Countering Violent Extremism in Urban Environments through Design

Chris Tomlinson BSc (Hons) MSc FSyI

Arup Resilience, Security and Risk

My Agenda

� Where is violent extremism likely to develop in urban environments?

� Key principles that should be considered early in the planning and design process

� What are the implications for those who design and own built space?

2

� What are the implications for those who design and own built space?

� It is inevitably UK-centric view, although I stress we have successfully adopted the approach overseas, with a bit of ‘tweaking’

The Anatomy of Violent Extremism

Violent Extremism

� ‘Traditional Terrorism’- Islamist groups e.g. the Al Qaeda Franchise

- Nationalist groups e.g. Dissident Irish Republican Groups

- State sponsored groups e.g. Lebanese Hezbollah

� Single issue extremists- Animal rights extremists

- Anti-capitalist/anti-globalisation

4

- Anti-capitalist/anti-globalisation

- Extreme environmentalist

� Cults

� Fixated individuals/’lone wolves’

� Excluded from this list is organised/serious crime

Extremist Intent� Terrorism

- Stretch security apparatus and force extraordinary (draconian) response

- Sap public patience and fortitude by maintaining atmosphere of uncertainty

- Generate support from sympathetic groups (recruits and funding)

- Propagate extremist ideology

� Single issue extremists

- Force employee and consumer fears to affect viability of research

- Propagate narrow and nihilist view of modern commerce and science

5

- Propagate narrow and nihilist view of modern commerce and science

� Cults

- Attack despised icons and undertake anything that propagates their

message/prophecies (e.g. Aum Shinrikyo)

� Lone wolves/fixated individuals

- Any of the above, but with distinctly sociopathic approach (e.g. Unabomber)

Built-environment Risk Attractants

� Mass transit systems (including airports)

� Critical national infrastructure

� Government buildings

� Business districts

� Iconic structures

6

� Iconic structures

� Research and Development

� Places of entertainment

� Sports venues

� High capacity retail centres

Built Environment Characteristics

� Normally need to be accessed by many people and services during the day – very user permissive

� Capable guardian numbers are generally small in relation to other space user populations

� They normally have predictable diurnal cycles

� There are back-of-house areas

7

� There are back-of-house areas

� They are contiguous with public streets with good mobility corridors (vehicle and pedestrian)

� Technical surveillance challenged in crowded multi-function spaces.

Extremist Attack Typologies

WeaponsSmall arms

Edged weapons

Stand-off/long range

Replicas/gas operated

ExplosivesPerson borne

Vehicle borne

Cargo/packages

Hand placed

Dangerous

SubstancesChemical

Biological

Radiological

Attack Manifestation

� Terrorism – IEDs and commando-style attacks

� Violent demonstrations transitioning to rioting

� Non-violent direct action – e.g. building occupation

� Hostage/kidnap

� Arson

9

� Arson

� Criminal damage – coordinated vandalism

� Intimidation of staff, supply chain and clients

� Cyber attack – operational continuity and reputational damage.

Key principles in the planning & design

process

10

A Risk-led and Iterative Process is Needed

Threat and Risk

Assessment

Risk Mitigations Selected

Mitigation Assessed

11

Cost Benefit Analysis

Performance Specifications

� Threat is more than just people being horrid

The Security Risk Calculus

Threat Likelihood Impact Risk

� Threat is more than just people being horrid

Assessing the Credibility of Threat

IntentIntentAccessAccess

Targeting Targeting

intelligenceintelligence

Facilitation/Facilitation/

assistanceassistance

MotivationsMotivations

ObjectivesObjectives

AudiencesAudiences

CapabilityCapabilityManpowerManpower

FinancialFinancial

MaterialsMaterials

TrainingTraining

The Security Risk Calculus

Threat Likelihood Impact Risk

� Threat is more than just people being horrid

� Absolute likelihood is normally an intelligence-led process and

therefore is purview of government agencies – that said some

relative likelihoods can be derived

� Impact is an owner/operator-driven audit where vulnerability

and value of assets are analysed, offering an order of

protective security requirement

� Threat is more than just people being horrid

Serious Impact

An Example of Relative Threats Analysis

Nuisance Terrorism

Workplace Intimidation ArsonCriminal damage

Minor Impact

Civil Disorder Violence

More Likely Less Likely

Mitigation Costs

Design Basis Threats

� In the absence of absolutes in extremism risk, one must resort

to something quantifiable that is associated with the design

intent – i.e. a design basis threat (DBT)

� A DBT is the threat (more specifically the tactics and

weapons) against which a built environment must be

protected from and therefore the core of security and

16

resilience design

� These are not fixed and must be subjected to regular and

rigorous review throughout the design phases

� Critically the DBTs should be tested in any value-engineering

process – they cost a lot of money!

