Reducing Risk for Elected Officials

Physical Security

♦ Photo of Giffords' shooting scene by SearchNetMedia/Flickr

Reducing Risk for Elected Officials

The terrible Tucson attack on January 8, 2011, in which 19 persons were shot, six fatally, sparked wide-ranging national discussion about possible causes and solutions. Commentators have addressed mental health policy, firearms regulation, characteristics of mass shootings, police action and inaction, the tone of political debate, regulations on speech, military restrictions on prior marijuana use, and even the possibility of a national program to protect politicians.

An attack like the one in Tucson obviously raises many issues, but the one that is most immediate, relevant, and practical for security professionals is this: what can be done right now to minimize the likelihood of similar attacks on elected public officials?

The U.S. Congress consists of 100 senators and 435 representatives. Other branches and levels of government include hundreds more potential targets. Providing all of them with U.S. Secret Service-level protection is impractical and unnecessary. The solution may be to recruit staff members into a protective effort.

Staffers, obviously, cannot play quite the same role as dedicated executive protection professionals. However, they can become familiar with the basics of executive protection, assess risks, plan public events with an eye toward security, and tap other resources (such as local police) to aid in the protective effort.

A Saturday Morning in Tuscon

First, it is instructive to examine what occurred in the Tuscon incident from a security perspective.

According to news reports, on January 8, 2011, around 10 a.m., U.S. Representative Gabrielle Giffords was holding an open meeting with constituents in front of a supermarket in a strip shopping center in Casas Adobes, an unincorporated area north of Tucson, Arizona. Ms. Giffords and staff had set up a table outside the store, and about 25 people were standing in line to speak to her.

Shortly after 10, a clean-shaven but fidgety young man approached the table, wearing a baggy, dark coat and a dark skullcap or beanie pulled tightly over his head. He asked the intern if he could speak to the congresswoman and was asked to get in line and wait his turn. He went to the back of the line, and the intern turned his attention back to the congresswoman and the people she was meeting. Less than 10 minutes later, the same man walked back up to the table, pushed his way past the constituents who had been waiting, raised his arm, and opened fire.

What Can Be Done

Protection specialists cannot necessarily stop an attack like that in Tuscon, but they may be able to frustrate a would-be attacker to the point where that person is effectively deterred. History shows that even some highly fixated assassins turn out to be fickle, shifting to a new target if their first target is repeatedly difficult to access.

For example, in 1972 Arthur Bremer had stalked President Nixon for months, trying to find a suitable opportunity to shoot him. Finally, frustrated over and over by the protection around the President and the speed at which the President’s motorcade always passed by, and concerned that he had been noticed by law enforcement officers, Bremer gave up on attacking the President. Unfortunately, he simply changed targets and successfully attacked presidential candidate George Wallace. (The attack took place in front of a strip shopping center, just like the attack on Rep. Giffords.) But at least from the President’s perspective, the protective effort was a success.

So what are the steps that can be taken to achieve that type of deterrent effect and to be prepared to thwart an active attempt if one occurs? What follows is a practical, six-part approach to protecting a public figure or other person (such as a corporate executive) at public events. The approach is designed to be capable of being carried out by one or two staff members who are not full-time security specialists. It consists of six parts:

• ownership and training
• support from the protectee
• risk assessment and the advance
• site management
• countersurveillance
• attack vector awareness

Ownership and Training

One person should own the security process. For example, a member of Congress could appoint a single staffer to oversee security for public events. That person may have other responsibilities, but he or she can also be assigned to carry out the steps in this proposed process.

To be equipped to handle this additional responsibility, the security staffer needs to understand the basics of personal protection. With that knowledge, the staffer can then intelligently perform some of the necessary protective steps personally and line up assistance in carrying out others.

A version of this approach is already practiced by some corporations, even those with full-time executive protection (EP) staff. When they elect not to send an EP specialist on a trip with the protectee, they may still send the protectee’s assistant or chief of staff, who is trained in security awareness, countersurveillance, and effective interaction with security staff at the site being visited.

