Although vehicle attacks have gained media attention recently, the biggest concern for security consultants remains the “active shooter,” and architects have to plan ways to limit access into a building, while not compromising ease of egress for those already inside. “The problem is, you have to have a way to exit the building no matter what,” Tyman says. “The codes in place haven’t caught up to the active shooter situation.”
Shot detector technology can instantly locate an attack, Duda says, and automated locks can keep a shooter from reaching other rooms or buildings — but he adds that such systems should always leave an exit route for the gunman, too. A security review also needs to include the building’s backup generators, he says, to ensure that the sophisticated technology works if an attack cuts off the main power source.
The best design, however, will be little use without good operational training. If an employee is fired, Tyman says, the security guards need to be told and to have a picture of the person. Similar precautions might be taken if an employee has a restraining order against his or her spouse. Doors and elevators can be programmed to admit emergency personnel without IDs, but not others. And building automation systems can lock down access to doors or to affected parts of a building.
Building security staff need effective partnerships with both the human resources departments of the building’s tenants and with law enforcement. Security guards should be trained to look for patterns, Ahrens says, because if anyone is plotting this type of attack, “they’re going to do some reconnaissance first,” even something as simple as circling repeatedly in a car.
Aside from security workers, everyone in an office could benefit from knowing some basics, Ahrens says. If an office worker hears screams, for instance, the natural impulse is to walk or run toward the sound to see what’s happening. Employees need to be trained to be cautious. An effective mass notification system is also important, whether it uses text alerts, phone messages, or loudspeakers. Such a system needs to be tested regularly, and workers also need to know not to pull the fire alarm for other kinds of problems, because “if you’re evacuating into the lobby with a bad guy, that’s not necessarily a good thing,” says Ahrens.
Duda agrees that all new employees should be given basic security training, including responses for fires, tornados or hurricanes, cybersecurity (a whole other threat in itself), and active shooters. Most attacks, whether by vehicle or gun, are over within a minute or two, he says, but relaying details afterward is another reason to have a robust mass notification system.
Further training is necessary for receptionists and anyone else dealing with the public, Ahrens says. If a threat presents itself, BAS controls are available to not only alert emergency personnel, but also to stop all elevators coming to the first floor. Similar features can lock every door in a building to entry, while still allowing exit.
“Communication and knowledge are key,” Ahrens says. Role-play training, encouraging participants to think of creative solutions to a problem, can be helpful, too, he says. And that requires the cooperation and participation of human resources.
Part of effective training, however, is identifying the risks that a particular building or company is likely to face. “Risks vary according to who is in the building,” Duda says. “That might make more difference than where the building is.”
Duda’s firm uses crime data from the FBI and ASIS, the association of security professionals, to assess threats for “a particular client at a particular time” and design protection systems accordingly.
Tyman says that the financial sector is particularly concerned about attacks, but other types of office buildings, as well as college campuses, are becoming more apprehensive. But, he says, many institutions don’t have the budget for state-of-the-art security systems. So organizations should prioritize more likely scenarios and less expensive fixes, such as filmed glass that will collapse without shattering when shot.
Ahrens agrees that sophisticated new systems are costly and organizations need to consider their likelihood of being a target. But it is hard to predict something like a disgruntled employee, or the potential copycat gunman who hears news accounts of other incidents “and thinks to himself, ‘what can I do to make an attack worse?’”
Anticipating a future attack is something of a chess game, Ahrens says, as security designers try to imagine how a terrorist might look for weaknesses. “Sometimes it’s very easy: Don’t put people here, put them over here. If it’s a festival in a park, don’t use the unsecured part of the park.”
In assessing threat levels, Tyman says, organizations have to consider the possible consequences of both monetary losses and damage to reputation. As an example, he pointed to One World Trade Center in New York — objectively, one of the safest buildings in the world, but still 30 percent vacant. “The specter of the 9/11 attacks may never go away,” Tyman says. “I can’t stress enough that the psychological impact should not be ignored.”
David Lewellen is a freelance writer based in Glendale, Wis.
Email comments to firstname.lastname@example.org.
Vehicle Attacks Among Several New Security Threats
Active Shooter Remains Biggest Security Threat for FMs