Security in Context: Applying Contextual Intelligence to Improve Security Practices
Print Issue: August 2020
You are the recently appointed chief security officer of a major multinational corporation. You have more than 20 years of upper-level law enforcement experience in your home country, and your first major project is a review of the company’s Tokyo facility. A team of experts and vendors has been put together to review the threats specific to the locale and the vulnerabilities of the facility.
Months of analysis and review have gone into the project. Additional time has been spent installing perimeter upgrades, baggage and parcel screening technology, and magnetometers. Dedicated and guarded employee parking areas have been constructed and operationalized. More than $250,000 has been invested in hardware alone.
Finally, the project is complete. You have contracted a local security professional to conduct a red team active review of the installation to measure its effectiveness. No more than 15 minutes after the start of the test, the expert calls you from the executive conference room, having bypassed the entire physical security system you worked so hard to put in place.
When asked how this was achieved, the penetration tester replies: “I copied the company’s logo from the Web, used a color printer and laminating paper to make a simulation of a badge, and told the front desk that I had flown in from U.S. corporate for an emergency audit meeting. I said that the CEO demanded that I start immediately, and I do not know why my ID card does not work. They let me right in and led me to the conference room.”
In implementing the sophisticated physical security measures, the CSO neglected to consider one thing: the culture of the workers, who were reticent to confront an individual who claimed to be in a position of authority.
Culture and Contextual Intelligence
Culture is one of many elements that today’s security professionals must consider to successfully navigate redefined boundaries related to geography and diversity, and even in relation to education, experience, and expertise.
Incorporating the impact of culture in decision making exemplifies the application of contextual intelligence—a concept used for decades in the management and sports sectors—to contemporary security practices.
Context is the background against which an event takes place; it makes information meaningful. Intelligence about context enhances situational awareness and enables more relevant, efficient, and practical decisions.
A great deal of attention has been given to affective or emotional intelligence, which focuses on the realm of moods and feelings. It was originally formulated by psychologists Peter Salovey and John Mayer, and popularized by psychologist and science writer Daniel Goleman.
Emotional intelligence focuses on self-awareness, self-control, and empathy. Improving one’s understanding of emotional intelligence is often promoted as a necessary skill set for improving people management and job performance. (For more information, see “Harnessing the Power of Emotions,” Security Management, September 2015.)
Contextual intelligence, coined in 1984 by Yale University psychologist Robert Sternberg, is a cognitive process that involves thought, understanding, and perception. Contextual intelligence prioritizes the environment, relying upon three primary processes to optimize decision making: adapting to the environment to meet our objectives; shaping the environment to meet our objectives; or selecting to abandon a project altogether.
Different industries have employed various methodologies to determine whether it’s best to adapt, shape, or abandon endeavors.
In the security sector, we recommend a simple framework, encapsulated by the mnemonic COPE—culture, organizational values, politics, and environment—to apply contextual intelligence to enhance decision making at the executive and managerial levels and on the front lines.
Contextual Intelligence in Action
Contextual intelligence is pragmatic and allows for nuancing the all-hazards approach to more effectively prepare and respond to security risks. Incorporating contextual intelligence into a proven threat assessment model enhances its efficacy.
Culture, the first element of the COPE framework, can be defined as the customary beliefs, social norms, and racial, religious, or social group characteristics shared by people in a place or during a time.
In the Tokyo security example above, an understanding of the deferential culture of the employees responsible for the reception areas might have mitigated the security breach during the penetration test. In response, the organization could have adapted the environment to eliminate the need for staffed entrances or shaped the environment through targeted training of frontline security.
In his primer for army personnel on the front lines in Iraq and Afghanistan, U.S. Lieutenant Colonel William D. Wunderle offered the example of U.S. troops forcing the heads of Iraqis to the ground during arrests—an act which violates Islamic religious norms of not allowing the head to touch the ground except in prayer. Behaviors that offend cultural norms can undermine core security missions; in the case of the global war on terrorism, offending detainees and the populace who witnessed the arrests threatened to undermine the mission of bringing stability to the Middle East, Wunderle said.
However, research on cultural competence across disciplines has found that knowledge of norms and customs is but one element to being successful. The capacity to assess one’s own cultural biases, to value diversity and manage differences, and to accommodate another’s worldview are also key. The deeper understanding of another’s perspective—derived from cultural competence—enhances the ability to predict behavior.
Priorities and Values
The second element of the COPE mnemonic, organizational values, seeks to ensure that any security plan, decision, or response aligns with institutional priorities. Consistent with the enterprise security risk management (ESRM) approach, the consideration of organizational values as a facet of contextual intelligence supports transcending security silos between people, assets, and processes, and between security and business outcomes.
Efforts to replace the so-called school-to-prison pipeline phenomenon in the United States with alternative classroom management approaches exemplify consideration of organizational values in action.
