Upload
others
View
4
Download
1
Embed Size (px)
Citation preview
Session 3108 Developing an Antiterrorism Plan
Ross Johnson, CPP
Terrorism
Terrorism is an act of violence where the victim is not the intended target
Counterterrorism is the name for the active measures that police, the military, intelligence and diplomats use to detect, apprehend or destroy terrorists and terrorist groups
Antiterrorism is the name for the passive measures used to protect organizations from terrorists. In the antiterrorism world it isn’t our job to destroy the terrorist groups: we just want to convince them to leave us alone while the counterterrorism forces hunt them down.
There are worse killers out there…
• Half of all humans who ever lived were killed by mosquito-borne diseases
• At least 438,000 died of malaria in 2015 alone
• 300 million people died of smallpox in the 20th Century (1900-1977)
… and more killers…
A few things that kill more Canadians and Americans than terrorists:
• Guns (over 30,000 in 2015 alone)
• Hospital errors (98,000 per year)
• Car accidents (35,000 in 2014)
Why do Governments respond so harshly to terrorism?Max Weber“a state is a human community that (successfully) claims the monopoly of the legitimate use of physical force within a given territory”
Leon Trotsky“Every state is founded on force”
Why do Governments respond so harshly to terrorism?
Terrorists hijack the
government’s agenda, forcing
them to divert attention and
resources from their own goals
to counterterrorism
Why do Governments respond so
harshly to terrorism?
“terrorism is designed to drive a
wedge between segments of a
community which otherwise
might have coexisted peacefully,
both politically and socially”
- Lawrence M. Krauss, The New
Yorker
Terrorism Fatalities
National Consortium for the Study of Terrorism and Responses to Terrorism (START). (2016). Global Terrorism Database [Data file]. Retrieved from https://www.start.umd.edu/gtd
There were 14,806 terrorist incidents in the world in 2015
Targets by type (2015)
National Consortium for the Study of Terrorism and Responses to Terrorism (START). (2016). Global Terrorism Database [Data file]. Retrieved from https://www.start.umd.edu/gtd
#1
#2
#4
#3
Weapons Used (2015)
National Consortium for the Study of Terrorism and Responses to Terrorism (START). (2016). Global Terrorism Database [Data file]. Retrieved from https://www.start.umd.edu/gtd
Explosives & Guns are by far
the most common type
of attack
Passive Support
(Support cause, provide financial assistance,
unwilling to go to jail or risk injury)
Active Support
(Will assist terrorists in nonviolent ways,
willing to take higher risks)
Active Cadre
(They carry out attacks,
train others)
Committed
Leadership
Legal/Illegal Cutoff LineAdjusted through emergency powers
(i.e. (UK) PTA, USA PATRIOT,
(Canada) War Measures Act, Bill C-51)
Terrorist Movement Structure Pyramid
“If we have a free path we go forward.
If we meet an obstacle we go around it.
If the object cannot be overcome, we
retreat.
When the enemy is unprepared, we
surprise him.
If he is alert we leave him alone.”
-Andreas Baader, Leader of the Baader-
Meinhof Terrorist Group
Khobar Towers
“There were ten incidents of possible surveillance on Khobar Towers before the attack”
- Downing report on Khobar Towers Bombing
The main point is to select targets where success is
100% assured.
- Dr. George Habash, Founder, PFLP
Popular Front for the Liberation of Palestine
Terrorists do not operate in a vacuum - they need to gather
information on their target in order to increase their
probability of success.
In antiterrorism planning we see this need for information on the part of the terrorists as an opportunity to demonstrate to them that we are watching and waiting, and to introduce doubt into their planning cycle.
Relatively sophisticated terrorist groups do not attack people or places without a basic level or planning or reconnaissance. Therefore, arguably the greatest return on investment is in the identification and disruption of pre-attack planning operations. It is crucially important to intercept the terrorists' own intelligence-gathering processes.
