Private Sector Counter Terrorism

The conference was about the Terrorism impact on security planning for Events and Sport Grounds, the delegates attended the conference to hear about cost effective security planning solutions and examples for the private sector to take on board and apply, most of the guest speakers delivered information about UK Government agency systems.

The threat landscape has changed, the private sector need to adapt and move forward using the Brain Game, the private sector do not have 24/7 dedicated resources, legal powers and budgets to implement Government Agency systems.

A key hurdle for business is getting over the fear of the unknown, moving out of denial, and senior management could also be a barrier due to their inability to start the process of mitigation, its a common problem and needs senior stakeholder involvement to kick start the process.

The following points have been effectively applied over many years within the international private sector counter terrorism/hybrid attack mitigation process, UK businesses can apply the same systems to lower the business criticality and help save lives.

1. Start point for the private sector.

Businesses need to understand their legal obligations and any localised responsibilities to do with local councils and contractual agreements.  Is the private sector On Notice for these type of incidents? Walk through the process of being investigated and answerable through the courts – will you be liable and open to claims? Health & Safety Laws already cover these type of incidents; do you understand the laws. Understanding whats reasonable and practicable within your responsibilities will mitigate the business criticality if compensation and government agency investigations seek legal action.

Black Swann Events = None Damage Business Interruption Insurance Cover = Do you have it? probably not and down time costs could be costly. 

2. Risk Assessment.

Priority document and must include Loss Event Profiles with Criticality Assessments.

3. Security & Safety Plan.

Produce your plan detailing what mitigation the business will have in place based on the risk assessment and identified responsibilities, if its part of  an event planing process you need to anticipate and explain what mitigation you expect from Government Agencies, avoid doing this the other way round (could be crucial issue further down the road when the Blame & Compensation game starts and other practical professional reasons). It will start the conversation on a better footing and avoid poor and conflicting advice from Gov Agencies – Use the MoSCoW principle throughout the planning process.

Ensure minutes are taken on all meetings with Government Agency representatives.

Planning points for consideration:

4. Emergency Services Response Gap.

Prioritise mitigation to where you can have a cost effective impact and what’s within your legal & duty of care responsibilities. Accept there will be an emergency services Response Gap and focus your efforts on that period of time (just 1 example). It could be 2 minutes or 15 minutes.

5. Staff Numbers.

Unless legally obliged or the budget allows, focus your plans on utilising current resources (all staff), stay away from the increase numbers mantra. The above Point No 1 will keep this consideration on track.

6. Tool Box Talks.

Proven cost effective situational awareness training.  Use 2 to 5 minute toolbox talks to cover – Run Hide Tell (reality version), ACT, Citizen-Aid, Psychological first aid, Bye-stander intervention concept, Emergency services deployment methods (hot zone, warm zone etc). Alternative exits (unconventional exits), Invacuation areas with barricade options.

7. Periods of Chaos.

If an attack happens, understand there will be a period of No control and Chaos, only individual actions by the staff will be actionable – focus efforts on simple plans for staff to action (point 6) without any higher level control until the organised chaos period starts to come into effect. Its called Mission Command and a tried and tested approach.

8. Rapid Risk Communication.

Communication systems are a high priority and a Must Have.  Verbal communications is the number method using radios, PA Systems, and face to face.

Summary:

9. Cost Effective.

All the above is achievable and cost effective, it avoids the trap of solely basing your risk assessment on intelligence from open sources and government agency advice, the approach will also incorporate other forms of workplace violence that can be mitigated against.  Take control of the risks and build staff and business resilience.

10. Leaderless Resistance.

Google it. Recent attacks have followed this concept.

11. Mind Set.

Think about changing your approach from counter terrorism and use the Phrase Hybrid Attack Mitigation, not all attacks are Terrorism and the above approach can mitigate other forms of criminality.

Business requiring Counter Terrorism/Hybrid Attack independent consultancy advise – Contact Mildot who are the industry leaders for this particular Risk.   Mildot have developed an IOSH Approved Course for business Management, Supervisors, Safety & Security Personnel.

Due Diligence Tips for Private Sector Consultancy Advise.

Ask the following questions when seeking consultancy advice:

1. Number 1 Point – Can they explain the criticality of an attack in business terms. If they cant deliver on this fundamental point – Show them the door.

2. What is their knowledge based on – answer needs to be private sector experience over at least the last 5 years. No problem with ex government service as long as they have private sector counter terrorism experience.

3. What plans and training have they implemented for Hybrid Attack Mitigation in the private sector.

4. Have they worked in private sector environments requiring high levels of mitigation and how have they tailored it down to cost effective UK Business use. If they spew out loads of interesting terminology on how it requires a multitude of layered systems focusing on every area possible – show them the door as they dont understand the business approach.

5. What document adds to the business case for applying mitigation and a key influencer for senior stakeholders to take action. Ill leave this one unanswered and see what you have to say!