Evaluate the claim that however thoroughly the security manager plans and prepares, acts of terrorism are always unpredictable and this makes terrorism a form of risk that is ultimately impossible to manage.
Despite being unpredictable, the consequences of terrorism can be sufficiently contained by thorough planning and preparation. It would be impossible for a security manager at whatever level, in the government or the private sector, to eliminate every risk. Clearly, our human ability to foresee every type of terrorist attack is limited. Also, from a financial point of view, there would be a strain on the public purse to put in place a contingency plan for every eventuality. The new threat of ‘global terrorism’ however is a reality so the security mangers must focus principally on civil protection and business continuity.
It is also true that perception plays a major role when implementing prevention measures as the security manager’s view of risk could differ substantially from that of the public. There is a clear codependency between the perception and management of risk. Risk is a fluid concept and cannot be sufficiently identified or labelled as it depends on the context and the perception of people at any one time. In assessing the management of terrorism we must come to a consensus on what are ‘acts of terrorism’. The League of Nation’s definition reads,
‘All criminal acts directed against a state and intended or calculated to create a state of terror in the minds of particular persons or group of persons or the general public.’
The UK terrorism Act 2000 provides this definition,
‘The use or threat of action that is designed to influence the government or to intimidate the public or a section of the public within or outside the United Kingdom’
A security manager would therefore have to be aware that although a terrorist group often have a political agenda, the target for terrorist activity are members of the public and therefore harming innocent civilians and disruption of day to day affairs is a likely consequence. Constant planning, preparation and implementation of security measures are the only antidote to such calculated and sporadic violence.
Sociological theories- Rational Choice and Psychopathology
A security manager in the government or the private sector must also be aware of why people commit terrorist acts in order to inform proper planning. In considering this social scientists have sided with either the rational choice or the psychopathological theories.
The psychopathological theory is that terrorists are psychopaths so although they think logically when planning and committing violent acts they are still irrational actors. It is debateable as to how far this goes in explaining the galvanising of thousands of supporters of different ages across various countries which comprises the organisation known as Al Qaeda. It is clear that this organisation has as its members those that are well educated and otherwise well respected in society. The level of sophistication of the attacks also points to a high level of planning and worldwide participation.
The rational choice theorists hold that a terrorist is a rational actor who makes a decision to become involved in acts of terrorism due to environmental factors. It would therefore be safe to say there are combinations of irrational and rational reasons why people become terrorists.
Terrorism is by its nature multifaceted and no one cause is predominant rather interrelated factors are at play. This would explain why no one definition of terrorism has gained universal acceptance. However these two facts remain, that terrorism is politically motivated and it is targeted at innocent civilians.
Many believe that the openness of Western liberal societies and democratic values held make them more vulnerable to terrorist attacks. Globalisation and the breaking down of traditional barriers have also facilitated to the increase in terrorist acts along with post modern values and beliefs. Gunaratna and Steven state,
‘The face of terrorism is changing rapidly…Governments should be using every tool of statecraft… to combat and reduce the threat of terrorism. [It] has replaced the threat of nuclear confrontation the predominant threat during the Cold War.
From an economic standpoint reasons for terrorism can be viewed as relating to poverty, inequality and injustice- real or perceived it is the perception that counts in assessing to what extent the risk can be managed. The economic impact following a terrorist act is also used by terrorist for personal gain. Many also believe that religion is being used to give violence legitimacy and power. The Cabinet Office Paper named Countering International Terrorism- The United Kingdom Strategy states that the principal threat is from,
‘… radicalised individuals who are using a distorted and unrepresentative interpretation of the Islamic faith to justify violence. Such people are referred to here as Islamist terrorists..
Undoubtedly because Islamist fundamentalists believe that they are supported by God this gives them an added impetus to keep fighting for their cause. Religious leaders bearing the group’s sentiments are used to interpret religious texts and beliefs to support the group’s ideology. Those who do not side with them are seen as apostates. Other terrorist groups today include animal rights or anti abortionists who seek to change a specific legislation rather than a whole political system. Gunaratna and Steven state that although religion plays a significant factor,
‘…it is imperative to recognise the roles and degrees of influence of other factors…focus on solely one aspect such as religion would ultimately lead to misunderstanding’
Although the UK is no stranger to terrorism due to the long battle with IRA attacks, September 11 and the attack on the World Trade Centre in New York caused the need for greater measures to be implemented to combat the new ‘global terrorism’. Al Qaeda was said o be responsible for the Sept 11 attacks and also those on the London Underground and buses on July 7th 2005. Much criticism has been levied at both US and UK governments as to whether sufficient planning and preparation was put in place to prevent these attacks or minimise their devastating effects.
