The Critical Difference™

CIS Critical Infrastructure Protection Program

An integrated, multi-layered strategy for protecting critical infrastructure facilities against terrorist attack

Preceding Note

Many elements of our Critical Infrastructure Protection Program (described further on this page) were developed and managed by CIS for a domestic energy client during an eleven year period (2004-2015). Although this client-specific program is no longer operational, inactive elements related to the program are described here as a case study of our risk management strategy in practical application.

Today, our security consultants continue to provide expert assistance on anti-terrorism and critical infrastructure protection issues including the design and implementation of security measures described on this page.

Continue Reading This Page

In the wake of the 9/11 attacks, companies in all sectors of critical infrastructure found themselves ill-prepared for the risk of terrorist violence. As a source of security risk, terrorism is unique and the tactics and capabilities employed by terrorists require a specialized and performance-based approach to managing risk.

While the Federal government was beginning to formulate a national strategy for critical infrastructure protection, CIS was approached by an energy company seeking a solution.

The result of this project became the CIS Critical Infrastructure Protection Program. The first and only private-sector program of its type outside the nuclear power industry, lauded in 2005 by the U.S. Government Accountability Office (GAO) as a “…model for critical infrastructure protection in America.”

The CIS Critical Infrastructure Protection Program Risk Management Strategy

At the foundation of our critical infrastructure protection program is a multi-layered strategy aimed at preventing terrorist attacks while employing performance-based physical security design, blast mitigation measures, and effective emergency preparations to reduce the impact of events.

The manner in how our program is implemented varies between facilities considering the types of assets requiring protection and threat considerations (i.e., design basis threats). Yet the risk management principles are universal and adaptable to all critical infrastructure facilities.  

The following diagram describes how these measures contribute to reducing risks of terrorist attack graphically depicted as concentric rings of protection.

Risk Management for Anti-Terrorism & Critical Infrastructure Protection

Security Risk Assessment

Although risk assessment is not a protective measure (per se), it lays the foundation for the program and drives the design process. At the commencement of new projects, our consultants conduct a comprehensive risk assessment to identify critical assets, consequences of asset damage or loss, threat characteristics and design basis threats, operational conditions with influence on the design of protective measures, and issues contributing to security vulnerability. Based on this assessment, our consultants work with client decision-makers to design and implement a protective program specific to the facility of concern.

Intelligence Liaison

At the commencement of every project, our consultants work with authorities to maximize the accuracy of our threat assessments and establish a trusted relationship for reporting suspicious activity and intelligence exchange. In our Florida operations, this activity was the role of our Intelligence Liaison Officers (ILO’s) who maintained personal contact with representatives of the FBI’s Joint Terrorism Task Force (JTTF) and regional fusion centers. In projects for new clients, our consultants aid companies in establishing dialogue with authorities and a sustainable process for liaison.

Surveillance Detection & Suspicious Activity Reporting

In most facilities, the first layer of defense against terrorist attacks is detection of target surveillance and pre-attack intelligence gathering. This entails establishing measures to actively monitor potential surveillance activity such as training security personnel in surveillance detection, CCTV documentation of likely surveillance locations, and establishing a system for documenting and reporting suspicious activity. For this purpose, CIS created the Suspicious Activity Tracking and Analysis System (SATAS) database in 2004 for purposes of standardized reporting and dissemination of suspicious activity reports to authorities. Click below to learn more about SATAS.

Read More

Today, the US Federal government’s Nationwide Suspicious Activity Reporting (SAR) Initiative provides a standardized framework for documenting, reporting, and disseminating information about suspicious activity associated with terrorism. In 2004, there was no standardized process and government agencies were largely disconnected. To address this situation, we created the Suspicious Activity Tracking and Analysis System (SATAS) for use by our personnel in documenting suspicious events, persons, vehicles, and other relevant details.

As part of our liaison activity, representatives of Federal agencies and law enforcement intelligence units were provided with login access to SATAS, thus expediting our reporting to authorities and allowing outside agencies to search our database when engaged in other investigations.

SATAS was also designed to detect subtle patterns of suspicious activity which can be easily missed when reviewing reports on a daily basis. The system also featured a Watch List which allowed field commanders to disseminate BOLO alerts and information about suspicious persons and vehicles to officers working in the field.

Performance-Based Physical Security Design

Fences, CCTV cameras, alarm sensors, and other physical security components have no value during terrorist attacks outside their integrated performance as a system. When designing a critical infrastructure protection program, our consultants work with client leaders to design an improved Physical Protection System (PPS) which mathematically reconciles detection, delay, and response elements to ensure a high probability of interrupting attackers before they succeed.

Additional physical security measures include pedestrian and vehicle entry controls, screening procedures, and measures to protect against forced entry by vehicles (e.g., passive and active anti-vehicle barriers, terrain features, etc.).

