Module 5.4 – Change Analysis

threat patter analysis pattern map 1Change analysis considers factors that could cause the threat environment to become different from the way it is now. In particular, it focuses on things that might make existing threats more frequent, damaging, more likely to target you directly; or that might cause entirely new threats to emerge. Change analysis involves both historical analysis (because it is necessary to look at what has happened in the past), and pattern analysis (because it is searching for trends), but unlike those two, it also involves actively projecting possibilities that have not yet occurred. In doing this, it addresses a critical limitation of both history and pattern analysis: in both these forms of analysis, data can only be analysed once the event has occurred. If this were the full extent of our analysis, we might be condemned to discover new threats only after we have become the victim of them for the first time. Security managers need a way to actively predict from known information how the threat environment is changing, and when something completely new may be likely or even imminent. Change analysis is the answer.

Consider the first example of change analysis in the small threat patter analysis pattern map 2conflict-affected country to the right. The capital is called Main City; dashed lines represent the national borders. Data: While there have been about 15 violent incidents of attacks from rebel forces in the south of the country in the past three years, there has never been a bombing of buildings or vehicles within the capital, Main City.

Conclusion: Based on this, a humanitarian agency operating in Main City concludes that it is safe as long as staff remain within the city limits.

Do you agree with this agency’s finding? Based on the data provided, they have assumed that Main City is safe. Why? Because an incident has never happened there before.

Now, the same data presented in a slightly different way. Data: Three years ago several incidents occurred 200 km south of Main City. Two years ago several incidents occurred within 100 km of the city, mainly in the south of the country. Last year, several bombing events occurred in the suburban areas just south of Main City, and in some nearby towns just outside of the city limits.

Conclusion: The implication of this presentation of the same data should give you reasonable cause for concern. We can now see a clear trend toward attacks moving further northward across the country over the last three years. Looking at the data as presented, it is not difficult to imagine that something new may be heading our way—that the map for “This Year” may include attacks in Main City itself. Different ways of presenting the data convey very different messages. When looked at from the perspective of what is changing, or may change, those responsible for security in Main City will certainly want to take measures to prepare for threats, even though they have never occurred in Main City before. One place where change analysis can be particularly useful is in helping organisations/ agencies assess the possibility of new patterns of attack that might directly target them. We will use the following example:

In many conflict areas around the world, humanitarian agencies work in close proximity to groups conducting hostile acts. The prevailing analysis is often: “Armed groups are fighting each other but fortunately they are not targeting us.” The impact of such an attack aimed at your staff would of course be critical—it would probably be deadly— but its likelihood may be assessed by those in the organization as very low. Why? Because it has never happened before. If this were your situation, would you be content with the assumption that you will never become a target?

After seeing the example of change analysis from the country above, you should be skeptical. But what do you do about it? To be of practical use for SRM, change analysis should be closely linked to the development of warnings or indicators to signal that the predicted change may be happening, so that you and your organization can respond in time; before the change in the security threat pattern catches you by surprise.

The first step is to ask: “What could happen that would cause the situation to change, i.e., what would cause hostile groups to start targeting us?” This should be linked to the following question:

“What indicators or warning signs might alert us that this was happening?” The questions can be put in a table as in the example below, which shows some typical (but not all-inclusive) responses.

threat change indicator table

In order to facilitate action as well as analysis, the indicators should be accompanied by actions or measures to be taken if and when the warning signs occur. In this way, indicators become useful tools not only for analysing future threats, but for designing immediate actions or contingencies to be taken based on the warning signs. The sample Threat Change Indicator Table above shows how it can be converted into an action chart.

The proactive and habitual search for security threat change indictors is sometimes called Situational Awareness. In high risk areas, keeping aware of small indicators can be a life-saving habit. Maintain your situational awareness by continuously looking for any recent changes that may affect the risks you face. This is primarily a matter of vigilance (constantly looking for changes) and discipline (remembering to ask yourself whether anything has changed, either at the end of every day or week). While an important habit to develop, in some cases long-term field workers can become so accustomed to insecure environments, they actually pay less attention to these details and may become overconfident.

Often, the local population and security forces will have more warning of impending confrontations (military battles, terrorist attacks, or riots, for example) than expatriate field staff. You should be aware of changes in their daily routines or activities and, at a minimum, ask why these changes are taking place.

key points imageIn Summary

Threat assessment is closely related to vulnerability and program assessment and at least some of the data collection required for any of these three activities will likely be of use in the others.

Taken on its own, threat assessment is the collection and analysis of information about past and ongoing threats in the environment in order to make assumptions or predictions about current and future threats.

Historical analysis is the study of past security events and consideration of the possible implications for your current and future activities. Historical analysis may be carried out using different factors in order to determine patterns in the data.

Pattern analysis may take several forms such as consideration of the patterns in the types of threats, locations of threats, time of day, week or month, for the likely targets of threats. One of the key aspects of pattern analysis is the recognition that while many patterns will continue in ways that facilitate security planning, we must be aware that sometimes the patterns do change, requiring planners and managers to look for indicators that change may be happening.

Change analysis is a logical extension of threat analysis as it identifies indicators that change may occur, so that measures can be taken to avoid harm before the changing threat pattern takes you by surprise.

The proactive and habitual search for security threat change indictors is sometimes called Situational Awareness

No matter which of the techniques above are used, security threat assessment relies on information from people. Since all people have different information sources, biases and interests, information collected should be validated to the extent possible, either by comparison of several sources, or through use of the information accuracy checklist or a similar guide to help you rate reliability.