The UK government argues that the public perception that the government is not doing enough to combat terrorism is explained In the Cabinet Office Paper Countering international Terrorism ,
Our strategy comprises [of] elements, which can be freely publicised and discussed, and classified elements… There have to be such secret elements, in order to avoid alerting the terrorists themselves [of] capabilities we possess… or to vulnerabilities which they could exploit.
It is clear that it the police need to have access to reliable intelligence in order to combat global terrorist activity. This is fundamental to the success of identifying and arresting suspects and also preventing possible attacks. Storbeck states that,
‘In practice, however, the exchange of data between national and international law enforcement agencies continues to be reactive rather than pro-active’
The challenge for the police and intelligence services is to keep up to date with the jihadist movements and preempt their actions. The old models previously used would not work as there is a new level of sophistication involved in today’s terrorist threat. Jenkins comments,
‘We no longer confront hierarchical, highly-structured foes, mirrors of our own institutions but rather shifting networks, constantly mutating configurations and constellations.’
In the event of a terrorist attack the preferred avenue is to contain it or bring enforcement measures against the perpetrators via the criminal justice system. However the issue of employing the armed forces has also been considered but the question of course is when it becomes necessary to do so. Freedman states,
‘The conclusion must be that, in certain cases, the military instrument can be helpful in responding to terrorism, but for most of the time these are likely to take the form of contributions from specialist services provided by the armed forces’
Role of Security Managers in public and private sector
There is clearly an overlap between risk management in both the public and private sector although the government agencies are primary charged with civil protection and private companies concerned about business continuity. Therefore, security managers in both spheres would be involved in managing the release of information to the public, press reporting on any major disaster as well as he smooth operation of department services.
The Civil Contingencies Act 2004 governs the area of public protection and contingency planning in the case of emergencies. The definition of emergency in the Act can be summarised as an event or situation which threatens serious damage to human welfare in a place in the United Kingdom or
‘war or terrorism which threatens serious damage to the security of the United Kingdom.’
The Act gives security managers in the public sector a duty to plan assess and advise where there is a threat to human welfare which includes loss of human life or physical injury, damage to property or disruption of systems of communication. It further stipulates what arrangements they should make for civil protection and the continuance of commercial and non commercial activities and confers emergency powers to make regulations necessary to deal with the most serious cases. Organisations termed as category 1 responders include the police and local authorities and will provide an immediate response. Category 2 responders like the Health and Safety Executive will provide ancillary support.
Security managers under both categories within the public sector have therefore been given the responsibilities and powers to counter terrorism despite the difficulties that are clearly involved in dong so. The Act further provides for sharing of information between the various bodies in the public sector and its provisions thereby give risk managers in Local Authorities, utility and emergency services tools to formulate plans for effective risk containment.
In the area of commercial enterprise, attention has been focused on business continuity planning. Although security managers in individual public sector departments must also focus on this as it is an integral part of good management aside from what has been stipulated in the 2004 Act. The MIT Business Continuity Management Plan 1995 echoes this where it states,
‘The organizational backbone of business continuity planning at MIT is the Business Continuity Management Team. In the event of a disaster affecting an MIT organization or its resources, the Business Continuity Management Team will respond in accordance with this Plan ‘
The questions undoubtedly arise as to how a business will deal with the disruption caused by a major terrorist attack and how its day to day operations can be maintained. The London Chamber of Commerce in its report states that,
‘…chronic lack of preparedness on the part of small firms is the greatest avoidable threat in the capital today…several years after 9/11 almost half of SMEs in the capital have inadequate planning provision’
It would be fair to say therefore that despite the unpredictability of terrorist acts there are still measures that must be taken by security managers to limit their likely effects.
When formulating a business continuity plan security managers must ensure that all steps have been taken to reduce the damage of a terrorist attack. Plans need to be made to protect all core activities, staff and resources. A good continuity plan will ensure that if a serious incident occurs, a business will still be able to survive and operate effectively.
One would expect the security manager to ensure that all response and recovery measures after a potential attack need to be up to date and all staff given effective training on a regular basis. All business continuity plans must have the approval of the Chief Executive Officer of the business and a management structure put into place to ensure proper communication within the organisation as well as with outside agencies including the police, local authorities and emergency services. Nactso report, Counter Terrorism Protective Security Advice for Shopping Centres states,
‘For independent and impartial counter terrorism advice and guidance that is site specific, the Security Manager should establish contact with the local police Counter Terrorism Security Adviser (CTSA). Most UK Police Forces have at least two CTSAs.’
