The IACSP’s Counter-Terrorism Journal V22N2

Page 1

Understanding Social Media As WMDs

Counter-Measures And The Active Shooter ISIS In America Trends In Terrorist Threats Against Sports Stadiums General Petraeus’ Five Take-Aways From The Middle East Conflicts IACSP Homeland Security Bookshelf

Summer Issue Vol. 22 No. 2 2016 Printed in the U.S.A. IACSP.COM


Save on the Latest Books for Security Professionals from CRC Press

CRC Press is a premier publisher of books on Counterterrorism and Security Management.

Visit www.crcpress.com to see our complete selection of titles and use promo code AWQ35 to receive a 25% DISCOUNT.

Sign up for our emails and get more special savings! Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


50 VIP Passes Available to Active Government, Military & Law Enforcement at No Cost!

November 1-3, 2016 Washington Hilton, Washington D.C.

Developing, Integrating, and Supporting Interagency Homeland Security Initiatives 3

Days

40

Speakers

350+

Attendees

10+ HOURS of Networking

GET YOUR PASS NOW! USE CODE 11HSW_IACSP_AD FOR 20% OFF STANDARD RATES

1-800-882-8684 | www.homelandsecurityweek.com | Enquiryiqpc@iqpc.com Sponsorship Opportunities Contact Dionne.Mariavaz@iqpc.com or call +1-646-378-6022


Vol. 22, No. 2 Summer 2016 IACSP Director of Operations Steven J. Fustero

Page 14

Associate Publisher Phil Friedman

Is ISIS In America Living Its American Dream?

Senior Editor Nancy Perry Contributing Editors Paul Davis Thomas B. Hunter Joshua Sinai

By John Gomez

Book Review Editor Jack Plaxe Research Director Gerry Keenan Conference Director John Dew

Page 34

Communications Director Craig O. Thompson

Warrior Cop Shot In Philadelphia:

Art Director Scott Dube, MAD4ART International

The Inherent Danger Police Officers Face On

Psychological CT Advisors Cherie Castellano, MA, CSW, LPC

The Front Lines In The War On Terrorism,

Counterintelligence Advisor Stanley I. White

by Paul Davis

South America Advisor Edward J. Maggio Homeland Security Advisor Col. David Gavigan

Page 6

SITREP, Terrorism Trends & Forecasts Second Half 2016

Page 8

Understanding Social Media As WMDs, by David Gewirtz

Page 12 General Petraeus’ Five Take-Aways From The Middle East, by Paul Davis

Page 18 Trends In Terrorists Threats Against Sports Stadiums And Arenas, by Dr. Joshua Sinai

Page 34 A Warrior Cop Shot In Philadelphia: The Inherent Danger Police

Officers Face On The Front Lines In The War On Terrorism,

by Paul Davis Cyber Attacks, by Jim Weiss and Mickey Davis

Security Driver Advisor Anthony Ricci, ADSI

Cell Phone Forensics Advisor Dr. Eamon P. Doherty IACSP Advisory Board John M. Peterson III John Dew Thomas Patire Cherie Castellano, MA, CSW, LPC Robert E. Thorn

CTSERF Research Professor David Gewirtz, M.Ed

IACSP Homeland Security Bookshelf, reviews by Dr. Joshua Sinai

PHOTO CREDITS: Reuters, DefenseImagery.mil Army.mil, Navy.mil, istockphoto.com, shutterstock.com and authors where applicable.

Journal of Counterterrorism & Homeland Security International

European Correspondent Elisabeth Peruci Middle East Correspondent Ali Koknar

Page 44 Secure Driver: Hydroplaning, by Anthony Ricci

THE JOURNAL OF COUNTERTERRORISM & HOMELAND SECURITY INT’L is published by SecureWorldnet, Ltd., PO Box 100688, Arlington, VA 22210, USA, (ISSN#1552-5155) in cooperation with the International Association for Counterterrorism & Security Professionals and Counterterrorism & Security Education and Research Foundation. Copyright © 2016. All rights reserved. No part of this publication may be reproduced without written permission from the publisher. The opinions expressed herein are the responsibility of the authors and are not necessarily those of the editors or publisher. Editorial correspondence should be addressed to: The Journal of Counterterrorism & Homeland Security International, PO Box 100688, Arlington, VA 22210, USA, (571) 216-8205, FAX: (202) 315-3459 . Membership $65/year, add $10 for overseas memberships. Postmaster: send address changes to: The Journal of Counterterrorism & Homeland Security International, PO Box 100688, Arlington, VA 22210, USA. Web site: www.iacsp.com

Hazmat Advisor Bob Jaffin

Southeast Asia Correspondent Dr. Thomas A. Marks

Page 38 Wapack Labes: Protecting Client Businesses Worldwide Against

Page 46

Director of Emergency Ops. Don L. Rondeau

Cyberwarfare Advisor David Gewirtz

Page 26 Counter-Measures And The Active Shooter, by Stanley I. White

Emergency Management Advisor Clark L. Staten

Tactical Advisor Robert Taubert

Page 14 Is ISIS In America Living Its American Dream? By John Gomez

Personal Security Advisor Thomas J. Patire

Vol. 22, No.2

National Sales Representative Phil Friedman, Advertising Director Tel: 201-224-0588, Fax: 202-315-3459 iacsp@aol.com



SITREP

L

Global Overview – Trends and Developments ast quarter saw protracted conflicts intensify, attempts to resolve them derail and political crises erupt or deepen. In Turkey, a failed coup attempt led to hundreds killed and prompted concern over the government’s commitment to the rule of law and divisions within the security bureaucracy. In neighboring Syria, regime forces cut off the final supply line into opposition-held areas of Aleppo city, with scores killed in airstrikes and rocket attacks. Violent crises flared up in Armenia and

India-administered Kashmir, and both Bangladesh and Afghanistan experienced major terrorist attacks. In Mali, efforts to implement the June 2015 peace deal faced a violent backlash, and in South Sudan clashes between government forces and former rebels left hundreds dead. A new split in the opposition there could make the conflict more difficult to end.

More Details In mid-summer, a segment of the Turkish army attempted to topple the elected government and President Erdoğan, failing in the face of resistance from police, part of the army and citizens. At least 240 people were reported killed during clashes, while over 10,000 people were arrested, over 18,000 detained and some 60,000 public officials dismissed in the wake of the coup attempt. The scale of the backlash has prompted concerns in the West over Turkey’s commitment to the rule of law, human rights and fundamental freedoms, and more generally over divisions within the security bureaucracy and the state’s capacity to address security challenges including

6

operations against the Kurdish insurgency in the south east. In Syria, the Assad regime, assisted by re-intensified Russian airstrikes, severed the final supply line into areas of Aleppo city held by mostly non-jihadist opposition forces, amid renewed diplomatic maneuvering between the U.S. and Russia. Scores were killed by fighting in and around Aleppo as airstrikes and rocket attacks hit civilian areas, where as many as 300,000 people are estimated to remain in encircled portions of the city with dwindling basic supplies. In Bangladesh, a brutal attack on a café in an upscale neighborhood of the capital Dhaka on 1 July left 22 people, mostly foreigners, dead. Although IS claimed responsibility, officials pointed to the

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


likely involvement of local affiliates of al-Qaeda in the Indian subcontinent (AQIS), an ally of the group behind recent killings of secular and atheist bloggers and publishers. Also in South Asia, the killing by Indian security forces of Burhan Wani, operations chief of Kashmir’s largest militant group Hizbul Mujahideen, on 8 July, sparked a fresh crisis in Indiaadministered Kashmir. As major protests broke out across Jammu and Kashmir in response to the killing, 49 people were reported killed and over 5,000 injured in clashes with security forces. Meanwhile, Armenia was rocked by an armed opposition group’s seizure of a police headquarters in the capital Yerevan on 17 July, taking several hostages and killing two police before surrendering at the end of the month. The gunmen were demanding President Sargsyan’s resignation over his handling of the Nagorno-Karabakh conflict with neighboring Azerbaijan, amid speculation over his government’s possible concessions to Baku. In Mali, the peace process in the north faced serious setbacks as fighting flared up between an ethnic Tuareg armed group allied with the government and a coalition of Tuareg fighters who favor northern secession, killing at least twenty. Meanwhile in Juba, South Sudan’s capital, four days of clashes between government forces and SPLA-IO former rebels left hundreds of fighters dead and dealt the peace process a major blow. Deteriorating Situations • South Sudan, Mali, Afghanistan, Bangladesh, Kashmir, Armenia, Turkey, Syria Improving Situations • None Source: www.crisisgroup.org/ crisiswatch

to help your family weather the storm, nationwide. Regardless of where you’re traveling this summer, the newly updated FEMA app can help you prepare for any weather condition.

technologies is fueling the exponential growth of the commercial drone sector, creating new asymmetric threats for warfighters. sUASs’ size and low cost enable novel concepts of employment

The FEMA App is free and available for all smartphones, and offers the following features:

loaded for free from Apple’s app store or Google Play.

that present challenges to current defense systems. These emerging irregular systems and concepts of operations in diverse environments require technology advancements to quickly detect, identify, track, and neutralize sUASs while mitigating collateral damage and providing flexibility to operations in multiple mission environments. DARPA will review the RFI responses to assess technology and system relevance, potential performance capability, and technology maturity. Based on this review, DARPA may invite submitters to attend a Mobile Force Protection workshop at the Agency’s offices in Arlington, Va., to be scheduled for late September 2016. In addition, the information may potentially support the development of new DARPA programs that could enable a revolutionary layered defense approach to achieving mobile force protection, including counter-unmanned air systems (CUAS) capabilities. For more information, go to: http://www.darpa.mil/newsevents/2016-08-11

Wanted: Ideas for Protecting Against Small Unmanned Air Systems

FBI Releases New Bank Robbers Mobile App

The rapid evolution of small unmanned air systems (sUAS)

The app, which works with BankRobbers.fbi.gov, can be down-

Back in December 2012, the FBI launched its Bank Robbers website featuring a gallery of unknown bank robbery suspects wanted by the Bureau. Because the FBI, in its own bank robbery investigations, focuses on the most violent and/or the most prolific serial offenders who often cross jurisdictions, the suspects included on BankRobbers. fbi.gov are a dangerous lot and public assistance in identifying them plays a crucial role in our efforts to apprehend them. Using the app, bank robberies can be sorted by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred. If the location services on your device are enabled, you can view a map that shows the relevant bank robberies that took place in your geographic area. You also access surveillance photos, physical description information, robbery details, and the FBI’s wanted poster for each suspect. Users can also select push notifications to be informed when a bank robbery has taken place near their location. For more information, go to: www.fbi.gov

Preparing for Extreme Weather with the FEMA App With hurricane season continuing through the end of November, the FEMA app is an important tool

• Receive weather alerts from National Weather Service for up to five different locations across the U.S. • Learn what to do before, during, and after emergencies with safety tips. • Share disaster damage photos on a verified photo sharing platform • Prepare ahead of time by building a customized emergency kit checklist and safety reminders • Get directions to open shelters and recovery centers, and where to talk to FEMA in person. • Apply for federal disaster assistance, if needed. All the information on the app is also available in Spanish. Learn more and download the FEMA App here: https:// www.dhs.gov/blog/2016/08/11/ preparing-extreme-weatherfema-app

IACSP News Many of our members are not receiving our new monthly CTS Enews (electronic security report) because we either do not have your email address, or you are using a .gov or .mil email address for your membership record. If you would like to receive our CTS Enews, please send me an email with the email address you would like us to use. Also include your current address. Please send the information to my attention to my personal email address: iacsp1@aol.com Until next time, as always, be vigilant and safe. Thank you. Steven J. Fustero, Dir. Of Operations/IACSP


Understanding Social Media As WMDs

(weapons of mass disruption) By David Gewirtz

T

witter can have a powerful political impact. We’ve seen it with the Arab Spring back in 2010, the aborted coup d’état in Turkey, and even the Donald Trump insurgency in the United States.