Highly publicized active assailant incidents in public and private schools in the past decade have given rise to two dynamics that have contributed to higher arrests of schoolchildren: an increase in the number of school resource officers (SROs), and a decrease in tolerance levels for disruptive classroom behavior, which is often regarded as a high indicator of risk for violence.
An increasing number of institutions are seeking security solutions that are more congruent with their educational values. Alternatives—such as restorative justice, which emphasizes accountability, peer learning, and meditation in response to unacceptable behavior—are being explored.
SROs can be instrumental in these efforts, adapting their expertise in de-escalation, risk communication, and behavioral threat assessment to support safety without criminalization. Considering factors such as age, developmental level, and social status within the school environment can contextualize benign behaviors that might otherwise be perceived as threatening or insubordinate.
Political Context and Environment
Politics—the third element in the contextual intelligence mnemonic—is defined here as the larger context in which a situation is occurring and the specific influences that may need to be evaluated.
Consider events in China in 2008. After an earthquake destroyed 67 percent of the habitats of China’s beloved panda bears, a type of panda mania set in worldwide. Pandas are typically popular—researchers suggest pandas activate regions in human brains like those triggered by human infants (recall their snub noses, wide cheeks, and toddling gaits)—but the events of 2007 sparked a surge in merchandising.
Against this context, it was perhaps not completely unsurprising when a 20-year-old student visited Qixing Park in Guilin, China, and scaled a 6.5-foot wall to enter the panda enclosure. He was repeatedly bitten by Yang Yang, one of the zoo’s pandas, before being rescued by zookeepers. The student subsequently claimed that he “just wanted to cuddle” the panda, according to the official Xinhua News Agency.
The larger political context at the time—in this case, a heightened interest in pandas—might have suggested that relying on a 6.5-foot barrier and the common sense of visitors might not be adequate to achieve a primary security objective of maintaining separation between humans and the very popular pandas. The environment and its security might have benefited from being shaped to match the larger political context.
In contrast, environmental context refers to local events and influences.
The impact of environment on security during the current COVID-19 pandemic is exemplified by an early effort by a southern California public–private partnership. In March 2020, the collaborative unveiled plans to slow the virus’s spread by treating potentially coronavirus-positive homeless patients at vacant hotels. One of the chosen facilities was proximate to a community of 18,000, many of whom were in the high-risk 65 and older age group.
The result was a series of protests, online petitions, and dissemination of misinformation. A plan that worked perfectly across multiple environments was not adapted to the local conditions of an older community and resulted in civil disobedience and multiple security risks.
In contrast, a community health center—mindful that its surrounding neighborhood generally responded to change with anxiety and unrest—opted to test potential COVID-19 patients discreetly; rather than erecting a parking lot tent, patients were tested in their cars. The healthcare response was adapted based upon the environmental context.
Can Contextual Intelligence Be Taught?
Traditionally, it has been believed that contextual intelligence could not be taught directly: You either had it, or you didn’t. But research in various areas—most notably business and sports psychology—has helped debunk this myth.
As industry globalized, business schools recognized the necessity of ensuring that future industry leaders understood contextual intelligence if businesses were to succeed in emerging markets. Tarun Khanna, economic strategist and Harvard Business School professor, used the example of a cement factory.
He pointed out that although the process for making cement is consistent across factories, the context in which a factory is embedded can influence everything from whether corrupt suppliers adulterate mixtures, to whether workers are unionized, to the way in which the final product is sold locally. The company seeking to relocate a plant to a location that might appear to offer greater return-on-investment potential must understand the impact of the contexts in which the business will operate.
Over time, the incorporation of contextual intelligence on business curricula and, subsequently, practices have allowed for interesting innovations. Popularized by sociologist Roland Robertson, “glocalization” can be viewed as the adaptation and shaping of contextual intelligence in action. It has resulted, for example, in one’s ability to purchase both a Big Mac and Seaweed Shake Shake Fries when at a McDonald’s in Hong Kong.
Likewise, sports psychology teaches its practitioners to intentionally consider the context in which they are working with athletes—the culture of the team and the sport, the values of the league, politics surrounding sponsorship, and the influence of local fans—to support maximum individual performance in their clients.
Teaching COPE in Security
Contextual intelligence can also be taught and learned at all levels of the security team by integrating COPE factor analysis into relevant decision-making processes.
On the front lines, this occurs through COPE inclusion in various drills, thought experiments, and operational templates. It involves movement beyond standard—and frequently superficial—training in cultural competence to training that has greater relevance, depth, and impact.
The use of case studies, for example, allows security professionals to develop knowledge of cultural nuance and test their ability to predict behavior based upon this knowledge. Then they can compare their predictions against real world results.
For example, are frontline security professionals for a hypothetical Malaysian e-commerce company able to detect and prioritize potentially significant nuances related through case studies: What is different today from yesterday? Are children playing in the neighborhood as normal? Are they suddenly gone? Are there new faces in the area? Have local radio stations increased negative mentioning of internationals? Has the village matriarch invited you to take tea, as usual? Or, are there more males and fewer females present than normal?
