Executive protection is a profession that has an extensive history. This tradecraft began back in late B.C. to 312 A.D., with Roman protection groups that guarded emperors. The purpose of executive protection has evolved significantly since the Roman Empire; however, it remains a primarily physical or kinetic focused protection methodology where high-value targets are protected from physical harm through various physical techniques. Training for executive protection typically involves firearms, defensive tactics, counterintelligence and advances.
Executive protection teams are often tasked with ensuring the destination of the principal is as secure as possible both from physical threats as well as performing technical security countermeasures (TSCM), otherwise known as bug sweeps on locations. Although executive protection is beginning to evolve slightly, incorporating cybersecurity protections, it is still woefully behind. If the principal is to be effectively protected, cybercrime attack considerations, intelligence and protections must be applied consistently within the executive protection tradecraft.
Cybercrime is now one of the most popular attack vectors used by criminals and bad actors. There are many reasons for this shift in tactic. Cybercrime provides a warm blanket of anonymity to its perpetrators. When done properly, the chances of getting caught are significantly less than in committing a kinetic or physical crime. Additionally, cybercrime is now easier to commit.
Committing a cyberattack no longer requires extensive technical acumen; YouTube videos and dark web forum articles provide step-by-step instructions on the distribution of ransomware or spyware targeted to a principal’s smartphone. The common criminal is learning more about how to orchestrate a successful cyberattack on their target without having to leave the comfort of their home. This shift has also enabled traditional crime to be enhanced through the use of technology, including technical crime job listings for hire out on the dark web.
Traditional executive protection techniques and tactics alone are no longer enough to effectively provide the 360 degrees of protection now required to keep a principal secure. The disparity between traditional protection tactics and cyber protection tactics will continue to grow as technology continues to proliferate in our society and society’s reliance and addiction to technology rises.
Society has become addicted to social media and technology consumption, enhancing the opportunity for cybercrime. Individuals are now programmed to want instant gratification and convenience. Consumed by “likes” and technological answers for all our daily tasks, our lives, likes and dislikes are less private than they have ever been in our history as a society and as a culture. We trust our intimate details to technology platforms without any consideration of how that data is protected or how it will be used.
This overexposure of data and pattern of life activity nurtures the potential for unlawful surveillance, stalking and cyber harassment. Principals can now be targeted by radical activists or hacktivists based on opinions that are not normally shared publicly. What we buy, what we eat, where we go, our intimate opinions, our relationship status, our geo location and our close circle of friends are all available for analysis and weaponization.
Disgruntled employees or simple differences of opinions can present both external and internal threats to the cybersecurity and physical security of the principal, their family or their close staff. This data, whether provided involuntarily or voluntarily, provides attackers with the ability to plan cyberattacks and kinetic attacks with an easier circumvention of the executive protection team. Any military or law enforcement leader will tell you that a successful attack starts with good intelligence gathering.
To effectively protect their principal, executive protection operatives must know every aspect of the latest technological attacks and understand exactly how their principals are exposed through their digital footprint, pattern of life activity and technology vulnerabilities. These techniques are not part of most traditional executive protection training programs and require enhanced technical acumen and cybercrime analysis skills.
From the device in our principals’ pockets, to their vehicle infotainment systems, to their home automation technologies, thousands of attack vectors are present. If the executive, members of their family, their close circle or associates over participate on social media, configure their smartphones or applications incorrectly, or do not protect their internet of things (IOT) devices, an attack is imminent, particularly if they are of high notoriety or high net worth.
Technical Security Counter Measures (TSCM) or bug sweeps are not designed for this level of cyber exposure analysis. Most TSCM sweeps focus on the leakage of RF or radio frequencies, LASER listening devices, or hardwired listening devices across a phone. TSCM is not designed to detect advanced malware on a smartphone that intercepts and transmits texts and voice data to a bad actor’s server through the Internet via a digital protocol. This exposure must be detected through digital forensic analysis, cyber threat hunting and digital indicators of compromise. Digital forensic analysis, cyber threat hunting and recognition of digital indicators of compromise are not part of traditional executive protection training; however, these advanced cybercrime protection and detection techniques are now a vital component of effective executive protection.
In summary, security teams charged with executive protection must adapt to the growing cybercrime threat. Many firms are becoming more aware of this need and partnering with specialty firms or adding technology specialists to their protection teams. Unfortunately, the disparities between the cost expectations of traditional executive protection and the addition of cybercrime specialists have not fully aligned due to the differences in skillset requirements. Effective protection now must include both traditional and cyber executive protection to help protect against the most dominant form of attack today, a cyberattack.