© Crown copyright (2020), Dstl. This material is licensed under the terms of the Open Government Licence except where otherwise stated. To view this licence, visit or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email:

Governments across the world have a responsibility to counter and prevent violent extremism (C/PVE), in order to protect their communities and citizens. As part of these C/PVE efforts, they need to develop policies and strategies that are then implemented at strategic, operational and tactical levels by those responsible for defence and security within different domains. These include specialist personnel and others on the front line who are required to ensure the security of public places and spaces, such as airports and other transport hubs. This article emphasises the need to understand behavioural detection in relation to wider security efforts, and signposts the reader to new guidance that represents the UK Government’s stance on behavioural detection. Dr. Sarah Knight, a psychologist at the Defence Science and Technology Laboratory, provides some background to this new guidance paper and summarises the rationale and key points that it covers.

‘Behavioural detection: Best practice, guidance and advice’ has been designed for various stakeholders within government and industry. Key audiences are those responsible for developing policies and strategies and those on the frontline who need to implement security processes and measures. Written by behavioural detection experts within the UK government, findings are based on extensive research that has looked at the evidence base for behavioural detection, and why, when and how it can be effective (or not!). With Aviation Security International (ASI) readers in mind, the focus of this article is specifically on the aviation environment; but key points and lessons can be applied to other transport modes, as well as to other locations and contexts.

The Ongoing Threat

There is evidence that aviation continues to be seen as a ‘high profile’ target by terrorist organisations such as Daesh. A 2019 article published by the US Department of Homeland Security1 (p. 19) states that:

“…Though they did not succeed in killing anybody in these attempts, terrorists managed to place bombs aboard passenger planes bound for the United States on multiple occasions after the 9/11 attacks. Terrorists have downed passenger planes and carried out attacks against rail systems elsewhere in the world — including in Britain, Egypt, India, Russia, and Spain — since the 9/11 attacks… Terrorists and other hostile actors have demonstrated an enduring interest in exploiting global aviation, surface transportation, and maritime transportation systems for a range of dangerous activities, including conducting attacks, transporting weapons, and interfering with mass transit, supply chain networks, and critical infrastructure. Malicious insiders, including personnel employed by government agencies and transportation stakeholders, pose a risk because terrorists and criminals can exploit their knowledge to evade security measures…”

“…the ‘PLAN’ mnemonic is used by the police for operational and tactical planning but can be applied here to emphasise that any implementation of behavioural detection should be proportionate, legal, accountable, and necessary…”

Moreover, ‘Air Watch’, a regular and substantial section of ASI, regularly outlines numerous incidents and threats that have recently occurred within aviation. These demonstrate the variety of challenges facing the industry, from terrorism, hijacks and sabotage, to unruly passengers and vandalism, to theft, trespassing and assault. These all constitute acts conducted by ‘hostiles’ that might be disrupted via behavioural detection.

Whilst acts of terrorism dominate the mainstream media, other types of hostile acts are seldom reported. As a result, many staff operating within the aviation domain may be unaware of the prevalence and variety of hostile activities that do occur. However, the threat is real; therefore, security measures must have maximum effect in terms of their ability to deter, detect and deny hostiles from operating within the aviation environment. Behavioural detection provides one such measure that can complement and be complemented by other processes and procedures as part of a layered approach to security. It can contribute not only to the detection of hostiles planning and preparing for a terrorist attack – for example, during the hostile reconnaissance phase of the ‘attack cycle’ – but also to wider efforts that coordinate resources in order to disrupt a range of other types of hostile activities. Moreover, publicising behavioural detection capability can act as a powerful deterrent to hostiles, whilst also reassuring the public.

Behavioural Detection and the 3Ds of Disruption

The Centre for the Protection of National Infrastructure (CPNI) is the UK government authority that leads on the provision of physical and personnel security advice, in order to ‘protect national security by helping to reduce the vulnerability of the national infrastructure to terrorism and other threats’2,3. Their recommended approach to protect people and places from the threat posed by hostiles is based on the 3D model of disruption – to deter, detect and deny.

