Proactive Security Management in the face of terrorist threats
Project Griffin was launched by the City of London Police and the Metropolitan Police in 2004. It has gathered momentum and become a key initiative in raising awareness of terrorist preventative measures.
It successfully built bridges between law enforcement and the private security industry, being quickly and widely embraced by security guarding companies. This was not possible without the support of businesses who were willing to pay for cover while their officers attended. Last year, it was released for self-delivery, relieving some of the financial and operational pressures on the police, who up until this point had been solely able to deliver it. There is certainly an established need for widely available and high-quality CT awareness training.
Terrorism in 2016
2016 saw a sharp spike in the numbers of fatalities in Western Europe as a result of terrorist activity, with a range of methods including the devastating use of vehicles as weapons in low-tech, low-planning attacks using widely available resources. Such attacks are proving difficult to prevent and impossible to predict, and when they occur in cities very much like our own, they are successful at spreading fear and uncertainty far beyond the borders in which they were perpetrated. While it has been recorded that terrorist organisations view the UK as an extremely hostile environment in which to conduct operations, this does not mean that we should rest on our laurels. While Griffin and partner programme Project Argus have achieved much since their launches, there is a clear need for security guarding companies to go further.
Training in counter terrorism
In the risk mitigation hierarchy, training is near the bottom and one of the last steps to take place. Security companies wishing to lead the sector would do well to consider building on the excellent base provided by the one-day Griffin course to develop an assessment-based training programme incorporating annual refresher training that is tailored to the contextual security needs of their clients and delivered as a part of an ongoing strategy of security training and development. Training should focus on developing situational awareness and key positive behaviours rather than simply the retention of knowledge. Certainly, training is a cost to security companies who have struggled for years with lower margins; however, given the nature of the threat, it is a cost that should be seriously considered. With the advent of e-learning, training is more accessible than ever. Even better, there are other options aside from training that should cost nothing.
Most security guarding sites operate on two security postures.The first is ‘peacetime’ operations which reflect their day-to-day functions. The second is the ‘response‘ posture, which is triggered as a result of some form of event.
The problem with this is that the response posture will only be taken after an incident has taken place, which in some circumstances will be far too late. What is needed instead is some form of ‘alert’ posture that reflects a change in the threat landscape.
Even if an attack takes place far away in another European city, it is extremely poor practice just to shrug and suggest that ‘it doesn’t affect us’. Clients may be looking for reassurance from their security provider and so an alert posture that raises the profile of the security team (something that can be done at zero cost) would serve as both reassurance to clients and the general public as well as an active deterrent to other potential terrorists in their planning stage.
The security industry has long suffered from silo mindsets with departments operating in isolation both organisationally and locally. The creation and adoption of this ‘alert’ posture could overcome this by being shared between security teams working in a collegiate spirit rather than one of competition.
Once this ‘alert‘ posture has been designed with the client and the team has been trained, it will need auditing. This may be unannounced drills that are scheduled in the same way as fire response exercises. This testing should include announced tests, unannounced tests during normal hours of operation, and tests at times when the team may be less able to respond.
Beyond focusing on the operatives, training and testing should include managers of the security company and key stakeholders at client side. Ideally, security managers will already possess security management qualifications; however, there will be additional benefit in attending Project Argus.
Security plans should align with existing resilience planning and, once in place, should be regularly tested. This could take the form of quarterly tabletop exercises in the first instance, using as a basis historical attack methods relevant to the client rather than more imaginative scenarios.
Security companies would also do well to embrace the PREVENT initiative, with training for staff in how to identify behavioural cues that may indicate social withdrawal and possible vulnerability to radicalisation. It is not beyond the realm of possibility for disaffected individuals to already be working in the security industry, and so this is an essential but often overlooked consideration. Security companies could even offer this training for their clients, adding real value in building stronger ties.
With the implementation of PREVENT, companies will also need a supporting framework for reporting and employee assistance where it is required.
It is too easy to fall victim to the belief that security is a reactive occupation. With commitment, open-mindedness and a passion for the profession, innovation is possible. What’s more, with the threats that we all face, it’s essential.
Rich Diston, Security Consultant Ark Services www.ark-services.co.uk
Security Institute www.security-institute.org