Introduction: why Behaviour Detection?

The concept of behaviour detection, or Behaviour Risk Assessment, as a method of detecting suspicious individuals continues to occupy the headlines. As a recognized layer of security screening that has been successfully deployed in Israel and other countries, it is part of considerable efforts worldwide focusing on reforming the existing legacy approach to security into a more risk-based system (read about Focus on Intent).

In recent years, two international bodies, IATA and ICAO, have been leading the way by advocating a transition from the current “one-size-fits-all model” of security to a model where passengers are screened based on established or perceived levels of risk. As part of a risk-based model, all passengers would be divided into Low, High, Unknown groups according to information available about them to security personnel in advance (e.g. Passenger Name Record) and identification of any suspicious indicators in real time. Various countries, such as the US, Canada, UK, France and Australia have been studying the subject very closely including in pilot projects and research studies to determine best practices and/or validate the approach.

Let us begin by defining what this means in the world of security operations. In our practice, it is the process of observing someone's behaviour and analyzing it for indicators of adversarial modes of operations. 

In addition, especially trained officers would look at appearance, accompanying people, documents (if possible), verbal and other non-verbal cues, and conduct a security-driven interview (if allowed by regulations). All of the information thus assembled in a course of 5 sec to 1:30 min is analyzed relative to the operational environment or context in which the process is occurring. In the end, a qualified security officer will reach a simple decision: threat or no threat. Wait, you can ask, where does the racial / ethnic / religious profiling come into play? It does not.