countering violent extremism in urban environments through design issue
DESCRIPTION
Presentation given at CT Expo 2011TRANSCRIPT
Countering Violent Extremism in Urban Environments through Design
Chris Tomlinson BSc (Hons) MSc FSyI
Arup Resilience, Security and Risk
My Agenda
� Where is violent extremism likely to develop in urban environments?
� Key principles that should be considered early in the planning and design process
� What are the implications for those who design and own built space?
2
� What are the implications for those who design and own built space?
� It is inevitably UK-centric view, although I stress we have successfully adopted the approach overseas, with a bit of ‘tweaking’
The Anatomy of Violent Extremism
Violent Extremism
� ‘Traditional Terrorism’- Islamist groups e.g. the Al Qaeda Franchise
- Nationalist groups e.g. Dissident Irish Republican Groups
- State sponsored groups e.g. Lebanese Hezbollah
� Single issue extremists- Animal rights extremists
- Anti-capitalist/anti-globalisation
4
- Anti-capitalist/anti-globalisation
- Extreme environmentalist
� Cults
� Fixated individuals/’lone wolves’
� Excluded from this list is organised/serious crime
Extremist Intent� Terrorism
- Stretch security apparatus and force extraordinary (draconian) response
- Sap public patience and fortitude by maintaining atmosphere of uncertainty
- Generate support from sympathetic groups (recruits and funding)
- Propagate extremist ideology
� Single issue extremists
- Force employee and consumer fears to affect viability of research
- Propagate narrow and nihilist view of modern commerce and science
5
- Propagate narrow and nihilist view of modern commerce and science
� Cults
- Attack despised icons and undertake anything that propagates their
message/prophecies (e.g. Aum Shinrikyo)
� Lone wolves/fixated individuals
- Any of the above, but with distinctly sociopathic approach (e.g. Unabomber)
Built-environment Risk Attractants
� Mass transit systems (including airports)
� Critical national infrastructure
� Government buildings
� Business districts
� Iconic structures
6
� Iconic structures
� Research and Development
� Places of entertainment
� Sports venues
� High capacity retail centres
Built Environment Characteristics
� Normally need to be accessed by many people and services during the day – very user permissive
� Capable guardian numbers are generally small in relation to other space user populations
� They normally have predictable diurnal cycles
� There are back-of-house areas
7
� There are back-of-house areas
� They are contiguous with public streets with good mobility corridors (vehicle and pedestrian)
� Technical surveillance challenged in crowded multi-function spaces.
Extremist Attack Typologies
WeaponsSmall arms
Edged weapons
Stand-off/long range
Replicas/gas operated
ExplosivesPerson borne
Vehicle borne
Cargo/packages
Hand placed
Dangerous
SubstancesChemical
Biological
Radiological
Attack Manifestation
� Terrorism – IEDs and commando-style attacks
� Violent demonstrations transitioning to rioting
� Non-violent direct action – e.g. building occupation
� Hostage/kidnap
� Arson
9
� Arson
� Criminal damage – coordinated vandalism
� Intimidation of staff, supply chain and clients
� Cyber attack – operational continuity and reputational damage.
Key principles in the planning & design
process
10
A Risk-led and Iterative Process is Needed
Threat and Risk
Assessment
Risk Mitigations Selected
Mitigation Assessed
11
Cost Benefit Analysis
Performance Specifications
� Threat is more than just people being horrid
The Security Risk Calculus
Threat Likelihood Impact Risk
� Threat is more than just people being horrid
Assessing the Credibility of Threat
IntentIntentAccessAccess
Targeting Targeting
intelligenceintelligence
Facilitation/Facilitation/
assistanceassistance
MotivationsMotivations
ObjectivesObjectives
AudiencesAudiences
CapabilityCapabilityManpowerManpower
FinancialFinancial
MaterialsMaterials
TrainingTraining
The Security Risk Calculus
Threat Likelihood Impact Risk
� Threat is more than just people being horrid
� Absolute likelihood is normally an intelligence-led process and
therefore is purview of government agencies – that said some
relative likelihoods can be derived
� Impact is an owner/operator-driven audit where vulnerability
and value of assets are analysed, offering an order of
protective security requirement
� Threat is more than just people being horrid
Serious Impact
An Example of Relative Threats Analysis
Nuisance Terrorism
Workplace Intimidation ArsonCriminal damage
Minor Impact
Civil Disorder Violence
More Likely Less Likely
Mitigation Costs
Design Basis Threats
� In the absence of absolutes in extremism risk, one must resort
to something quantifiable that is associated with the design
intent – i.e. a design basis threat (DBT)
� A DBT is the threat (more specifically the tactics and
weapons) against which a built environment must be
protected from and therefore the core of security and
16
resilience design
� These are not fixed and must be subjected to regular and
rigorous review throughout the design phases
� Critically the DBTs should be tested in any value-engineering
process – they cost a lot of money!
