Hostile Reconnaissance
Disrupting Hostile Reconnaissance
Organisations face a variety of threats; Terrorism, Activists, Corporate spies and Criminals. While these threats and their aims may vary, hostiles are united in their desire to succeed. Recognising they may not get a second chance to achieve their aims, hostiles will typically plan carefully. Generally, the more sophisticated the attack the more complex the attack planning and consequently the greater the information requirement and reconnaissance need.
This activity can be described as Hostile Reconnaissance.
CPNI defines it as Purposeful observation with the intention of collecting information to inform the planning of a hostile act against a specific target. Understanding hostile reconnaissance in the attack planning gives security managers a crucial opportunity to disrupt by creating a perception and assessment of failure by hostiles in two main ways:
- Denying them the ability to obtain the information they need from their research because they simply cannot obtain it, or they could but the risk of detection to achieve this is too high
- Promoting Failure: both of their ability to conduct hostile reconnaissance
(they will not be able to get the information, they will be detected) and of the attack itself.
Protective security strategies can therefore be focussed in the following manner to:
DENY
the hostile the opportunity to gain information
DETECT
them when they are conducting their reconnaissance
DETER
them by promoting failure through messaging and physical demonstration of the effective security.
This approach will play on the hostiles concerns of failure and detection.