Basic protection topics in which the security staffer should receive training are as follows:

  • ​Intelligence gathering and general risk assessment. This may require adjustments to a congressional office’s normal tracking of news, public opinion, letters, online comments, etc. The security staffer should learn the importance of collecting, tracking, and analyzing any threats or odd communications directed at the protectee. The communications should be retained, and items that seem threatening should be passed to the U.S. Capitol Police Dignitary Protection Division.
  • Resource coordination. Especially when security is a part-time responsibility, the security staff should learn about key resources that can provide information and logistical support. For example, local intelligence fusion centers are run by state and local authorities, are focused on state and local concerns, and deal not only with terrorism but with a wide range of criminal and public safety matters. Local police, too, can help if they are notified in advance, providing both intelligence and personnel at the speech site.
  • Site advances. An advance is a process for gauging risks, identifying resources, and developing familiarity with the site for security logistics purposes. An advance can be performed from a distance or with a site visit.
  • Site risk assessment. The security staffer should learn what to look for in a speech or meeting site—what elements lead to more or less control over a site, considerations for getting in and out safely, etc.
  • Ground transportation. The staffer should follow simple protocols for the safe arrival and departure of the protectee. For example, the protectee or his or her driver should call ahead to the site before arriving to make sure it is safe, and the vehicle should be positioned well for a quick departure if necessary.
  • Choreography of protection. This factor addresses where the security staffer should be positioned at the speech and what to do if an attack begins or seems imminent. A trained staffer may be able to grab the protectee and quickly remove him or her from the site. It is also important for the staffer and protectee to have a prearranged signal that means “let’s go.”
  • Site management, countersurveillance, and attack vector awareness. These are addressed below, but all have to do with controlling the site and keeping one’s eyes open for a potential attacker.

The staffer can gain knowledge about all of these steps through reading or by attending a briefing or short training course. Such minimal training cannot take the place of the knowledge, experience, and connections that a trained EP specialist can bring to the task. It is simply suggested as part of a proposed short-term solution that can be implemented quickly.

Support from the Protectee

The security staffer who has been given ownership of the security issue absolutely must have the support of the protectee. Such support is necessary if the staffer is to have sufficient time and resources to arrange for protection.

Although the protectee is likely the person who assigned the staffer that responsibility, the protectee may or may not genuinely embrace the idea of protection. Some protectees feel protection will be cumbersome, while others think protection makes them look fearful or weak.

Executives who face real problems and see how low-profile protection can be used to effectively deal with those problems are likely to change their minds. For example, at a major U.S. corporation served by the author, a trend was developing in which protesters would sneak into speech venues and, as an executive would step toward the microphone, would run up, grab the mic, and deliver a wild rant against the company. The risk was not just embarrassment but also attack, as the category of protester, animal rights extremists, had a history of violence.

A particular top executive did not want to have a security person inside the room where she was delivering a speech, but she agreed reluctantly. As she approached the dais to speak on one occasion, a protester raced toward her but was immediately stopped and escorted away by a security specialist. That particular executive is now a serious supporter of personal protection.

Risk Assessment and the Advance

The security staffer should conduct ongoing risk assessment focused on the protectee and the particular sites to be visited. The following are some steps he or she can take:

  • ​Talk to the protectee about past incidents and any areas of concern.
  • Examine the threat file—the record of odd or threatening letters, phone calls, e-mails, and incidents—if one exists.
  • Obtain site risk information from local police contacts.
  • Keep up-to-date on attacks against people similar to the protectee.
  • Determine how easily an attacker can find out where the protectee will be on any particular date. (For a public figure it may be very easy to find out where that person will be, as many events are specifically geared to draw attendance from the public.)

In some cases, the risk assessment can guide site selection. For example, a higher level of risk may call for using a less open site.

The security staffer should also conduct a site advance, either in-person or long-distance (e.g., by telephone). An advance is the totality of the staffer’s efforts to learn about the protectee’s route and destination and all the details that affect the trip and the stay. It constitutes a preemptive strike against confusion and exposure. Through the advance the security staffer tries to discover possible risks at the site, primary and alternate transportation routes, and local resources (police, hospitals, etc.).

If the risk assessment or site advance reveals a high threat level or several red flags, the security staffer should waste no time in lining up security assistance from protection specialists, whether on- or off-duty local police or private EP specialists, who are available in every state. It is not difficult to find and contract with trained, experienced EP personnel who understand personal protection principles and can step up to assist at a higher-risk event.

Site Management

A security staffer should try to influence the choice and layout of the event site. Ideally, at least some level of control over entry should be arranged.

Hosting an event in an open parking lot is a recipe for disaster, as an attacker can approach from any angle, and there is no choke point that provides the security staffer (or police) a chance to look at each person entering. A better idea is to funnel attendees through a narrow opening, such as a doorway or a break in a rope line at some distance from the protectee.

