Crowded places

​​Hostile reconnaissance

Hostile reconnaissance is purposeful observation collecting information to inform the planning of an attack against a specific target by people with hostile intent. This may involve observation of:

• people
• vehicles
• buildings
• places
• spaces.

It may be conducted onsite or online. There may also be rehearsals, where one or more elements of the plan are practised.

Characteristics of hostile reconnaissance

It is important for owners and operators of crowded places to understand where hostiles might go on site to collect information or test security measures.​

Employees should be aware of behaviour or activity that is atypical or unusual for the environment. They should also be able to report such incidents.

Possible indicators of hostile reconnaissance could include:

• people taking photographs of staff or security features of the site
• someone taking an interest in staff/vehicle movements
• unusual approaches to staff
• attempts at testing or breaching security
• someone being followed through security control points (e.g. tailgating)
• packages/bags being left unattended
• suspicious vehicle activity near the site.

Disrupting hostile reconnaissance

Owners and operators have a responsibility to understand what the current terrorist threat environment means for the security of their site and implement protective security measures that are proportionate to the level and types of threat.

To disrupt hostile reconnaissance at your site, it is important to understand​:​

• what information hostiles will be looking for and why
• where hostiles will go to obtain this information
• how far they will go to obtain the information they need.

Understanding these factors can help owners and operators to develop a security program to help disrupt hostile reconnaissance. This disruption can be achieved in three principal ways:

1. DENY a hostile access to the information they need to plan an attack
2. DETECT hostile reconnaissance through effective security and vigilant staff
3. DETER hostiles by promoting the likelihood of detection and failure.

DENY

Hostile reconnaissance can be prevented by denying hostiles access to the information they need to give them confidence to proceed with further attack planning.​

If the risk of detection is too high when obtaining information, hostiles may disregard the site as a potential target. It may also mean they have to undertake further reconnaissance.

Owners and operators should audit information that is publicly available about their site or event. They should remove or edit information to make it less useful to a hostile.

DETECT

The most effective method of detecting and disrupting hostile reconnaissance is ensuring people at your site know:

• what to report and where to report it
• reporting information is easy
• their reports will be taken seriously.

The people at your site, such as security, staff, patrons, or visitors, are in the best position to detect suspicious behaviour. They will be more likely to make a report if it’s convenient and they are confident about how to do it.

DETER

Deterrence involves promoting the DENY and DETECT capabilities of a site.

One of the primary functions of protective security measures is as a deterrence to hostiles. Proactively promoting protective security can enhance the deterrent effect. It heightens the perception by hostiles that they will be intercepted, and their attack will fail.

Detecting hostile reco​​nnaissance guidelines for crowded places

For more information on how to protect your crowded place read the Disrupting Hostile Reconnaissance Guidelines for Crowded Places.

If you are a member of the public find out What to do in an attack.