With instant delivery and worldwide reach, Twitter (and similar social media tools like Facebook, YouTube, and WhatsApp) can be considered cyberweapons in their own right. To put this premise in perspective, it can be instructive to understand the basic concept of a cyberweapon. First, then, let’s deconstruct the concept of a weapon.

8

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


In war, a weapon is used by one participant in a conflict to force a result on another participant, against the will of the victim. In this context, a spy is as much a weapon as a nuke, because both force undesired results upon the victim. If we consider cyberwar a mere extension of the overall concept of war (and we should), then a cyberweapon, too, is designed to exact a result at the expense of its target. In that context, most would agree that cyberweapons, such as distributed denial of service mechanisms and malware, are part of the overall threat field. DDoS tools cause systems to be unable to function under load. Malware often opens the door to penetration of systems for data exfiltration, or for behind-thefirewall operation of command and control systems not meant to be manipulated by enemy forces. Social networking tools provide vast, international megaphones unmitigated by traditional gatekeepers. Not only can a social networking post reach a large list of followers, the network effect of reposts and retweets can amplify a message to a level that eclipses traditional radio and television. Twitter is a powerful WMD (a weapon of mass disruption). That fact is keenly felt by the 16 US Republican presidential candidates in 2015 and 2016 who are not Donald Trump. Without Twitter, it is unlikely Trump would have been able to get his message out consistently, and in such an unfiltered manner. Without Twitter, it is unlikely he would have made it to Republican nominee. A long-held doctrine of invasion and regime change has been to capture and control the communications channels. Back

before the Internet, television, radio stations, and telephone interchanges were key targets for an invader or usurper. Historically, there have only been a few of these facilities. Once the means of broadcast was seized, it became far harder for the defending forces to communicate with the populace, organize, and amass support. The July 2016 insurgency in Turkey can prove instructive, even as the facts remain unclear. On July 15, 2016, certain members of the Turkish military attempted to overthrow the government of President Recep Tayyip Erdoğan. The insurgency failed, and Erdoğan clamped down on a large number of citizens and military officers in response. But this is only one version of the story. There are a number of questionable factors involved in the coup. It was either incompetent, poorly planned, put down spectacularly quickly — or was staged by Erdoğan as an excuse to impose harsher control over his populace. In Turkey, various reports state that some television stations were seized by the insurgents, while other accounts insist that pro-government stations were left operational. What we do know is that Erdoğan made public statements, not over the terrestrial broadcast network, but via the Internet. Conflicting reports say that he used FaceTime, while others cite Skype. But it’s clear he communicated to the populace, via the Internet, that he was alive, large, and in charge. He also posted a number of Twitter messages exhorting citizens to fight back. Both Skype and FaceTime are not one-to-many communications mediums. To reach a


broader audience, the video from those calls had to have been captured and retransmitted by someone on the other end. YouTube and Facebook video are currently the world’s most effective ways to widely distribute such messages.

The use of Internet communications technologies in this instance, as well as

We can’t be fully, verifiably sure whether the coup was externally driven, or was a false-flag operation by Erdoğan. Therefore, we can’t be fully sure whether the coup actually failed because the usurpers didn’t successfully seize all channels of communication. If so, the survival of the Turkish mobile and Internet provider, Türksat Uydu Haberleşme Kablo TV ve İşletme A.Ş., was the linchpin of the insurgency’s loss.

so many others in

The use of Internet communications technologies in this instance, as well as so many others in the past few years, showcases how Internet communication has now become a weapon that is central to both insurgency and political stability.

insurgency and political

the past few years, showcases how Internet communication has now become a weapon that is central to both stability.

Controlling Internet communications, therefore, becomes an issue when planning either an attack or a defense. Because the Internet is a redundant, many-to-many communications network, there are only a few choke points where message flow can be stopped, usually at the international borders or a given nation’s Internet and mobile service providers. These choke points are essential to nations attempting to blockade the flow of information, because once a message escapes the blockade, it can be widely distributed so quickly that it is almost impossible to shut down. In following this line of thinking, it’s important to carefully

10

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2

consider the issues of openness and resilience. If national identity is so fragile that it can be damaged by the content of messages traveling over the Internet, then developing a strategy for shutting down the choke points is the way to go. But democracy is much stronger than that. Western nations have long been home to protests, disagreements, and even outright rage against the parties in power. And yet, our nations have weathered the disputes. This is in no small part because we’re allowed to have those disputes and peacefully demonstrate those disagreements in public. We view communication, and even dissent, as one of our core strengths. Since we believe our nations are resilient enough to withstand the slings and arrows of social media disruption, we can eliminate half of our discussion. There is no reason to ever plan to shut down


Internet communication. Our security can withstand it being extant, even in the face of disruptive messaging.

This is in no small part

But, what about the other side of the equation? Can we withstand losing Internet connectivity? Could a cyberattack take out our chokepoints, thereby causing us to lose our communications?

because we’re allowed to

The answer to that, of course, is yes.

those disagreements

Here, then, is the strategic takeaway from this discussion. It is in our best interest that all Internet communications — both in our country and in other nations — remain world-accessible at all times. As we look at budgeting initiatives and advisory activities, we need to make keeping those services up and running, especially at the chokepoints, a strategic priority.

have those disputes and peacefully demonstrate in public. We view communication, and even dissent, as one of our core strengths.

YOU ARE DRIVEN TO

LEAD

WE ARE DRIVEN TO HELP YOU GET THERE. At American Military University, we understand where you’ve been, what you’ve done and what you’d like your team to achieve. Choose from more than 90 career-relevant online degrees — respected by the intelligence community — which can help your squad advance their careers while serving their country. Your team will join a network of professionals gaining relevant skills than can be put into practice the same day. Take the next step, and learn from the leader.

To learn more visit, www.PublicSafetyatAMU.com/IACSP

Whether social networking is a weapon of mass disruption, or the last, best way to reach our constituencies directly and rapidly, these previously entrepreneurial efforts are now services of strategic national security importance. Treat them, and the infrastructure they rely on, as paramount.

About the Author CTSERF Research Professor David Gewirtz, M.Ed. is Director of the U.S. Strategic Perspective Institute, Distinguished Lecturer for CBS Interactive, Cyberwarfare Advisor for the International Association of Counterterrorism and Security Professionals, IT Advisor to the Florida Public Health Association and an instructor at the UC Berkeley extension. Read my columns at: www.zdnet.com/blog/government/


A Surge Of Ideas:

General Petraeus’ Five Take-Aways From The Middle East Conflicts By Paul Davis

General David H. Petraeus (Ret) speaking at the World Affairs Council of Philadelphia. credit to Ryan Brandenberg (Ryan Brandenberg Photography) and the World Affairs Council of Philadelphia

S

peaking at the World Affairs Council in Philadelphia a few months ago, General David H. Petraeus (Ret) offered what he called “five take-aways” from the conflicts in the Middle East.

“One of the most effective and highly decorated military leaders in recent U.S. history, General David H. Petraeus - a four-star general whose distinguished military career spanned over 37 years and culminated in six straight commands (five of which were in combat) - will join Council members to address the most significant global challenges facing us today, including ongoing international security issues and the tasks of strategic leadership in the 21st century,” the World Affairs Council (WAC) in Philadelphia announced prior to General Petraeus’ address. “Widely credited for changing the course of the wars in Iraq and Afghanistan, General Petraeus was also instrumental in reshaping American military doctrine and served in multiple campaigns, including nearly seven years deployed following 9-11. Petraeus has been described as one of the “great battle captains of American history.”

12

The WAC also noted that following his military service, Petraeus led the CIA, where he oversaw significant achievements in America’s global counterterrorism campaign, pursued a substantial initiative to increase worldwide intelligence coverage, guided the development of a strategic plan for the agency and oversaw the establishment of a new Economic

Security Center. While at the CIA, General Petraeus became embroiled in a scandal and faced federal charges that he gave classified information to his biographer, a woman with whom he was having an extramarital affair. He resigned as CIA director in 2012 and pleaded guilty to a misdemeanor charge of mishandling classified material in April, 2015.

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2

General Petraeus is now the Chairman of the KKR Global Institute. He is involved in the KKR investment process and oversees the Institute’s thought leadership platform focused on geopolitical and macro-economic trends, as well as environmental, social, and governance issues. In Philadelphia, General Petraeus spoke of his five takeaways, or


“Now this does not mean that the ground combat forces need to come from us – indeed they should not,” Petraeus explained. “I’m firmly in agreement with this administration that we should not put ground combat forces into Iraq or even into Syria. They have to be the forces from those areas. If that is not possible, the results will not be sustained. big ideas, that he believes Americans should take from our experience in the Middle East over the past decade. “The first of these is the ungoverned spaces in the Islamic world, stretching from West Africa, North Africa, and Sinai Middle East to Central Asia, and perhaps even into the Asia Pacific,” Petraeus told the WAC audience. “Ungoverned spaces in those areas will be exploited by Islamic extremists. We have seen that in virtually every one of the locations in that geographic area that has become ungoverned, or even in some cases, less governed, and imposes a very significant threat, needless to say.” Petraeus said the second point was very important. It lays out that the effects and implications of extremists groups occupying these locations will not be contained in the area of which they are positioned or even to the states around them. “In many cases, particularly in, for example, Syria, the effects will be much broader, much greater than that,” Petraeus said. “What this means is these are not problems that you can watch or observe. They will not go away. Again, the worst of these is Syria, which is a veritable geopolitical Chernobyl, spewing violence, extremism, instability, and indeed, a tsunami of refugees. And not just into the neighboring countries, which have been very heavily affected, but into Europe, our NATO allies, which has had an enormous effect on their domestic politics.” Petraeus said the third point is that in responding to these situations, U.S. leadership is not only necessary, it is imperative. It is indispensable.