- Hoffman and Cragin, Four Lessons from Five Countries, RAND Review Summer 2002
We simply want to erode an adversary’s confidence in their chances of success to a level where they will choose not to
commit the act.
The aim of antiterrorism planning
Antiterrorism Planning
1. Threat Vulnerability Assessment2. Security Measures3. Observation4. Random Antiterrorism Measures5. Response Planning
Antiterrorism Fundamentals
What is the Threat?What weapons,
explosives, or tools do we face?
Who are the terrorists?
What tactics & techniques do we
face?
What is our Threat Level?• Critical• High• Medium• Low• Negligible
Define the Threat Environment:
• Do they exist?• What are their
capabilities?• What is their history?• What are their
intentions?• Are they engaged in the
targeting process right now?
• How competent are the national security authorities?
Threat Assessment Steps
Threat Level Determination
Determine Security Measures
Building System Design Factors:• Architecture• Interior Design• Structural• Mechanical• Electrical
Land Use Factors:• Land Use Planning• Transportation• Utilities
What Assets Need to be Protected?
Evaluate Against Threat Types:• Potential Attackers• Weapons, Explosives,
Tools• Tactics & Techniques
Evaluate Against Threat Levels:• Critical• High• Medium• Low• Negligible
Facility Site Design Factors:• Site Plan• Traffic and Pedestrian
Movement• Natural Features• Utilities
Vulnerability Assessment Steps
1. Threat Vulnerability Assessment2. Security Measures3. Observation4. Random Antiterrorism Measures5. Response Planning
Antiterrorism Fundamentals
Functions of Effective Security Measures
• Access Control
• Deterrence
• Detection
• Assessment
• Delay
• Response
• Evidence
From Risk Analysis and Security Countermeasures Selection, by Thomas Norman CRC Press, 2009 Page 300
Flexibility
• Security measures cost time and money
• Use the minimum appropriate to the threat
• Escalate and deescalate as required
Threat Level Low
Threat Level Medium
Threat Level High
Threat Level Imminent
1. Threat Vulnerability Assessment2. Security Measures3. Observation4. Random Antiterrorism Measures5. Response Planning
Antiterrorism Fundamentals
Observation
• Observation Plan
• Verification Plan
• Surveillance Detection Plan
Signs of Terrorist Activity
• Surveillance
• Elicitation
• Test of Security
• Acquiring Supplies
• Unusual People Who Don't Belong
• Dry Runs
• Deploying Assets/Getting Into Position
Event Reporting
Suspicious: “having or showing a cautious distrust of someone or something”
Event Reporting
Unusual: “not habitually or commonly occurring or done”
Event Reporting
If you wait for
something unusual
to become
suspicious, you’re
probably too late
The special problem of guns
The open and legal carrying of firearms creates a particular challenge to security managers
Colorado Springs, Colorado, 31 October 2015
Make a Plan
• Determine area to cover
• Delegate who watches that area
• Define indicators to watch for
• Decide what should be done if
indicator appears
• Constantly verify that it is being
done
Item Who Watch for Report to
Vehicle Surveillance GuardsVehicles with occupants
remaining insideSecurity Operations
Surveillance Hide Mobile Patrol Watchers hidden in tree line Security Operations
Elicitation All employees
Persons trying to gain
information on operations
and personnel
Security Operations,
Supervisors
People trying to gain
unauthorized access to plantGuards Faked or stolen identification Security Operations, Police
Observation Plan Example
Verification
Surveillance Detection
LocationLocation
• Repeated observations of the surveillant(s) or their vehicle at different places and times in relation to the target
• Must be in an area that would allow them to see something useful: arrival or departure of staff or executives, security personnel, service vehicles, etc.
