From the point of view of a Safety, Security, Defense,
Emergency and Crisis management (SSDEC) professionals, events are disasters in
reverse. The chaotic planning, resourcing, and implementation of response to a
disaster happens the second it begins, where security personnel are required to
know the date, time, approximately who will attend, crowd size, and the level
of interest in the event. In order to minimize disasters, event planning
reverses that cycle and the outcome will be anticipated.
Event planners over the centuries have focused mainly on
communicating the mission or purpose of the event. For example, the International Olympic
movement was designed to promote international understanding using athletic
competition. Concerts, sporting
contests, international congresses, and annual celebrations must now evolve and
adapt to the reality that the participants might include those with bad
intentions.
Events of any scale and significance are considered as soft
targets, because the venues are meant to be open to the public who gather
masses, which makes it relatively unprotected and more vulnerable to attacks by
criminals, terrorists, or worse. My expertise entails planning for what I call
Reputational Events (REs) that are meant to capture the attention of more than
just the participants. Communities,
sports teams, even companies around the globe host open, un-ticketed, free
events that draw crowds for various purposes such as establishing their brand, their reputation, or
attracting tourist business. Massive
crowds are constantly expected in such events, and accordingly a high security
presence similar to what one would one encounter at an airport is not
necessarily the image event planners want to portray during the event.
Two Case Studies
1-
The Address Hotel Fire; Dubai, UAE, December 31, 2015
Ninety minutes before the beginning of the annual Gregorian
calendar New Year’s Eve celebration, the Address Hotel adjacent to the Burj
Khalifa, the world’s highest man-made structure, caught fire. The external cladding of the hotel was
accidentally ignited and began to rise up the exterior of the building. The hotel management quickly put their fire
response plan into place, evacuated the hotel, and worked with Dubai Civil
Defense to contain the fire.
Dubai SSDEC agencies were already onsite because of the
security procedures in place for the annual fireworks display, which falls
under the category of being an RE for Dubai and is watched globally. Critical
decisions were taken quickly to protect hotel guests and the 100,000 + people
in the Burj Khalifa basin waiting for the fireworks. The decision was to proceed
with the fireworks show, but move some crowds near the back of the hotel as a
precaution.
The event was planned beforehand in coordination between the
private and public sectors including security, fire planning, and an on-scene
incident command including members of the Royal Family was in place. This fire
was a rare incident but not an
unexpected one as evidenced by hotel fire detection/suppression systems,
evacuation planning, and building codes that support emergency evacuation
required by UAE law and as practiced by reputable hotel chains.
Key impressions from this incident reveal a high-level pre-event
coordination, which minimized the surprise factor. Building fires were probably considered as a
possibility, but with low likelihood.
Their SSDEC response plan was in place, and when something unplanned
occurred, they adapted it to potential consequences, which minimized the
losses, and ensured the safety of the participants.
2-
The Route 91 Harvest Concert Mass
Shooting in Las Vegas, Nevada, USA, October 2, 2017
The Route 91 Harvest Concert was an open-air event whose
only purpose was entertainment. Steven
Paddock, a mentally disturbed man planned and executed an attack from the 32nd
floor of a hotel across the street from the concert. He carried out the crime using legally purchased weapons, ammunition,
and devices that speeded up the firing rate of the seventeen weapons he had in his
hotel room. He extinguished the lives of 58 people and injured over 500 others in
nine minutes. He committed suicide
before special units from local and federal law enforcement could apprehend
him. It was the largest mass casualty event in Las Vegas and US history
Similar to the Address Hotel Fire, there were no significant
warnings. The Las Vegas shooter did not broadcast his intentions, and his
motivations are still being investigated. His family and friends were unaware of his
detailed planning, that included searching for other events in Chicago and
Boston. He did not have a social media presence that may have helped predict his
intentions. The gun dealers who legally
sold him the deadly tools did not have any reason to suspect his mental health
or even guess his intentions.
Las Vegas public safety and security agencies responded
quickly, and many were onsite for the ground level security of the concert,
which included bag searches for weapons or other contraband. The concert was in proximity to two major
hotels, and right in the downtown area near civil defense and police stations
and medical facilities. SSDEC units
responded quickly to neutralize the suspect, stabilize the scene, and with the
help of volunteers, triage, treat, and transport the wounded. [1]
However, in this event the security personnel were not able to predict that someone would
smash out a window high above the concert to slaughter fellow Americans.
