Stop Looking at Security from a Compliance Perspective
In light of the recent (October 2020) and ongoingpublic inquiry on the 2017 Manchester Arena Suicide attack, we are re-releasing a previous article titled “Behavioral Analysis in Suicide Bomber Threat Detection.” The original was written by Mark Deane and published inThe Circuit Magazinein 2015.
One key takeaway from the inquiry was the action (or lack there-of) of the security team on being informed of a suspicious individual and their actions once they had identified a potential issue.
The inquiry identified what the majority of professional security leaders have always known and feared – large companies pay a low wage for minimally trained (if at all) personnel to be in static positions. Their plan is often to give the air of security, but staff often cannot react appropriately, effectively, and timely. This significant problem is further compounded by many venue and event organizers seeing security from a compliance perspective only. Certain security companies focus on filling positions, market share, and profit maximization to the detriment of safety.
The original article “Behavioral Analysis in Suicide Bomber Threat Detection” focused on detecting indicators that would improve the chances of identifying a threat early. This new version has an extended section that now discusses how to prepare for the next steps if a possible threat is identified.
Manchester Arena Bombing Incident Background:
For those unfamiliar with theincident on 22 May 2017, an Islamist extremist suicide bomber (Abedi) detonated a shrapnel-laden homemade bomb as people left the Manchester Arena following a concert by American singer Ariana Grande. Twenty-three people died, including the attacker, and more than 800 were wounded, some of them children.Read more here
Inquiry Overview
Kyle Lawler, who was 18 at the time of the Manchester Arena attack, was in a static security position standing 10 or 15ft away from Abedi. He later told Police he was conflicted because he thought something was wrong but could not put his finger on it. Around eight minutes before the bombing, Showsec steward Mohammed Ali Agha alerted Mr. Lawler to the report, and both began observing Abedi.
In his statement prepared for the inquiry, Mr. Lawler said: “I just had a bad feeling about him but did not have anything to justify that.” The witness added that Abedi was “fidgety and sweating”
Mr. Lawler said he attempted to use his radio to alert the security control room but claimed he could not get through due to radio traffic. He then left the arena and took up his position outside the City Room and made no further attempt to raise the alarm. Mr. Lawler agreed he simply “gave up” trying to use the radio and just got on with his job. In his prepared statement to the inquiry, the Showsec security guard also said: “I felt unsure about what to do. It’s very difficult to define a terrorist. For all I knew he might well be an innocent Asian male. I did not want people to think I am stereotyping him because of his race. I was scared of being wrong and being branded a racist if I got it wrong and would have got into trouble. It made me hesitant. I wanted to get it right and not mess it up by over-reacting or judging someone by their race.” Mohammed Ali Agha said he didn’t immediately raise the alarm because he didn’t have a walkie-talkie and felt unable to leave his position for fear of losing his job. Sourcehttps://www.bbc.com/news/uk-england-manchester-54695580
Author Opinion
It is very important to note the following:
In no way does the author believe Mr. Agha, or Mr. Lawler are responsible for this tragedy. They were poorly trained, poorly supervised, and not provided the tools, support, or oversight to succeed in their role. This lack of preparation is demonstrated in the background qualifications obtained by Mr. Agha. The Guardian reported that Mr. Agha had completed an online training module in ‘counter-terrorism’. Mr. Agha completed all 11 segments of the course in eight minutes, despite the course containing a 12 minute video calledEyes Wide Open: Acting on Suspicious Behaviourand a 20 minute video about a plot to blow up a shopping center.
Even if they had alerted a supervisor to their concerns, would there have been robust procedure and response? Would the Police have been able to react in a timely manner, and would there have been effective interoperability and communication between Police and private entities? The variables are too wide and uncontrolled to speculate.