“If we do not lead, others will not follow,” Petraeus said. “This does not mean that we should not have as big a coalition as we can of allies, indeed of partners. Winston Churchill was right when he said that the only thing worse than fighting with allies is fighting without them. And as the commander of the largest coalition, I believe, in history when I was the commander in Afghanistan of the NATO International Security Assistance Force, which included far more than just NATO allies. I can tell you that it is vital to have those partners, those allies. Even though you have to spend a great deal of time on coalition maintenance.” Petraeus said that America should particularly have partners from the Islamic world. “This is much more than a clash between civilizations, it is even more a clash within a civilization within the Islamic world. Far more Muslims are being killed by Islamic extremists than are those of other faiths. So while there certainly are clashes, threats and attacks that are very significant, for example, Paris and Brussels, and indeed, in our own homeland, inspired by the extremists in the Middle East, the real challenge is to those in the Islamic countries.” Petraeus said the fourth point was that in exercising leadership, the United States should craft a comprehensive approach and not just a narrow counter-terrorism approach. “You cannot just drone-strike or precision-raid your way out of this with special mission units or special operation forces,” Petraeus said. “It takes far more than that. The sooner you show that a group like the Islamic State is a loser instead

of a winner, the sooner it loses its effectiveness in social media, an effectiveness that has truly distinguished the Islamic State, when compared with others, like al-Qaeda and some of these other extremists organizations over the years. A comprehensive approach is crucial.” “Now this does not mean that the ground combat forces need to come from us – indeed they should not,” Petraeus explained. “I’m firmly in agreement with this administration that we should not put ground combat forces into Iraq or even into Syria. They have to be the forces from those areas. If that is not possible, the results will not be sustained. It also does not mean that we have to use political reconciliation or a host of other tasks we had to perform during the surge in Iraq, without which that country would have gone up in flames, literally. The surge of ideas, changing the strategy, was most important, not the additional forces. The surge of ideas was a comprehensive approach.” General Petraeus emphasized that we have to keep this cost–effective in blood and treasure - especially blood. “I think there are very few Americans who are more conscious than I am of the cost in terms of lives and in terms of serious injuries and wounds, having been privileged to command the surge in Iraq and the surge in Afghanistan. I want that cost kept as low as possible, in part because of the final lesson that I think we need to take.”

ideas or lessons by saying you have just sentenced us to perpetual war,” Petraeus said. “That may be the case. If so, let’s get past that and figure out how we do this in the most efficient, most effective, and indeed, least costly manner possible.” “This is going to be a generational struggle. Now don’t get me wrong. We can and we will make considerable progress. I’ve never doubted from the beginning, even in the most dire of days, that we will be able to defeat the Islamic State in Iraq.” Petraeus said the big challenge there was going to be Iraqi politics. They have to be as inclusive as possible and do what the U.S. did during the surge. He noted that one of the surge of ideas was reconciling with as many of the insurgents as possible, giving them a stake in the success. Petraeus said this was a huge component of the strategy adopted during the surge and had to currently be replicated. Petraeus also stated that part of this take-away is the United States should draw down based on conditions on the ground rather than based on time-lines. “Even though we have been putting the stake through the heart of many of the top leaders of the Islamic State, hammering their rank and file increasingly in recent months, as our surveillance intelligence and reconnaissance assets have begun to pay the dividends that a lot of us thought they would, even as that has taken place, we have to recognize that you cannot put a stake into the heart of ideas,” Petraeus said. “And some of these ideas, tragically, are going to continue to motivate would-be jihadists.”

General Petraeus said the fifth point is that the United States was going to be at this for a very long time.

About the Author

“There are folks who have responded to my offering these big

Paul Davis is a contributing editor to the Journal.


Is ISIS In America Living Their American Dream? By John Gomez

A masked man speaking in what is believed to be a North American accent in a video that Islamic State militants released in September 2014 is pictured in this still frame from video obtained by Reuters October 7, 2014. The FBI said October 7, 2014 it was seeking information on the man’s identity, and issued an appeal for help in identifying individuals heading overseas to join militants in combat. REUTERS/FBI/Handout via Reuters

14

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


S

upporting the Islamic cause is a mentality and ideology more than anything else. You are always looking at everything through your Mujahid eyes, always thinking how any situation could benefit the Jihad. Any opportunity can be a Mujahid moment. Any opportunity to get; money, anonymity, weapons, friendships, leadership positions amongst Muslims, and even beneficial knowl-

edge is your Jihad and will help you in the future. You will get rewarded from Allah –in this life and the next- for every Jihad effort you take.

When the Jihad reaches your neighborhood, rise up and race towards “shahadah” (martyrdom). That has been your goal from the beginning, that is why you are reading this book. Do not let the “fitnah” (temptation) of money and weapons override your intention of “istish-haad” (seeking martyrdom). Use what you are good at and make most out of it to support the Islamic struggle. Work with similar minded people to you anonymously online. Some people will be hackers, others will be news sharers on social media by promoting their accounts. Specialize in what you are good at and teach it to others anonymously.” Those are the words from the last page in a chapter entitled “Last Words of Advice” from an e-book developed by ISIS to educate those in the west how-to conduct covert operations. The book’s nearly one hundred pages contains chapters on “hiding the extremist identity”, “earning money”, “primitive weapons”, “weapon acquisition”, “bomb making”, “covert weapons transports” and “what to do when the jihad begins in the west?” The book, in essence an instruction manual for covert ISIS operators, is well developed and the tactics, techniques and practices (TTP) that it describes are not only effective, but reminiscent of guerrilla tactics our special operation and intelligence

“Specialize in what you are good at and teach it to others anonymously.” Those are the words from the last page in a chapter entitled “Last Words of Advice” from an e-book developed by ISIS to educate those in the west how-to conduct covert operations. The book’s nearly one hundred pages contains chapters on “hiding the extremist identity”, “earning money”, “primitive weapons”, “weapon acquisition”, “bomb making”, “covert weapons transports” and “what to do when the jihad begins in the west?”


teams would teach those living in oppressed nations. Relying on open source principles, the book has been developed by ISIS as a means to not only educate covert operators, but to allow for their field agents to evolve the content. This has worked so well that the book has been translated into Spanish, French, Norwegian, Russian and Portuguese and new releases of the book incorporates new TTP that continues to evolve the operators skills. The book itself is an unnerving glimpse into the maturity and sophistication that is ISIS. More chilling is the fact that the book is evidence that ISIS does have covert operators in the west - specifically Europe and North America. There is no reason to develop an instruction manual of this nature, as well as update the content, without having an audience. Although it is difficult to know for sure how many have obtained the book, or why, we can be certain that some percent of those who have the book consider themselves to be ISIS covert operators and that is cause for serious concern. The single reason that evil often triumphs over good, is that good people cannot conceive evil. The very approach being used by ISIS to recruit operators is not something we would conceive of occurring in the west, specifically here in the United States. The methods used by ISIS to develop a network of covert operators is highly sophisticated and yet extremely simplistic. Let’s take a look at how this duplicity works together to form a very credible and significant risk to our homeland. The reason we consider ISIS approach to recruitment of covert operators sophisticated is that it relies upon non-traditional means. There is no need for ISIS to deploy field agents, as has been done traditionally by western intelligence agencies. Field agents typically will target a population of recruits and then court them in hope of gaining their allegiance and ultimately the ability to direct their activities. The risk of employing field agents is that it provides your opposition (in this case the FBI) with TTP that they can profile and eventually use to ferret out the field agents. Basically it creates the classic cat and mouse game of the spy world. Yet ISIS has not needed to follow this traditional model. ISIS simply relies on social media agents, currently estimated at about 250, who have

16

made Twitter, Instagram, Facebook, YouTube and other social media websites their area of operation to win hearts and minds.

The book itself is an unnerving glimpse into the maturity and sophistication that is ISIS. More chilling is the fact that the book is evidence that ISIS does have covert operators in the west - specifically Europe and North America. There is no reason to develop an instruction manual of this nature,

content, without having an audience. Although it is difficult to know for sure how many have obtained the book, or why, we can be certain that some percent of those who have the book consider themselves to be ISIS covert operators and that is cause for serious

Journal of Counterterrorism & Homeland Security International

This exploration leads to a virtual contact, a friend and eventually a bond is formed. An offer is made “maybe when the time comes you would take up arms and help our brothers and sisters?” “But how can I help? I want to help, but how?” is often the answer.

as well as update the

concern.

ISIS has one of the most advanced and sophisticated social media strategies bar none. Their social media tactics are so effective, that they would make a fascinating study for an MBA class or marketing company. ISIS, relies on a social media methodology that is highly focused on driving emotional reactions that favor their brand. Much like a soda company uses images of summer, athletes and pretty girls in bikinis to create association with their products, ISIS utilizes images of freedom fighters freeing the oppressed and poor, a society of equals and positions themselves as misunderstood and liberators. Regardless of the validity of those messages, for someone in the west who feels alienated, in the minority or on the fringe, the messages resonate and lead to further exploration.

“There are ways, but I cannot guide you, only Allah can guide your heart” continues the dialogue. A dialogue that uses specific constructs to make the target believe they are free to choose and empowered. It is a powerful technique we employ in our intelligence communities. “Man it would be so cool to help, to know I am making a difference for God” the reply is typed from a keyboard in a small bedroom in Maine. The target’s choice of words (God instead of allah) is not corrected, again a passive technique that creates a bond, a warmth. Subtle, but effective and creates layers or trust and support. “I know, much like the revolutionaries who fought against the British and took up arms to overthrow tyranny” the ISIS Social Media Agent offers. Another example of how the agent constructs images, familiar history and creates iconic association that is eventually used to build trust and fuel passion and purpose. It doesn’t take much to realize that continuing to fuel the passions and romantic images of

Vol. 22, No.2


someone desiring to be more, would lead to a the birth of a covert ISIS operator right here in our country. This approach by ISIS has literally rewritten how intelligence agencies across the world are recruiting their operatives. It is, as I stated, sophisticated yet extremely simple and most of all effective. Utilizing a mix of social media technologies, sophisticated marketing and ultimately virtual training and education, ISIS is able to field a rather able and secretive set of operators across the world in a highly cost effective manner. We have seen the outcome of this strategy in Canada, France and most recently in Texas, California and Florida. ISIS has been able to reach across the globe, recruit operatives, train them, arm them and motivate them to act. This approach to establishing covert networks (cells) is close to foolproof, in that there is little that can be done by law enforcement to detect these activities without requiring a rather serious threat to our privacy and liberties. Although we have evidence of the effectiveness of this strategy, there are still those in Government who questions ISIS’s ability to rally large scale operations. I think that taking a traditional view of what defines an operation is a critical mistake. ISIS has rewritten what is an operation and how it views success. ISIS does not need to rally hundreds of operatives or even dozens. In fact I would argue that ISIS simply needs to rally six operatives in the US to be effective. I base my belief on domino theory, which simply states that if I can influence or inspire two others through my actions and they each inspire two people, we soon have a rather effective cascade of a belief. If I start with six operatives, throughout the US, and they take an action, a small action (attack an art exhibit, hack a policeman with an axe, set off a bomb at a marathon) and those actions lead to dialogue that it is possible to strike the US from within effectively, then I am happy. I don’t need to carry out a large scale attack, I simply need to continue evolving my attacks over time and with each attack I enlist another set of operatives. Over time I have a covert force, that eventually can carry out a large scale attack and more than likely a good foundation of reserve agents who can be called upon to provide support and misdirection if needed. The bottom line is that ISIS has the means, ability and patience to establish an organic framework of cells and operators within the

His radicalization didn’t take long, a few months. He was provided with education on how to raise funds to get to Syria through Turkey, what to pack, what to tell custom officials and information on how to connect with a safe house in Turkey to help him get over the border. This leads to a critical question we must ask “what if he would have stayed in the United States? Would he have launched an attack against a military base in Florida?”

