This post is also available in: heעברית (Hebrew)

Written by Or Shalom

Preparations for the Olympics in France are at their peak, and so are the preparations in matters of security. The security is extremely complex as can be seen by the terrain and number of participants in the opening events alone, and the need to prepare for drone threats in the security protocols. The fact that the Olympics are a target for terrorism (as seen by those with malicious intent), the allure, the ability to reach events from different parts of the world under the guise of visitors to the Olympics, and the terrain all contribute to an even greater challenge. The terrain and landscape of the opening events will not be held in a closed stadium but rather will be along the Seine River with at least 500,000 guests and visitors, some in sections that do not require purchasing tickets, and about 200 heads of state that are expected to participate. One of the conclusions drawn from past events (as a direct lesson from the Munich attack and the Atlanta Olympics) is the need to increase security and technological means available on the scene. Meanwhile, in light of the open landscape of the events, security must be adjusted and implemented by the ‘Crime Prevention Through Environment Design’ approach (CPTED), which allows planning and risk reduction in accordance with the terrain and conditions of the environment. Past events require preparation for the possibility of organized terrorist activity (such as the Munich Olympics Massacre) and the possibility of a “lone wolf” attacker in some constellation (like the terror attack at Atlanta’s Olympic Centennial Park).

Intelligence Utilization In Various Circles:

The initial working assumption is to extract information available through WEBINT and OSINT networks (all visible sources of information), assuming that the opponent is using various platforms while organizing, gathering information, and promoting their goals. This can be carried out through the use of social networks, sending messages on Telegram, collecting information, acquiring weapons through the Darknet, etc. Therefore, overarching capabilities and cooperation between countries and intelligence agencies are required to realize capabilities around marking important news, cross-referencing names, expressions, possible trends, indicators, activity patterns, decryption/encryption capabilities, and more. As part of this cooperation, there are quite a few technologies dedicated to realizing these capabilities that are based on the analysis of connections, news, and posts on social networks (posts that include the use of symbols or radical expressions), like the detection of incriminating information in the open and deep network (including the darknet). The more these methods rely on AI-based automation capabilities, the better the intelligence process will be, and the more accurate it will be in the face of the changing methods of the opponent.

When it comes to cross-national processes and events, it is more necessary to analyze and trace processes that arise from metadata, which involves the production of additional relevant information from the existing information based on signatures created on the network[1]. This capability enables a retrospective look at the sequence of events, connections between entities, geographic locations, financial transaction information, travel patterns, web browsing activity, and more. Therefore, processing and tracing the whole process from registration to ticketing and check-in is very crucial. For example, an insight can be derived from the fact that a number of terrorists have reached the same destination from a shared country on different flights, or an event in which the person who bought the ticket before the flight is not the passenger himself, etc.

The ability to extract the information that would indicate the suspects lies in the ability to cross-reference all the processes and stages (including on the scene itself). If we take the Tamarlan brothers’ 2013 Boston Marathon bombing as a case study, we can see that there were suspicious signs of posts and tweets that showed radical trends prior to the event[2]. Another relevant statistic is information about the visit of one of the brothers about 6 months before the marathon itself in Chechnya (possibly the turning point that caused him to plan the attack) as possible evidence of extremism that could lead to practical intelligence insight. In a separate intelligence circle, in 2011 the Russians turned to the FBI for information about Tamarlan, due to suspicion of belonging to radical Islam circles and joining underground groups. This once again reinforces the need for cooperation and exchange of information between international entities.

There are quite a few challenges when facing the threat of terrorist assimilation on the scene. In 2016, ISIS issued a guide aimed at assimilating into small cells and the “lone wolf” method with the goal of soliciting and providing tools to individual operatives on the scene[3]. Here too, there are quite a few insights related to the technological and intelligence capabilities to track the changing guides and patterns, as well as a broad deployment of checkpoints in the crossings between areas as well as in random locations. An efficient process that may be the tiebreaker is the ability to rapidly retrieve information and cross-reference it with the information emerging on the scene itself (along with the various intelligence circles and past knowledge)[4]. Thus, for example, the allure of check-in deployments and ticketing processes will grow and be able to overwhelm the anomalies the more accessible it is to cross-reference with the information in existing databases and information generated in circles on the scene. As part of the proper dispersion and extraction of the check-in positions, the integration of rapid tactical capabilities for baggage testing (AI-based technologies) will enable additional capabilities for anomaly detection, as well as make organizing seem more difficult in the eye of the attacker.

Smart security based on analytics and AI capabilities:

The security of mass international sporting events requires the preparation of management, rapid response capabilities in the face of a developing event or immediately thereafter, and the ability to control the crowd in its various stages, including the need for monitoring and dispersion or public direction during or after an occurrence, with the aim of preventing the event. The landscape conditions at the opening event present quite a few challenges and difficulties in the ability to locate incriminating patterns, as well as the ability to control the audience according to the progressing events. Integration of decision-support systems based on analytics and AI will enable smart and efficient security thanks to learning, thinking, planning according to fixed parameters and events, and quality information extraction. The manner of planning should match the way one can predict and indicate abnormal behavior and anomalies (e.g., gatherings larger than the norm), staying in forbidden areas, etc. For example, unacceptable transits between regions can be defined as a possible indication of deviation from the norm in a way that will provide a warning and indication.

In addition to implementing AI on security cameras as the French have stated they will do; it will be advisable to also realize these capabilities through the use of drones[5]. The terrain and the transition between events and regions require control that enables fusion and analysis of the area in different dimensions, and of course enables capabilities of measuring crowds, monitoring movements, and more. In general, in event security, adopting the DFR (Drone As First Responder) approach will improve performance and rapid response capabilities[6]. In order to optimize smart security, there needs to be collaborative capability and a wide pool of data that will enable data fusion and cross-referencing. Of course, the data transfer process as well as the database itself require security-oriented thought in the aspects of cyber protection like the use of diodes and single-directional data channels and the ability to protect the various systems and regions.

Preparation To Deal With Drone Threats:

As mentioned, the French defined the drone threat in the security protocol as a troubling issue that requires preparation. The use of drones has often been proven for various purposes, from collecting intelligence to using it as weapons. There are quite a few possible solutions, from systems based on kinetic abilities, to capabilities that combine frequency disruption and blocking, as well as laser drone destruction systems, like the experiments recently conducted by the French[7]. The document published by the CISA titled “Unauthorized Drone Activity over Sporting Venues” aims to implement a group-based plan: Prevention, Protection, and Response Controls. The Prevention Control group includes the ability to coordinate between the authorities, increase public awareness and warnings regarding drone restrictions (warnings both online and physical signs on the scenes), as well as legal enforcement. The Protection Control group aims to conduct a risk survey for potential launch areas (parking lots, balconies, and open areas), formulate an emergency response, train security teams in detecting the exception, formulate indications based on speed, weight, flight near or above people, design changes in the drone, etc. The Response Control group aims to incorporate responses in a case of a drone crash, responding to treatment beyond the boundaries of the security sector and reporting to other authorities and security officials. Due to the complexities arising from problematic (urban) environmental conditions, safety restrictions, potential implications of technological blockages in the area itself, manpower skills, etc., those in charge must examine technologies, deployment and coverage, performance, and the abilities to detect and locate operatives on the scene and adapt all the requirements according to the terrain and conditions.

The author is a security, cyber, and HLS technology expert and consultant to government ministries and defense industries. He holds a master’s degree, as well as civil and national qualifications in the realm of HLS and Cyber Security. He has experience in consultation and business development for security companies and groups in matters of planning and building defense, innovation and security technology, exercises, and training in security and cyber.