Terrorism: Recognise the threat and Prevent the attack By Richard Roberts

Crowded spaces remain an attractive target for international terrorists due to easy accessibility, lack of robust mitigation measures, potential for mass casualties and impact on business continuity in the long-term (Home Office & NCTSO, 2010). Attacks are most likely to utilise Improvised Explosive Devices (IED), either pedestrian, or vehicle borne.

However, increasingly we are seeing the use of vehicles as weapons as terrorist tactics evolve. On July 14th 2016, Tunisian-born Mohamed Lahouaiej-Bouhlel drove a 19-tonne truck into a crowd celebrating Bastille day in Nice, killing 86 people and wounding 430 others (BBC News, 2016).

In March 2017, Khalid Masood perpetrated a terrorist attack outside the Palace of Westminster in London, driving a car into pedestrians injuring more than fifty people, four of them fatally wounded. Masood then crashed the vehicle into a perimeter fence and ran into the Palace Yard, stabbing an unarmed Police Officer to death before being neutralised by an armed officer. Prior to the attack, crash-rated hostile vehicle mitigation measures had not been installed on Westminster Bridge as it was not considered a specific threat according to the Metropolitan Police (BBC News, 2018). This attack was followed by another terrorist ‘vehicle as a weapon’ attack in June 2017, when eight people were killed after three attackers drove a van into pedestrians and followed up with a knife attack, in Borough Market. The three terrorists were neutralised by armed Police eight minutes after the attack started (BBC News, 2018).

These locations were most likely chosen due to the lack of protective controls in place, the presence of large crowds of tourists, and the recognisable nature of each location, or in the case of the Nice attack – the celebratory occasion. The threat from terrorism in the United Kingdom remains both real and serious today, and at the time of writing, the current threat level in the UK is severe, meaning an attack is likely (MI5 Security Service, 2019).

Considerable effort is usually required to coordinate and orchestrate a terrorist attack. In the aforementioned attacks there was evidence that the attackers conducted reconnaissance on the chosen targets prior to the attacks, much of this done in view of the public. The Metropolitan Police advise the following signs and behaviours of terrorists for the public to be aware of and report on (Metropolitan Police, 2019):

  1. Storage of equipment & suspicious rental of commercial properties.
  2. Unusual purchasing of large quantities of chemicals (potentially for manufacturing of an IED).
  3. Purchasing of protective equipment used for manufacturing of an IED.
  4. Suspicious financial transactions such as credit card fraud for funding of an attack.
  5. Multiple identity documents for no clear reason.
  6. Suspicious individuals conducting surveillance and reconnaissance activities of security arrangements.
  7. Suspicious rental of a commercial vehicle that seems out of the ordinary.
  8. Suspicious travel behaviour by persons who are secretive or vague about their destination.
  9. Use of pay-as-you-go and stolen mobile phones to communicate.
  10. Accessing of terrorist instruction manuals, propaganda or paraphernalia online.

The Centre for Protection of National Infrastructure (CPNI) advises the following guidelines in protecting a site against a terrorist attack (CPNI, 2019):

  1. Conduct a risk assessment to assess possible threats an organisation might face, their likelihood of occurrence and the potential impact to the organisation.
  2. Identify existing and potential vulnerabilities and the impact of any breaches of security to a site.
  3. If acquiring or extending premises, consider security requirements from the planning stage. This will be cheaper and more effective than adding mitigation measures later.
  4. Make security awareness a part of organisational culture. Ensure staff are kept regularly informed and that security standards are fully supported at management level.
  5. Ensure good basic housekeeping throughout the premises. Keep public areas tidy and well-lit, remove unnecessary furniture and keep garden areas clear.
  6. Keep access points to a site to a minimum and issue staff and visitors with passes. Where possible, do not allow unauthorised vehicles close to the building to maintain stand-off distance.
  7. Install appropriate physical security measures such as locks, electronic access control, intruder alarms, video surveillance, complementary lighting and glazing protection.
  8. Maintain appropriate mail-handling procedures; consider establishing the mailroom away from the main premises.
  9. When recruiting staff or contractors, conduct appropriate background checks and security screening.
  10. Consider how best to protect information and take proper IT security precautions. Ensure there are appropriate provisions for disposing of confidential waste.
  11. Plan and rehearse business continuity and incident response plans; make sure that key business functions can continue during disruptions.