What does the subtle presence of the cultural normal or its absence potentially mean? Conversely, what does the presence or absence of that which is culturally incongruent signify? What could these subtle changes signal?
This approach can also uncover implicit biases that most of us hold—and about which we are typically unaware. In at least some areas, unrecognized biases can impede successful decision making.
A bias, for example, that men are more lethal than women can create a vulnerability if an organization dismisses early warning signs from a high-risk female.
Managing with COPE
On the managerial level, the inclusion of COPE factors assists in professionalizing the workforce, connecting members of the security team more closely with organizational missions, and providing a forum to review the often shifting macro- and micro-influences that affect the provision of services in various industries.
COPE may cause managers of security at a large metropolitan hospital, for example, to shift a drill’s focus from active assailants to workplace domestic violence or a pandemic based upon a sensitivity to the hospital system’s culture and organizational values of supporting the physical and psychological safety of its workforce, coupled with an ongoing analysis of threats in large hospital systems regionally, as well as the emergency department specifically.
At the executive level, COPE provides a framework for both considering and informing critical institutional decision making by casting security intelligence in the broader themes that are vitally important to an organization’s ability to survive, particularly during times of change or complexity. Using the COPE framework, for example, may inform recommendations to abandon reallocating resources from current security efforts—which can be demonstrated to align with culture, organizational values, and current political and environmental events—over a security proposal that has limited or no utility to the institution’s larger goals.
Can Contextual Intelligence Be Assessed?
Assessing the contextual intelligence of security job applicants can be achieved through case studies that evaluate contextual sensitivity. Industry-specific hypotheticals that require the candidate to articulate the factors they would consider when engaging in decision making can assess contextual intelligence.
Psychologist Robert Sternberg offered the following example of operationalized contextual intelligence in a workplace setting.
An employee loved his work, coworkers, and where he lived, but hated his boss. The employee was contacted by a recruiter who had heard of his dissatisfaction and offered him a position with considerably more pay and responsibility at a company in a nearby city. The employee declined the position and instead gave the recruiter his boss’s name. His boss took the job.
Sternberg’s example demonstrates each of the factors suggested by COPE—cultural consideration, an evaluation of the role of organizational values, politics, and the environment—to arrive at a pragmatic and creative solution.
To see how contextual intelligence can be leveraged in a security setting, consider the following anecdote.
Doctors and mental health workers at a maximum-security penitentiary are threatening to strike, claiming safety concerns stemming from a lack of rapid response by correctional officers to panic calls. They cite two staff who were badly injured over the prior three-month period. Correctional officers, in response, report that the majority of calls by workers are false—either made by accident or never received. A strike would threaten the facility’s ability to provide needed care to inmates and obtain a coveted accreditation status, and it could generate negative publicity.
What factors would you consider when developing a security solution to this situation, and what potential resolutions do you envision?
Applying the COPE framework supports an evaluation of the security candidate’s response. Does the candidate consider the potential cultural differences between medical and correctional staff and offer thoughts on ways to bridge any possible divide? Does the proposed response include an investigation of the institution’s values and priorities, perhaps identified through how it managed the incidents with the injured workers? What are the political ramifications of obtaining—or losing—the specialty accreditation? And, have there been recent local or sector-specific news events that render the institution particularly vulnerable to negative publicity at this time?
A contextually intelligent applicant will likely respond to such a scenario in a way that moves beyond a limited focus on modifying equipment (a simple abandonment of the current hardware) to a more sophisticated plan that includes adapting to and/or shaping the current environment. For instance, the development of scaled responses based upon inmate risk levels, with the establishment of special joint healthcare–correctional officer deployment teams for the highest risk populations.
The Contextually Intelligent Security Team
Contextual intelligence and the COPE framework support the professional development of individual security personnel—whether in the C-suite, at the managerial level, or on the front lines—through the enhancement of decision-making skills.
Training members at all levels of the security workforce also supports the establishment of a consistent problem-solving approach that can unify diverse members of a security team, improving the ability to coordinate and collaborate across roles.
In this way, a shared commitment to considering culture, organizational values, politics, and environment to inform whether to adapt, shape, or abandon situations promotes the contextually intelligent security team’s capacity to successfully meet today’s complex security challenges.
Dr. Diana M. Concannon is a forensic psychologist, associate provost at Alliant International University, and dean of the California School of Forensic Studies. She is special adviser of ASIS International’s Professional Development and School Safety and Security Councils.
Michael Center is a regional security advisor for the United Nations Department of Safety and Security based in Brussels, Belgium. He is chair of the ASIS Professional Development Council and co-vice chair for subject matter expertise of the Global Terrorism, Political Instability, and International Crime Council.
The views expressed in this article are the authors’ own and are not reflective of their organizations.