United States. They have taken steps to assure there is on-going education that is practical and timely, they have developed a highly sophisticated recruitment methodology that is effective and simple to deploy and they have no need to follow our preconceived notions of operational rules or methods. To date, over 150 Americans have successfully joined ISIS and taken up arms in Syria and Iraq. In a video posted by an American citizen, who left the United States to join ISIS, we find ourselves face-to-face with a teen who is grew up in West Palm Beach, Florida. He comes from a Christian family, played soccer, attended church and eventually became brain washed by ISIS. In the video he burns his US passport, is ecstatic and thankful for his role in helping ISIS establish a worldwide caliphate. Weeks after the video was published, he carried out a suicide bombing by driving a truck filled with explosives into a Syrian army base. His radicalization didn’t take long, a few months. He was provided with education on how to raise funds to get to Syria through Turkey, what to pack, what to tell custom officials and information on how to connect with a safe house in Turkey to help him get over the border. This leads to a critical question we must ask “what if he would have stayed in the United States? Would he have launched an attack against a military base in Florida?” We can debate the answer and speculate. But maybe we don’t need to argue or speculate, maybe he provided us with the answer, in the video he made shortly before his cowardly act, that did nothing to honor God. Here are his final words, from his video: “You think you’re safe where you are, in America or Britain or Indonesia or Jordan or China or Russia or Somalia or Africa?” asked Abu Salha, who went by the alias Abu Hurayra al-Amriki. ‘You’re not safe. I have one [thing] to say ... we’re coming for you. Mark my words… Just know that we’re coming.” My belief is that ISIS isn’t coming, ISIS is here.

About the Author John Gomez is the CEO of Group Espada and Sensato. He has a background in special operations, cybersecurity and counterterrorism.


Trends In Terrorist Threats

Against Sports Stadiums And Arenas By Dr. Joshua Sinai

18

Runners continue to run towards the finish line of the Boston Marathon as an explosion erupts near the finish line of the race in this photo exclusively licensed to Reuters by photographer Dan Lampariello after he took the photo in Boston, Massachusetts, April 15, 2013. Two simultaneous explosions ripped through the crowd at the finish line of the Boston Marathon on Monday, killing at least two people and injuring dozens on a day when tens of thousands of people pack the streets to watch the world famous race. REUTERS/Dan Lampariello

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


T

he significant increase in plots and attacks by Islamist terrorist groups (including lone wolves) against Western targets, whether in the U.S. or overseas, include intentionally targeting the large crowds that fill sports stadiums and arenas (SSAs). This was particularly the case on November 13, 2015 when an ISIS-affiliated suicide bomber attempted to enter the national soccer stadium in Paris, which was packed with a capacity crowd of 80,000 spectators (including the country’s prime minister), to

detonate his explosive belt inside the stadium in order to cause mass fatalities and a deadly stampede out of the stadium. While the attacker was stopped when a security guard discovered his suicide vest while searching him at the entrance, he still succeeded in detonating his bomb as he backed away from the security guard, blowing himself up together with a security guard. Demonstrating how such an attack can be part of a larger series of simultaneous attacks, as part of the overall operation that targeted four other sites, a second ISIS team attacked the Bataclan theater, located in another Paris district, with their continuous shootings killing 89 people, with several hundred others injured at the concert hall. The outdoor national soccer stadium and the enclosed Bataclan theater were intentionally selected, as have other similar venues in the past, because attacking their massively concentrated crowds would result in large scale deaths and injuries, extensive publicity for the terrorists’ cause and brutality, economic damage to the affected municipality, including to other business sectors such as tourism and retail, as well as a significant disruption to the regular operation of such iconic facilities. In addition to the direct impacts of these incidents, secondary impacts also affect larger audiences beyond the localized incident. For example, one of an attack’s psychological impact is to spread fear and anxiety throughout the targeted society, as well as in influencing future SSA customer behaviors, such as resulting in substantially reduced attendance at future events or holding such events at other facilities. In another example of how violence affects SSAs, the outbreak of race riots in Baltimore, Maryland, near Camden Yards, in April 2015, forced the baseball game scheduled at the stadium on April 29 to be played before an empty stadium. This was the first time in Major League Baseball history that a game had been played without a crowd of fans in attendance out of concern that the racial riots might spill over to the stadium.

Although this is considered more an active shooter attack than a terrorist incident, and the venue was a movie theater and not an enclosed sports arena, James Holmes’ July 20, 2012 opening fire at a midnight screening of “The Dark Knight Rises,” in which he killed 12 people and wounded 58 others, is an example of how public safety officers at sports stadiums and arenas need to be aware that such incidents may occur at their facilities, as well. This article, therefore, focuses primarily on the threats presented by terrorists – and, possibly, by active shooters, as well – but not another important component of violent outbreaks in sports stadiums and arenas in the form of spectator violence that might be due to public intoxication, a team’s supporters angrily disputing a referee’s judgment calls, or other gamerelated provocations, all of which require different sets of crowd control measures. As will be discussed in this article’s second part, to mitigate and deter potential large-scale future disruption to such significant crowded facilities, with some, such as Yankee Stadium,


trum of terrorist groups, whether Palestinian, White Supremacist, Tamil, or Jihadist. These have included the following attacks:

Scope of the Target Set

20,000 spectators, with most used for events such as professional and college football, baseball, and soccer. There are more than 120 enclosed sports arenas with a capacity of more than 10,000 spectators, with most housing basketball, ice hockey and arena football teams, while also serving as indoor venues for music concerts and other events, such as conference expositions.

A stadium is defined as a large and usually open structure that is used for sports events, with tiered seating for spectators. An arena is an enclosed facility, with its interior

In another category of a sport facility, marathon running events are also targeted by terrorist adversaries. This was the case in mid-April 2013, when the Tsarnaev brothers

in New York City, considered iconic national symbols, it is essential for their security departments to effectively manage the risk to their facilities by hardening them against potential terrorist attacks (as well as active shooter attacks).

September 5, 1972: five members of the Palestinian terrorist group Black September took nine members of the Israeli team hostage at the Olympic Village, killing them, including a German policeman, with the Palestinian terrorists also killed. July 27, 1996: Eric Rudolph, a White Supremacist, detonated a bomb at the Atlanta Olympic Games, killing two people and injuring 120.

French fire brigade members aid an injured individual near the Bataclan concert hall following fatal shootings in Paris, France, November 13, 2015. REUTERS/Christian Hartmann

usually surrounded by seats on all sides, in which sports events and also concerts and other events, such as conference expositions, take place. A few large stadiums, such as AT&T Stadium in Arlington, Texas, and Ford Field, in Detroit, Michigan, also have retractable roofs. In the United States, it is estimated that there are more than 1,300 sports stadiums and arenas, which are located in every state and municipality. Within this larger set, there are more than 220 sports stadiums with a capacity of at least

20

detonated their bombs along the route, near the finish line. For security personnel, therefore, a marathon’s route, for example, along a city’s streets, would be considered as a type of stadium to be continuously protected.

Significant Incidents of Terrorist Attacks Against Sports Stadiums and Arenas

As demonstrated by the listing of significant attacks against sport stadiums and arenas, such facilities have been targeted by a spec-

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2

April 5, 1997: The Grand National horse race in the U.K. was evacuated by some 60,000 spectators, jockeys, race personnel and local residents after two coded bomb threats were received from the IRA. May 1, 2002: Operatives belonging to the Basque separatist group E.T.A. detonated a car bomb close to the Bernabau Stadium, Madrid’s main stadium, hours before the start of Real Madrid’s Champions League semi-final against arch rivals Barcelona. The blast injured 17 people.


October 2005: an Oklahoma student prematurely detonated a bomb strapped to his body outside a football stadium packed with 84,000. October 2006: The Department of Homeland Security sent an advisory to the National Football League and other officials advising of a possible, uncorroborated threat to launch a dirty bomb attack against seven NFL stadiums in Miami, New York, Atlanta, Seattle, Houston, Oakland and Cleveland. The threat, posted on a Web site, alleged that the dirty bombs would be delivered by truck. April 6, 2008: A Tamil Tiger suicide bomber detonated a device at the start of a marathon celebrating the start of Sri Lanka’s New Year, killing 15 athletes, and some 90 others were injured. March 3, 2009: While en route to a match against Pakistan, the Sri Lankan cricket team bus was attacked by rockets, grenades, while multiple rounds of ammunition were fired by 12 masked gunmen belonging to Lashkar-e-Jhangvi outside a stadium in Lahore. Eight people were killed – six policemen and two civilians, with nine people injured (six players, two staff members and an umpire). July 11, 2010: In successive attacks, two al-Shabaab suicide bombers detonated explosives in crowds of people viewing the World Cup on outdoor screens in Kampala, Uganda, killing 75 people and wounding 70 others. April 15, 2013: Two Chechen American brothers, Dzhokhar Tsarnaev and Tamerlan Tsarnaev, detonated two pressure cooker bombs along near the Boston Marathon’s finish line on Boylston Street, killing three people and injuring an estimated 264 others. April 29, 2015: Racial riots in downtown Baltimore, MD, near Camden Yards, forced the baseball game scheduled at the stadium to be played before an empty stadium. November 13, 2015: In a series of simultaneous attacks by ISIS terrorists against the packed national football stadium in Paris, with a crowd of 80,000 spectators, a suicide bomber killed himself and a security guard outside the stadium, while another team attacked the Bataclan theater where a rock concert was in progress, killing 89 people, and injuring several hundred others.

Why Specific Types of Terrorists Seek to Attack Sports Stadiums and Arenas

Reportedly, the Tsarnaev brothers who had bombed the Boston Marathon in April 2013, had learned to build their improvised explosive devices from the first issue of Inspire, which was published in June 2010, and featured an article titled “Make a Bomb in the Kitchen of Your Mom.”

As demonstrated by these attack incidents, terrorist groups from a diversity of ideological types, have a long history of attacking sports stadiums and arenas. In the case of Islamist terrorists, who are especially active during the current period, they are influenced by on-line publications such as Inspire magazine, which is published by al Qaeda in the Arabian Peninsula (AQAP). Reportedly, the Tsarnaev brothers who had bombed the Boston Marathon in April 2013, had learned to build their improvised explosive devices from the first issue of Inspire, which was published in June 2010, and featured an article titled “Make a Bomb in the Kitchen of Your Mom.” The magazine’s 12th issue, published in Spring 2014, included an article titled “Car Bomb – Field Data,” that listed as specific targets for attacks upcoming sporting events such as “Tennis stadiums; they are visited by thousands of people, and high profile people, especially the U.S. Open.”

A Risk Management Strategy to Upgrade SSAs Security Posture

The objective of this section is to present a risk management strategy based on what are considered best practices in security management. Risk for a sports stadium and arena is defined as the likelihood of a threat that can adversely affect their mission, personnel and facilities.(1) It is based on conducting an analysis of three components of risk management: threat assessment, vulnerability assessment, and consequence assessment in order to derive an overall risk score that can be used to assess any strengths and weaknesses that may characterize a facility’s security posture against which any additional preventative resources can be prioritized to address such shortfalls.

