Well, let us look at that this way: If there are indeed 1,000 open probes, then there are at least 1,000 potential opportunities for an attack here on our homeland. That means that for us to stay safe, the FBI has to thwart all 1,000 potential opportunities. Conversely, for ISIS to be successful, it only needs to get one potential opportunity right in order to cause any type of mass-casualty event. ISIS can afford to fail 999 times; the FBI cannot afford to fail once. Who has the advantage?
It took eight terrorists to carry out the attacks in Paris and cause 130-plus casualties with another 350-plus injuries. It took 19 terrorists to carry out the attacks on 9/11 and cause nearly 3,000 casualties with countless more injuries. The FBI and other law enforcement agencies, as great as they are, simply cannot protect all of us all of the time. These agencies need our help, and we must not shy away from our responsibilities as citizens.
Safety and security professionals, both here in America and around the world, ask that if you "see something," you "say something." I know that sounds easy, but too often it is not practiced, and as a result, we see attacks carried out with casualties and injuries. So what are we looking for, and what do we say?
Let’s start with saying something to the right people. If you do "see something" that raises your suspicion, then you need to report it right away to any law enforcement agency with as many details as you can provide. You cannot be afraid to offend anyone! It is better to err on the side of safety than to fail on the side of political correctness. Report your suspicion and let the agency conduct its surveillance and decide whether to pursue or not pursue from there.
So what are we looking for? Well, that is not so easy, but let us look at that from a “red teaming” perspective. Red-teaming is essentially "thinking or seeing things from the adversarial perspective" and then using that perspective to deploy safety and security measures in order to minimize or stop a threat you may encounter. There are more details to it than I have just laid out, but hopefully you get the idea. When you red-team something, like a building or a network, you are looking to exploit the weaknesses and then share those findings with the responsible stakeholders in order to correct the possible points of breach. A good red-teamer will look for the "baselines" and "anomalies" of a target and study them in order to find ways to breach the system. This is absolutely true, and I myself have learned over the years, through practice of good observation, that everything has baselines, and all baselines have anomalies. I'll write more on this later, but for this discussion, let’s keep it simple for now. What is a baseline? Simply put, it is a set of data used as a basis for comparison. Let’s use this as an example: Every morning you go through a routine, from getting up, getting ready for work or school, pouring your coffee, and leaving your house. When you leave the house, you always close the garage door and drive away. This morning routine is your baseline that you follow almost to the minute each day. When you return home, you notice the garage door is open. Your first instinct is to look to see if anyone might be home, but once you establish that nobody is around, you immediately become suspicious. The open garage door is the anomaly because it is not right and does not fit the baseline. I know this sounds like a simple comparison, and it might be too simple for some, but hopefully you get the point. The point being that we can use baselines and anomalies in order to help prevent an attack from taking place; we just have to be aware and know what looks suspicious.
Everything has a baseline, from our morning routines to the route we drive to and from work to the offices that we work in or the schools that we go to. And just as everything has a baseline, every baseline has its anomaly, from open doors that you know you closed to suspicious vehicles parked outside of your house or office that you don't recognize. Like I said, I will write more on baselines and anomalies later on, but for now, I hope I was able to show you a different point of view. Going back to the open garage door, if this happened to you, then you would have been faced with a choice. Would you go into the house in order to see why the door was open, or would you go to a neighbor’s house and call the police? At the very least, I hope that you would be aware of the very state of raised awareness you are in. That state of raised awareness is a critical part of "see something, say something." If you see something that is not right, then say something.
Remember—everything has a baseline. That includes "soft targets," "hard targets," and "human targets," and each of these targets will have its own anomalies. The question is this: Will you recognize the baselines, and will you report the anomalies?
Jason Destein, ABCHS IV:
Technology Consultant II Advanced Solutions - Physical Security at Ingram Micro