Securing the UK’s large events, such as concerts, festivals and sports matches, is imperative to ensuring that events run smoothly, spectators remain safe and any incidents are dealt with quickly and effectively. With the 2018 FIFA World Cup taking place in Russia from 14 June to 15 July 2018, how significant is security risk management for public spaces together with crowd management and how can organisations best prepare against terrorist attacks?
The threat of terrorist attacks in crowded places is currently at ‘severe’ which means that an attack is highly likely. With the 2018 FIFA World cup taking place in Russia, we will have a mix of crowded places, an iconic event, football fans, international political turmoil and, of course, the terrorist threat. It would be inconceivable that anywhere intending to host an event or screening should not be getting prepared for the highest security level of risks and responses. With the risks faced in the world today, it has never been more imperative to ensure that security, safety and service elements of risk management are brought together.
Public spaces have numerous users and stakeholders. Many of those stakeholders have individual plans for their own organisation, but may not have thought beyond their boundaries before. Users come with their own expectations, perceptions and needs. Adding an event into the adjoining public space can change everything. How then can event managers ensure they are not only working with their suppliers and stakeholders, but also widening this to include these new boundary stakeholders and users?
Security risk management is high on the agenda for the reasons we have illustrated. The problem we face, and have seen evidence of, is it is taken as a risk in isolation. This can affect the safety measures in place for other risks which are often more likely than, and just as consequential, as a terrorist attack. There is also evidence that planning for today’s increased threat level does not include the necessary increase in resources to match the level of threat.
How can organisations best prepare against terrorist attacks?
The first step is to carry out the risk assessment of the site or venue. Consider reasons for specific increases, such as: content of the programme – is it contentious? Will it affect audience behaviours?; the audience, including profile and expectation of behaviour challenges; the location – what is in the footprint? Are there vulnerable areas? Assess the community impact assessment, transport hubs and physical security requirements; soft phases – phases of event have differing requirements and behavioural traits of audience. This will include search and screening; and the strengths and weaknesses of the venue – defined by each venue and location.
Proportionality must be borne in mind at all times - the test of reasonableness. The concept of absolute security is impossible to achieve in such a dynamic situation. By its very nature, an event location should be friendly and welcoming. So a balance must be struck.
Identify a range of practical protective security measures appropriate for each response level. Once the risk mitigation measures have been agreed, ensure it is not affecting another risk mitigation measure. Sometimes this is easier said than done. Remember that there are phases to an event, and not just within the site boundary, which need to be assessed with the risks as a part of risk management. These phases have different environments and the audience can behave differently. Each has its own specific risks which must be assessed to ensure appropriate levels of resource and communication, and to ensure effective management and response should an incident occur.
These phases are: arrival (transport, carparks, walk-up); assembly (site outer boundary preparing to queue and queuing); ingress (search, door widths, barriers to free flow); experience (movement around site, facilities); egress; and dispersal.
Work with your local Counter Terrorism Security Advisor (CTSA) to consider the different attack types and in the different phases. Attack types such as Improvised Explosive Devices (IED); weapons attack; unmanned aircraft systems; Chemical Biological Radioactive (CBR) (as with Salisbury incident or acid attacks) to work on possible protective measures .
These phases can be used to assess and reassess. You can build a response and requirements plan for a normal event, or indeed, an emergency. This will offer you a greater understanding of the resource needs and deficiencies, communications and partnership areas. This is a model which is a part of the Emergency Planning College’s Analysis, Predication & Response (APR) model used to assess event/crowd management risk and give planning assumptions for crowded places.
Verify that your organisation’s policies and procedures are formulated to the risks you identify. For example, check your housekeeping is included, ensuring checking (regular sweeps), first aid kits and response, maintenance, security of staff doors and identification/security at entry points is always maintained. Is there a ‘how to deal with suspicious items’ procedure? Have you got staff vetting policy included in your subcontractors and temporary staff policies/contracts?
You need to set time aside to regularly review your planning assumptions and threat levels with stakeholders in order to adapt to sudden changes. Make sure you have good communications plans, including signage, social media, links to advice, pre prepared response messages, latest advice on threat levels and expectations. Help them to help themselves!
Regularly train, test and exercise. Your staff are your front line protection and response. As with the Manchester attacks and highlighted in Lord Kerslake Report: ‘operators of all key/iconic sites should be actively encouraged and enabled to participate in Local Resilience Forum planning, training and exercising’.
Risk mitigation layers
Vigilance of public and staff is a good first line of defence. But there are many layers to risk mitigation for any emergency including a terrorist attack in crowded place. Security staff must be vetted, trained and regularly briefed. Current SIA training is not enough, when we consider what we ask of them. However, there are many security staff not in need of SIA and these have just as important roles, for instance, car park officers and cleaners. There needs to be training in vigilance, communication of venue/organisation systems and process, knowledge of the venue and local area, response and recovery plans and their roles within the plan for different scenarios. They must have knowledge of resources and their location at their disposal.
It is worth noting that good business continuity management within the organisation will ensure that there is good risk management. It will give a structured approach to looking at logistics and supply chain continuity and, of course, response plans for the organisation’s requirements, including their crisis management plans. There should be a strong link between the organisation’s response plan and that of the public emergency services multi-agency and single agency plans. There must be an agreed protocol for handing over primacy and handing back.
Plans must go beyond the initial response into the longer term humanitarian support and recovery. As we have seen, the effects of any emergency on anyone involved individually or as an organisation can have long lasting effects which needs a good plan for supporting this long phase of recovery. Good business continuity will support critical activities required to keep going, where support can be given to staff in need of time and support to recover themselves. Anniversary memorials have always been a part of the recovery phase. However, we are now seeing a more supportive act to raise funds and show a defiant stance against terrorist acts by holding a benefit event, such as the Manchester Arena supportive memorial ‘One Love’ concert.
In today’s uncertain world, it is a must for any organisation to ensure they are effectively managing the risks they face. This means ensuring they are up-to-date with the latest credible information. They must work in partnership and not have a silo mentality. We do not respond alone. We are cognisant of the threats faced from internal or external means. We must have effective, reasonable and appropriate mitigation; business continuity; response and recovery plans; and resources. Finally, remember that staff training and briefings must be at the forefront of any plan you have, as they are the very first line of the defence.