Threat Assessment In the context of sports stadiums and arenas, a threat assessment is defined as a systematic effort to identify and examine the nature of existing or potential terrorist (or active shooter threats shooter) threats against such entities and their assets.(2) Threat assessments are generally strategic


or tactical in nature. While strategic assessments focus on a terrorist adversary’s general intentions and capabilities to attack a sport’s stadium’s or arena’s facilities, personnel (including the playing athletes) and crowds, tactical assessments focus on the adversary’s likely activities and operations to conduct an attack, including the types of weapons to be used and the attack’s date and timing.(3) Since a facility’s security department is inherently constrained in the types of intelligence activities it is permitted to conduct as a private entity, it is highly dependent for such tactical intelligence, when a warning is issued, on its cooperation with local and national law enforcement agencies, as well as its country’s intelligence agencies. Finally, strategic and tactical threat assessments need to be continuously updated and revised to reflect the changing threat environment facing a sports stadium or arena, especially if it is located in a geographical location that is being targeted by a terrorist group. In formulating a threat assessment, the types of information to be collected by a sports’ security department should include the following ten categories:(4) • Type of Adversary (terrorist, militant activist, disgruntled employee, etc.). • Category of Adversary (foreign or domestic, single issue, ideological, religious, etc.). • Objective/Intention of Adversary (i.e., to inflict economic damage, physical destruction or fatalities against targeted facility, destroy a facility’s IT networks, etc.) • Capability of Adversary (in terms of training, handling weaponry, and logistical arrangements to arrive at target, etc.). • Adversary’s Tactics (utilizing suicide bombing or escape from scene, deploying aerial drones, resorting to physical or cyber- attacks, etc.). • Types of Weapons (employing explosives, guns, weapons of mass destruction, cyber weapons, aerial drones, etc.) • Number of Adversaries Expected Per Attack (lone wolf, organized groups’ small or large cells, etc.). • Target Selection (does group have past history or future likelihood of attacking sports targets, including surrounding

22

The second component of risk management is to conduct a vulnerability assessment of the sport’s facility. This is defined as “The identification of weaknesses in physical structures, personnel protection systems, processes, or other areas that may be exploited by terrorists.”(6) This is an especially crucial component for sports facilities because of the large numbers of people who attend such scheduled events which are widely publicized, making them highly visible targets for terrorist adversaries, such as the ISIS attack against the national stadium in Paris, where the soccer match was attended by the country’s President.

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2

restaurants, bars, hotels, and transportation hubs, etc.). Pre-Incident Surveillance Required to Accomplish Attack (will adversary engage in target “casing,” photography, monitoring security patrol patterns, etc.). Most Likely Date/Time for Attack (e.g., will the adversary likely attack when the sports facility/location is fully staffed for an event, whether regular or national special security event (NSSE), at daytime or nighttime, etc.).(5)

Based on these ten categories, in assessing the type and degree of a terrorist threat that might confront a sports stadium or arena, the criticality of the threat can be quantified in a number of ways. In this formulation, it is quantified from none to the highest, with none quantified as (0), very low as (1), low as (2), medium as (3), high as (4), and critical as (5).

Vulnerability Assessment The second component of risk management is to conduct a vulnerability assessment of the sport’s facility. This is defined as “The identification of weaknesses in physical structures, personnel protection systems, processes, or other areas that may be exploited by terrorists.”(6) This is an especially crucial component for sports facilities because of the large numbers of people who attend such scheduled events which are widely publicized, making them highly visible targets for terrorist adversaries, such as the ISIS attack against the national stadium in Paris, where the soccer match was attended by the country’s President. A potential target’s vulnerability is based on three components, which cumulatively determine the degree of a terrorist adversary’s capabilities and resources that would be required to attack and potentially destroy it.(7) The first factor, achievability, is based on the capability of a terrorist adversary to overcome the sport’s target’s geographical location and accessibility in attacking it directly. The second factor, target hardness, is based on the strength of a sport’s facility’s protective measures and systems, such as metal detection buffer zones or blast protection walls to mitigate the impact of an explosion. The third factor, system security, is based on the adequacy of the sport’s facility’s protective equipment and response forces as part of its overall physical security measures to deter a terrorist adversary from entering its


IACSP_inhouse_ad_fullpage:Layout 1

3/31/2009

11:27 AM

Page 1

In-House Training Options for Corporations & Government Agencies

The International Association for Counterterrorism and Security Professionals can provide anti-terrorism and homeland security training for corporations, NGOs, and government agencies worldwide. Our instructors include experts from a diverse range of backgrounds including FBI, CIA, DEA, and all branches of the military.

Standard Course Options

Most on-site courses are offered in a standard format designed for a diverse audience. However, most programs can be customized to meet specific training requirements.

Risk Assessment & Security Planning

For more information or to request a proposal, contact Steve Fustero, IACSP Executive Director: iacsp1@aol.com

Primary Audience: Security / Standard Course Duration: 1-Day

Advanced IED Search and Response Techniques Primary Audience: Security & Police / Standard Course Duration: 4-Days

Anti-Terrorism Officer (ATO) Training Primary Audience: Security & Police / Standard Course Duration: 4-Days

Primary Audience: Security Managers / Standard Course Duration: 3-Days

Bomb Threat Management Chemical & Biological Terrorism Primary Audience: Security Managers / Standard Course Duration: 1-4 Days

Human Intelligence for Law Enforcement Primary Audience: Police Intel Personnel / Standard Course Duration: 2-Days

Human Intelligence for Special Operations Personnel Primary Audience: Military Special Ops Personnel / Standard Course Duration: 7-Days

Islamic Culture & The Jihadist Mindset Primary Audience: Police / Standard Course Duration: 1-Day

Mail Security Primary Audience: Security & Mail Personnel / Standard Course Duration: 1-Day

Suicide Terrorism Primary Audience: Security & Police / Standard Course Duration: 2-Days

Terrorism Financing & Money Laundering Investigation Primary Audience: Police Intel Personnel / Standard Course Duration: 2-Days

Let IACSP be your source for anti-terrorism and homeland security training!


premises to conduct its attack or, if the inner security perimeter is sufficiently hardened, to attack the crowds attempting to enter the stadium or arena. This was the case in the attack against the national stadium in Paris, where the tightened security measures prevented the suicide bomber from entering the stadium, forcing him to detonate his explosive outside one of the entrance gates, thereby substantially reducing the number of potential casualties. In calculating a sport facility’s level of vulnerability, a six-point scale can be used to estimate the effectiveness of the facility’s security department’s interdiction of an attack.(8) In this formulation, the degree of a sport’s facility’s vulnerability is represented as none (0), very low (1), low (2), medium (3), high (4), and critical (5). Conducting a sport’s facility vulnerability assessment will therefore provide a baseline understanding of at least two of the crucial components in determining its risk potential.

Consequences The consequences of a potential terrorist attack (whether physical or cyber, including an active shooter event) against a sport’s facility in terms of its possible survivability represents the third component of risk management. The consequences of an attack may be primary (e.g., the destruction of a sport’s facility’s property, human casualties, loss of continuous functioning of a facility that is critical to its local jurisdiction’s economy, as well as the recoverability costs to restore its infrastructure, the provision of temporary living assistance to employees, etc.) secondary (e.g., the loss of business reputation as a facility to be used by sports teams, higher insurance premiums, and undermining consumer and investor confidence in the local economy), and in terms of response (increased costs of security systems, expanded counterterrorism regulations over sport’s stadiums and arenas, and the costs in terms of expenditure on the response resources that are required to mitigate the impacts of a future potential attack).(9) Thus, the consequences of an attack need to be assessed at both an individual level (i.e. the primary and secondary impacts on a targeted facility) and at a collective level (i.e. the secondary impact on a local, regional or national economy

24

and the government’s overall response to an increased threat level).(10)

System security, is based on the adequacy of the sport’s facility’s protective equipment and response forces as part of its overall physical security measures to deter a terrorist adversary from entering its premises to conduct its attack or, if the inner security perimeter is sufficiently hardened, to attack the crowds attempting to enter the stadium or arena. This was the case in the attack against the national stadium in Paris, where the tightened security measures prevented the suicide bomber from entering the stadium, forcing him to detonate his explosive outside one of the entrance gates, thereby substantially reducing the number of potential casualties.

Journal of Counterterrorism & Homeland Security International

Assessing the consequences of attacking a potential sport’s facility and its potential survivability is also based on determining its importance and criticality as a potential target. Certain sports stadiums and arenas, for example, such as Yankee Stadium or Madison Square Garden in New York City, are inherently vulnerable as they are considered to constitute a significant component of a country’s critical infrastructure, since attacking and, in the worst case, destroying them, would result not only in massive physical damage and human fatalities, but would generate the widespread media coverage terrorists seek, as well as substantially reducing the targeted stadiums’ and arenas’ customers’ confidence in the ability of their security departments to protect them and their immediate surroundings. Given such assumed vulnerabilities, one can presume, as a result, that both Yankee Stadium and Madison Square Garden are appropriately well-protected against potential attacks. As with the previous two assessment components, a six-point scale can be used to estimate the consequences of a terrorist attack: none (0), negligible (1), low (2), medium (3), high (4), and extreme (5).

Conclusion As relatively soft targets, certain vulnerabilities, such as the presence of large crowds and wide publicity associated with sports events, and the high consequences of an attack, make sports stadiums and arenas especially attractive for terrorist (or active shooter) attacks. Nevertheless, such vulnerabilities are not similar for all sporting events, since national special security events (NSSEs) are generally accompanied by extensive and comprehensive security measures by federal, state, and local security forces, making them far more difficult to attack than regular sporting events. Moreover, sport stadiums and arenas in cities that represent high terrorism targets, such as New York City and Washington, DC, are likely to be regularly provided additional levels of security, even for their “regular” games and other events. Nevertheless, successfully attacking NSSE’s or regular sporting events at high profile cities, would elevate the terrorist attackers into “world-class”

Vol. 22, No.2


destroyers, as was the case with the Palestinian Black September massacre of the Israeli athletes at the 1972 Olympic Games or the Tsarnaev brothers bombing of the mid-April 2013 Boston Marathon. To upgrade the security posture of sports stadiums and arenas, therefore, a risk assessment calculation is essential in determining the extent to which their facilities might be exposed to a terrorist (or active shooter) threat. Such a probability risk analysis methodology would combine the three assessments of threat (i.e., the probability of a potential terrorist attack, whether physical or cyber), vulnerability (i.e., the probability of a target facility’s exposure to an attack), and consequences (i.e., the probable loss or damage to the sport’s facility’s entity and its assets) to generate an overall risk score of its security posture. While various quantitative formulas can be used to aggregate the assessments to calculate an overall risk score, this risk equation is generally expressed in the basic formula of Risk = Threat x Vulnerability x Consequences.(11)

As relatively soft targets, certain vulnerabilities, such as the presence of

ent with protection from the obligation to pay claims that might be filed by victims against it in the event of a terrorist attack at its facility. The DHS-designation also serves to lower its insurance premiums, as well. Several prominent sports venues, such as Yankee Stadium and Citi Field, both in New York City, MetLife Stadium in New Jersey, and Comerica Park in Detroit, are examples of prominent stadiums that have received such Safety Act certification due to their upgraded security postures.

with sports events, and

The author would like to acknowledge Mr. Jeff Fuller, President of Security Risk Inc., in Fairfax, VA, a noted expert in risk management, for peer reviewing this article and further fleshing out its risk management methodology.

the high consequences

About the Author

large crowds and wide publicity associated

of an attack, make sports stadiums and arenas especially

Once such an overall risk score is generated, practitioner experts in assessing a facility’s security posture would determine its strategic risk level and measure, if applicable, the size of the gap between the concrete threats facing it and its ability to manage and respond to a potential attack with effective tactical solutions. In a final step, once this data is collected, analyzed and processed, it would be structured to determine how it conforms with the vertical and horizontal alignment of a facility’s security department and overall organization in managing “game day” events. Thus, the foundational underpinning of an effective security posture is based on the efficient allocation of effort and resources based on the most productive return on investment (ROI) in addressing the threats, vulnerabilities and consequences of a potential attack facing sports stadiums and arenas.

attractive for terrorist

Finally, utilizing such a risk management approach to upgrade a sports facility’s security posture has other ancillary benefits, as well, as it can be applied as part of an application for certification for the Department of Homeland Security’s Safety Act coverage. The Safety Act is officially known as the Support Anti-terrorism by Fostering Effective Technologies Act. This federal recognition provides a recipi-

forces, making them far

(or active shooter) attacks. Nevertheless, such vulnerabilities are not similar for all sporting events, since national special security events (NSSEs) are generally accompanied by extensive and comprehensive security measures by federal, state, and local security more difficult to attack than regular sporting events.