Terrorist acts can be described as potential disasters because of the scale of property damage and loss of life envisaged which cannot be easily dealt with by emergency services. In preparing for any potential disaster the security manager must observe the steps of mitigation, readiness, response and recovery. In mitigating the risk the security manager must assess and evaluate the terrorist threat and then take the necessary action to limit the potential damage. In fulfilling the readiness criteria this will include communications, media policy and warning systems and the security manager must consider what resources would be needed to carry out the plans outlined. At the response stage the business continuity plan would be implemented and the assistance of local authorities sought. At the recovery stage the security manager is concerned with the necessary activities to return the organisation to normality. The MIT Business Continuity Plan states,
‘The time required for recovery of the functional area and the eventual restoration of normal processing depends on the damage caused by the disaster. The time frame for recovery can vary from several days to several months. The primary goal is to restore normal operations as soon as possible. ‘
A security manager needs to asses the potential political and social risks and put contingency plans in place to mitigate them. They must also keep up to date with political developments and consider the modus operendi used by various terrorist organisations. One would expect to see continuous audits and training to test crisis management procedures. In high risk areas, assessments such as, explosive effects assessment, risks assessments are crucial along with creating various models of the business premises and testing procedures. In the example of security mangers in charge of a shopping centre the above will be relevant as the Nactso report, Counter Terrorism Protective Security Advice for Shopping Centres states,
‘Particularly relevant to protective security in shopping centers are the specific requirements of the Health and Safety at Work Act 1974 and Regulations made under it’
So in actual fact many of these measures should be part and parcel of a good Health and Safety Policy. Perhaps the ability to assess risk and prevent disaster is influenced by factors only discovered on closer inspection and are related to management culture as well as political and social factors.
It is important that organisations learn from each other and lessons from previous disasters are specifically applied. Security managers must not adopt the view that there is little chance of their organisation being involved in one so adequate preparation is a waste of time. Foresight must be properly applied in the planning and preparation stage. There must be a clear strategy that is followed through in the event of a disaster and not ignored due to panic as this would only lead to chaos and defeat the object of planning and risk assessment strategies.
In planning against a possible terrorist threat the security manager could consider certain specific measures. Strict measures around vehicle entry and parking will reduce the risk. Large and unauthorised vehicles should not be allowed to enter business premises. The Nactso Report States,
‘If you believe you might be at risk from a vehicle bomb, the basic principle is to keep all vehicles at a safe distance. Those requiring essential access should be identified in advance and checked before being allowed through’
There must be a close monitoring of visitors and thorough searching of handbags. Also security guards could be employed outside working hours. All incoming post must be monitored with staff briefed about letter bombs and suspect packages. Plans must be made for evacuation of the premises in the event of a suspect package. The Natsco Report advises,
‘Visitors to private areas should be escorted and should wear clearly marked temporary passes, which must be returned on leaving. Anyone not displaying security passes in private areas should either be challenged or reported immediately to security or management’
The Security Manager must also consider insurance against terrorist acts although this is becoming increasingly difficult it is for this reason that a sound contingency plan must be prepared by the security manager for a large proportion of risk. After the September 11 attacks the insurance industry faced new problems with how to quantify and underwrite the risk of terrorism. It was difficult to determine geographic risk as the terrorism activity could happen at any time .Commercial high rise buildings were now seen as high risk. Ericson  states
‘At the same time the limitations of insurance became evident. The new terrorism is another catastrophe risk that threatens global insurance capacity: how many such losses can the industry absorb?’
Through the media, terrorists can create anxiety for their targeted audience.
The test is to inform the public but not sensationalise the threat.
