Intelligence centres and GSOCs and their significance to security
Terrorism, major crime and disorder, organised crime, cybercrime, various forms of activism and protest are all challenges that security professionals frequently face.
Furthermore, organisations are increasingly concerned by extreme weather events and the impact on security. Social media and new approaches to intelligence sharing mean that organisations are able to take more ownership of pro-actively managing these events, rather than relying solely on the UK’s security services.
The evolving nature of intelligence sharing
Of course, the police and government agencies remain the lead on the UK’s security strategy. With resources becoming finite, links have become stronger between the public and private sector as law enforcement and government agencies are becoming more forward-thinking in working with the private sector. Intelligence sharing with trusted partners within the private sector security sector is becoming more common, strengthening data-gathering opportunities and, inevitably, resilience.
Private security companies are building expertise in this area by creating intelligence and communication capabilities that pull together expertise in intelligence analysis, operational understanding and communication. These functions come in various guises, but most commonly as a Global Security Operations Centre (GSOC), due to the globalised nature of business. GSOCs are a valuable asset in the security toolbox, helping organisations to benefit from an intelligence-led approach to security.
Establishing a GSOC
The GSOC’s primary role is also to be a robust conduit for communication and situational intelligence during major incidents, to improve decision-making for all members of an incident command structure, and the deployment of the most efficient operational steps.
The strategy for an organisation investing in a GSOC, whether outsourced or in-house, is created around the need to have a more strategic and proactive approach to security planning, and to prepare for any type of major incident that may affect its people, assets and the brand.
Once the major incident needs are established, an organisation may consider additional activities that include pro-active intelligence reporting or travel risk and tracking services.
Technology is at the heart of the constant data gathering, analysis and communication. Cross-referencing social media and conventional media is crucial for intelligence analysts to quickly assess a security threat. To that end, tailored web-crawling platforms are essential tools for today’s GSOC to enable analysts to gather relevant data, assess it and communicate with customers with timely and relevant information. This is, in fact, one of the key attributes of a successful intelligence hub: being able to make sense of the data without being over-whelmed by information.
Although technology is fundamental to the ability to collate and access data and intelligence, the people are a fundamental part of a high functioning GSOC. Employing a diverse group of security analysts from military, police, government and private sector backgrounds helps create a more robust and rounded approach to gathering data and assessing security threats. The diversity of skills is important so that the breadth of security risks can be assessed accurately, and there is assurance that the information received in the event of an incident is reliable. Further, debriefing of major incidents is crucial to capturing the learning outcomes and helping prepare all stakeholders for similar future events.
When it comes to team effectiveness, of course all of those analysts come with their own networks. They can help establish closer working relationships with peers within private sector intelligence organisations and with law enforcement and government partners. This provides resilience, efficiency and creates an environment where intelligence teams enhance their understanding and methodologies by working with each other.
Major incident management
During major incidents, whether they relate to global assets, people or international business travellers, the security teams on the ground are focused on dealing with the incident. The GSOC takes on the role of briefing decision-makers and communicating key messages as the analysts have access to real-time situation analysis.
The intelligence gathering at this stage becomes centred around the incident, monitoring social and conventional media channels to assess the potential impact for the organisation.
As an example, the recent terror attack in London prompted the VSG GSOC to utilise its situational intelligence platform, web crawler and mass communication tools in combination to issue up-to-the-minute written and verbal briefings. The team helped its stakeholders understand the situation clearly and assisted decision-making in real-time. In the aftermath, an in-depth debrief document was prepared that helped to make sense of the attack. It will be used to suggest changes to security protocols for those organisations, their assets and people.
Pro-active security planning
Outside of dealing with major incidents, a GSOC pro-actively carries out assessments of threats to assets and people, as well as the potential for reputational damage. Part of the challenge is to ensure that only real threats are communicated. These threats might include extremist behaviour, protests and activism, major crime and disorder, cybercrime and environmental risks. The GSOC is well placed to facilitate tactical options such as engaging with law enforcement.
Of course there are opportunities to use the intelligence gathering and analysis for a range of other security situations. Take executive online vulnerability as an example. Assessing publicly available online information assists security teams with understanding the vulnerabilities the executive team and family members could potentially face. Individual asset risk assessments can be conducted on specific buildings including the potential for tenants to attract protesters, nearby crime trends and physical vulnerabilities.
Benefits to the wider community
Another key success factor is to understand how the security services operate to establish a common ‘language’ or ‘engagement’. A good example of this is the National Intelligence Model (NIM), used by police and security services in the UK. Working to NIM reduces ambiguity, ensures swift exchange of information and the ability for intelligence gathered by a GSOC to be used as part of a formal police or security services operation.
Response to a changing world
The diverse nature of emerging threats, from urban free climbing to cyber attack, means that constant vigilance and assessment are at the heart of any security strategy. Intelligence-led security is fundamental for effective pro-active planning as well as the operational response to any incident.
Head of Business Intelligence Services VSG