What is clear is that large security companies, venues, and clients are wholly unprepared for threats such as these. Time and time again, we see venue leads, event organizers, and responsible parties planning security with no understanding of risk management, effective procedures (SOPs), and interoperability. Event managers often plan security based on ‘what has been seen before,’ and unfortunately, the industry regularly sees so-called counter-terrorism experts and security ‘professionals’ providing advice, counsel, and support services without the experience, expertise, or skillsets to manage the risk appropriately.
Original Article –Behavioral Analysis in Threat Detection
In 2005 three suicide bombers detonated body-borne improvised explosive devices (IEDs) in a busy tourist area ofBali, Indonesia killing 20 people. Just three years prior, a mix of both vehicle-borne and body-borne IEDs killed 202 people in the same resort. These horrific attacks were the result of carefully planned operations linked to radicalIslamic terrorism.
Asking questions
What as security professionals could we have done to protect a client in similar situations? If faced with a similar situation in the future, would we be able to identify the threat early enough to react? Is it just a case of accepting that it is a situation of ‘wrong place, wrong time’ and would, therefore, be out of our control?
There are no guarantees within the security industry, let alone dealing with extremism. It is the author’s strong belief that behavioral and appearance analysis might make a difference in such situations. Detailed and focused observations of suspect individuals and their behaviors may lead to identifying life-threatening situations early enough to provide that all important time to react.
Suicide Terrorism
A suicide terrorist may experience strong emotions prior to carrying out an attack, which in turn can be manifested through body language and physiological responses. Certain behaviors and tell-tale actions may be exhibited, and these emotions, behaviors, and actions could be used to help identify potential suicide terrorists.
Security organizations throughout the world use behavioral analysis and screening at checkpoints, airports, and rail stations to help identify threats. Individual systems differ in methodology, but all aim to observe behavior and appearance to help their employees identify potential threats.
Fear factor
High levels of stress or fear are sudden, intense and normally of short duration. The effects of this can be positive and negative, producing an immediate physical reaction and performance-enhancing benefit but also a negative reaction with typical problems including tunnel vision, failure to prioritize, freezing and loss of concentration.
In high stress/high anxiety situations the biochemical changes that occur can have a significant negative impact on an individual’s ability to assess their environment and make effective decisions. Experiments have shown that when stress and anxiety are increased there is a marked decrease in both the speed and accuracy in problem-solving tasks.
Controlling emotions
Training has been proven to play a pivotal role in managing stressful situations, SLA Marshall wrote in his book:Men Against Fire, that only 15 – 20 % of soldiers in WWII combat situations fired their weapons at the enemy. Military training in the aftermath thus focused considerably on improving this. They rehearsed and trained, simulating combat situations and focused on this to a greater extent. In The Korean War firing rates had risen to 50% and in Vietnam, it had climbed to 90%. His research, though questionable based part of this on poor management of fear and stress due to lack of correct training.
The stress and anxiety in such situations certainly contributed to these figures, most likely causing soldiers to freeze, not think properly and become confused. In the American Civil War after the Battle of Gettysburg according to research, some 90% of the muskets recovered from the battlefield were found to be loaded, further inspection found that nearly 50% were loaded more than twice and even up to ten times and not fired.
Fail to prepare…
Why is this important? Because if terrorists have not had a high level of training there is a good chance they could be affected by acute stress in a negative way. Therefore, thought processes and problem-solving abilities may be affected, behavioral signs may become more obvious. The general consensus is with more experience and better training people cope with stress and anxiety better, but quality training is usually quite limited in terrorist organizations and therefore they will be more vulnerable to the negative effects of acute stress.
An example of stress affecting an Islamic suicide terrorist is that of theUK 7/7 bomber, Hussain in London, U.K. They were seen laughing and joking prior to the split but on his own when his rucksack failed to detonate on the underground train, it was then he went to ground level, wandered around for nearly an hour, got a new battery for detonation and for some reason decided to board a bus.
