HOSTILE SURVEILLANCE VULNERABILITY ASSESSMENT

[SITE / PRINCIPAL / OPERATION UNDER ASSESSMENT]

The Hostile Surveillance Vulnerability Assessment identifies and characterizes vulnerabilities to hostile surveillance (static, mobile, technical, human) at a named site, for a named principal, or in support of a named operation. It evaluates the observable, exploitable gaps in physical/information security that an adversary could leverage to conduct surveillance - detection, monitoring, probing, or reconnaissance - against the asset. It is a physical-security / counter-surveillance analytic product, not a threat-actor investigation.

This product draws its altitude boundary against three sibling products:

  • Reconnaissance (Recce) Report: The Recce product reports actual adversary reconnaissance activity (observed surveillance, probing, technical detection) against an asset. This assessment does NOT assert that hostile surveillance is occurring * - it identifies the conditions that make surveillance possible, detectable, or deniable.*
  • Protective Intelligence Assessment: The PI product maps a network of hostile actors and their intent/capability toward a principal. This assessment does NOT assess actor intent or network structure * - it assumes a generic hostile surveillance capability and tests the asset against it.*
  • Threat Case Assessment & Management (TAM): The TAM product manages a specific known threat actor/case with named individuals and escalation management. This assessment does NOT manage a specific threat case * - it is a pre-threat vulnerability baseline.

This product is advisory and preventive, not a prediction of attack. It informs protective-posture hardening, countersurveillance program design, and security-awareness training. It does not prescribe specific technical-security installations or replacement of existing security infrastructure - those decisions are operational planning products derived from this assessment.


Document Control

FieldValue
Report Reference[REF-YYYY-###]
Date of Report[YYYY-MM-DD]
Assessment As-Of Date[YYYY-MM-DD]
Asset Under Assessment[Site name / principal name / operation designation]
Asset Type[Fixed site / residence / event / principal-movement / operation]
Asset Location / Geography[Address / city / region / operational area]
Assessment Purpose / Trigger[Periodic review / event preparation / threat-received / insurance / due diligence]
Classification / Handling[TLP-AMBER / CONFIDENTIAL / etc.]
Client[CLIENT NAME]
Requesting Party[REQUESTING PARTY NAME]
Prepared By[ANALYST / THREAT MANAGER NAME / ID]
Reviewed By[REVIEWER NAME / ID]
Approving Officer[APPROVER NAME / ID]
Version[X.X]
Distribution[NAMED RECIPIENTS]

Handling: [Classification/TLP]. Named recipients only. No onward dissemination without originator approval.

IMMINENT DANGER: If during the conduct of this assessment evidence of active hostile surveillance is discovered, contact the designated security officer / law enforcement immediately. This product does not substitute for emergency response.

Nature of assessment: This is a vulnerability assessment - an analytic evaluation of observable conditions that could facilitate hostile surveillance. It is NOT a finding that hostile surveillance is occurring, NOT a security-system audit or certification, NOT a compliance inspection, and NOT a threat-actor investigation. It identifies gaps; remediation is the responsibility of the asset owner/operator.

Permissible purpose: Conducted for the lawful protective purpose of [PURPOSE]. Not a “consumer report” and not prepared by a “consumer reporting agency” under the FCRA (15 U.S.C. § 1681); not for any FCRA-covered eligibility determination.

Data protection: Site/location and principal identifiability data processed under [GDPR/CCPA/applicable regime]; handle per the client DPA and retention schedule [RETENTION REF]. Privilege: [If applicable] Attorney–Client Privileged / Work Product.

Collection boundary: Collection confined to open/publicly-available information (ATP 2-22.9 1-2) and site-survey observations conducted with permission and without intrusion on private space. No surveillance of, or pretext contact with, any individual; no trespass; no unauthorized photography. Image/recording of the asset perimeter from public rights-of-way noted.

Currency: Surveillance vulnerability is dynamic - physical posture, routines, and threat environment change. This assessment reflects conditions as of the as-of date and must be reassessed on the triggers/cadence in §[REASSESSMENT SECTION].

