Plots against concerts and special events will continue to occur at the hands of the full spectrum of lone offenders/homegrown violent extremists and terrorist groups. Based on some of their past attacks, motivations, intentions, and capabilities, some might succeed. It is only a matter of how well security professionals mitigate against these attacks.
In late September at the Global Security Exchange 2018 (formerly the ASIS International Annual Seminar & Exhibits), I presented a lecture on “Hardening Concerts and Special Events in a New Era.” My presentation included a map of Europe on which I highlighted five countries (in addition to Turkey) I assess to face the highest risk of attacks on concerts and special events.
Two of those five nations were the Netherlands and Spain. A few days after my presentation, Dutch police reportedly foiled a “major terrorist attack” in which the main suspect wanted to target “a large event in the Netherlands where there would be a lot of victims.” And in early October, Spanish police busted a hirabi recruitment ring that operated in 17 prisons and included two men convicted over the deadly 2004 Madrid train bombings (“Hirabi” is a derisive Arabic term implying unlawful violence, and is far more appropriate than the term “jihadist,” which grants honor).
Also days after my presentation and seemingly to commemorate the first anniversary of Stephen Paddock’s shooting spree from the Mandalay Bay hotel into the Route 91 Harvest music festival in Las Vegas, the media arm of Daesh threatened knife attacks on concerts (Daesh is a similarly derisive term for Islamic State that its members do not look kindly upon). It featured a poster of a hirabist hiding a knife, superimposed on a stock image of a concert.
The bottom line is that concerts and special events are targets for various types of terrorists and lone offenders – hirabists, left-wingers, right-wingers, and separatists. They are symbols of Western lifestyle that some terrorists like to target, and they can also facilitate indiscriminate killings by terrorists and lone offenders alike. Paddock’s aforementioned shooting a year ago is an example of the latter; he killed 58 people and injured 850. The May 2017 suicide bombing at the end of the Ariana Grande concert in Manchester, England, is arguably an example of an attack against a symbol of Western lifestyle that also facilitated indiscriminate killings.
In my lecture I provided a brief overview of the roughly two dozen attacks on concerts and special events since January 2015. The data is interesting and supports my assessment that homegrown violent extremists and lone offenders pose the primary threat to concerts and special events in the United States and Europe. And in congressional testimony in March, Director of National Intelligence Dan Coates stated that homegrown violent extremists (HVEs) “will remain the most prevalent and difficult-to-detect Sunni terrorist threat at home, despite a drop in the number of attacks in 2017.” Some details from the 27 attacks on concerts and special events since January 2015:
- Lone offenders/HVEs committed 70 percent (19) of the 27 attacks.
- Turkey was subject to the highest number — seven — of these type of attacks during this period. Five of the attacks were by lone offenders.
- Surprisingly, the U.S. followed Turkey for the second spot. Five such attacks occurred in the U.S., all of which were committed by lone offenders/HVEs.
- A majority (19) of the attacks occurred in 2015 and 2016, consistent with the significant, overall drop in terrorist attacks in 2017.
- Explosives and firearms were the most common means of attacks on these events (23 of the 27 attacks, or 85 percent), although vehicle and complex attacks produced the most fatalities (complex attacks include more than one type of weapon and/or more than one target location).
Based on this data, in addition to assessments by the U.S. Intelligence Community and EUROPOL (European Union Agency for Law Enforcement Cooperation), I assessed and presented that the most likely threat to concerts and special events into 2020 will be lone offenders/HVEs – not foreign terrorist organizations (however, FTOs are more likely to pose a threat to Europe and a couple other regions, partly due to geography). Lone offenders/HVEs will likely continue to conduct unsophisticated attacks using either vehicles, firearms, edged weapons (e.g., knives), or explosives. Stephen Paddock was a lone offender and he committed the worst mass shooting in modern U.S. history.
The most dangerous threat to concerts and special events will be complex, near-simultaneous or simultaneous attacks by a foreign terrorist organization (FTO) or domestic terrorists on multiple locations. In this scenario, the attackers will employ tactics reminiscent of the Daesh multi-site attacks in Paris on Nov. 13, 2015. On that night, nine Daesh operatives in groups of two or three used assault rifles and suicide belts to attack seven locations, resulting in the deadliest attack by non-state forces in France since World War II. Daesh killed 130 people and injured 352.
In addition to a drug cartel, only two FTOs are confirmed to have committed attacks on concerts and special events in the past three years: Daesh and Tehrik-e Taliban, a Pakistan-based group. However, I currently count at least a dozen FTOs that pose a threat to these events. As of early this month, there are 67 U.S.-designated FTOs, which overlap significantly with the European Union’s list. Many groups on these lists lack the capability, motivation, or intent to attack concerts and special events. Some also do not have a history of attacking civilians directly but aim their mayhem at military and/or law enforcement targets. However, the targeting of these government personnel can collaterally harm civilians.
Regardless of the perpetrator, there are key steps security personnel should take to mitigate the risks of attacks on these type of events. First, the basics — what I call “Protect the P3”:
- Protect the Patrons
- Protect the Pocketbook
- Protect the Performers
Protect the Patrons is largely self-explanatory, but in our current era it sometimes includes protecting patrons prior to their entrance into the venue. Protect the Pocketbook entails allowing only ticket holders to enter the venue. Protect the Performers involves, among other actions, detailed advance work prior to the arrival of the performers, and identifying safe rooms/areas in the event of an emergency.
I have found that taking care of these three basics can significantly mitigate against the risk of attacks. The initial reaction to the “Protect the P3” objectives above might be “Of course! That’s common sense!” During my lecture, though, I showed videos of four actual events at which security or venue personnel obviously did not protect at least one of these “Ps”. Two of these events did not involve attacks, but staff inability to “Protect the P3” in “normal” situations does not bode well for mitigating the effects of an attack.