An eye-witness saw Hussain board the number 91 bus at King’s Cross and noticed his bad manners in blocking fellow passengers with his rucksack. She was giving evidence at the inquest into the bus bomb at Tavistock Square. Mrs. Dybek-Echtermeyer said she noticed Hussain as he stood at the front of the bus after boarding. “He looked very exhausted and he had sweat going onto his chin that looked very horrible,” she said. “He had dry white lips, he looked nervous and exhausted”. The 18-year-old angered those around him as he travelled on a No91 bus along London’s Euston Road. Another eye-witness told the hearing “A woman in her 20s tapped him on the shoulder and politely asked him to be careful because he was hitting an elderly woman and perhaps others.” The witness added: “He simply did not react. I thought he was a lost and anxious tourist. He was behaving very oddly. This evidence suggests that Hussain was reacting adversely to stress and anxiety.
Richard Reid the ‘shoe bomber‘ was actually refused entry onto a flight due to his appearance and abnormal behavior. He managed to get on another flight the next day. The ‘underwear bomber’ Abdul Multullab by all accounts showed high levels of stress and anxiety at airport checkpoints yet no one challenged him.
Identifying factors – Behavioral threat Analysis
What are the identifying factors of stress?
- Exaggerated yawning
- Whistling
- Facial flushing
- Repetitive touching of the face
- Rubbing or wringing of the hands
- Widely open staring eyes
- Excessive fidgeting
- Clock watching
- Shuffling feet
- Leg shaking
What are the identifying factors of fear?
- Trembling/shaking
- Excessive sweating inconsistent with the environment
- Rigid posture, arms close together
- Exaggerated, repetitive grooming gestures
- Exaggerated emotions or behaviors inappropriate to the location such as laughter or chatter
- Hesitation/indecision
- Scanning
- Tunnel vision
There are other factors that may also be taken into account, acts that are undertaken as part of a deception. Suicide terrorists may use methods to conceal their intent.
What are the identifying factors of deception?
- Maintaining covert ties with others (keeping eye contact with others, hand gestures etc.)
- Appears to be confused or disoriented
- Does not respond to authoritative commands
Observations
Detailed and in-depth observations of suspect individuals and their behaviors could be of real benefit to the security professional. The majority of well-trained people reading this article will no doubt do some or most of these consciously and sub-consciously already. There are never definitive answers in situations like these and the world of the suicide terrorist is far from clear and concise. It is doubtful that a suicide terrorist will manifest all of these characteristics at once if at all and any factors that are noted must be put into context. For example, a person sweating, with repetitive grooming gestures and scanning the room nervously may just be looking for his first blind date.
Other indicators could also be taken into account.
- Powerful grip of a bag or hand inside a bag
- Emotionless face
- Hands in pockets or closed hands for prolonged periods of time
- Rigid midsection
- Inappropriate clothing or luggage/rucksack
- Walking or pacing with deliberation
- Repeatedly patting upper body
- Talking to oneself/mumbling or in a trance-like state
- Not responding to authoritative commands
What-if scenario
A protection detail could have been dining in Bali, Indonesia in 2005 protecting a client, would they have spotted the behavioral factors? Would the suicide terrorists have even been showing any external factors? Would the protection detail have had time to react even if they had spotted the threat early? These are all hypothetical questions that we will never know the answer to.
What we do know however is, that it is vital to see and not just look, attention to detail, powers of observation and preempting danger are vital in our roles as protectors. If suicide bomber indicative behaviors are noted early then further interest can be paid to the potential threat, preemptive measures can be taken. It is by no means an exact science, but security professionals must constantly add skills to their protective arsenal, using everything in their means to offer the best level of protection to the client.
Next Steps (Updated version 2020)
Suppose pre-indicators to a hostile act are identified, as they were at the Manchester Arena on the 22nd May 2017. What could a security team do to effectively counter the risk, or reduce the impact of the attack?