Vulnerability Summary Card

FieldValue
Overall Surveillance Vulnerability Level[Minimal / Low / Moderate / High / Critical]
Highest-Vulnerability Domain[Static-position / movement / technical / human-insider / digital-footprint]
Highest-Vulnerability Location / Segment[Specific location / route segment / time window]
Critical Gaps Identified (count)[n critical / n high / n medium / n low]
Remediation Priority[Immediate / this week / next cycle / deferred]
Reassessment Trigger / Cadence[Event/cadence]

Table of Contents

Page numbers populate on export to Word/PDF.

  1. BLUF - Bottom Line Up Front
  2. Executive Summary
  3. Key Judgments
  4. Priority Intelligence Requirements (PIRs)
  5. Asset Characterisation & Protective Posture Baseline
  6. Physical / Static-Position Surveillance Vulnerability
  7. Movement & Route Surveillance Vulnerability
  8. Technical / Electronic Surveillance Vulnerability
  9. Human / Insider Surveillance Vulnerability
  10. Digital-Footprint & Information-Exposure Vulnerability
  11. Counter-Surveillance Capability & Readiness Assessment
  12. Vulnerability Register & Risk Scoring
  13. Verified Findings Summary
  14. Hostile Surveillance Indicators & Warning Matrix
  15. Analysis of Competing Hypotheses (ACH)
  16. Key Assumptions Check
  17. Collection Gaps & Intelligence Requirements (RFIs)
  18. Recommendations & Remediation Priorities
  19. Annex A - Sources, Methodology & Doctrinal Basis
  20. Annexes B+

1. BLUF - Bottom Line Up Front

2–4 sentences. State the overall surveillance vulnerability level, the highest-vulnerability domain and specific location/segment, the most critical gap(s), and the immediate recommended action (hardening, route change, countersurveillance deployment, further assessment).

  • Overall vulnerability level: [Minimal / Low / Moderate / High / Critical.]
  • Highest-vulnerability domain: [Domain + location/segment.]
  • Most critical gap(s): [One-line basis.]
  • Immediate action: [Hardening / route change / deploy countersurveillance / initiate Recce monitoring / further assessment.]

2. Executive Summary

Assessment Trigger & Purpose

What prompted this vulnerability assessment - periodic review, event preparation, threat intelligence indicating generic surveillance, insurance requirement, client request. Why now.

[Narrative.]

Asset Overview

The asset(s) under assessment: site characteristics (urban/rural, proximity to public space, perimeter type, access control), principal movement (routine patterns, predictable windows), or operation profile. Baseline protective posture in brief.

[Narrative.]

Scope & Limitations

What was assessed, assessment methods (site walk / OSINT / remote imagery / interviews), time window, constraints (no interior inspection, access limitations, cooperation level, no electronic countermeasures sweep).

[Narrative.]

Vulnerability Bottom Line

The net assessment - overall vulnerability level, the most exposed domains/locations, and the overarching recommendation.

[Narrative.]

3. Key Judgments

Analytic assessments about the asset’s vulnerability to hostile surveillance, not predictions of attack. Likelihood (of effective hostile surveillance against the asset under current posture) and analytic confidence in SEPARATE columns (never combine them in one sentence - ICD 203). Each judgment names its change indicator.

#JudgmentLikelihood (of effective hostile surveillance)Analytic ConfidenceChange Indicator
KJ-1[e.g., A determined hostile surveillance operator could maintain continuous observation of the principal’s residence from public space with low probability of detection under current posture][almost no chance … almost certain][HIGH/MOD/LOW][Deployment of uniformed patrol / addition of access-control barriers / change in adjacent land use]
KJ-2[ ][ ][ ][ ]
KJ-3[ ][ ][ ][ ]
KJ-4[ ][ ][ ][ ]

4. Priority Intelligence Requirements (PIRs)

The questions this assessment must answer (PIR → Indicator → SIR → source). Answer, evidence, confidence, residual gap each.

Collection-management spine: PIR → Indicator → SIR → OSINT-first source (Army-current; EEI = Joint synonym).

PIR-1: [e.g., What are the most accessible, least observable surveillance positions from which to observe the asset?]

AssessmentSupporting EvidenceAnalytic Confidence
[Identified n positions / none identified / inconclusive][ ][HIGH/MOD/LOW]

Residual gap: [Carry to §17 if open.]

PIR-2: [e.g., What are the predictable, exploitable patterns (temporal, route, behavioural) of the asset?]