This is an important issue and therefore provision made in the Civil Contingencies Act 2004 Regulations 2005. Communications and good media relations must therefore be part and parcel of any risk management strategy. In relation to public perception of the media The Cabinet Office Key Document entitled Communicating Risk states,
‘…While many people really value the information…the media gives them, they are also very wary of the power they feel it has over them…newspapers have been responsible for sometimes whipping up hysteria’
The security manager must therefore be in close contact with the communication officials of the organisation. A communication strategy must be built into the business continuity plan or risk management framework. There must be a clear management structure whereby decisions on communications can be made speedily. Communicating Risk explains,
‘ …speed in delivering messages to and through the media…is of the essence. This does not mean being forced into instant decisions… It does mean keeping the media in the picture…explaining why it is not possible to fully meet their demands’
Websites, call centres and public information points are all useful communication tools in the event of an emergency. Where the media are concerned it would be incumbent on the security manager in the contingency plan to ensure that there are established good relations with media contacts ahead of a perceived crisis. The MIT business recovery plan also echoes this where it states,
‘The Director of the MIT News Office, a member of the Business Continuity Management Team is responsible for directing all meetings and discussions with the news media and the public, and in conjunction with the Personnel Department’
The BBC has launched an initiative called Connecting in a Crisis which seeks to encourage security managers to work more closely with the BBC and other broadcasters in the risk management and planning stage. It proposes ten objectives of how effective relationships can be built,
‘Involve the BBC at a local level in the emergency planning process…Establish a clear procedure for communicating information to the BBC with absolute clarity over who rings who. It should be technically robust…’
Where the interests and safety of the public are of paramount importance, Government agencies must distinguish between accidents and wilful acts
Where no responsibility is claimed for terrorist activity, there is a further difficulty posed for the police. Human intelligence is therefore crucial as it provides the basis for the operational procedures to be carried out. Jenkins comments’
‘Intelligence services will have to learn how to get smart fast, exploiting a variety of closed and open sources, both old-fashioned espionage and collection systems employing the newest technology’
The challenge for the security manager is to put contingency plans in place without raising unnecessary alarm. There needs to also be greater cooperation between various government agencies and the media. A contingency plan should not have to cater for all eventualities but must have a flexible framework that can be adapted depending on the situation and that is simple and easy to use. The costs of implementing the plan and the added insurance premiums must also be included in any assessment. As well as protection of civilians business continuity is a key consideration for security managers today.
Terrorism post the Sept 11 2001 World Trade Centre attack and July 2005 bombings in London has posed new threats that go beyond the traditional considerations of emergency response or disaster management . Although the risk of terrorist acts ar unpredictable, it is not impossible to manage if the Security manager recognises the need to ensure business continuity and adopts this as part and parcel of good management practice. The Business Continuity Guidelines by ASIS International state that it is no longer enough for the security manager to,
‘…draft a response plan that anticipates naturally, accidentally, or intentionally caused disaster or emergency scenarios. Today’s threats require the creation of an on-going, interactive process that serves to assure the continuation of an organization’s core activities before, during, and most importantly, after a major crisis event’
London Chamber of Industry-Crisis and business Continuity planning : A programme for business survival September 2005 http://www.londonchamber.co.uk/docimages/853.pdf
Countering international Terrorism. The United Kingdom Strategy- July 2006 http://www.ukresilience.gov.uk/media/ukresilience/assets/countering.pdf
Counter terrorism- Rohan Gunaratna and Graeme CS Steven- ABC-CLO
LEARNING FROM DISASTERS a management approach (Brian Toft and Simon Reynolds)
Communicating Risk http://www.ukresilience.gov.uk/media/ukresilience/assets/communicatingrisk.pdf
Catastrophe Risk Insurance and Terrorism- Risk and Regulation magazine- Richard Ericson 2004
Confronting Terrorism, The club de Madrid Series on Democracy and Terrorism, Vols I – III: International Summit on Democracy, Terrorism and Security, 8 – 11 March Madrid:21 – 26;available online at http://english.safe-democracy.org
Nactso report, Counter Terrorism Protective Security Advice for Shopping Centres
Smith, R. (2005) The Utility Of Force, The Art of War in the Modern World, London: Allen Lane.
Calhoun, C., Price, P. and Timmer A. (2002) (eds.) Understanding September 11, New York, The New Press.
Hershberg.and Moorte, K. (eds) Critical Views Of September 11, New York, The New Press.
Slovic,P., Fischoff, B And Lichtenstein,S. (1980) “Facts And Fears: Understanding Perceived Risks”. In R.C.Schwing And
W.A. Albers (Eds) Societal Risk Assesment:How Safe Is Safe Enough, New York: Plenum Press.
Ericson, R.V. And Doyle, A. Catastrophe Risk Insurance And Terrorism (2004) Economy And Society, 33(2), Pp.135 – 173.
Mit Business Continuity Plan (1995) Massashussets Institute Of Technology.
Beck, A. And Wills, A. (1993) The Terrorist Threat To Safe Shopping,_Leicester Scarman Centre For The Study Of Public Order.