The answer is not an easy one, and there are multiple variables, but process and procedure helps reduce the chance of an unfavorable outcome. The core fundamentals of counter-terrorism risk management for venues are;
- Preparation
- Communication
- Practice
- Interoperability
Preparation:Key stakeholders working together to identify risk (accurately), discuss plans, process, and communication. Far too often, security is an afterthought and siloed. Security plans developed in isolation or added as an afterthought will lack cohesiveness and inhibit rather than enhance the event’s success. The security team should partner with all other functions and advise them to ensure that security awareness and communication become an enduring thread through all planning functions and the subsequent event delivery.
Communication:An effective communications system with clear direction, pre-determined language (whether a color code, or a criticality level), and a robust chain of command will significantly increase the chances of an incident being handled appropriately.
Management and Triage:An operations room or a team-leader must be trained and prepared to assess, triage, and effect a response to incidents.
Escalation, or de-escalation: With power comes responsibility. Empower team leaders, supervisors or managers to make decisions and support them with resources, backing, and process.
Practice Makes Perfect:Just as a crisis management team practices, often a table-top exercise, so must a security team, whether walk-throughs, talk-throughs, or detailed pre-task briefings, a venue and event security team must be aligned with the over-arching plan, their role, responsibilities, and what the SOPs and ‘actions-on’ are in-case of an incident. Whether Fire, Medical, Badging, or Terrorism, the security team must be practiced in their response.
Interoperability:Any large venue or event has multiple components with their own agenda, roles, responsibilities, and structure. Quite often, these are siloed with poor communication and interoperability. Even more often, external components operate under assumed roles and processes.
In the world of terrorism prevention, security interoperability is key.
Security must be embedded at the very earliest stages of planning and aligned with all component plans. The security team, whether internal or external, must align with Government and local law enforcement agencies. If the country of operation has a risk, the security should communicate with the agencies and work toward aligning plans, understanding gaps, and managing risk.
Questions to be asked:
- Can Police be leveraged?
- Can they be armed?
- Can they be deployed and paid to be in attendance?
If not, can there be a liaison with local agencies to manage risk?
Can appropriate private resources be deployed?
- If Police are deployed – are they on the same network?
- Have they been briefed on the SOPs and actions-on?
- Have they been introduced to security to ensure deconfliction and avoidance of ‘blue on blue’?
- Are they positioned effectively? Don’t assume they have a plan.
- How do you call them onto a potential threat covertly (think about how armed Police could be called onto a potential BBIED? Please note – Counter-terrorist units train for months on just this. It is not easy.
- Armed private security has been deployed – are they legal? are they trained?
- Is there an access control and choke-point system?
- Are you pushing the problem further out with no management of the risk?
Time and time again in events and venues across the globe, security basics are neither implemented nor practiced. Quite often, they are written down (often inadequately), but never communicated, nor drilled. The important factors, preparation, communication, practice, and interoperability, all help manage the risk. If the worst-case scenario ever does occur, a security team, working alongside multiple other components, will be best placed to identify the threat. Then, communicate it (effectively), make informed and at-times pre-determined and rehearsed decisions, and escalate appropriately to those best trained and equipped to attempt to neutralize the threat. While those paid to be in a security role and paid to protect, work to minimize the potential impact, and do their best to save lives.
I cannot stress this enough; security officers should be prepared to intervene appropriately and put themselves in harm’s way to help deal with or delay the threat. They are not just there to detect and deter. Way too often, venues and events use ‘Event Supervisors’ or Event ‘Guides’ in security roles, unsupported by security professionals trained in event security, and incident response – I argue, this is not security.
[1]https://www.theguardian.com/uk-news/2020/oct/26/security-guard-had-no-radio-to-raise-alarm-about-manchester-arena-bomber
This article was written by Mark Deane, the CEO of ETS Risk Management and a former Covert Counter-terrorist Officer with the British Government. Since joining the private sector in 2012 he has managed security operations for clients at some of the world’s largest and most iconic events. He places a significant emphasis on intelligence-led security, commensurate with risk. Companies and multinational organizations regularly utilize his services to assess risk, design security plans, and manage security teams during complex event security operations, including FIFA, Olympics, and large entertainment events.