AssessmentSupporting EvidenceAnalytic Confidence
[ ][ ][ ]

Residual gap: [ ]

PIR-3: [e.g., What information about the asset (location, routine, security posture) is discoverable from open sources?]

AssessmentSupporting EvidenceAnalytic Confidence
[ ][ ][ ]

Residual gap: [ ]

PIR-4: [e.g., What are the existing counter-surveillance measures and their effectiveness?]

AssessmentSupporting EvidenceAnalytic Confidence
[ ][ ][ ]

Residual gap: [ ]

(Repeat - tailor PIRs to asset type and assessment depth: typically 4–6 PIRs covering static, movement, technical, human, digital, counter-surveillance readiness.)

PIR Summary Matrix

PIRQuestion (brief)AnswerAnalytic Confidence
PIR-1[ ][ ][H/M/L]
PIR-2[ ][ ][H/M/L]
PIR-3[ ][ ][H/M/L]
PIR-4[ ][ ][H/M/L]

5. Asset Characterisation & Protective Posture Baseline

Describe the asset and its current protective posture. Establish the baseline against which vulnerabilities are assessed. For a site: perimeter type and integrity, access control, lighting, sightlines from surrounding public space, guard force or technical surveillance. For a principal: residence type, movement profile, security detail, household/staff access. For an operation: footprint, schedule, security protocols.

Asset Characterisation

AttributeFindingSource Grade
Asset name / designation[ ][A–F / 1–8]
Asset type[Fixed site / residence / principal-movement / event / operation][ ]
Location / geography[Address / coordinates / area / route corridor][ ]
Surrounding environment[Urban density (high/medium/low) / residential / commercial / industrial / remote / mixed][ ]
Public-access proximity[Distance from nearest public right-of-way / public space / transport node / vantage point][ ]
Property / operational footprint[Dimensions / area / building configuration / floor plan (unclassified)][ ]
Hours of operation / occupancy[24/7 / business hours / intermittent / period(s) of vulnerability][ ]

Protective Posture Baseline

DomainCurrent Measure / CapabilitySource Grade
Perimeter security (physical barriers)[Fence / wall / bollards / natural barriers / none identified][A–F / 1–8]
Access control (entry points)[Gate / guard / electronic / key-card / biometric / none identified][ ]
Surveillance detection (technical)[CCTV coverage / analytics / radar / LPR / none identified][ ]
Surveillance detection (human)[Guard force / CP / countersurveillance team / none identified][ ]
Lighting & environmental[Perimeter lighting / motion-activated / IR / blind spots identified][ ]
Communications security[COMSEC / OPSEC posture / information-sec measures identified][ ]
Personnel security / insider controls[Vetting / access logging / separation-of-duties / none identified][ ]
Digital footprint management[Online OPSEC / address opacity / social-media discipline / none identified][ ]

Known Historical Surveillance / Reconnaissance Incidents

Any prior incidents of observed surveillance, probing, suspicious activity, or security breaches at the asset. If none, state explicitly.

DateIncident DescriptionRelation to Current AssessmentSource Grade
[ ][ ][ ][ ]

6. Physical / Static-Position Surveillance Vulnerability

Assess the asset’s vulnerability to static, fixed-position surveillance - a hostile observer maintaining sustained observation of the asset from a fixed location (public vantage point, adjacent property, parked vehicle, natural cover). Evaluate each potential observation position for: field of view, concealment, duration feasibility, access/egress, and deniability.

Observation-Position Survey Matrix

Position IDLocation / DescriptionDistance to AssetField of View (asset coverage %)Concealment (natural / structural / vehicular)Duration Feasibility (unattended / short / sustained)Access & Egress (risk of detection)Overall Vulnerability (Low / Med / High)Source Grade
OP-1[ ][meters][%][ ][ ][ ][ ][ ]
OP-2[ ][ ][ ][ ][ ][ ][ ][ ]

Observation-Position Analysis

For each identified observation position - what it provides (approach surveillance, entry monitoring, principal visual confirmation, pattern-of-life capture), the time-of-day / seasonal factors, and any mitigations that reduce the position’s effectiveness.

[Narrative per OP - guidance: describe the surveillance utility of each position, not the asset details.]

Covert Positioning & Dump Sites

Potential locations for unattended surveillance devices (hidden cameras, trackers, data skimmers, unattended ground sensors) on or near the asset - access points, concealment opportunities, duration-factors.