An Example DBT Scalar� Nuisance, fixated individual and investigative journalist/paparazzi – most likely

� Criminal – high to medium likelihood:

- Property damage vandalism

- Theft from motor vehicles

- Insider threat – theft of stock/guest property

- Theft of motor vehicle

- Burglary

- Robbery

� Civil Disorder – medium likelihood (short duration)

17

� Civil Disorder – medium likelihood (short duration)

� Kidnap – low likelihood

� Terrorism – low to very low likelihood:

- The compact person-borne IED – maximum 2 kg of HE in a reception challenge area

- The emplaced IED – maximum 20 kg of HE likely at building demise

- Use of military small arms and munitions in commando-style attack

- The vehicle-borne IED – maximum 100 kg of high explosive (HE)

� Use of toxic or lethal chemicals/materials – negligible threat.

Risk Appetite in Protective Security

� Risk appetite, at the organisational level, is the amount of risk

Risk Appetite – Bottom Line

Threat Likelihood Impact Risk

� Risk appetite, at the organisational level, is the amount of risk

exposure, or potential adverse impact from an event, that the

organisation is willing to accept/retain. (Mark Carey - Deloitte

& Touche LLP)

� An economically-conditioned balance between maintaining

profitability, while not facing reputational exposure through

culpable risk-mitigation failure. (Me)

Questions that might guide Risk Appetite

� Identify headline risk impacts – life safety, economic reinstatement or reputation

� What adjacencies might increase or decrease risks?

� What are the acceptable norms for protecting the space in its operational context and is there an extant security milieu that offers a benchmark?

20

extant security milieu that offers a benchmark?

� What design basis threats are likely to remain beyond sensible (cost-effective) mitigation?

� What risks can be treated, transferred, terminated and what is left to tolerate – the latter lies at the core of risk appetite?

The Implications for Built-environment

Design

The implications for designers and owners

� You cannot mitigate everything so figure out what you can handle

as risk appetite – challenging with extreme threats

� Doing nothing is not an option – but sufficiency is linked to risk

appetite

� Get a risk assessment done and look for one that can offer

deductions for best fit against form, function and budget

22

� Scalability – space and services (think futures)

� Have an audit trail for what was agreed on and why

� Do it early because security as an afterthought is ugly and

expensive

� Think about balances between security technology and operations

Unintended Consequences

� Conflict with the design aesthetic – architects do not like security engineering and will resist it

� Site user convenience

� Social exclusion

� Failure to keep open security network architectures

23

� Failure to keep open security network architectures will cost you eventually.

Conclusions

24

� Spend time on a threat and risk analysis – make it part of an

all risks approach

� In examining asset vulnerability do put realistic figures

against the less tangible:

- Lost business days

- Reputation, image etc

Key Takeaways

- Staff disaffection

- Costs to reinstate operations

� Think of security as an operational resilience enabler

� In developing risk appetite, do so in an intelligent way,

understand the genuine implications of: treating, terminating,

transferring and tolerating risk.

Our Approach

Summary

� Develop an understanding of risk appetite – this can be complex

i.e. owner, tenants and even local authorities will have a say

� Have a threat and risk analysis done early and that must inform a

project security strategy and master-plan

� Get a small security specifications team (which must include the

designers set up to war game security effects on design and

building operability)

27

building operability)

� Engage police advisors early – CTSAs and ALOs are far more

amenable to if they have been involved in the project early

� In value engineering exercises do explore unintended

consequences of trimming away security and record this

� Think security early as afterthoughts are ugly and expensive

Useful Sources of Advice

� Local police counter terrorism security advisor (CTSA)

� National Counter Terrorism Security Office guides

� Cabinet Office’s National Risk Register

� US FEMA Risk Management Booklet 430 (2007)

28

� British Council of Offices guide on securing offices

� ASIS

� The UK’s Security Institute

� Chartered and registered consultants.

Any Questions?

chris.tomlinson@arup.com