Dr. Joshua Sinai is a Principal Analyst at Kiernan Group Holdings (KGH) (www.kiernan.co), in Alexandria, VA. KGH is a leading practitioner oriented firm in conducting threat, vulnerability, and consequence assessments for government and private sector clients in homeland security. Dr. Sinai can be contacted at: joshua.sinai@comcast.net.

References: (1)Thomas L. Norman, Risk Analysis and Security Countermeasure Selection [Second Edition] (Boca Raton, FL: CRC Press, 2016), p. 12. (2) Ibid., p. 6. (3) Ibid. (4) Ibid. (5) Ibid. (6) Ibid., p. 7. (7) The components of a vulnerability assessment are based on several sources, including Jeff Fuller, “Probability Risk Analysis Model”; and Jeff Fuller, “Risk Management from a County or City Perspective,” Newsletter #5, October 2014, Security Risk Inc., http://www.securityriskinc. com/wp-content/uploads/2015/03/SRI-Newsletter-5-Risk-Management-at-the-County-LevelOct-2014.pdf. (8) Norman, Risk Analysis and Security Countermeasure Selection, p. 8. (9) The components of a consequence assessment are based on several sources, including Jeff Fuller, “Probability Risk Analysis Model,” http:// www.securityriskinc.com/our-risk-management-approach/; Elvis Picardo, “Don’t Hide From the Reality of How Terrorism Affects the Economy,” Investopedia, November 16, 2015, http://www.investopedia. com/articles/investing/030215/how-terrorism-affects-markets-and-economy.asp., and Norman, Risk Analysis and Security Countermeasure Selection, p. 208. (10) Charles P. Nemeth, Homeland Security: An Introduction to Principles and Practice (Boca Raton, FL: CRC Press, 2013), p. 140. (11) Jeff Fuller, “Probability Risk Analysis Model.”


Counter-Measures And The

Active Shooter By Stanley I. White

A Belgian soldier stands guard outside the partially reopened departure hall of Zaventem international airport near Brussels, Belgium, May 3, 2016. REUTERS/Francois Lenoir

26

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


T

he threat of the next active shooting in this country often glides under the consciousness of the common citizen and even some of those in government tasked with our security. We as a society move from proactive to that of a reactive society between tragedies that occur on our soils. Presidential debate antics, the Grammys, Oscars and other current events will occupy the minds of the masses until another

deadly tragedy for whatever reason takes the lives of innocent individuals. Our society can easily be broken into three basic character persona, they are: Sheep- those who follow the rules and function in their own sphere of family, friends and associates. These individuals go along to get along and comprise the masses of our society. They are generally good people, but unfortunately, they comprise the majority of the victims of a terrorist attack. Wolves- those who have an agenda and place it above the safety of others. They use and feed off the sheep to obtain their desired results both literally and figuratively. In the most extreme circumstances, these individuals are the abusers, criminals and terrorists of in society. Lying, cheating, stealing, maiming and killing are a means to an end. Sheepdogs- those who protect the sheep and maintain the rule of law. They are fewer in number than the sheep and will sacrifice their well-being and lives for the flock. The sheepdogs in our society range from the common citizen to the highly trained special operations officer and everyone in between who looks to protect vulnerable and defenseless. Sometimes in the aftermath of a tragic event, the sheep in leadership become sheepdogs only to transform back into sheep when the cameras and media have gone. The main audience for this article

are the sheepdogs of all stripes who must stay engaged and vigilant. Like it or not, another active shooter incident will unfold again on our soil with either a disgruntled worker or a terrorist (be it foreign or domestic) found at the root. One school of thought maintains that some violent individuals without terrorist ties or extremist beliefs, are motivated and even pushed over the line to commit shootings because of other highly publicized acts of violence. Before some basic countermeasures can be explored, some facts regarding the active shooting incidents should be brought to light. The Federal Bureau of Investigations (FBI) released a 2014 study titled “ A Study of Active Shooter Incidents in the United States between 2000 and 2013.” These are some of the findings: •

• •

Approximately 160 active shooter incidents occurred between 2000 and 2013. The 160 incidents accounted for 1,043 casualties (not including the shooters) with a breakdown of 486 individuals killed and 557 wounded. Active shooter incidents in this study occurred in 40 out the 50 continental states and the District of Columbia. 44 of the shootings recorded ended in 5 minutes or less with 23 incidents ending in 2 minutes or less. An exact time frame was not determined for the remaining incidents studied. All but 2 incidents studied involved a single shooter with the subject being

• • •

male approximately 97% of the time. 2% of the shooters brought IEDs to their attack sites. 23.1% of the time the shooter(s) committed suicide. 60% of the shooting incidents recorded ended before police arrived.

The New York City Police Department (NYPD) commissioned a study on active shootings in 2010 in response to the Newtown shootings in Connecticut. This study was revised and updated in 2012. The report analyzes 230 active shooting incidents from 1966 to 2012. Some of the key findings are as follows: • • • •

The NYPD study found in 8 of the 230 cases reviewed only 3% of the shooters were found to be female. The average age of the shooter(s) was approximately 35years old. 98% of the shooters were documented as males. A majority of the shootings were found to involve detail planning by the shooters while the remaining incidents had little to no planning at all. (Some active shooters have been found to use information and tactical methods used in previous shootings). Attackers and victims were found to have some form of relationship in a majority of the cases studied. These relationships ranged from family, business/professional, academic to no association whatsoever.


• The subject study concluded that in 36% of the cases the shooter used more than one weapon. The general public more recently has been exposed to the details of the Paris attacks and more recently the Brussels attack which started in the Brussels Airport with an attacker firing an automatic weapon while shouting “Allahu Akbar” prior to detonating his suicide vest; the list continues with Newtown, Columbine and others. However, active shootings have been occurring in the US for some time. Below are some incidents that have occurred the past 50 years:

yourself. The next parts of this piece will first examine the mental state you need to prepare and survive an active shooting incident. The first component will entail understanding what constitutes a state of aggressive awareness followed by the Escape- Conceal -Engage (ECE) tactical methodology.

On November 13, 2015, Islamic extremists representing the Islamic States in Iraq and Syria (ISIS) conducted a series

August 1, 1966- Charles Joseph Whitman, an engineering student opened fire on the campus of the University of Texas in Austin, Texas. The subject attack resulted in the killing of 13 people and the wounding of 31 others. The incident ended when Whitman was killed by police. Whitman utilized two high powered rifles, a sawed-off shotgun and a hand gun in his assault.

of well-coordinated

January 1, 1972- Mark Essex executed multiple shooting attacks in New Orleans, Louisiana over a one week period that resulted in the killing of 9 people and the wounding of 13 others. One of Essex’s targets was a New Orleans Police Station. Essex went on to attack several other targets and was killed by police. Essex utilized a rifle and a handgun to commit the attacks.

soccer stadium) in St

July 18, 1984-James Huberty opened fire in a Mc Donald’s restaurant in San Ysidro, California, killing 21 people and wounding 19 others. Huberty was killed by a police sniper. Huberty utilized a sub machine gun, shotgun and a handgun to commit the attack. April 3, 1995 - James Simpson a former employee of the Walter Rossler Company located in Corpus Christi, Texas opened fire at the facility killing five individuals with no one else being injured. The incident ended when Simpson committed suicide. Simpson utilized two handguns to commit the attack.

attacks that blindsided French intelligence agencies. The attacks began outside the Stade de France (a large Denis with three suicide bombing attacks that were later followed by mass shootings at cafes, restaurants and a live music concert in the center of Paris. The attacks claimed 130 lives and injured approximately 368 people.

The above incidents illustrate that an active shooter attack can occur on college, at the restaurant, movie theater, a police station, workplace or at any venue you may find

28

Journal of Counterterrorism & Homeland Security International

Aggressive awareness is a developed state of mind that has to be trained over time. The more an individual trains, the easier it becomes. This state of mind goes beyond noting things and moves into the realm of questioning why they are and concludes with a form of resolution. If there is an unfamiliar vehicle driving up and down your street, a sense of aggressive awareness should activate and you then note the color, make and model of the vehicle, license plate as well as any information regarding the occupant(s). In short you should obtain as much information as possible. This information then would be passed on to the local authorities. The subject process basically consists of three components: 1. Something does not look right and/or feel right 2. As much information is collected on the circumstance and its actors 3. Situation is addressed and not just left hanging for another party to stumble upon it and some form of resolution is deployed A common school of thought in anti-terrorism and crime prevention involves understanding the three components of attack. These are opportunity, desire and ability. If one of these are removed from the equation, the success rate of the action in question is diminished greatly. As stated earlier, many active shooting attacks are planned and shooters are often studying past attacks in preparation for their assaults. An attacker may have a great skill level and the desire to attack, but if he strikes at the wrong time chances are he will fail. This usually involves the attacker losing the element of surprise. Opportunity can be removed with the aggressive awareness of the general public combined with action. However, when aggressive awareness regarding the acquisition of valuable intelligence is not utilized, the price is costly and purchased with innocent lives. Aggressive Awareness is not profiling, prejudice or being judgmental. It is a

Vol. 22, No.2


tactical tool that provides the user a buffer to react and thwart a potentially harmful outcome. It is anchored in looking for what is out of place on a person or location followed by action. It is better to be wrong and apologize than be correct about suspicions and become a victim due to inaction. This is especially true for environments where you work with individuals you barely know (i.e. the workplace). The FBI study referenced in this piece documented 44 of the 160 incidents studied occurred in business environments which the general public had access. This means paying attention, observing and if warranted, reporting it to management. For example:

as a terrorist bombing attack the assault begin as an active shooting and followed by bombings. ISIS later took credit for the attacks in Belgium and stated more attacks would be forthcoming.