Tactical Response Force

Even the best designed Physical Protection System will fail if the responding security force is delayed or incapable of neutralizing the attackers. When protecting critical infrastructure facilities against terrorists, conventional security forces are often woefully unprepared. Likewise, response by off-site law enforcement units is unpredictable and too slow to ensure reliable intervention. For this reason, CIS created the Anti-Terrorism Officer (ATO) Division in 2004. CIS Anti-Terrorism Officers were former military personnel specially trained, armed, and supported for the mission of defending critical infrastructure facilities against terrorist attack.

Weapon Effects Mitigation

Depending on the facility’s design and the construction of critical assets, there are often measures which can be employed to reduce physical vulnerability to damage by standoff weapons (e.g., IEDs, anti-tank weapons, mortars, firearms, etc.). Examples include ensuring adequate standoff distance from perimeters and accessible bomb emplacement locations, shielding vulnerable outdoor assets with pre-detonation screens or bullet-resistant barriers, locating vulnerable piping subgrade, protective asset positioning, and more.

Also encompassed under this category are process design measures and redundancies to mitigate the consequences of damaged or destroyed equipment (e.g., chemical containment, redundancies in SCADA system design, etc.).   

Emergency Response Plans & Preparations

The last layers of defense in our critical infrastructure protection program are the plans and preparations for post-incident response, restoration of operations, and remediation of damage. This includes ensuring that our client has effective emergency response and business continuity plans, Incident Command and special task teams, reliable and redundant communications systems, and an on-going program of training and drills to ensure reliable performance.

The CIS Critical Infrastructure Protection Program History

September 11, 2001

9/11 Attacks

CIS assists the U.S. chemical industry in improving terrorism preparedness

While the Federal government was beginning to organize a cohesive strategy for critical infrastructure protection, CIS experts aided the AIChE Center for Chemical Process Safety in designing a risk assessment methodology for use by domestic chemical companies. During this period, CIS also developed and presented a course on Chemical Plant Security for AIChE’s annual conference and assisted several manufacturers in assessing and improving security at chemical facilities.

TECO Energy engages CIS for assistance

In 2003, CIS was engaged by TECO Energy to conduct a comprehensive security risk assessment of its facilities. The results of the assessment and our recommendations became the foundation for developing a unique risk management program.

The CIS Critical Infrastructure Protection Program is adopted by TECO Energy

As testimony to TECO Energy’s strong commitment to continuity of operations, TECO approved all elements of the risk management strategy designed by CIS and became the first energy company in the United States outside the nuclear industry to establish a performance-based strategy in protecting its critical facilities. The program at TECO Energy encompassed all elements of our Critical Infrastructure Protection Program as described on this page.

FLETC adopts the CIS Terrorism Risk Assessment Methodology

After attending our security risk assessment training workshop, the Federal Law Enforcement Training Center FLETC) requests permission to use the CIS methodology.

The CIS-S2 ATRR Workshop is recognized as the only private training course endorsed by the U.S. Department of Justice for providing terrorism risk assessment training.[1]

US GAO inspectors hail the CIS-TECO program as “…a model for critical infrastructure security.”

Inspectors from the US Government Accountability Office (GAO) review the TECO Energy program designed by CIS and hail it as "a model for critical infrastructure."

US Government agencies begin to adopt the CIS ATO training program

The CIS Anti-Terrorism Officer program is expanded in scope into a comprehensive, advanced-level training program on facility security planning. The program is adopted and/or presented for numerous US government organizations including the US Capitol Police, US Department of Defense, US Army, and several state-level agencies.

CIS consultants train ATO’s around the world

In 2009, CIS begins presenting the ATO training program around the world through our sister company, The S2 Safety & Intelligence Institute. The first International courses are presented in Dubai and Sidney.

In the following years, over 3,000 professionals around the world graduate the CIS ATO program.

The CIS-S2 ATO Program is adopted by OSCE for training government security professionals in the Caucasus region

S2 is contracted by the Organization for Security and Cooperation in Europe (OSCE) to develop and present a series of custom Anti-Terrorism Officer courses for government security professionals from Georgia, Armenia, and Azerbaijan.

CIS consultants develop a special version of the ATO Program for the Iraqi Ministry of Interior

The S2 Institute (sister company of CIS) is contracted by US CENTCOM to design and develop the new Anti-Terrorism & Facility Security training program for the Ministry of Interior of Iraq based on the S2 ATO course. The program encompasses development of a three-week security training program and on-site Train-the-Trainer mission in Baghdad to prepare the new MOI instructors.

European Institutions turn to CIS

Between 2015 and 2018, CIS consultants assist the European Central Bank, European Commission, and European External Action Service in improving the security of EU facilities throughout Europe and training EU security personnel using the CIS ATO program as a base model.

The CIS-S2 ATO Program becomes the basis for a new professional certification

The International Association of Counterterrorism and Security Professionals (IACSP) launches the "Certified Anti-Terrorism Officer" (cATO) examination and professional certification based on the CIS-S2 Institute Anti-Terrorism Officer program.