Beyond “Protect the P3,” other risk mitigation I discussed includes heeding intelligence in the extremely rare times it provides tactical warning of an attack (rare partly because terrorist groups generally spend only one percent of their time planning attacks, which results in limited opportunities for intelligence collection against specific attacks). The Daesh attack in Istanbul on the Reina nightclub during its December 2016 New Year’s Eve celebration is an example of the failure of both the venue and government to heed specific and general intelligence warnings. Reina was one of Istanbul’s most well-known symbols of Westernism, and a place for the rich and famous to be seen. Even when controlling for hindsight bias, “atmospherics” and attack indicators began at least two and a half years prior to the attack in the early morning of Jan. 1 and should have prompted increased security at the nightclub for the New Year’s party. One of these indicators included a disrupted Daesh suicide bomber plot against New Year’s Eve celebrations in Ankara exactly one year prior. And according to the owner of Reina, American officials warned him of threats prior to the attack on his nightclub.
A good risk assessment prior to the event should include reviewing available intelligence and assessing other information on relevant threats and hazards, identify the event’s assets, identify vulnerabilities related to Protecting the P3, and identify required mitigation. Unfortunately, pre-event risk assessments are rarely accomplished. Even a very rudimentary assessment focused on only the concentric layers of security – commonly categorized as the outer, middle, and inner layers – can pay dividends. In my lecture, I asserted that people might disagree on how to categorize each security layer at a given venue. It is more important that all stakeholders are aware of the layers and what they mean for protecting the P3. For example, sometimes the hardening of security layers is counterintuitive; they can be hardened too much.
The outer security layer of the Blue Parrot nightclub in Playa del Carmen, Mexico, did a great job of protecting the pocketbook on the closing night of the BPM electronic music festival on Jan. 16, 2017. But it was so good at keeping out threats that it prevented patrons from escaping out the back of the nightclub when gunmen entered and started a rampage (a drug cartel later claimed responsibility). Survivors recall having to catapult fellow concert-goers over the tall fence as they tried to run for safety toward the beach – a failure to Protect the Patrons. Five people died inside from the shooting, including an 18-year-old American woman who was trampled to death, and 17 were injured.
In some cases, the outer layer might offer little to no protection to the patrons due to the nature and location of the venue. The parking lots of many stadiums is one example. Cafes, bars, restaurants also fall into this category, and are especially vulnerable to attack. Eight of the 27 attacks on concerts and special events – nearly 30 percent – occurred at these types of venues. Almost all metropolitan cities are peppered with these smaller venues that host concerts and special events, including performances by world-famous talent. In the Washington, D.C., area alone, there are roughly a dozen such venues. Apparently the Metropolitan Police of D.C. is aware of these venues’ inherent vulnerabilities, hosting a general briefing for the city’s nightlife operators in April 2014.
Ensuring the right mix of hardware and security personnel to protect each security layer and the P3 is important, as is personnel training. In my presentation, I highlighted a few areas in which many security personnel at concerts and special events are usually not trained, including behavioral intelligence and counter-surveillance/surveillance detection. At least a few security personnel should be trained in these techniques and placed at strategic locations. I even advocate devoting at least a couple personnel to conduct only counter-surveillance/surveillance detection. Attackers’ surveillance of the venue is often the only opportunity for tactical warning of an attack. At the Blue Parrot nightclub in Playa del Carmen, at least a couple presumably untrained patrons noticed suspicious behavior by several men outside the venue prior to the attack. One patron even noticed that all of them wore the same color leather jacket — a surprisingly common mistake by many criminal organizations and even some government intelligence services. Risk management is important, even if it is a conscious decision to accept these risks.
Various levels of medical training for security personnel is also a necessary precaution. In some situations, emergency medical services were not immediately available and/or were insufficient in numbers. The Manchester Arena bombing is one example. Witnesses and attack survivors have recounted seeing or experiencing delays in excess of one hour or more before victims were treated by medics. Some victims reportedly died during this wait. In other cases, such as the Boston Marathon bombing in April 2013, heroic bystanders with basic medical training have assisted after attacks. Four off-duty Massachusetts National Guard members applied tourniquets to victims and helped first responders evacuate the wounded. And in the shooting earlier this month at the Borderline Bar and Grill in California in which 12 people were killed, a U.S. Marine Corps service member applied a tourniquet to a friend’s arm.
Medical training options include first aid/CPR & AED (automated external defibrillator), tactical medicine/emergency casualty, and emergency medical responder (EMR). EMR fills the gap between first aid/CPR and emergency medical technician and requires 48-60 hours of instruction. According to the National Highway Traffic Safety Administration, which provides leadership and coordination to the emergency medical services community, “The primary focus of the Emergency Medical Responder is to initiate immediate lifesaving care” and “provide lifesaving interventions while awaiting additional EMS response and to assist higher level personnel.”
The number of security and other personnel who ideally hold each certification decreases based on the extensiveness and cost of the training, the venue, and the work classification of security personnel (e.g., the ratio of permanent/full-time employees to temporary employees). There might be a venue where it makes sense that all or most permanent security employees are first aid/CPR certified, but a few select personnel have tactical medicine/tactical emergency casualty training, and emergency medical responder certification.
The right mix of training in emergency medical services, behavioral intelligence, and surveillance differs for every venue based on the national and local threat(s), facility characteristics and vulnerabilities, and several other factors. The same applies to other risk management measures, such as the appropriate hardening of security layers. An unbiased, thorough risk assessment can inform and influence these decisions on how best to Protect the P3.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email HSTodayMag@gtscoalition.com. Our editorial guidelines can be found here.