In March 22, 2016 Islamic extremists belonging to ISIS conducted three

Associates who are aggressive, argumentative, making threats Individuals who speak of radical ideas and are very defensive about their beliefs almost to the point of violence Individuals who openly display violent behavior and have little regard for the safety of others and theirselves Pay attention to vandalization of private and corporate property as well as graffiti at you work location. What does it say? Does it support violence? Keep an ear open to hear words that may be spoken, within reason as it relates to potential violence, such as an associate has a violent partner and a restraining order is in place Generally odd and suspicious behavior Reports of associates breaking established security protocols

bombing attacks with

On November 13, 2015, Islamic extremists representing the Islamic States in Iraq and Syria (ISIS) conducted a series of wellcoordinated attacks that blindsided French intelligence agencies. The attacks began outside the Stade de France (a large soccer stadium) in St Denis with three suicide bombing attacks that were later followed by mass shootings at cafes, restaurants and a live music concert in the center of Paris. The attacks claimed 130 lives and injured approximately 368 people.

the airport incident is

On March 22, 2016 Islamic extremists belonging to ISIS conducted three bombing attacks with the first two attacks executed at the Brussels Airport in Zaventem, Belgium and the third executed at the Maalbeek train station in Brussels. These attacks claimed the lives of 35 people and injured over 300. Although the airport incident is classified

the attacks in Belgium

• • • •

• •

the first two attacks executed at the Brussels Airport in Zaventem, Belgium and the third executed at the Maalbeek train station in Brussels. These attacks claimed the lives of 35 people and injured over 300. Although classified as a terrorist bombing attack the assault begin as an active shooting and followed by bombings. ISIS later took credit for and stated more attacks would be forthcoming.

Between the Paris and Brussels attacks, Islamic extremists flew under the radar of US intelligence while authorities in Washington stated there were no eminent threats to the US. However, on December 2, 2015, a two person team consisting of shooters Syed Farook and Tashfeen Malik (both husband and wife) conducted an armed assault on the Inland Regional Center in San Bernardino, CA. Their attack killed 14 and injured 21 individuals on US soil. (Note: At the time this piece was being written the FBI has not officially concluded that the subject incident only involved 2 shooters)These individuals were found to be self-radicalized Islamic extremists executing a terrorist attack on the US homeland. However, their actions did not only confirm the present dangers of Islamic terrorism at home, but also brought the issue of active shooters back to the forefront of security discussions nationwide. Whether it be a disgruntled worker(s), a mentally unstable individual or a domestic/foreign terrorist(s), an active shooter can be found just about anywhere; a movie theater, a school, a clinic, a church, a music concert etc., thus driving home the need for a personal plan of action that starts with the individual. This article will mainly focus on the workplace, however, a personal plan should be flexible and able to be adapted to any venue. No one is better equipped to protect you than you in a time of emergency. If you have no idea how to protect yourself, you will be of no use to anyone else. Interviews with the neighbors of the San Bernardino and Brussels attackers stated they observed suspicious individuals and activities ongoing at their residence at all hours of the evening. However, they were hesitant to report these activities to the authorities due to the fact they did not want to be labeled Islamophobic. Even reports from neighboring foreign intelligence agencies confirmed that warnings were given to Belgium authorities of an impending terrorist attack and still they were caught by surprise. Moreover ABC Channel 7 News reported on March 31, 2016 that NYPD Intelligence Officials warned Dutch authorities about the two Brussels suicide


bombers ( Khalid and Ibrahim el Bakraoui) prior to the Brussels attacks. The Dutch agency relayed the intelligence to Belgium authorities however, it was not acted upon. This illustrates an example of not deploying aggressive awareness. One present day school of thought states that you have a better chance of being struck by lightening than being killed in an active shooter or a terrorist attack. However, after the Paris and San Bernardino attacks, it seems lightening is moving closer and closer to home every day. The key to engaging any challenge, especially a life or death experience, depends on a survival mindset. One method that allows an individual to work toward this needed mindset is to ask one’s self hardcore questions and look deep inside for truthful answers. Before one can begin to train for surviving an active shooting incident, an individual should ask themselves how far they will go to survive. Some hard questions should include: • • •

• • • •

Can you quickly move through an area with the bodies of wounded and dead colleagues? Can you block out the sounds of gunfire as well as moans and screams of fellow workers as you flee to safety? Can you conceal yourself and remain silent while an active shooter moves nearby searching for additional victims even when wounded yourself? Can you lay motionless on a blood stained floor and play dead among the bodies of your colleagues? Can you use the dead body of a colleague to shield yourself from incoming bullet rounds? Can you break and jump out of a window to safety? Can you engage an active shooter with an impromptu weapon (a coffee pot, fire extinguisher, umbrella, stapler, chair, etc.) and use lethal force?

No one can guarantee fully how they will react when a life or death crisis comes into their world. However, if you search yourself and evaluate your possible responses, you will be way ahead of the individual who ignores such introspection. These are the hard questions that you should ask yourself and meditate on to establish a survival mentality if God forbid you find yourself

30

The right mind set is key to preparing yourself prior to a crisis as well as during. The next area of preparation involves understanding what options are available during an active shooter attack. These options are escape, conceal and

in an active shooter situation. Through the 1950’s and 60’s we saw public school students performed “duck and cover” exercises for a nuclear bomb attack by getting under their desks. Every public school and many businesses conduct fire drills. Since Columbine, large numbers of public schools have adopted active shooter programs. The thrust of this paper is directed towards what the individual can do to increase their odds at surviving an active shooter incident. A personal protective plan should not replace an agency or corporate active shooter plan but work in conjunction with it. It should also be noted that having a personal plan for yourself and loved ones may be of great value if you find yourself in an active shooter incident outside the workplace at such venues as a mall, concert, sporting event etc. The right mind set is key to preparing yourself prior to a crisis as well as during. The next area of preparation involves understanding what options are available during an active shooter attack. These options are escape, conceal and engage (ECE). The backbone of each of these three options are based on knowing your work area and performing a thorough assessment; this will allow you to maximize your surroundings to survive the shooter’s assault.

these three options

ESCAPE- is the first option to pursue during an active shooter event. You need to have at least two routes of exit from scene of the attack. Preparation prior to an active shooter event will rely on the following:

are based on knowing

engage (ECE). The backbone of each of

your work area and performing a thorough assessment; this will allow you to maximize

• •

your surroundings to survive the shooter’s assault.

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2

Know how long it takes to move from your work area to a pre-designated safe zone Know your physical level of fitness as it regards to being able to run or crawl to safety Know areas of concealment vs. areas of cover. (Areas of concealment will provide visual shielding from a shooter but will not provide ballistic shielding. This means if you are behind a wooden door, cubical partition, window with closed blinds, the shooter can shoot through these barriers and kill you. Areas of cover provide visual shielding and partial to complete ballistic shielding these area include but are not limited to concrete pillars/walls, engines blocks of vehicles, dumpsters etc.) Locate all windows that can be opened or broken to provide a means of escape. (Some large windows cannot be bro-


Online Undergraduate, Graduate & Certificate Studies in

Public Safety & Homeland Security Meeting the professional advancement needs of those committed to protecting the public. Earn your career credentials without job interruption through Fairleigh Dickinson University’s respected online degree and certificate offerings. Established in 1942, FDU is New Jersey’s largest private university with 12,000 students worldwide. Degree Offerings

• Master of Administrative Science • Master of Science in Homeland Security • Bachelor of Arts in Individualized Studies Certificate Studies Career-relevant programs are available at the graduate and undergraduate level in such areas as terrorism, forensics, global security, disaster and emergency management, transit safety, homeland security, and more. Credits earned can be applied toward the appropriate degree program. • FDU is proud to participate in the Yellow Ribbon G.I. Education Advancement program enabling eligible veterans to attend FDU at no charge. • FDU accepts Federal Tuition Assistance (FTA) for undergraduate and graduate courses (restrictions apply). • No entrance exams required.

For More Information

Undergraduate Programs JoAnna Steiner 201-692-7357 online@fdu.edu

Graduate Programs Ronald E. Calissi 201-692-6522 calissi@fdu.edu

fdu.edu/mas

ALSO AVAILABLE: MASTER OF SPORTS ADMINISTRATION


any impromptu weaponry to engage the shooter if he or she attempts to breach the door. (Note: If you find yourself in an open space or outside with little to no cover and the shooter is moving amongst his fallen victims you may have to lay prone on the ground and pretend to be dead.)

ken from a direct center mass impact and have to be broken from the lower corners) • Be familiar with all fire doors and fire escapes • Know the areas inside your workplace where you can and cannot receive cell phone reception. When the shooting begins, leave your personal effects except your cell phone (turn your phone to vibrate). Locate where the shots are coming from and move away to safety. Time is of the essence, move quickly, stay low and help those you can. Individuals you cannot help advise them to remain quiet and that you are going to get help; this will probably be one of the hardest decisions you will have to ever make. You also must realize when the police and tactical team members arrive, they are not there to render first aid to the wounded, answer questions or personally escort you out of the building; their first and foremost duty is to stop the shooter. When you encounter them during your evacuation (i.e. escape), keep your hands up and visible and follow their directions. CONCEAL- refers to hiding on location due to the fact you cannot safely leave the scene or because you are wounded. Preparation for such an option requires some of the following steps. Know your work place by identifying: • • •

Areas of concealment and areas of cover you can completely hide behind Know what nearby rooms contain doors that lock from the inside Familiarize yourself with items that can used to barricade doors (especially rooms with doors that do not have locks) such as tables, chairs, sofas, copy machines, vending machines etc. Find out if you can fit under office desks and conference tables. Determine what office furniture can be overturned and used as a source of shielding

If you find yourself in the middle of an active shooting incident and have to conceal yourself, first turn your phone to vibrate, locate the direction where the gunfire is coming from, and seek cover in a room if possible. Turn off lights, lock/barricade the door, draw the blinds, remain still and if possible quietly call the authorities for help and instructions. Visually scan the room for

32

The combative engagement of an active shooter is a last option and has to be taken with the utmost conviction. This is your last chance at survival and you have to make it

ENGAGE- refers to physically confronting the shooter with lethal force. The combination of surprise and aggressive force are needed when using this option. The shooter must be countered with an incapacitating assault to stop his or her advance. Preparation for this option involves locating common items that can be used as weapons in a hand to hand combative situation these may include: •

count. If the truth to be told , if you are a trained

individual and armed with impromptu weaponry, your odds still remain slim if you engage an armed gunman by yourself. Surprise and

extreme force are key. If •

you are by yourself, you must control the attacker’s firearm and direct it away from yourself while continuing attacking him or her. The use of blunted and or edged weapons to vital areas such as the eyes, throat, groin, knees etc. are crucial if the attacker is wearing some form of body armor.

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2

A fire extinguisher which can be used as a blunt force weapon to attack the head, face, arms, knees and lower back region. A glass vase, coffee cup or coffee pot can be used as a blunt force weapon to impact the head and face. Once broken the sharp glass can be used to attack the eyes and throat of the shooter. (Hot coffee or water to the face can also be used to temporarily blind/distract the shooter) Any type of furniture on wheels or that can be slide across the floor can be used to ram the attacker’s legs and knock him or her to the floor. A desk paperweight, letter opener, stapler, ink pen, sharpened pencil, wall mounted picture in glass frame, packaged ream of copy paper and other typical office equipment or supplies can be turned into a weapon.