Position IDLocationConcealment QualityAccess DifficultyDevice Types SuitableDetection RiskSource Grade
[ ][ ][ ][ ][ ][ ][ ]

Static-Position Vulnerability Assessment

Summary judgment: under current posture, could a determined hostile surveillance operator maintain sustained static observation of the asset with low probability of detection? Factors combining to raise or lower that judgment.

[Narrative. Likelihood + confidence stated separately.]

7. Movement & Route Surveillance Vulnerability

Assess the vulnerability of mobile assets (principal movements, convoys, patrols, predictable route patterns) to hostile surveillance - mobile surveillance (foot / vehicle / drone / co-opted third-party), staged observation at predictable points, tracking devices, and route profiling. Analyse each routine route segment.

Route / Movement Inventory

Catalog the predictable movements of the asset: residence → work, regular appointments, planned travel, habitual routes, timing predictability.

Route IDOrigin → DestinationFrequencyTypical DurationTiming PredictabilityMode(s) of TransportChoke Points / Predictable SegmentsSource Grade
R-1[ ][ ][ ][High / Med / Low][Vehicle / foot / air / mixed][ ][ ]
R-2[ ][ ][ ][ ][ ][ ][ ]

Route-Segment Vulnerability Analysis (Per Route)

For each route, segment the route into phases and assess the surveillance vulnerability of each segment: departure point, transit segments, arrival points, choke points (bridges, tunnels, single-lane, restricted-access junctions), and predictable slowdown points.

Route IDSegmentVulnerability (Low/Med/High)Observable from Public Space?Observation Positions (static/mobile)Concealment Opportunity for Mobile SurveillanceCounter-Surveillance DifficultySource Grade
R-1Departure / residence[ ][Y/N][ ][ ][ ][ ]
R-1Transit segment A[ ][ ][ ][ ][ ][ ]
R-1Transit segment B[ ][ ][ ][ ][ ][ ]
R-1Arrival / destination[ ][ ][ ][ ][ ][ ]

Mobile-Surveillance Detection Environment

Assess the ease or difficulty of detecting mobile surveillance against the asset - traffic density, road network complexity, availability of turns / counter-surveillance routes, ability to identify parallels.

FactorFindingImplication for Surveillance Difficulty
Traffic density on route[Heavy / moderate / light / variable][Easier to blend / harder to detect]
Route-complexity (alternates available)[ ][ ]
Ability to conduct dry-cleaning / SDR[ ][ ]
Typical vehicle mix (anonymity)[ ][ ]
Aerial / drone surveillance risk[ ][ ]

Movement-Pattern Vulnerability Assessment

Summary judgment: under current movement predictability and countersurveillance posture, could a determined hostile surveillance operator build a reliable pattern-of-life profile and execute mobile surveillance on a given movement?

[Narrative. Likelihood + confidence stated separately.]

8. Technical / Electronic Surveillance Vulnerability

Assess vulnerability to technical or electronic surveillance methods against the asset - communications intercept (RF / cellular / Wi-Fi / Bluetooth), video/audio surveillance, tracking (GPS / cellular / Bluetooth beacons), data exfiltration from connected systems, and drone-based surveillance.

RF / Communications Intercept Surface

Signal TypePresence on AssetDetectability from Public SpaceEncryption / ProtectionIntercept Difficulty (Low/Med/High)Source Grade
Cellular (GSM/LTE/5G)[ ][ ][ ][ ][ ]
Wi-Fi (2.4/5/6 GHz)[ ][ ][ ][ ][ ]
Bluetooth / BLE[ ][ ][ ][ ][ ]
SATCOM / VSAT[ ][ ][ ][ ][ ]
Radio / trunked systems[ ][ ][ ][ ][ ]
Other wireless peripherals[ ][ ][ ][ ][ ]

GPS / Location Tracking Vulnerability

Assess vulnerability to GPS-spoofing / jamming / physical-tracker placement on vehicles, personal items, or shipments. Potential placement points and detection difficulty.

