Event security in the wake of the Manchester attack

June 2017

The May 22 attack against concert-goers in Manchester is the latest in a string of attacks that combine evolving themes in transnational terrorism with attackers in Western Europe and the United States who are either directed or inspired to act in their local community environments. For local law enforcement and private entities in areas that were previously considered “off the beaten path” of terror attacks, recent jihadist tactics continue to present challenges.  As a high-profile mass casualty bombing against a crowded venue, the Manchester attack represents an additional layer to that challenge, especially for those who are responsible for securing large civic and corporate events.

To tackle this, security leaders with those exposures should take a nuanced and targeted approach to threat assessment, monitoring and intelligence sharing. Those in the private sector should also look to capitalize on subtle mitigation techniques that have been proven successful in the large government-led national event space; such measures include large-scale behavioral surveillance and bystander reporting.  An intelligence-led program that combines hard  and soft mitigation measures is the best approach to maximizing security while controlling costs and limiting impact on operations and attendees.

Sophisticated propaganda and unsophisticated attacks

Over the past two to three years, terrorist attacks in the West driven by Islamist extremist ideology experienced a shift in targeting patterns and modus operandi. The growing sophistication of vernacular online propaganda by groups like the Islamic State (IS), and to a lesser extent Al Qaeda (AQ), was accompanied by a growing spread of mostly unsophisticated attacks. While attacks in Paris and Brussels exhibited higher degrees of planning and coordination, some of the most notorious attacks including in Orlando, Nice, Berlin, London, San Bernadino and Stockholm were carried out using bladed weapons, firearms and/or the most banal of terrorist weapons: motor vehicles. Between 2014 and 2016, Control Risks’ statistics suggest that more than 80% of attacks by Islamist extremists were carried out using these weapons.

The parallels to Manchester are clear: as in any of the above cases, the target was what is often referred to as “soft,” which is to say not a military or government target, but ordinary people. “Soft targets” have become particularly attractive to terrorist groups as they arguably elicit the most vehement and intense reactions from terrified citizens. In addition, attacks have been carried out in public spaces, which are as difficult for the security forces to protect as they are easy for terrorists to target. In Manchester it appears that Salman Abedi, the 22-year-old Briton identified as the bomber, targeted concertgoers as they were leaving the arena, right outside of the venue’s security perimeter. Crucially, it can be assumed that Abedi was highly familiar with the location given his roots in the greater Manchester area.

In most of the cases mentioned above, attacks were carried out by either nationals of the respective country they targeted or people living there temporarily. More often than not, these people were known to the authorities but able to slip under the radar given insufficient resources to keep close tabs on all known Islamist radicals. Critically, as is so often the case, it is likely that those around Abedi failed (either deliberately or negligently) to notice and report the likely signs that this young man who was barely older than the average Ariana Grande fan himself was radicalizing and preparing for an unimaginable act of hatred and violence.

Military pressure on groups in the Levant, and terrorist backlash in the West

One thing that is remarkably different when comparing the Manchester attack to other recent cases, however, is the level of sophistication. Over the last year, international cooperation in the fight particularly against IS has yielded considerable results, including the imminent re-capture of the Iraqi city of Mosul, which was overrun by IS at the peak of its territorial expansion in 2014.  The resulting increase in pressure on the group has brought with it two key developments.

First, pressure on IS has resulted in a dispersion of the group’s members, with many highly experienced and trained former fighters making their way back to their home countries in Europe after months or years in training and/or on the battlefield. These experienced jihadists can either themselves participate in planning and carrying out attacks (as could be the case with Abedi, who apparently spent time in Libya and Syria), or serve as figureheads and motivators for other potential jihadists. This will be of particular concern in countries like Belgium, France, Germany and, to a lesser extent, the UK.

The second development is that the crackdown on IS has meant the group has stepped up its calls for supporters and sympathizers to strike back at the West. These calls have included the spread and growing sophistication of online propaganda, available in multiple relevant vernaculars. This increases the ease with which self-radicalized individuals can complete their journey towards extremism. They can also more easily acquire technical skills (e.g., for bomb making) or get inspiration for low-sophistication attacks. In the absence of large numbers of foreign-trained fighters returning to the US, this second dynamic is likely to be the most relevant here.