• This greatly reduces the number of places to watch
Surveillance Detection
Correlation
Refers to the activities of the surveillant in relation to the target
• Someone who looks at her watch when the CEO’s vehicle leaves the main gate
• Someone who looks up from his newspaper and watches a delivery vehicle arriving at the facility
• Someone taking notes during shift change at the plant
• Several sightings of the same person surveilling the facility
• Several sightings of different people surveilling the facility
• Sightings of the same person in different vehicles parked near the facility
• Sightings of different people parked in the same vehicle near the facility
Surveillance DetectionMistakes
Errors the surveillant makes that allow them to be identified for what they are
• Someone whose profile doesn’t match his signature
• Someone who signals another person when certain activities occur at the target
• Someone who makes a note in a notebook when a service vehicle arrives at your main gate
• A parked car with a dry windshield when it is raining
• A person leaving an area right after a significant event occurs at the target
• Someone seen trying to covertly photograph the main entrance of your building
• Someone standing at a taxi stand, yet waving off cabs as they approach
Surveillance Detection Plan
1. General building design
2. Proximity to controlled areas
3. Portals
4. Barriers
5. Access by uncleared
personnel
6. Access by required services
7. Area denial to access
8. Areas minimized to access
Surveillance Detection Plan• What are your resources? Can you get more if
needed?
• What are your limitations?
• Where are you looking to, and where are you looking from?
• What are you looking for? How will you recognize it?
• Where are you going to send the information?
• Who is going to act on the information, and what details do they need?
Trees
XYZ Pharmaceutical Company
XYZ Manufacturing Company
Warehouse
Admin
Production
Information Ring
XYZ Technology Company
Parking
Restaurant Retail Stores Office Building
Procedural/Technical Ring
Physical Security Ring
Office Building Office Building
Security
TreesTrees
Trees
QRS Pharmaceutical Company
ABC Manufacturing Company
Warehouse
Admin
Production
XYZ Technology Company
Parking
Restaurant Retail Stores Office BuildingOffice Building Office Building
Security
Red Zone
Red Zone
1. Threat Vulnerability Assessment2. Security Measures3. Observation4. Random Antiterrorism Measures5. Response Planning
Antiterrorism Fundamentals
Random Antiterrorism Measures
• RAMs are the heart of the AT process
• They help you to create layers of changing,
unpredictable, and flexible security measures
• They introduce doubt into the terrorist’s planning
cycle
• They remove the terrorist’s ability to predict your
defensive posture on any given day, so they cannot
predict their chances of success• Don’t use RAMs when the threat is low, as they aren’t needed.
Instead, exercise RAMs once per month to ensure guards and employees don’t forget you have an AT plan
Routine is weakness
RAM Examples• Monday: Guards check trunk of every
third vehicle entering gate
• Tuesday: Police cruiser parked outside main gate for three hours in the morning
• Wednesday: Portable CCTV and lighting system set up and covering previously uncovered area of perimeter
• Thursday: Guards check picture ID of every second person entering gate
• Friday: Explosives-sniffing dog and handler works main gate area, randomly checking vehicles and pedestrians
1. Threat Vulnerability Assessment2. Security Measures3. Observation4. Random Antiterrorism Measures5. Response Planning
Antiterrorism Fundamentals
Response Planning• Surveillance detected
• Emergency Response Planning
• Bomb threat/attack
• Real or suspected sabotage
• Active shooter
• Fire emergency
• Mass casualty
• Demonstrations/protestors
• …etc.
A final thought
Help yourself succeed
• Learn to stay out of
your own way
• Don’t create and use procedures that serve process, not security
• Be quick to ditch ideas when you figure out they’re not working
• Use technology –PSIM’s are the way of the future
Conclusion• The single most important factor is corporate security
today is communication
• with your employees
• with your executive
• with law enforcement
• with intelligence agencies
• Terrorists thrive on certainty – don’t let them predict what your security plan will look like
• Look for the unusual, not just the suspicious
Additional Material
Ross Johnson, CPP
(780) 405-5542
antiterrorism-planning.com
Norman, Thomas: Risk Analysis and Security Countermeasures Selection, CRC Press, 2009 422 pp.
Johnson, Ross: Antiterrorism and Threat Response: Planning and Implementation, CRC Press, 2013 296 pp.