As a security manager with responsibility for Greece a very early addition to my vocabulary was the word “Gazaki”, which is a gas canister, some nails and some commercial explosive tied together, writes Robin James Hamilton.
This low technology weapon has been used in 80 per cent of the 150 terrorist incidents that have occurred in Greece in the last four years. Not like the UK where the threat comes from much more sophisticated weapons, or so I thought until the Glasgow Airport attack. This attack, which used a "gazaki", made me question whether the rhetoric on terrorism was leading security managers to focus on the wrong things. What is the reality, as painted by the data collected on global terrorist incidents, and what is a reasonable corporate response? A research of literature was frustrating offering little useful advice. Having conducted my own research I found three key approaches or profiles that organisations can adopt to counter the threat from terrorism. This article will set these out for closer scrutiny and perhaps challenge the security bodies to take a greater lead in defining best practice in this area.
Mass casualties
Although there is little agreement on what exactly the term means, "terrorism", or more correctly the threat from it, looms large in the thinking of governments and corporations. Particularly, with the emergence of radical Islamic groups whose intention is to inflict mass casualties.
Terror
"Terrorism", in essence, involves unlawful violence (a criminal act) with the intent of inculcating fear in the population at large (a political aim), is not a new phenomenon. For the perpetrator the violent act is not the key element, rather the subsequent general psychological impact is of paramount importance and enables small-disenfranchised groups exert political influence disproportionate to their numbers or conventional military capability. Those who commit acts of terrorism can not confront the state directly and so they must change the public perception of their opponent’s effectiveness or legitimacy in the eyes of the general population. Terrorism in this sense is not new; rather globalisation and the proliferation of electronic media has increased the potency of the "psychological impact" exponentially in recent years.
Crossing borders
Terrorism up to the 1960s was predominantly "contained", where cause and effect were very localised. This changed with the 1968 hijack of the El Al airliner by the Popular Front for the Liberation of Palestine and led to the internationalisation of terrorism. Today terrorism crosses international borders fostered by increasing levels of co-operation between extremist groups. Drawing on my 15 years in law enforcement where critical thinking saved my career on more than one occasion, I tried to establish what is know for certain about the current terrorist threat, what is not known and how the gap can be reduced. We know that terrorism is becoming an ever more sophisticated activity organised by increasingly well-educated individuals bound together by a common philosophical or intellectual approach. These cores of individual construct an intellectual argument giving them the right to act against a corrupt regime on behalf of, or in the name of, a silent and dis-enfranchised majority. Academic research tells us this group will, via an insular perspective or life-style, be able to develop moral or religious justification for the de-humanisation of others and allows extreme violence to be directed indiscriminately outside of the group and gives rise to the perception of irrationality or madness. The unknown factor is where and when they will strike.
Threat to business
The next stage for me was to use a technique picked up whilst studying at the FBI National Academy in Quantico, Virginia which requires you to question all existing wisdom and techniques, constructing instead your own understanding. A skill that proved critical in re-designing the call handling and operational deployment strategies in a large police department. So ignore the rhetoric, what does historical data tell us? It tells us that commericial organisations are likely to be subject to direct conventional targeting if they operate in a number of key areas, primarily:
l Tourism
l Transportation
l Critical infra-structure (oil, water or electricity)
l Economic significance.
The first two will be viewed by terrorist as soft targets that are easily accessed, as is witnessed in the ongoing situation in Iraq. The other two will, due to their key role in day-to-day life, be much more hardened targets, where security measures will almost certainly be in place. The terrorist can choose a variety of methods but analysis of past global incidents shows that bombings and shootings are still the most likely, delivering the highest fatality and injury ratio.
Emerging stategies
The underlying assumption in my analysis is that the terrorist leadership cadre, who recruit, train and task operational cells, are rational in their approach. What does this mean in positioning organisational security resources so that the threat and cost are minimised. To me a valid strategy, which can be adopted by any corporation, contains three key strands of activity:
1) Defensive Response
2) Reactive Response
3) Offensive Response
The blend of each will be based on the threat assessment that each individual organisation undertakes utilising its own risk / reward criteria in assessing what steps are worth pursuing. The "defensive response" will be based on the existing security profile of the organisation reflecting the existing, predominantly criminal threat to its assets whether they be human, physical, electronic or intellectual. A survey by ISMA [International Security Management Association] of its members found that the percentage allocated to each of the three main categories was as follows:
l Technical detection systems, 26pc
l Physical access controls 52pc
l Guard Force 22pc
However it is likely that most organisations in light of 9-11 and 7-7 will also have begun to think about and introduce a "reactive response", which allows an organisation to minimise the impact of any incident and resume a full profit-making operation in the shortest possible time, ahead of any competition. The main thrust of government and home defence literature is focused on this, stressing the importance of preparedness especially for organisations identified as being part of the key economic infra-structure. In this approach the responses of both corporations and government, begin to overlap. However managing any critical incident remains the responsibility of the government and although industry can assist in minimising the impact, the focus of corporate plans must be on removing its assets from harms way and to reviving key systems.
The last element I would suggest is the "offensive response" which sees an organisation no longer reacting to events but to monitoring the threat level and managing its security profile both up and down. In the UK this will probably involve adopting the UK Security Service led threat levels as a guide to action. This, as with any other country, will have a symbolic political element that is hard to quantify and use of open other open source intelligence should not be ignored. A sophisticated "intelligence based" profile can be created at very little expense and can help identify duplicate or unnecessary measures in one area, whilst pinpointing vulnerabilities in others. However it is worth noting that this approach, in hostile environments outside of the UK, has led to a far more interventionist approach with corporations taking on activities (such as covert intelligence gathering and interdiction) that are normally conducted by sovereign governments. The operational benefits of straying into these areas must be subject to some serious and detailed consideration as the potential for loss of commercial reputation is significant.
Conclusion
The result of adopting an "offensive" approach, in the context of Greece, has enabled me to reduce security spending by 40 per cent and still deliver an incident free period of three years, set against a backdrop of 75 terrorist incidents. But this response is not a widely recognised approach as literature available still focuses on the defensive approach, with an increasing body of government led literature on establishing a reactive approach. There is I believe an imperative for professional guidance on what an "offensive approach", in the context of a global war on terrorism, should be and where its prudent boundaries lie. The Security Institute’s working group on the corporate response to terrorism is in the process of developing best practice in "defensive" and "reactive" strategies and can lead work to identify and map an "offensive" strategy.