TargetTracker-Placement PointsAccessibilityDetection Difficulty (vehicle / personal search posture)Source Grade
[Primary vehicle][Exterior / undercarriage / interior / OBD port / fuel cap][ ][ ][ ]
[Secondary vehicle][ ][ ][ ][ ]
[Personal effects / baggage / shipments][ ][ ][ ][ ]

Drone / Aerial Surveillance Vulnerability

Assess vulnerability to drone-based observation - altitude / range of public vantage, no-fly-zone / airspace restrictions, detect-and-avoid capability, typical drone traffic in area (anonymity).

FactorFindingImplication
Airspace restrictions / no-fly zones[None / restricted / prohibited][ ]
Drone detection / C-UAS capability[None / passive / active / contractual][ ]
Typical civilian drone traffic[None / low / moderate / high][ ]
Asset exposure from vertical aspect[Open / partially covered / fully covered][ ]

Technical Surveillance Vulnerability Assessment

Summary judgment: the overall vulnerability to technical/electronic surveillance, factoring the intercept surface, tracking vulnerability, drone risk, and the asset’s technical-security posture.

[Narrative. Likelihood + confidence stated separately.]

9. Human / Insider Surveillance Vulnerability

Assess vulnerability to surveillance facilitated by a human source with legitimate access to the asset - household staff, security personnel, vendors, building management, co-workers, neighbours, or family members. Insider threat as a surveillance vector.

Access Population Inventory

Access TypeIndividuals / Roles with AccessAccess Level (Escorted / Unescorted / 24/7)Vetting / ScreeningRisk Leverage Points (financial / coercion / ideology / intimacy)Source Grade
Household / domestic staff[ ][ ][ ][ ][ ]
Security personnel (contracted)[ ][ ][ ][ ][ ]
Building / property management[ ][ ][ ][ ][ ]
Regular vendors / services[ ][ ][ ][ ][ ]
IT / technical support[ ][ ][ ][ ][ ]
Neighbours / co-tenants[ ][ ][ ][ ][ ]
Family / associates with access[ ][ ][ ][ ][ ]

Insider Surveillance Vector Assessment

For each access category, assess the vulnerability that a hostile actor could recruit / co-opt / coerce an insider to: report on routines, provide interior access, place devices, photograph documents, observe/signal.

Vector / ScenarioPlausibility (Low/Med/High)Required Insider Access LevelIndicators of Co-OptingMitigation / DeterrentSource Grade
[ ][ ][ ][ ][ ][ ]

Human Surveillance Vulnerability Assessment

Summary judgment: vulnerability to surveillance through the human / insider vector, factoring access breadth, vetting gaps, and compensation/dependence structures.

[Narrative. Likelihood + confidence stated separately.]

10. Digital-Footprint & Information-Exposure Vulnerability

Assess vulnerability through digital footprint - what a hostile surveillance operator could learn about the asset from open sources without physical presence. Do not re-perform a full OSINT footprint; assess what information is available and of surveillance value.

Information Exposure Matrix

Information CategoryDiscoverable from OSINT? (Y/N/Partial)Surveillance Value to Hostile OperatorMitigation in PlaceSource Grade
Address / location (principal / site)[ ][Direct targeting / pattern-of-life baseline][ ][ ]
Residence interior / layout imagery[ ][ ][ ][ ]
Routine / schedule / calendar[ ][ ][ ][ ]
Travel / itinerary[ ][ ][ ][ ]
Principal / family photographs[ ][ ][ ][ ]
Vehicle(s) / registration / plates[ ][ ][ ][ ]
Security posture (visible measures)[ ][ ][ ][ ]
Staff / household personnel[ ][ ][ ][ ]
Business / professional associations[ ][ ][ ][ ]
Real estate / property records[ ][ ][ ][ ]

Digital-Footprint Surveillance Vulnerability Assessment

Summary judgment: whether available digital information significantly lowers the collection burden for a hostile surveillance operator - does the operator need to develop information from physical surveillance that the internet already provides?

[Narrative. Likelihood + confidence stated separately.]

11. Counter-Surveillance Capability & Readiness Assessment

Assess the asset’s current capability to detect, deter, and respond to hostile surveillance. This is an analytic evaluation of readiness, not an audit or operational plan.