CIS closes the ATO Officer Division

In 2020, CIS sells its Uniformed Services Division to GardaWorld to focus exclusively on consulting and training.

[1] Leson, Joel. Assessing and Managing the Terrorism Threat. Washington, DC: U.S. Dept. of Justice, Office of Justice Programs, Bureau of Justice Assistance, 2005. Print.

CIS Anti-Terrorism Officers Specialized Personnel for a Special Mission

Successfully protecting facilities against terrorist attacks requires security personnel with specialized training, equipment, intelligence support, and tactical supervision. Historically, few security forces outside the government community have proven adequately prepared to prevent and respond to terrorist attacks.

To address the need for specialized security personnel in our critical infrastructure protection program, we created the CIS Anti-Terrorism Officer Division in 2004.

CIS Anti-Terrorism Officers (ATOs) were armed security or law enforcement personnel that were specially selected, trained, and equipped for employment in situations where terrorism is a critical risk. All ATO’s were recruited as former military personnel and prepared for assignment by completing 64-hours of specialized training on topics including terrorist tactics and protective measures, surveillance detection and reporting, IED recognition and search procedures, tactical firearms skills, and response to a spectrum of terrorist attack scenarios.

Between 2004 and 2020, CIS provided Anti-Terrorism Officers as service for critical infrastructure clients in the Tampa Bay region. As the only security officer corps of its type in the United States, the program earned accolades from numerous government agencies for its comprehensive design and focus on mission performance.

Play Video

Beyond CIS: The Anti-Terrorism Officer Program as an International Standard

By 2006, CIS consultants expanded the scope of the ATO training program into an advanced-level course on anti-terrorism and facility security planning. Through our sister company, the S2 Safety &Intelligence Institute, the ATO program evolved into an international standard for anti-terrorism training. Since 2004, over 3,000 professionals worldwide have graduated variations of the Anti-Terrorism Officer program developed by our consultants.

Read More

Over the past 15 years, the CIS Anti-Terrorism Officer training program has been adopted by numerous government organizations and NGOs including the European Commission, European External Action Service, Organization for Security and Cooperation in Europe, and government ministries representing over a dozen nations worldwide.

The program was also adopted by ITAM-Police as a foundation for developing the Anti-Terrorism and Physical Security course for the Ministry of Interior of Iraq in 2010.

As the crown of the program’s recognitions, the International Association of Counterterrorism and Security Professionals adopted our ATO program in 2017 as the basis for its Certified Anti-Terrorism Officer (cATO®) Board Certification.

Although CIS no longer provides armed ATO’s as a service, our consultants continue to assist organizations in developing and preparing security forces for the mission of protecting people and assets against terrorist violence.

Anti-Terrorism & Critical Infrastructure Protection Expert Solutions for Diverse Needs

Although the program we developed in the 2000’s is no longer active, our consultants continue to support clients around the world with expert assistance on anti-terrorism and critical infrastructure protection matters. Following are some of our services.


Security Risk & Vulnerability Assessments

CIS security consultants frequently conduct security risk and vulnerability assessments for critical infrastructure sites and other facilities at risk of terrorist attack. Over the past two decades, we have conducted assessments to aid a diverse range of organizations in achieving risk management goals and compliance with regulatory mandates.

In addition to conducting security risk and vulnerability assessments, our consultants have developed and aided in the improvement of risk assessment methodologies for organizations including chemical manufacturers, energy companies, commercial property management groups, the AIChE Center for Chemical Process Safety, European Commission, EEAS, and more.


Facility Security & Readiness Assessments

For clients who do not require a comprehensive or analytical approach to risk assessment, our consultants frequently conduct facility security and readiness assessments related to specific threat concerns (e.g., terrorist armed assaults, chemical and biological attack, etc.). In these situations, our consultants focus on identifying potential conditions contributing to vulnerability and propose solutions with consideration to the client's objectives and priorities.

In this type of specialized capacity, we have assisted a diverse range of facilities varying in scale and complexity from corporate offices and community centers to parliamentary buildings and the European Central Bank.

Learn more about our anti-terrorism & critical infrastructure protection consultants...

Contact Us 

Contact us to discuss your unique needs by calling Tel. +01 (727) 461-9417 or by completing the following form:


The Words of Our Clients and Peers

Toll-free: (800) 247-6055 | Tampa Bay Area: (727) 461-9417 | Hillsborough: (813) 910-4247 | Orlando: (407) 420-7945

The staff of CIS is dedicated to providing each client with the finest quality of protective services available.

Our commitment and dedication to professional, ethical, and protocol conscious service is our trademark.

Preserving, projecting, and protecting our clients’ image and interests is our business.

Copyright © 2020 Critical Intervention Services, Inc. ® Florida “A” License: A9900261 • Florida “B” License: B9200107