Taken together, these dynamics signal a likely increase in attacks in the near future. Firstly, we will see a growing number of former fighters able to spread propaganda, recruit new members or themselves carry out attacks, especially in Europe. Secondly, given the terrorist groups’ renewed propaganda, self-radicalized Islamist extremists will have even easier access to the information and skills required for planning and executing more sophisticated attacks, in Europe as well as in the US.

Public places will remain the preferred targets

As mentioned, striking soft targets such as public places has been, and will continue to be, at the heart of terrorists’ strategy. Abedi, too, appears to have chosen a location with which he was likely familiar, which is consistent with multiple instances of recent attacks by either lone actors or self-radicalized individuals across Europe and North America.  What is also interesting is Abedi’s precise choice of positioning: a choke point between the venue and the nearby mass transit hub, but most likely outside the ticketed area and therefore outside the main security perimeter of the event.  Large sports venues that sit outside of city centers, especially in the US, are often accessed by private vehicles and feature large outdoor parking areas. This means that choke points with high foot traffic still exist but these are often well within the main security perimeter and thus subject to greater control. Contrast that with major sports franchises and event companies working in venues in dense urban areas. The latter frequently have to work with security perimeters that are necessarily tight because of the confluence of other infrastructure and public spaces. This means that areas of dense visitor traffic exist outside of their area of greatest security control. The aftermath of the Manchester attack is therefore a good time, especially for those companies involved with sporting, entertainment or corporate events in urban areas, to re-think their approach.

Company responses to the shifting trends in global terror

The Manchester attack is the latest manifestation of the operational and risk management challenge facing not just sporting and concert events but also those charged with securing other public spaces, open corporate campuses, large executive meetings, employee retreats and other public or private company gatherings.  First, companies must recognize their role in relation to other stakeholders. While venue owners have clear responsibilities, organizers and hosts also have a duty of care to attendees and must ensure that risk management measures meet their standards. Even sponsors hold a reputational risk in the event of an incident.

In response to this evolving threat, companies – particularly those that host, manage, support and sponsor large events – will need a comprehensive assessment and mitigation approach that combines “back to basics” techniques with innovations in security risk management.  Companies should start by understanding changes in the threat environment and the resulting risks as they apply to their specific profile, activity and context.  Informed by new assessments and ongoing threat monitoring, they will need to review security plans and protocols and re-assess physical security measures – including procedures, physical design, staffing and technology.

Beyond these well-established measures, as the threat has evolved, so too have approaches to risk mitigation for venues and public spaces. In the corporate context, security management plans should now incorporate behavioral surveillance techniques and programs to recognize mobilization and pre-attack behaviors of individuals within large crowds.  Such programs must also include training and guidance to spur bystanders to recognize and report issues of concern.  These techniques are already being applied at national-level sporting and major event venues.  They are an important part of the risk management toolkit and can help organizers increase mitigation while balancing the potentially disruptive impacts of traditional security measures on the event and attendees.

Finally, those responsible for the venue and its attendees must be ready to respond in the event of an incident by drafting specific incident management plans, integrating them into existing crisis management protocols and conducting response team exercises using relevant risk scenarios.

Contributing authors:

  • Oliver Wack, Director, Global Risk Analysis, Control Risks
  • Bill Udell, Senior Partner, Crisis and Security Consulting, Control Risks
  • Matt Hinton, Principal, Crisis and Security Consulting, Control Risks
  • Mark Rossin, Associate Director, Crisis and Security Consulting, Control Risks

See Also

  • Kidnapping risk along the Belt and Road Initiative

    The Belt and Road Initiative (BRI) is an unprecedented opportunity to develop regional economic integration and maritime connectivity, but also presents a risk of kidnap-for-ransom.

  • Automotive Expert Brief: September 2017 - UK and Brexit

    In the months following the UK’s vote to leave the EU, the government gave assurances to Nissan that Brexit would not adversely affect its UK operations. However, nearly a year later, the automotive companies are becoming increasingly frustrated that those assurances have not translated into concrete agreements between the UK and the EU.