|
RISKVUE ARCHIVE | FEATURE STORIES
Preparing For The Unthinkable
A Risk Manager’s Response To The Emerging Threat Of Terrorism
By Steven E. Haynes, ARM
How real is the terrorist threat? Are cities, counties, and state governments vulnerable to brutal terrorist attacks? These are questions risk managers must address, particularly after the World Trade Center bombing in New York and the Federal Building attack in Oklahoma City.
Since 1964, there have been over 10,000 bombings, 7,000 hijackings, 3,500 assassinations, 1,000 kidnappings, and property damage in excess of $200 billion. Deaths from terrorist acts exceed 15,000 and injuries exceed 40,000. Between 1981 and 1988 alone there were 211 separate terrorist attacks within the United States.
Understanding The Threat
A good definition of terrorism is the deliberate and systematic murder, maiming and menacing of innocent people in order to inspire fear for political purposes. The more shocking and violent the attack, the greater the media coverage.
There are two types of terrorist organizations. The first is international in scope. It includes separatists, religious fundamentalists, Western Europeans, and isolationists whose causes and motivations vary widely. The second type includes domestic organizations. Formed inside the US, these include white supremacists, Aryan groups, animal activists, and right-wing militias that typically carry out attacks on American soil.
The tactics used by terrorist groups vary greatly: kidnapping, assassination, hijacking, armed assault, and hostage taking. Since the early 1980s, the tactic favored by most terrorists has been bombings. In the last 10–12 years, bombings account for some 80 percent of all terrorist incidents. The reason is simple. Improvised Explosive Devices (IEDs) are easy to make, inexpensive, and transported without great difficulty. They also enable a terrorist to stay out of the circle of fire when the device is activated.
A Coordinated Response Based On Preemptive Planning
The first step in developing an Emergency Response Plan (ERP) is to identify likely targets. Potential terrorist objectives could include a civilian target, such as the headquarters of a multinational corporation. While it may not be within your immediate sphere of control, your organization would be required to react and provide assistance in the event of an attack.
In developing an ERP, don’t be afraid to think like a terrorist. Ask yourself, “What could I do if I had unlimited access to money, equipment, weapons, information and if I had no rules or laws to follow?”
First, develop a list of all locations by category. Second, determine the realistic probability of a location being chosen as a target, asking what would be achieved by its destruction or attack. This consideration should extend beyond simple monetary loss.
Third, determine a target’s vulnerability, typically defined as the degree to which the location is open to attack. One of the difficult parts of planning is the degree of openness inherent in facilities. Public entities in particular maintain facilities that are open to the public and provide easy access.
Fourth, determine the impact on operations should the target be attacked or damaged. For example, what would be the impact on the city’s operations if its water treatment facility and therefore its water supply were compromised?
The final step in a target analysis is to list potential targets by priority. This provides the leadership of a municipality with a valuable tool for developing a response plan. It will also be useful in deciding the best way to allocate limited resources. In other words, where can my budget best be spent to develop the most return on the investment?
Physical Measures
An excerpt from the Mini-Manual of the Urban Guerrilla, a textbook used by many terrorist organizations, reads: “Why attack the mighty lion when there are so many sheep to be had?” This simply means that a terrorist group will carefully plan its attack, giving consideration to the importance of the target.
To do this, the group will likely conduct exhaustive intelligence gathering, surveillance, its own threat analysis, taking into account its own capabilities. The group will then develop a plan of attack against the easiest targets—those offering the greatest chance of success and the ability to escape.
One thing any organization can do, no matter how large or small, is create the impression of being a “hard target.” This is typically done through the use of physical security measures, such as the use of an I.D. badge system, controlled parking, a package inspection and control system, access control systems, fencing, lighting, limiting public entrances, closed-circuit or dummy cameras, and guards.
Don’t hesitate to use internal resources to help complete a physical security audit following a pre-developed checklist. This will help in determining which facilities are most vulnerable. Many sample checklists are available in books on physical security in public libraries or on the Internet. This is an important step that should not be overlooked. The checklist will assist you with a target analysis and response planning.
Another physical measure to consider is the development of “defensive architecture.” The construction of a new building or the remodeling of an older one is an ideal time to upgrade security at a fraction of the cost of retrofitting existing buildings. The structures you have identified as high-risk or that have a high probability of attack should be upgraded first.
Often, a good architect can recommend security upgrades—such as reinforced crash barriers designed to look like decorative planters; poured in place concrete for all framing including slabs; seismic detailing at connection points; two-way rebar reinforcement for slab floors; plastic mylar coatings to prevent flying glass; and the use of simple rectangular geometric designs to prevent the shock wave of an explosion from bouncing back and causing greater damage.
Many new and emerging technologies exist, from Intrusion Detection Systems and camera systems to architectural hardening. There are many qualified consultants available to assist you with this type of planning.
Terrorist Response Plan Development
Unfortunately, one cannot predict with any degree of certainty when and where a terrorist attack will occur. Being organized and prepared for an attack is the benchmark for risk management planning. A single terrorist act, though it may have a low probability, can have high impact and the potential for disastrous results for a public entity caught unprepared.
The development of a response plan should be a coordinated effort involving all aspects of the public entity. The jurisdiction for the investigation will rest primarily with federal agencies. However, local public safety forces and emergency management teams will be the first on the scene and will be required to deal with the immediate problem without having the luxury of a completely methodical response.
Predictions For The 21st Century
Various federal agencies predict that acts of terrorism will continue, while the increasing pourousness of U.S. borders will make it easier for terrorists to move about.
We are also likely to see increasing levels of viciousness and violence. Terrorists will seek more worldwide media attention by resorting to more shocking events to get it. The potential for cyber terror is growing, too, as terrorists develop ingenious ways to manipulate, steal, or destroy data through electronic means.
A new threat, from the aftermath of the Persian Gulf War, includes the potential for terrorists to create ecological disasters. The very real possibility of terrorists’ use of Weapons of Mass Destruction looms large. We must take innovative steps to deal with this issue. Just as security specialists must continue to adapt in response to the changing threat, so must the risk management professional.
Our principle focus should be on creating the impression of a target that will not be attractive to a terrorist group. This can be accomplished by knowing your own organization’s weaknesses and then taking positive, proactive steps to eliminate them. Secondly, be prepared to respond in a coordinated, organized and efficient manner should a terrorist act occur within your jurisdiction. The key to meeting this challenge is a well-developed, comprehensive plan. You may consider the possibility of a terrorist group in your city, county, or state as being low. But remember: so did others in those jurisdictions where terrorists have already struck. 
ABOUT THE AUTHOR
Steven E. Haynes, ARM, is Director of Public Risk Management Services, Coregis Insurance Group, Dallas, Texas. Visit the Coregis website at www.coregis.com or e-mail Steve at Steve_Haynes@Coregis.com.
OTHER RESOURCES
The Terrorism Research Center
Non Conventional Terrorism
riskVue | The webzine for risk management professionals
September 1999
|
