his logistical tools and the logistical assistance he may be able to receive. This is a painstaking process, particularly when dealing with adversaries that include terrorists and criminals, including those involved in theft of information. This is the basic element in the work of risk analysts, security system designers and security managers.
"Security as reflected in the adversary's PMOs" is an unstable indicator, and should be treated as such. It is another characteristic of the "realm of uncertainty" and a never ending task. A good commander will be wary of inertia. He will continue investigating, brainstorming with members of his team, and will continuously search for additional modes of operation that the adversary may employ – ones that he has not yet been identified. And when he identifies one – he will appropriately address it, and repeat the process.
The security response to the adversary's PMO will be measured by its relevance, effectiveness, precision and the manner in which it integrates into the security plan. This is how a dynamic and renewing security system operates – it never remains stagnant, relying on its strength.