Counter-Surveillance Capacity Table

CapabilityCurrently Present (Y/N/Partial)DescriptionEffectiveness Assessment (Low/Med/High)Gap IdentifiedPriority (H/M/L)
Dedicated countersurveillance team / function[ ][ ][ ][ ][ ]
CCTV / analytics coverage (purpose: surveillance detection)[ ][ ][ ][ ][ ]
Guard-force surveillance-detection training[ ][ ][ ][ ][ ]
Route / movement countersurveillance protocols[ ][ ][ ][ ][ ]
Technical surveillance countermeasures (TSCM) programme[ ][ ][ ][ ][ ]
Insider-threat detection / reporting mechanisms[ ][ ][ ][ ][ ]
Drone detection / C-UAS[ ][ ][ ][ ][ ]
Digital-footprint / OPSEC management[ ][ ][ ][ ][ ]
Incident reporting / suspicious-activity protocol[ ][ ][ ][ ][ ]
Periodic vulnerability reassessment[ ][ ][ ][ ][ ]

Readiness Summary

Net judgment: does the asset have the capacity to detect an attempt at hostile surveillance before the surveillance phase is complete? What are the most critical capability gaps?

[Narrative.]

12. Vulnerability Register & Risk Scoring

Per-domain and consolidated risk scoring. Likelihood (1–5: how easily a hostile surveillance operator could exploit this vulnerability) × Impact (1–5: consequence of successful exploitation for the asset) = 1–25. Keys: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.

Per-Domain Risk Register

DomainVulnerability DescriptionLikelihood (1–5)Impact (1–5)ScoreBandPriority
Static-position surveillance[ ][ ][ ][ ][ ][ ]
Movement / route surveillance[ ][ ][ ][ ][ ][ ]
Technical / electronic surveillance[ ][ ][ ][ ][ ][ ]
Human / insider surveillance[ ][ ][ ][ ][ ][ ]
Digital-footprint / information exposure[ ][ ][ ][ ][ ][ ]

Consolidated Vulnerability Heat Map

Cross-domain summary to identify highest-risk exposure. Guidance: rank-order domains by score and note any critical individual findings that drive the consolidated level.

Consolidated LevelBasisTrigger(s) for Escalation
[Minimal / Low / Moderate / High / Critical][ ][ ]

13. Verified Findings Summary

#FindingStatusAnalytic ConfidenceMateriality
F-1[ ][Verified / Unverified / Contradicted][H/M/L][Material / Minor]
F-2[ ][ ][ ][ ]

14. Hostile Surveillance Indicators & Warning Matrix

Observable indicators that a hostile surveillance operation may be underway or being prepared against the asset. Organised by domain - static, mobile, technical, human, digital. For each indicator: what to look for, where to look, how to verify.

Indicator Matrix

DomainIndicator (observable behaviour / condition)Detection MethodPotential False-Flag / MisattributionAction if ConfirmedSource Grade
Static[Unknown/infrequent vehicle parked at observation position with line of sight to asset for extended period][ ][ ][ ][ ]
Static[ ][ ][ ][ ][ ]
Mobile[ ][ ][ ][ ][ ]
Mobile[ ][ ][ ][ ][ ]
Technical[ ][ ][ ][ ][ ]
Technical[ ][ ][ ][ ][ ]
Human[ ][ ][ ][ ][ ]
Digital[ ][ ][ ][ ][ ]

Indicator Escalation Logic

Guidance on how to read clusters of indicators - a single indicator is ambiguous; multiple concurrent indicators across domains increase concern.

[Narrative.]

15. Analysis of Competing Hypotheses (ACH)

Test the alternative explanations for the observed vulnerability pattern. A vulnerability assessment does not assume hostile intent - the hypotheses test whether the vulnerability conditions are exploitable by an adversary, benign, or a mischaracterisation.

Hypothesis 1: [The asset’s vulnerability profile would permit effective hostile surveillance by a determined operator]

  • Evidence for / against: [ ] / [ ]
  • Assessment: [ ]

Hypothesis 2: [The asset’s vulnerability profile is benign - routine urban/public exposure that does not materially enable surveillance]

  • Evidence for / against: [ ] / [ ]
  • Assessment: [ ]

Hypothesis 3: [The vulnerability profile is overestimated - assumptions about operator capability, resources, or persistence are too pessimistic]

  • Evidence for / against: [ ] / [ ]
  • Assessment: [ ]

Hypothesis 4: [The vulnerability profile is underestimated - the assessment missed collection vectors or assumed adversary limitations that do not apply]

  • Evidence for / against: [ ] / [ ]
  • Assessment: [ ]

Most consistent hypothesis: [Which, and the discriminating evidence.]

