From the point of view of a Safety, Security, Defense, Emergency and Crisis management (SSDEC) professionals, events are disasters in reverse. The chaotic planning, resourcing, and implementation of response to a disaster happens the second it begins, where security personnel are required to know the date, time, approximately who will attend, crowd size, and the level of interest in the event. In order to minimize disasters, event planning reverses that cycle and the outcome will be anticipated.

Event planners over the centuries have focused mainly on communicating the mission or purpose of the event.  For example, the International Olympic movement was designed to promote international understanding using athletic competition.  Concerts, sporting contests, international congresses, and annual celebrations must now evolve and adapt to the reality that the participants might include those with bad intentions.

Events of any scale and significance are considered as soft targets, because the venues are meant to be open to the public who gather masses, which makes it relatively unprotected and more vulnerable to attacks by criminals, terrorists, or worse.   My expertise entails planning for what I call Reputational Events (REs) that are meant to capture the attention of more than just the participants.  Communities, sports teams, even companies around the globe host open, un-ticketed, free events that draw crowds for various purposes such as  establishing their brand, their reputation, or attracting tourist business.  Massive crowds are constantly expected in such events, and accordingly a high security presence similar to what one would one encounter at an airport is not necessarily the image event planners want to portray during the event. 

Two Case Studies

1-      The Address Hotel Fire; Dubai, UAE, December 31, 2015

Ninety minutes before the beginning of the annual Gregorian calendar New Year’s Eve celebration, the Address Hotel adjacent to the Burj Khalifa, the world’s highest man-made structure, caught fire.  The external cladding of the hotel was accidentally ignited and began to rise up the exterior of the building.  The hotel management quickly put their fire response plan into place, evacuated the hotel, and worked with Dubai Civil Defense to contain the fire.

Dubai SSDEC agencies were already onsite because of the security procedures in place for the annual fireworks display, which falls under the category of being an RE for Dubai and is watched globally. Critical decisions were taken quickly to protect hotel guests and the 100,000 + people in the Burj Khalifa basin waiting for the fireworks. The decision was to proceed with the fireworks show, but move some crowds near the back of the hotel as a precaution. 

The event was planned beforehand in coordination between the private and public sectors including security, fire planning, and an on-scene incident command including members of the Royal Family was in place. This fire was a rare incident  but not an unexpected one as evidenced by hotel fire detection/suppression systems, evacuation planning, and building codes that support emergency evacuation required by UAE law and as practiced by reputable hotel chains. 

Key impressions from this incident reveal a high-level pre-event coordination, which minimized the surprise factor.  Building fires were probably considered as a possibility, but with low likelihood.  Their SSDEC response plan was in place, and when something unplanned occurred, they adapted it to potential consequences, which minimized the losses, and ensured the safety of the participants.

2-      The Route 91 Harvest Concert Mass Shooting in Las Vegas, Nevada, USA, October 2, 2017

The Route 91 Harvest Concert was an open-air event whose only purpose was entertainment.  Steven Paddock, a mentally disturbed man planned and executed an attack from the 32^nd floor of a hotel across the street from the concert. He carried out the crime  using legally purchased weapons, ammunition, and devices that speeded up the firing rate of the seventeen weapons he had in his hotel room. He extinguished the lives of 58 people and injured over 500 others in nine minutes. He committed suicide before special units from local and federal law enforcement could apprehend him. It was the largest mass casualty event in Las Vegas and US history

Similar to the Address Hotel Fire, there were no significant warnings. The Las Vegas shooter did not broadcast his intentions, and his motivations are still being investigated.  His family and friends were unaware of his detailed planning, that included searching for other events in Chicago and Boston. He did not have a social media presence that may have helped predict his intentions.  The gun dealers who legally sold him the deadly tools did not have any reason to suspect his mental health or even guess his intentions. 

Las Vegas public safety and security agencies responded quickly, and many were onsite for the ground level security of the concert, which included bag searches for weapons or other contraband.  The concert was in proximity to two major hotels, and right in the downtown area near civil defense and police stations and medical facilities.  SSDEC units responded quickly to neutralize the suspect, stabilize the scene, and with the help of volunteers, triage, treat, and transport the wounded.  ^[1] However, in this event the security personnel  were not able to predict that someone would smash out a window high above the concert to slaughter fellow Americans.

Anticipation of Random Incidents

Mr. Paddock’s killing rampage could be classified as “black swan” event; something so random that security forces would be unable to assess it as a risk. Nassim Nicholas Taleb, a risk analyst, utilized the Black Swan concept ^[2] to assess unexpected events in financial markets.  This concept is applicable as well in the security field especially in the SSDEC event planning.

Risk Management

Event SSDEC planning seeks to reduce the impact of likely incidents and have an adaptable response capability to address the Black Swans.  The preparation for any event has to anticipate the crowd size, its make-up and its needs throughout the event.  Such procedures include safe and secure access to the event, medical treatment in case of accidents, security monitoring, and safe egress from the event at its conclusion. Planners have to consider every movement of the crowds, the time of day, time of year especially in beachside desert climate that requires personal hydration throughout the year.

The sponsors of the event and relevant SSDEC agencies need to assess the risk, and coordinate appropriate SSDEC measures and a response operation that balance the mission of the event with the need to protect its participations and the reputation of the sponsors.  Risk Management further entails  putting the right safety, security, and accident reduction measures into place including ticketing, identification requirements, public safety kiosks and evacuation maps.

Prevention and Preparation

In the Route 91 scenario, two procedures could have prevented or at least minimized the losses caused by such an incident. First, screening guests’ luggage is a standard procedure at most hotels. Accordingly, they would have detected Paddock’s weapons and reported him.  Any hotel manager is wary of such draconian security, especially in the case of return guests like Mr. Paddock. Yet, in this case, his luggage may not have been searched because of his elite status at the hotel.

The second procedure that need to be addressed or modified is concerning gun regulations or hotel policy about storing weapons on property, that  may also would have reduced impact of such incidents.

Preparing for a black swan event will not be the focal point of risk assessment; the high-impact/high likelihood threats and risks are. However, planning for black swans can be a useful tool to improve the event planning team’s cohesiveness and adaptive capabilities. There are a few methods to use in the lead up to an event:

1. Exercises/ Validation:  Table top or functional exercises that use various high impact/ low probability scenarios or black swans can help security personnel to develop SSDEC event plans, or test the ones to be executed.  It gets all stakeholders to start thinking about other possibilities. It also teaches them to adapt quickly.
2. Learn Other People’s Lessons (OPLs):  When developing SSDEC plans, review the lessons learned from other incidents depending on the scope and mission of the upcoming event.  There are dozens of case studies that we use at Rabdan Academy, UAE, for this purpose. Some examples include the 1996 Summer Olympics, the Mumbai Hotel attacks, the Boston Marathon bombing, recent European terror attacks using trucks and knives, and the two previously mentioned case studies.  SSDEC planners should be able to review those incidents and see if the anticipated plans need to consider OPLs.

Risk Acceptance

The UAE Business Continuity Management (BCM) standard defines risk acceptance as “The extent to which an organization can afford to accept risks and mitigate them.”^[3] Culture, economy, the tourist industry, and sharing your local/national culture with large events’ planners are accepting the risk that the unthinkable may happen again. The only way to completely mitigate the risk is to limit the occurrence of these events. The consequence of that is to withdraw from one another and stay glued to our screens. Our global community cannot afford that impact on society and peace in general.  Yet, with appropriate preparation and prevention, it is affordable to minimize the occurrence of such risks or address them efficiently when they occur.