The 3D model of disruption
The 3D model of disruption

The 3Ds approach provides a framework to identify how an organisation or site can deny the hostile access to essential information (e.g. on site or online), how to focus efforts to detect them, whilst having a deterrent effect at every stage in their hostile reconnaissance activities. Behavioural detection is just one security capability – amongst a range of interventions – that can detect and, when publicised, deter hostiles, therefore denying them an ability to operate in terms of, for example, planning and preparing for a terrorist attack on a plane or in an airport.

‘Behavioural detection: best practice, guidance and advice’

Behavioural detection has an obvious appeal for those responsible for the security of large, busy, crowded spaces, who are increasingly looking at employing behaviour detection methods as part of a range of security practices and processes. It can be used as a method to prevent criminal and violent acts – to identify and deter individuals who are preparing for and planning a terrorist attack.

However, in order to be successful, behavioural detection should not be used without full consideration of several key questions. These are set out and explained in the new behavioural detection guidance to assist with decisions regarding the application, procurement and deployment of any behavioural detection capability. ‘Behavioural detection: best practice, guidance and advice’, the new UK government guidance paper:

Goes ‘back to basics’ to: (a) consider definitions and terminology, (b) outline different behavioural detection approaches and methods, (c) summarise key components that must be covered by training programmes, and (d) discuss caveats to consider when procuring specialist training, technologies and tools4.

Explains how behavioural detection should be set up, run and deployed to maximise its impact in terms of its potential effect and reach.

Outlines the limitations of behavioural detection, associated myths and assumptions5, and the importance of measuring the effects of your behavioural detection capability.

Explains when, where, why and how behavioural detection is likely to fail.

The guidance emphasises the critical need for a range of coordinated activities that provide different levels of training for specialist security staff, other staff and the public. It is important that the public and other staff are able to easily report any concerns, and that specialist staff are skilled at resolving concerns that result from behavioural detection capabilities.

Critically, the guidance paper also stresses the importance of the ‘power of hello’, and interactions between staff and the public that include friendly but probing conversations. These are key because they can (a) elicit cues that aid detection, (b) provide a resolution process (strategies and tactics) that staff are well trained and practiced in, and (c) elicit fear and anxiety in hostiles who are engaged with (or observe others being engaged with) leading to a strong deterrent effect for hostiles operating in that environment.

The topics covered in the guidance paper must be understood to ensure that behavioural detection is appropriately deployed. The ‘PLAN’ mnemonic is used by the police for operational and tactical planning but can be applied here to emphasise that any implementation of behavioural detection should be proportionate, legal, accountable, and necessary. This can help to ensure that it is effective, reduces or mitigates the risk of second- and third-order effects (e.g. false alarms, discrimination), and reassures the public. Moreover, behavioural detection is an expensive capability that can lead to a huge waste of resources if not implemented correctly. The guidance explains how to avoid this. We urge ASI readers to look at this document, share with others and consider and act upon the advice set out in order to maximise the potential of behavioural detection capabilities whilst understanding what needs to be in place for this to happen.

The guidance paper can be viewed at:

Sarah Knight

Sarah Knight is a Principal Senior Psychologist at the Defence Science and Technology Laboratory (Dstl) and a Research Fellow at the University of Portsmouth, UK. Sarah gained her PhD in 2006, which examined the relationship between beliefs, attitudes and behaviours from a social psychological perspective. At Dstl, Sarah leads various research portfolios to address defence and security challenges, and has expertise in violent and non-violent extremism, lone actors and the extreme right wing. Between 2017-2020, Sarah was Chair of a NATO Research Task Group on Countering Violent Extremism, which focused on the risk posed by Western foreign terrorist fighters (WFTFs) returning to their home countries, and how to counter and prevent the risk posed by these and ‘home-grown’ terrorism. Affiliation: Defence Science and Technology Laboratory (ref. DSTL/PUB125999)

  1. Department of Homeland Security Strategic Framework for Countering Terrorism and Targeted Violence, 2019 – see
  3. CPNI develops products that are freely available for aviation and other industries, and which provide advice and guidance on how best to disrupt hostile threats. Products are based on sound and scientific evidence from specially commissioned and other research, to ensure that information will be helpful and applicable, and will benefit security and other C/PVE efforts.
  4. See also – /behaviour-detection-technology-screening-on-the-go/
  5. See also – /micro-expressions-fact-or-fiction/