It is true that an attacker can start shooting right at the checkpoint, as happened in the 1998 U.S. Capitol shooting and the 2009 shooting at the United States Holocaust Memorial Museum in Washington, D.C. However, an attack initiated at a checkpoint is at least some distance away from the protectee and allows more time for response. In addition, using a choke point to control visitor flow into the event provides an opportunity to conduct the next step, countersurveillance.

Another option is to have a controlled-invitation event. That adds a layer of deterrence, even though, it should be noted that people who want to disrupt the event may use illegal or legal means to get in anyway. For example, protesters often obtain counterfeit press credentials or other access passes to enter and disrupt a controlled event. It is even common for protesters to buy a token amount of stock in a company to be eligible to attend its annual meeting.

Once the site is deemed safe, the protectee can be brought in through a private or otherwise controlled entrance, make his or her speech, and then leave via a route that bypasses the crowd.


Countersurveillance is the act of watching the watcher, looking for odd or inappropriate behavior or appearance. The practice becomes more valuable the more it is used. Over time, the security staffer may not only develop a sense of clues to look for but may also come to recognize repeat visitors.

In Tucson, if a security staffer had been conducting countersurveillance, he or she might have taken note of a fidgety young man (not the normal attendee at a morning “meet the constituents” event), wearing a baggy coat in mild weather, and with a cap pulled tightly over his head (which may have partly concealed his appearance). A security staffer might also have felt concern when the young man jumped the line of people waiting to speak to Rep. Giffords and had to be told to get in line properly. The staffer might even have recognized the young man, who had attended a similar event in 2007 and asked a strange, nonsensical question.

With a little training, a security staffer may be able to watch for risk signals, such as whether anyone is photographing the security operation, taking notes on protective measures, touching what might be a concealed weapon, or exhibiting signs of stress that could be related to an impending attack.

For example, when someone carries a concealed firearm, the weapon usually leaves an imprint of some sort, an outline of the weapon even under clothing. Another identifier is weight and symmetry. If someone is concealing a gun in a jacket that he or she is wearing, the weight of the gun makes the jacket look off kilter, as one side will be heavier than the other. When the person walks or runs, the side of the jacket that contains the gun will swing differently than the empty side.

Another clothing-based clue is the choice of garments. A person wishing to conceal a weapon may dress more warmly than the weather warrants—for example, wearing a coat, jacket, or heavy shirt on a hot day to hide the weapon.

A different set of clues comes from body language. People who carry a concealed firearm have a tendency to check on it, meaning they periodically place a hand where the gun is to make sure it is still there. When getting up from a table or climbing out of a car, an armed person will generally pat or adjust the place where the gun is held (such as the right hip or the inside breast pocket of a jacket). When the person walks, his or her arm on the side where the gun is stored will have a tendency to stay in place, not swing like the other arm.

An even stronger approach to countersurveillance calls for the use of a second observer standing unobtrusively amid the crowd, where he or she can observe attendees. That person can play a key role in the next step, attack vector awareness.
If an EP specialist does detect someone who may be carrying a concealed firearm, it is time to move the protectee away quickly and signal for help.

Attack Vector Awareness

The attack vector is simply the path that the attacker takes to approach the protectee. If the security staffer or another person providing security at the event understands a few features of the attack vector, he or she may be able to intervene earlier in an imminent attack.

Knowing that in a well-chosen venue, the attacker will have only a few directions from which to approach, one security person (perhaps the security staffer) can remain very close to the protectee while the other security person stands farther away, in or at the edge of the crowd. If someone seems to start moving aggressively toward the protectee from, say, 25 feet away, the second security person can try to intercept the attacker before he or she gets close to the protectee—basically cutting the attack vector short. This approach changes the protection strategy from defensive to offensive and turns the protectee and staff from prey to predator.

Attack-vector positioning also provides another vantage point from which to conduct general countersurveillance, watching the watchers.

No amount of planning and countersurveillance will be guaranteed to prevent all incidents, but by following these six steps, designated personnel can go a long way toward improving the odds in favor of the protectee.

Robert L. Oatman, CPP, is president of R. L. Oatman & Associates, Inc., which provides executive protection training, consulting, and operations. In 2010, he received the ASIS International Presidential Award of Merit. His most recent book is Executive Protection: Rising to the Challenge (ASIS, 2009). He is a member of ASIS International.

© R.L. Oatman & Associates, Inc.​