16. Key Assumptions Check

#AssumptionBasisAnalytic ConfidenceImpact if Wrong
A-1[Hostile surveillance operator is assumed to have generic surveillance tradecraft (static + mobile + technical) and motivation to invest collection time][ ][H/M/L][ ]
A-2[Asset’s current protective posture is static - no imminent upgrades or degradation][ ][ ][ ]
A-3[ ][ ][ ][ ]
A-4[ ][ ][ ][ ]

17. Collection Gaps & Intelligence Requirements (RFIs)

Gap / RFIImpact on AssessmentRecommended Collection / Routed ProductPriority
[ ][ ][Method / e.g., ”→ site survey / aerial imagery analysis / staff interviews”][HIGH/MED/LOW]
[ ][ ][ ][ ]

18. Recommendations & Remediation Priorities

Assessment without management is incomplete. Provide concrete, prioritised recommendations to reduce surveillance vulnerability. Organise by domain and by stakeholder (asset owner, security team, principal, legal/compliance). Distinguish between immediate/low-cost measures and longer-term investment. Include actions to AVOID that could be counterproductive.

Remediation Priority Matrix (Per Finding from §12–§13)

Finding / GapRecommended RemediationLawful Basis / AuthorityOwnerPriority (Critical/High/Med/Low)Estimated EffortTimeline
[ ][ ][ ][ ][ ][ ][ ]
[ ][ ][ ][ ][ ][ ][ ]

Stakeholder-Specific Recommendations

For the Asset Owner / Principal

Highest-level actions - posture adjustments, resource commitment decisions, principal behaviour changes.

[Narrative.]

For the Security Team

Operational-level actions - surveillance-detection patrols, countersurveillance protocols, technology upgrades, staff training, incident-response plan.

[Narrative.]

Any actions requiring legal review - trespass enforcement, access-control policies, data-protection implications of countersurveillance measures, privacy notice updates.

[Narrative.]

Actions to AVOID (counterproductive measures)

Steps that could degrade security, create legal exposure, or provoke escalation - e.g., aggressive confrontation of suspicious persons without evidence, public exposure of countermeasures, unauthorised technical intercept, self-surveillance of neighbours.

[Narrative.]

Reassessment Triggers & Cadence

When this assessment must be revisited and the routine review interval. Name the program owner.

[Narrative. Program owner: [NAME]. Review cadence: [quarterly / bi-annual / annual / event-triggered].]

19. Annex A - Sources, Methodology & Doctrinal Basis

Methodology by Phase (ATP 2-22.9 intelligence process, para 1-9)

Plan (requirements / scope definition / asset brief) → Prepare (site-survey permissions / remote-imagery procurement / managed-attribution setup) → Collect (site walk / open-source research / imagery analysis / staff interviews) → Produce (evaluate / process / report). State what was done in each phase.

Collection Methods

List collection methods used in this assessment (site survey from public rights-of-way, remote-satellite/drone imagery analysis, OSINT search, questionnaire/interviews with asset security personnel, review of existing security documentation).

  • [Method 1]: [Brief description]
  • [Method 2]: [ ]
  • [Method 3]: [ ]

Doctrinal Basis & Method

Governing authority and imported constructs, with FULL/PARTIAL/GAP transparency.

  • Governing authority (GAP band): No single military doctrine governs vulnerability-to-hostile-surveillance assessment. This product draws method from physical-security / counter-surveillance / protective-intelligence practitioner frameworks, layered over the analytic floor.
  • Analytic overlay (method, not authority): The structured-observation-position survey method; route-segment vulnerability analysis; domain decomposition of surveillance vectors (static / mobile / technical / human / digital).
  • Counter-surveillance readiness evaluation: Adapted from protective-intelligence program-assessment frameworks.
  • Analytic floor: ICD 203 (likelihood/confidence separated), ICD 206 (sourcing), NATO Admiralty A–F reliability.
  • Authority boundary: collection confined to lawful open/publicly-available sources (ATP 2-22.9 1-2) and site surveys conducted from public rights-of-way with no trespass, no surveillance of individuals, and no unattended sensing.

