In 2015 Sydney then Paris – How safe is the UK?

One of the first questions asked, particularly after the Charlie Hebdo incident in Paris during the period 7 to 9 January 2015, is “Could an attack, so well planned, and of such ferocity happen in the UK?”. The stark and uncomfortable answer is “Yes, it could” if the terrorists manage to acquire sufficient arms and ammunition with which to carry out the attack.

When asked the same question, our security services inform us that it is increasingly difficult to obtain weapons such the AK 47 or the Armalite, with the required levels of ammunition. However, whilst this is probably true, we cannot afford to rely on the terrorists not being able to acquire such weapons systems as our main form of defence.

The Charlie Hebdo attack consisted of two gunmen storming into an office complex, before shooting dead a number of innocent civilians. However, history has taught us that the terrorist is adaptable, and is capable of diversifying his/her method of attack. One of the most successful weapons platforms used is the Improvised Explosive Device, or IED. This has generally been in the form of either a vehicle borne IED, in which the vehicle is parked close to a building and the IED is detonated remotely, or a placed IED, which is often in the form of some type of container with the IED inside, placed in a building and once again detonated remotely or by use of a timing device.

The police and the security services in the United Kingdom are stretched and whilst immediate police assistance at the scene of an incident is an ideal, we have to be aware of fundamental procedures to follow to manage the security of all UK citizens and to assist the police should an attack take place.

Certainly in the case of the Paris shootings, the terrorists will have carried out some form of reconnaissance, and they will have been aware of the easiest means of accessing the offices of Charlie Hebdo. I wonder if they were ever observed during their reconnaissance and, if so, whether they were reported.

Security awareness

During the ‘Troubles’, as the period of unrest in Northern Ireland was often referred to, people in the UK eventually became aware of the need to stay vigilant; that is exactly what is required again: the mindset to report all suspicious incidents to the police and not to think we will be chastised for reporting an incident that may be a false alarm. Security awareness has to be encouraged by those in authority, who must set the example to the people that they have a duty of care to protect. I have thirty years’ experience of carrying out security reviews, and have found that, unfortunately, we, as a nation, often make it far too easy for the criminal or the terrorist for a host of reasons.

The default position of those charged with managing access must be one of suspicion; in a professional manner of course. Unfortunately, a very British habit is to hold the door open for somebody who wishes to enter the building after you; ‘tailgating’ is the easiest way to illegally enter a building. As a nation we tend not to challenge strangers, but of course the criminal and the terrorists are aware of this cultural idiosyncrasy, and are very keen to take advantage of our cultured and well-intended naivety.

Senior Management Teams and Executive Boards cannot evade the issue of responsibility here, they must ensure that all members of staff, particularly the security team, stay vigilant to such attack scenarios, and always have the capability to effectively communicate what may be perceived as a dangerous situation. People must be encouraged to report everything suspicious, without ridicule or sanction.

Equally, security teams must receive the correct levels of training for such occurrences, as they are generally first responders and initial decision makers at the scene of a terrorist atrocity. It is well documented that, on a number of occasions, well trained security officers at the scene of a serious incident have quickly taken charge, prior to handing over to the police.

Tools for the job

There is a myriad of electronic security systems on the market today: everything from CCTV to Radio Frequency Identification (RFID) and GPS tracking. Although a cliché, the system is only as good as the person operating it.

Forward thinking organisations today will recognise the need to introduce layered security, which means protecting from the outside in. The concept is often referred to as the ‘onion peeling’ method. However, arguably the most important aspect of this form of defence is to ensure that all component parts of the system are integrated, that is to say that when the perimeter fence or main door is struck, the attempted breach will activate not only the Intruder Detection System (IDS), but also the nearest camera, which will record the activity. The access control system should ensure that the area is secure, whilst the duty security officer is alerted, and will be in a position to react.

Communications and serious incident planning

Coupled with security awareness, there has to be some form of serious incident and communications plan that includes all members of staff and management, and the plan has to be tested on a regular basis. Ideally the test or exercise should be carried out in conjunction with a security risk assessment and security survey run by personnel without bias, employing external professionals who can deliver the exercise, leading to the production of a totally objective and confidential report for the board or senior management team.

It should be cast in stone that every member of staff and management has to receive some form of serious incident training. Otherwise, when an incident resembling those in Sydney and Paris occurs, people will suffer because those responsible did not have the time, inclination or allegedly the funding to ensure that their staff and members of the public were safe from a Sydney or Paris type of attack.

Charles Swanson MSc CSyP FSyI SIRM

Independent security consultant and Fellow of the Security Institute