Anticipation of Random Incidents
Mr. Paddock’s killing rampage could be classified as “black
swan” event; something so random that security forces would be unable to assess
it as a risk. Nassim Nicholas Taleb, a risk analyst, utilized the Black Swan
concept [2]
to assess unexpected events in financial markets. This concept is applicable as well in the
security field especially in the SSDEC event planning.
Risk Management
Event SSDEC planning seeks to reduce the impact of likely
incidents and have an adaptable response capability to address the Black
Swans. The preparation for any event has
to anticipate the crowd size, its make-up and its needs throughout the
event. Such procedures include safe and
secure access to the event, medical treatment in case of accidents, security
monitoring, and safe egress from the event at its conclusion. Planners have to
consider every movement of the crowds, the time of day, time of year especially
in beachside desert climate that requires personal hydration throughout the
year.
The sponsors of the event and relevant SSDEC agencies need to
assess the risk, and coordinate appropriate SSDEC measures and a response
operation that balance the mission of the event with the need to protect its
participations and the reputation of the sponsors. Risk Management further entails putting the right safety, security, and
accident reduction measures into place including ticketing, identification
requirements, public safety kiosks and evacuation maps.
Prevention and Preparation
In the Route 91 scenario, two procedures could have
prevented or at least minimized the losses caused by such an incident. First,
screening guests’ luggage is a standard procedure at most hotels. Accordingly,
they would have detected Paddock’s weapons and reported him. Any hotel manager is wary of such draconian
security, especially in the case of return guests like Mr. Paddock. Yet, in
this case, his luggage may not have been searched because of his elite status at
the hotel.
The second procedure that need to be addressed or modified
is concerning gun regulations or hotel policy about storing weapons on property,
that may also would have reduced impact
of such incidents.
Preparing for a black swan event will not be the focal point
of risk assessment; the high-impact/high likelihood threats and risks are.
However, planning for black swans can be a useful tool to improve the event
planning team’s cohesiveness and adaptive capabilities. There are a few methods
to use in the lead up to an event:
- Exercises/
Validation: Table top or functional
exercises that use various high impact/ low probability scenarios or black
swans can help security personnel to develop SSDEC event plans, or test
the ones to be executed. It gets all
stakeholders to start thinking about other possibilities. It also teaches
them to adapt quickly.
- Learn Other People’s
Lessons (OPLs): When developing
SSDEC plans, review the lessons learned from other incidents depending on
the scope and mission of the upcoming event. There are dozens of case studies that we
use at Rabdan Academy, UAE, for this purpose. Some examples include the 1996
Summer Olympics, the Mumbai Hotel attacks, the Boston Marathon bombing,
recent European terror attacks using trucks and knives, and the two previously
mentioned case studies. SSDEC
planners should be able to review those incidents and see if the
anticipated plans need to consider OPLs.
Risk Acceptance
The UAE Business Continuity Management
(BCM) standard defines risk acceptance as “The extent to which an organization
can afford to accept risks and mitigate them.”[3] Culture, economy, the tourist
industry, and sharing your local/national culture with large events’ planners
are accepting the risk that the unthinkable may happen again. The only way to
completely mitigate the risk is to limit the occurrence of these events. The
consequence of that is to withdraw from one another and stay glued to our
screens. Our global community cannot afford that impact on society and peace in
general. Yet, with appropriate preparation
and prevention, it is affordable to minimize the occurrence of such risks or
address them efficiently when they occur.
[1] Belson, Ken, et al. “A Burst of Gunfire, a Pause, Then
Carnage in Las Vegas That Would Not Stop.” The New York Times, The New York
Times, 2 Oct. 2017,
www.nytimes.com/2017/10/02/us/las-vegas-shooting-live-updates.html?action=click&contentCollection=U.S.&module=RelatedCoverage®ion=EndOfArticle&pgtype=article
[2] Taleb,
Nassim N., The Black Swan, Random House Publishing Group, Apr 17, 2007
[3] UAE BCM Standard 7000, 2015