Source Register

RefSourceSource Role (Primary/Secondary/Authoritative/Non-auth.)TypeReliability (A–F)Credibility (1–6)Date
S-1[ ][ ][ ][ ][ ][ ]
S-2[ ][ ][ ][ ][ ][ ]

Source Evaluation Worksheet (ATP 2-22.9 4-13)

SourceIdentityAuthorityMotiveAccessTimelinessConsistency→ Reliability/Credibility
[ ][ ][ ][ ][ ][ ][ ][ ]

Source Reliability Scale (Admiralty, A–F)

GradeMeaning
ACompletely reliable
BUsually reliable
CFairly reliable
DNot usually reliable
EUnreliable
FReliability cannot be judged

Grades run A Completely reliable through F Reliability cannot be judged; new sources default to F.

Information Credibility Scale (Admiralty, 1–6)

GradeMeaning
1Confirmed by other sources
2Probably true
3Possibly true
4Doubtful
5Improbable
6Truth cannot be judged

Each sourced datum receives a two-character grade (e.g., B2). New sources default to F6.

Estimative Probability (Likelihood) Lexicon - ICD 203

TermRange
Almost no chance / remote01–05%
Very unlikely / highly improbable05–20%
Unlikely / improbable20–45%
Roughly even chance45–55%
Likely / probable55–80%
Very likely / highly probable80–95%
Almost certain / nearly certain95–99%

The estimative scale runs from almost no chance / remote (01–05%) to almost certain / nearly certain (95–99%). Likelihood (event) and analytic confidence (evidence) are distinct axes - never combine them in one sentence (ICD 203).

Analytic Confidence Scale (evidence base)

LevelCriteria
HIGHMultiple independent, reliable sources; corroborated; no significant contradiction.
MODERATEPartial corroboration; some gaps; minor unresolved inconsistencies.
LOWSingle/uncorroborated source; significant gaps; plausible alternatives open.

Risk-Scoring Key

ScoreBand
1–5Low
6–10Moderate
11–15Elevated
16–20High
21–25Critical

Likelihood (1–5) × Impact (1–5) = 1–25. Risk is scored per domain in §12; the overall vulnerability level in the Summary Card is a structured professional judgment, not a sum.

Collection OPSEC / Non-Attribution

Managed-attribution posture used (non-.gov egress, no login pivots into private space, footprint minimization - ATP 2-22.9 App B: research “could unintentionally reveal CCIRs”). Site survey conducted from public rights-of-way only; no photography of individuals; no unattended devices deployed.

Methodological note: This is a vulnerability assessment, not a threat-assessment, not a finding that hostile surveillance is occurring, and not a security-system audit. Likelihood (event) and analytic confidence (evidence) are stated separately (ICD 203). Practitioner methods (countersurveillance tradecraft frameworks) are cited as method, never as governing authority; no live tool names appear in this skeleton. All site observations were conducted lawfully from public space.

20. Annexes B+

  • Annex B - Site Diagram / Observation-Position Map: [Sketch/map annotating observation positions, sightlines, choke points, coverage gaps.]
  • Annex C - Route Diagram (per route): [Map segmenting the route with vulnerability annotations per segment.]
  • Annex D - Digital-Footprint Discovery Record: [Open-source search results - publicly available information found about the asset.]
  • Annex E - Source Index: [Citations / archived records, capture timestamps.]
  • Annex F - Security-Questionnaire Responses (if applicable): [Anonymised summary of security-team interviews.]
  • Annex G - Glossary & Abbreviations.
  • Annex H - Revision History.

END OF REPORT

This Hostile Surveillance Vulnerability Assessment is an analytic evaluation of observable conditions that could facilitate hostile surveillance against the named asset. It is NOT a finding that hostile surveillance is occurring, NOT a threat-actor investigation, NOT a security-system audit or certification, NOT a compliance inspection, and NOT an operational security plan. It identifies gaps; remediation is the responsibility of the asset owner/operator. All collection was conducted lawfully from public space or with permission. The vulnerability profile is dynamic and must be reassessed on the stated triggers. If evidence of active hostile surveillance is discovered, contact the designated security officer / law enforcement immediately.

FieldValue
Prepared By[ANALYST / THREAT MANAGER NAME]
Reviewed By[REVIEWER NAME]
Approving Officer[APPROVER NAME]
Date[YYYY-MM-DD]
Version[X.X]

Model wiring

Generated from cell frontmatter at publish time.