The above guidelines are all valid and best practice for any site, not just Critical National Infrastructure (CNI) sites. In my role at SGW Consulting, I provide threat and risk assessments, security planning and engineering designs for a wide range of security projects both in the UK and internationally, and we continuously see the threat and risk assessment stage not being given the consideration required at an early stage in the design process.

Risk assessment involves characterising the assets requiring protection (people, buildings, infrastructure, equipment, processes), identifying the threats that could negatively impact the assets, assessing the potential impact of an attack and assigning a probability of a successful attack occurring. Understanding an organisation’s business processes and assets is essential in understanding the level of risk mitigation measures that need to be applied (Broder & Tucker, 2012).

Unfortunately, this exercise is a lot simpler to achieve on a private site due to the concept of ‘defensible space’- a Crime Prevention Through Environmental Design (CPTED) theory by the architect Oscar Newman. In his book Defensible Space (Newman, 1973), Newman’s central concept included four different design elements, territorial definition, visibility / natural surveillance, stigmatisation and adjacent areas. These four elements contribute both individually and combine to create a secure environment. Defensible space is defined as an environment whose physical characteristics (building layout and site plan) function to allow occupants themselves to become key agents in ensuring their security (Newman, Design Guidelines for Creating Defensible Space, 1976). A private site can have defined boundaries to create territorial definition, provide surveillance and control access to people who are authorised to be there. The problem with terrorist attacks on crowded spaces is the accessibility afforded to an attacker.

On May 22nd, 2017, a suicide bomber detonated a shrapnel laden IED as people were leaving the Manchester Arena following a concert. Twenty-three people were killed including the bomber, and many more wounded, more than half of them children (The Guardian, 2017). The incident was the most devastating terrorist attack and first suicide bombing in the UK since the July 7th London bombings in 2005 that targeted the London Underground. Following the attack, the lack of security screening such as walk-through metal detectors and x-ray baggage screening was questioned by the relatives of the victims (The Independent, 2018). Security screening at the site perimeter could have potentially prevented the attacker gaining access to the interior of the arena where the explosion occurred. However, an argument could be made that the IED could have been detonated at a choke-point at an arena exit, still causing mass casualties.

On the night of November 13th, 2015, a suicide bomber attempted to enter the Stade De France in order to detonate a suicide vest but was prevented entering by a security guard. The bomber detonated the device outside the stadium killing himself and a bystander (Rubin, 2016). This incident illustrated the importance of security checkpoints and a proactive approach to security screening. Had the bomber accessed the stadium, mass casualties could have potentially occurred.

There are a multitude of techniques to harden a potential terrorist target against an attack, but these measures can often prove costly and difficult to implement, particularly if they are not considered early in the design process. These design features include creating stand-off distance, a security term referring to measures that create a secure perimeter in which potentially threatening vehicles or persons cannot access a certain distance within an asset. This can be achieved using fixed physical barriers or bollards.

Blast resistant glazing installations prevent the fragmentation associated with normal glass which is widely acknowledged as the primary cause of injury when a building is impacted by an explosive attack. SGW have provided blast effects analysis on various projects based on a threat and risk assessment, to identify vulnerable points and credible attacks that could occur, then modelling the effects on the structure of the site and providing recommendations on how best to mitigate the risk at key points.

More recently, with the increased use of vehicles used as weapons, SGW have provided Vehicle Dynamic Assessments (VDA) on some projects to ascertain potential impact of a threat vehicle on a specific site location. Hostile Vehicle Mitigation (HVM) measures can then be designed to suit.

