Hostile Surveillance Detection for Soft and Hard Targets

By Jim McGuffey, M.A., CPP, PSP, PCI

Following drastic increases in terrorist attacks in recent years,  facility and security managers must begin to incorporate hostile surveillance detection into their security strategies, to better protect their facilities. Without this added security strategy, facilities are highly susceptible to criminal and terrorist attacks. Law enforcement agencies must also receive training in this area.

My experience in surveillance detection training began in 1982 when I started work in the armored car industry in Chicago. My first day on the job as a supervisor, I was required to observe a security video on the importance of being aware of your environment. I recall one example the video shared, observing several cigarettes on the ground near a car window as you approached the financial institution, which might be an indicator of recent suspicious activity. That activity might be indicative that person (s) had arrived earlier to observe the armored car crew work for a future attack or that an attack was imminent.

After riding armored trucks for the first three years in the Chicago area, I learned that observing those who might be conducting surveillance was an acquired skill, one which life depended on. Our security team often found it difficult to observe a crew without being spotted , since drivers were trained to be observant and most of the time, they spotted the security person observing their activities, which was actually the desired result management sought.

Unfortunately, during my 26 years of working in the industry, there were times when team members were not observant, resulting in the unpleasant experience of notifying several families, that their sons would not be returning home.

I have since, shared the importance of surveillance detection training before national and international audiences and have taught surveillance detection courses in numerous countries. After asking more than several thousand of those attending training sessions, seminars, or webinars, how many had received training on this subject, there were only a few who acknowledged received such training. I have also inquired of U.S. police officers both active duty and retired, only to be advised in most cases, that no training had been provided.

Global terrorist attacks grew from 3 a year in the 80’s to 1 a month in the 90’s to 1 a week from 2001 to 2003 to 1 a day from 2003 to 2015. From 1968 to 2002 there were 11,723 terrorist attacks killing and injuring 37,137 in 147 countries. Whereas in 2016 alone there were 11,072 attacks causing 25,600 deaths and 38,800 injuries (26% killed were perpetrators).

Although most facilities or soft targets do not have sufficient resources or  funding to properly implement a well-trained team of security personnel trained in the area of hostile surveillance detection, there is much that can be done to ensure your facility is not being surveilled without personnel and cost.

Terrorist planning cycle:

  • Preliminary Target Selection
  • Initial Surveillance
  • Final Target Selection
  • Pre-attack Surveillance
  • Planning
  • Rehearsal
  • Execution
  • Retreat & Exploitation

It has been well established that terrorists participate in a planning cycle lasting weeks, months, or years, prior to an attack. Hostile surveillance is part of this planning cycle and usually occurs twice during their planning phrase.

Although terrorists and criminals acquire substantial information about potential targets from the internet, employees, and open sources, it is important to have a physical presence at sites to observe vulnerabilities and for planning purposes.

Terrorists conduct surveillance to discover a target that will provide the most media exposure following an attack as well as to learn the vulnerabilities or weaknesses of a facility that can be exploited to ensure a successful attack. It is during this surveillance that law enforcement, private security and trained personnel have the best opportunity to observe and report suspicious activities without the surveillants knowledge.

Terrorists conducting hostile surveillance seek to position themselves in positions that provide a safe entrance and exit as well as allowing for observation of vulnerabilities. During the first round of surveillance, less experienced terrorists may be used to collect information to decide which facility to attack. Due to their lack of experience, this may present the best opportunity to detect and report this activity.

Please contact Jim McGuffey at to arrange for in-person training or on-line training for your team members.

Jim McGuffey CPP, PSP, PCI served 3 years in the military, 8 years in law enforcement, and 26 years in the armored car industry where during his 26-year tenure he had responsibility for several-thousand armed guards, 50 facilities and a thousand armored vehicles. 

During the past 10 years, he has served as a private security contractor, teaching 70 antiterrorism courses in Middle East, Africa, Europe, Asia, South America, Latin America, and Mexico for various companies hired by the Department of State; one of the courses is Surveillance Detection. He holds a B.A. in Criminal Justice and M.A. in Management and has worked security cases in the U.S., Canada, and South America, for attorneys, governments and private individuals and he is often called upon by various news media, for comments regarding security incidents.

Jim has been an ASIS member since 1981, serving as past Chair for the Savannah Low Country Chapter, ASIS Assistant RVP, past House of Worship Committee Chair, Physical Security Council, and the Cultural Properties Council.  Jim serves as a Technical Committee member for several ASIS Standards. He has been an InfraGard member since 2013 and is the Executive VP, Board Member for the South Carolina Chapter. InfraGard is an FBI sponsored organization, dedicated to protecting USA critical infrastructures, working members from, private sector,  law enforcement and military. 

Disclaimer:  The articles contained on this website are written for general information purposes only and are not intended to be, and should not be used as, a primary source for making security decisions. It is the responsibility of the end users and viewers to evaluate and seek out additional guidance as deemed appropriate for application.

Scroll to Top