What is “Protective intelligence?”

To the executive protection analyst plugging away in a 24-hour operations center, protective intelligence is one thing.

To the security consultant with an MA or MS in psychology, protective intelligence means something else.

And to the US Department of Justice or the US Secret Service, it takes on another meaning.

No discussion of protective intelligence could be complete, without properly defining the term.
Therefore, let us examine the most frequently cited definitions of protective intelligence and how those definitions manifest in the day to day processes of protective intelligence programs.

#1. Protective Intelligence & Threat Assessment Investigations (Authors: Fein & Vossekuil)

“Protective intelligence—a less visible aspect of protection— consists of programs and systems aimed at identifying and preventing persons with the means and interest to attack a protected person from getting close enough to mount an attack and, when possible, reducing the likelihood that they would decide to mount an attack. Protective intelligence programs are based on the idea that the risk of violence is minimized if persons with the interest, capacity, and willingness to mount an attack can be identified and rendered harmless before they approach a protected person.” (P.24)

Source: Protective Intelligence & Threat Assessment Investigations: A Guide for State and Local Law Enforcement Officials (1998) by Fein, R. A., & Vossekuil, B.

#2. The Proactive Tool of Protective Intelligence (Authors: Burton & Stewart)

“In simple terms, PI is the process used to identify and assess threats. A well- designed PI program will have a number of distinct and crucial components or functions, but the most important of these are countersurveillance, investigations and analysis.”

Source: The Proactive Tool of Protective Intelligence (2007) by Fred Burton and Scott Stewart, Stratfor: Security Weekly

#3. Protective Intelligence: Applying the Intelligence Cycle Model to Threat Assessment (Author: Malone)

“Similarly, protective intelligence requires gathering information about potential threats; in this case the threats of interest are those against key public figures (protectees). Collection methods include a variety of investigative avenues and open source information, along with queries of specialized databases and other records.”

Source: Protective Intelligence: Applying the Intelligence Cycle Model to Threat Assessment (2015) by Rick Malone, Journal of Threat Assessment and Management, Col. 2, No. 1, 53-62

For simplicity, the above definitions can be paraphrased as follows:

Protective intelligence is an investigative and analytical process used by protectors to proactively identify, assess, and mitigate threats to protectees.


Breaking “Protective Intelligence” into Digestible Components

Armed with an adequate definition of protective intelligence, we can now mentally walk through the full process in the below phases.

ProtectiveIntelligenceinExecutiveProtection 1

Identify: How Do Protective Intelligence Teams Identify Threats?

The most fundamental step in identifying threats to key assets/personnel is conducting a through risk threat vulnerability assessment (RVTA).  This allows the organization’s entire security apparatus to implement proactive measures at various levels, before a threat materializes. In addition, it allows efficient allocation of finite security resources by decision makers.

Once an RVTA has been conducted, and appropriate security measures are implemented, then the protective intelligence team may rely on observations from security and non-security staff. These may include any combination of the following, as an example: static security staff, counter-surveillance personnel, executives, executive assistants, household staff, corporate security staff (other than executive protection), and more.

This leads us to one of the biggest obstacles in the protective intelligence process: data. What types of data do protective intelligence professionals need to collect and how can they store it for current and future analysis?

All of the information that the protective intelligence team comes in contact with, is data: security officer reports, person of interest (POI) descriptions, field observations including vehicle descriptions, license plate information, and written communications to the protectee, etc.

All of the protective intelligence literature places great emphasis on data storage. If a protective intelligence team does not have the ability to retrieve data on past incidents or POIs, then it is being largely reactionary—acting on whim of the moment, masquerading as proactive security. Having the ability to retrieve data on past incidents or POIs, affords the following opportunities to the protective intelligence program: (1) accurately assessing the behavior of POIs over long periods of time (2) reliable data for potential litigation (or law enforcement action) against POIs (3) hard evidence to support security program effectiveness (4) identify trends and patterns over time.

Assess: Are They a Threat, or Not?

Protective intelligence researchers begin their assessment process by outlining their research project: problem/definition, data collection, data analysis, and report preparation. This process could be summarized in a short series of bulleted questions:

  • “What does the executive protection manager need to know?” (Example: A common answer is that management needs to know if the POI is a threat and if so, to what degree, and what recommendations does the analysts have.)
  • What data is needed, where can it be collected from, and how can it be collected efficiently (systematically)?
  • What hypotheses can be supported or discounted given the data?
  • What report structure does the consumer (executive protection manager) prefer?

After protective intelligence researchers have outlined their project and reviewed inputs from the Threat Identification Phase, they can begin their investigation. The investigation may include (but is not limited to) any of the following: security officer reports/chronologies, human resources reports, open source intelligence (OSINT) research, proprietary database research, and potentially consultation with psychology professionals.

Mitigation: What Strategy Will Create the Safest Outcome for the Protectee?

At the conclusion of the research phase, the protective intelligence team should have sufficient support for why or why not the POI is a threat, and to what degree. Now, the decision makers can use that information to decide on the preferred course of action, one that will produce the safest outcome for the protectee.

Regardless of the type of mitigation strategy agreed up on and implemented by decision makers, it will require consistent monitoring and reassessment.  Monitoring, also referred to as threat tracking, can take many forms. The protective intelligence research process typically reveals public social media profiles of POIs that can be monitored daily for updates. However, some organizations may see a benefit in conducting physical surveillance on POIs, or seeking assistance from a third-party that is close to the POI. Monitoring can take many forms.

This stage highlights one more obstacle for protective intelligence programs: Threat Tracking. A protective intelligence program may have 5, 10, 20, or more active threat cases to monitor at any given time. How does one allocate resources to track active threat cases, and by what systematic process are active cases reassessed? There is no simple solution to these questions, but they will be explored in greater detail in future articles.

For protective intelligence teams, monitoring and reassessment are an ongoing process, and many times there is no clear-cut indicator for when a particular threat case can be put to rest. It will depend on the judgement of protective intelligence analysts and decision makers.

Although protective intelligence is a complicated process that runs parallel with other complicated processes, it can be described in simple terms:

Protective intelligence is an investigative and analytical process used by protectors to proactively identify, assess, and mitigate threats to protectees.

Thank you for reading this through examination of the term “protective intelligence.” This point of view will serve as foundational knowledge for upcoming writings.

Author Credit: This article was written by the Protective Intelligence contributors, Thomas Kopecky and Travis Lishok.

About The Protective Intelligence Blog

By every metric, the role of protective intelligence is growing increasingly important for your security program, as it operates domestically and (especially) internationally.  Protective Intelligence is our medium for understanding not only threat matrix and risk level, but also trends, problems, solutions, as well as ideas to support the mission of protective security professionals.  The speed by which we can send and receive information, and the amount of information we need to evaluate, has eliminated problems in some areas and exponentially compounded problems in others.  Our team seeks to address issues stemming from these problem areas, offering next-level analyses and proven solutions with an eye toward the future.

Our content contributors come from organizations involved in protective intelligence research, corporate executive protection, threat assessment investigations, and related security intelligence fields.