In terms of response to a terrorist attack, the Federal Emergency Management Agency (FEMA) in the United States recommends three tiers of planning: strategic, operational and tactical (FEMA, 2010). Strategic plans describe how a jurisdiction will meet emergency management and security responsibilities over the long-term. Operational plans provide a description of roles and responsibilities, tasks, integration and actions required during a terrorist attack. Tactical plans focus on the management of counter-terror personnel, equipment and resources in an incident response.

Project ARGUS is an initiative developed by the National Counter Terrorism Security Office (NaCTSO) and delivered by Counter Terrorism Security Advisers (CTSAs) throughout the UK. This three-hour multimedia simulation poses questions and dilemmas for participants working in organisations and is designed to increase awareness of the threat from terrorism, providing practical advice on preventing, responding and recovering from a terrorist attack. Project ARGUS is considered ideal for managers in areas such as facilities, security, reception and those responsible for creating and maintaining emergency response plans (City of London Police, 2019).

Counter-terrorist experts now refer to the ‘new normality’ we have entered as a society, post 9/11 where risks can only be managed and not completely eradicated (Heng, 2006). Counter-terrorism strategies are increasingly focused on the protection of crowded spaces as terrorists plan to attack these targets based on the higher chance of successful outcome. The built environment landscape in our cities must evolve as terrorism evolves to mitigate risk to as low as reasonably practicable.


BBC News. (2016, 8 19). BBC News. Retrieved from BBC: https://www.bbc.co.uk/news/world-europe-36801671

BBC News. (2018, September 25). BBC News. Retrieved from BBC: https://www.bbc.co.uk/news/uk-45640007

BBC News. (2018, May 30). BBC News. Retrieved from BBC: https://www.bbc.co.uk/news/uk-england-london-40147164

Broder, J. T., & Tucker, E. (2012). Risk Analysis and The Security Survey. Oxford, UK: Elsevier Inc.

City of London Police. (2019, April 15). Project ARGUS. Retrieved from https://www.cityoflondon.police.uk/advice-and-support/countering-terrorism/Pages/project-argus.aspx

CPNI. (2019, April 15). Protecting Against Terrorism. Retrieved from https://www.cpni.gov.uk/system/files/documents/5a/c9/Protecting-Against-Terrorism.pdf

FEMA. (2010). Developing and Maintaining Emergency Operations Plans. FEMA.

Heng, Y. (2006). War as risk management: strategy and conflict in an age of globalised risk. London: Routledge.

Home Office & NCTSO. (2010). Protecting Crowded Places: Design and Technical Issues.

Metropolitan Police. (2019, April 5). Met Police. Retrieved from https://www.met.police.uk/advice/advice-and-information/t/terrorism-in-the-uk/signs-of-possible-terrorist-activity/

MI5 Security Service. (2019, April 15). MI5. Retrieved from https://www.mi5.gov.uk/threat-levels

Newman, O. (1973). Defensible Space: Crime Prevention Through Environmental Design. London, UK: Architectural Press.

Newman, O. (1976). Design Guidelines for Creating Defensible Space. United States: National Institute of Law Enforcement and Criminal Justice.

Rubin, A. J. (2016, November 12). Paris: One Year On. Retrieved from New York Times: https://www.nytimes.com/2016/11/13/world/europe/paris-one-year-on.html

The Guardian. (2017, May 23). The Guardian. Retrieved from https://www.theguardian.com/uk-news/2017/may/22/manchester-arena-police-explosion-ariana-grande-concert-england

The Independent. (2018, March 27). The Independent. Retrieved from https://www.independent.co.uk/news/uk/home-news/machester-arena-attack-martyn-hett-emergency-services-time-arrived-ariana-grande-a8276691.html

Richard Roberts

Richard Roberts

Richard is a senior security consultant at the internationally respected SGW Consulting Group. He is technically focussed with extensive knowledge of all aspects of security design in a range of sectors. He has gained experience on many high profile multi-disciplinary projects in the built environment, both in the UK and Internationally.