An Example DBT Scalar� Nuisance, fixated individual and investigative journalist/paparazzi – most likely
� Criminal – high to medium likelihood:
- Property damage vandalism
- Theft from motor vehicles
- Insider threat – theft of stock/guest property
- Theft of motor vehicle
- Burglary
- Robbery
� Civil Disorder – medium likelihood (short duration)
17
� Civil Disorder – medium likelihood (short duration)
� Kidnap – low likelihood
� Terrorism – low to very low likelihood:
- The compact person-borne IED – maximum 2 kg of HE in a reception challenge area
- The emplaced IED – maximum 20 kg of HE likely at building demise
- Use of military small arms and munitions in commando-style attack
- The vehicle-borne IED – maximum 100 kg of high explosive (HE)
� Use of toxic or lethal chemicals/materials – negligible threat.
Risk Appetite in Protective Security
� Risk appetite, at the organisational level, is the amount of risk
Risk Appetite – Bottom Line
Threat Likelihood Impact Risk
� Risk appetite, at the organisational level, is the amount of risk
exposure, or potential adverse impact from an event, that the
organisation is willing to accept/retain. (Mark Carey - Deloitte
& Touche LLP)
� An economically-conditioned balance between maintaining
profitability, while not facing reputational exposure through
culpable risk-mitigation failure. (Me)
Questions that might guide Risk Appetite
� Identify headline risk impacts – life safety, economic reinstatement or reputation
� What adjacencies might increase or decrease risks?
� What are the acceptable norms for protecting the space in its operational context and is there an extant security milieu that offers a benchmark?
20
extant security milieu that offers a benchmark?
� What design basis threats are likely to remain beyond sensible (cost-effective) mitigation?
� What risks can be treated, transferred, terminated and what is left to tolerate – the latter lies at the core of risk appetite?
The Implications for Built-environment
Design
The implications for designers and owners
� You cannot mitigate everything so figure out what you can handle
as risk appetite – challenging with extreme threats
� Doing nothing is not an option – but sufficiency is linked to risk
appetite
� Get a risk assessment done and look for one that can offer
deductions for best fit against form, function and budget
22
� Scalability – space and services (think futures)
� Have an audit trail for what was agreed on and why
� Do it early because security as an afterthought is ugly and
expensive
� Think about balances between security technology and operations
Unintended Consequences
� Conflict with the design aesthetic – architects do not like security engineering and will resist it
� Site user convenience
� Social exclusion
� Failure to keep open security network architectures
23
� Failure to keep open security network architectures will cost you eventually.
Conclusions
24
� Spend time on a threat and risk analysis – make it part of an
all risks approach
� In examining asset vulnerability do put realistic figures
against the less tangible:
- Lost business days
- Reputation, image etc
Key Takeaways
- Staff disaffection
- Costs to reinstate operations
� Think of security as an operational resilience enabler
� In developing risk appetite, do so in an intelligent way,
understand the genuine implications of: treating, terminating,
transferring and tolerating risk.
Our Approach
Summary
� Develop an understanding of risk appetite – this can be complex
i.e. owner, tenants and even local authorities will have a say
� Have a threat and risk analysis done early and that must inform a
project security strategy and master-plan
� Get a small security specifications team (which must include the
designers set up to war game security effects on design and
building operability)
27
building operability)
� Engage police advisors early – CTSAs and ALOs are far more
amenable to if they have been involved in the project early
� In value engineering exercises do explore unintended
consequences of trimming away security and record this
� Think security early as afterthoughts are ugly and expensive
Useful Sources of Advice
� Local police counter terrorism security advisor (CTSA)
� National Counter Terrorism Security Office guides
� Cabinet Office’s National Risk Register
� US FEMA Risk Management Booklet 430 (2007)
28
� British Council of Offices guide on securing offices
� ASIS
� The UK’s Security Institute
� Chartered and registered consultants.
Any Questions?