The combative engagement of an active shooter is a last option and has to be taken with the utmost conviction. This is your last chance at survival and you have to make it count. If the truth to be told , if you are a trained individual and armed with impromptu weaponry, your odds still remain slim if you engage an armed gunman by yourself. Surprise and extreme force are key. If you are by yourself, you must control the attacker’s firearm and direct it away from yourself while continuing attacking him or her. The use of blunted and or edged weapons to vital areas such as the eyes, throat, groin, knees etc. are crucial if the attacker is wearing some form of body armor. If a number of individuals swarm the shooter, someone must


take control of the firearm and direct it away from the group. (Note: During the struggle, the weapon may discharge; keep control of it and keep fighting.) This makes the strong case for receiving some form of reality based self defense instruction that teaches the use of fists, elbows, knee and leg strikes, grappling and the usage of modern weapons (i.e. firearms). You don’t want to get into the fight of your life and find out you don’t know how to fight. One point that should be mentioned is ECE tactics such as cover/concealment and escape can also be modified to assess a venue in-case of a bombing attack. Past terrorist attacks have combined the use of firearms and improvised explosives. No one except the attacker will know what method of attack he or she will deploy. So once again a state of aggressive awareness is needed when away from the safety of your home. The following recommendations should be deployed when at work, shopping or recreation: • •

• • • •

When entering a venue locate a second ingress/egress point, this can be a firedoor or window Locate structural areas of cover concrete walls, structural pillars, vending machines, parked automobiles, dumpsters etc. Avoid positioning yourself next to large sections of glass windows if possible Be observant of suspicious individuals entering the area, keep track of the people in your group as much as possible especially the children and the elderly What features whether indoors or outdoors can I conceal myself behind Do I have good cell reception in the area Ask yourself how long will it take to go from point A to B. Visualize what would you do if an active shooting, bombing or any other type of emergency were to occur

All too many people today, as well as agency and corporate management, feel we are in our secure facility; we have a written shooter plan, armed guards, police, state of the art security systems etc. In 2014 two Pennsylvania State Troopers were ambushed in front of their barracks by Eric Frein. This assault claimed the life of Cpl. Bryon Dickson and caused seriously injuries to Trooper Alex Douglass. In 2009 and 2014 active shooters ( military

All too many people today, as well as agency and corporate management, feel we are in our secure facility; we have a

personnel Major Nidal Hasan and Army Specialist Ivan Lopez) who in separate incidents launched attacks on the grounds of Fort Hood in Killeen, Texas. Hardened targets and soft targets are all the same when determined terrorist, disgruntled employees and mentally unhinged individuals become active shooters. Like I have said, the best person for protecting you in an emergency is you. Due to the fact we live in a very dangerous world that is ever changing, it is better to have an emergency or back up plan for any series of emergencies you may encounter. These plans are as simple as carrying an aspirin in case you get a headache. Headaches are not scheduled but usually occur out of nowhere and can turn a good day into a bad one. This is the same for the possible victims of an active shooting.

by Eric Frein. This

Few of us have such an event penciled in our daily lives, so a state of aggressive awareness is key, supported by a personal or corporate plan to defend and counter a surprise attack involving an active shooter or reaction to any other conceived emergency. Unlike a headache, which can pass without incident, an active shooting event can make a good day your last day. Proper mental preparedness and training takes a victim from sheep to sheepdog at the time of crisis. It is far better to be prepared with a plan of action and not need to execute it than to need such a plan and not have it. Increase your odds for your survival start PLANNING and TRAINING today.

assault claimed the life

About the Author

of Cpl. Bryon Dickson

Stanley I. White is currently the CI Advisor for the IACSP as well as a defensive tactics instructor who has trained personnel from numerous local, state and federal law enforcement agencies. He is a certified Anti-Terrorism Officer ,holds an active membership with the AFIO and is listed as a general services DoD Contrac-tor. He is also an internationally published author on the topics of personal security and counter terrorism. Mr White can be reached for comment at swhite@atix.riss.net.

written shooter plan, armed guards, police, state of the art security systems etc. In 2014 two Pennsylvania State Troopers were ambushed in front of their barracks

and caused seriously injuries to Trooper Alex Douglass.

Resources: Counterterrorism Bureau of the Federal Bureau of Investigations, A Study of Active Shooter Incidents in the United States between 2000 and 2013 (pdf), (fbi.gov,2014) New York City Police Department , Active Shooter Recommendations and Analysis for Risk Mitigation, (NYPD Printing Section, 2012) White, Stanley, Active Shooter: Hardcore Questions- Harder Answers, (www.riss. net, 2016) abc7ny.com, www.riss.net


A Warrior Cop Shot In Philadelphia: The Inherent Danger Police Officers Face On The Front Lines In the War On Terrorism By Paul Davis

Police Officer Jesse Hartnett

Proud parents P/O’s Lynne & John Zirilli with son P/O Anthony Carapucci who just graduated from the Police Academy.

34

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


T

he terrorists, radicals and kooks are really coming out of the woodwork,” a disgruntled Philadelphia policeman said to a writer as they were discussing the shooting of police officers in Baton Rouge, Dallas, Kansas City, Philadelphia and elsewhere.

Police officers across the country are on high alert as they patrol our nation’s mean streets, as they are well aware they are being targeted by radicalized lone wolf shooters and other cop-haters.

Prior to the shootings in Baton Rouge and Dallas, but in the wake of an ambush shooting of a Philly cop, Philadelphia Police Officer Lynne A. Zirilli pulled out of the 3rd Police District parking lot in South Philadelphia and began her usual evening tour. Zirilli told her passenger, a writer accompanying her on patrol that evening, that she had served in the 3rd District for all of her more than 20 years in the department. She worked as a plainclothes officer, served on a narcotics enforcement team and a tactical team, and served as a crime prevention officer in addition to working patrol. In light of the shooting on January 7, 2016 of Philadelphia Police Officer Jesse Hartnett by a man who claimed to have committed the attempted murder in support of radical Islam, Zirilli was asked if the shooting of a fellow officer

A surveillance camera captured the moment that the gunman, dressed in what appeared to be a long white tunic, ran up to Hartnett’s patrol car in West Philadelphia at 11:45 pm and opened fire on the 33-year-old officer.

by a self-proclaimed terrorist had changed how she acts and responds on patrol. “It hasn’t changed me, but it brought it more home, more local,” Zirilli replied. “You think maybe it won’t happen here, but now it has. It gives me a different perspective, a more heightened sense.” Police officers are on the front lines in the war on terrorism. While out on patrol they are a highly visible target that attracts violent criminals and terrorists. Patrol officers are tasked, as it states in the Philadelphia Police Department’s Mission Statement, to “fight and prevent crime, the fear of crime, and terrorism.” According to the Philadelphia Police, Edward Archer confessed to detectives that he had shot Officer Hartnett “in the name of Islam.” “I follow Allah. I pledge my allegiance to the Islamic State, and that’s why I did what I did,” Archer said to detectives which Captain James Clark of the Homicide Division told reporters. Archer also told detectives that the police enforced laws counter to the Quran. A surveillance camera captured the moment that the gunman, dressed in what appeared to be a long white tunic, ran up to Hartnett’s patrol car in West Philadelphia at 11:45 pm and opened fire on the 33-year-old officer. Incredibly, Hartnett, wounded with three bullets in his left arm, came out of the patrol car and returned fire at the fleeing suspect, hitting him in the buttocks. Hartnett was also able to call in to police radio that he was shot. Archer was captured by other police officers a block away from the scene of Hartnett’s


attack. Archer’s gun lay next to him. The officers who apprehended Archer took note that the gun was empty, as every bullet was apparently fired into Hartnett’s car. While Hartnett is recuperating from his injuries, which include a broken arm and severe nerve damage, Archer is, as of this writing, still under investigation. Was this the act of a “lone wolf,” or an organized attack? Investigators are looking into Archer’s background and recent activities to see if the 30-year-old suspect had ties to terrorist groups or acted alone. The FBI searched his Internet activity to see if he had direct contact with terrorist groups, or if he was influenced solely by Radical Islamic websites that encourage others to shoot police officers and commit other acts of terrorism. The FBI is also investigating the trips Archer made to Saudi Arabia in 2011 and Egypt in 2012. Family members confirmed that Archer was a devout Muslim, but said he suffered from mental illness. He was on probation at the time of the shooting and waiting to be sentenced after his conviction for other crimes. Philadelphia Police Commissioner Richard Ross, serving only on his first week as the city’s top cop, told reporters Archer was armed with a police-issued semiautomatic 9mm pistol that had been reported stolen. Detectives were looking into how Archer had the gun in his possession. “This guy tried to execute the police officer,” Commissioner Ross told reporters. “The bravery the officer demonstrated was absolutely remarkable.” One Philadelphia police officer told a writer that Hartnett, a five-year veteran, was “one helluva cop.” Another police officer agreed and added that Hartnett was a “cop’s cop” - a “warrior cop.”

by but not necessary working with foreign terrorist groups. The investigation continues.

Family members confirmed that Archer was a devout Muslim, but said he suffered from mental illness. He was on probation at the time of the shooting and waiting to be sentenced after his conviction for other crimes. Philadelphia Police Commissioner Richard Ross, serving only on his first week as the city’s top cop, told reporters Archer was armed with a policeissued semiautomatic 9mm pistol that had been reported stolen. Detectives were looking into how Archer had the gun in his possession.

The Philadelphia Inquirer reported that Hartnett served 14 years with the Coast Guard, which he joined shortly after Sept. 11, 2001. He served on active duty until 2008 and also served in the Coast Guard Reserve. He served two years on the East Lansdowne PA police force prior to joining the Philadelphia Police Department. FBI Director James B. Comey announced on January 13th that the FBI was investigating the shooting of Officer Hartnett as a terrorist attack, noting that ISIS has focused on motivating “troubled” people to commit violence via the Internet. He said that some people are inspired

36

Journal of Counterterrorism & Homeland Security International

Immediately after the shooting of Hartnett, the Philadelphia Police doubled-up officers out on patrol as a temporary measure, and have since gone back to officers riding solo in their patrol cars. Many officers think riding solo is dangerous, as two officers patrolling together is safer for the officers and the people they are sworn to protect. Officer Zirilli, however, prefers to ride solo and is comforted by being in constant radio contact with the command and other officers. A case in point was when a call came over the radio reporting a major disturbance at a fast food restaurant. Zirilli responded, as did four other officers. The five officers worked in concert to restore order. Later that evening, the officers were on the radio together as they sped through South Philly’s side streets searching for two armed robbery suspects. “Team work is essential to officer safety,” Zirilli said afterwards. “The most important thing is that everyone gets home the same way they came in.” Zirilli, a South Philly native and daughter of a city firefighter, said both her son and exhusband are also Philadelphia police officers. Her son is a Marine veteran who served two tours in Afghanistan and was wounded twice. “I know it can be dangerous to be a police officer, but I’d rather have my son here as a police officer than overseas in combat,” Zirelli said. Zirelli knows full well the inherent danger of being a police officer on the street, but said this is what they signed up for. More than ever, patrol officers need to be vigilant, especially in light of the ambush shooting of Hartnett. After meeting with FBI agents and Harnett, U.S. Sen. Pat Toomey (R., Pa.) called the attack on Hartnett a clear act of terror. “The dangers of radial Islamist terrorism are not limited to countries far away,” Toomey said. “It’s not just the civil wars that are raging in the Middle East or acts against civilians in Paris and Beirut and Jakarta, but it’s attacks against Americans at Fort Hood and San Bernardino — and now Philadelphia.”

About the Author Paul Davis is a contributing editor to the Journal. He can be reached at pauldavisoncrime@aol.com

Vol. 22, No.2



IACSP Corporation Spotlight

Wapack Labs: Protecting Client Businesses Worldwide Against Cyber Attacks By Jim Weiss and Mickey Davis

38

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


W

apack Labs Corporation identifies cyber threats before they become attacks. Founded in 2013, the company is a privately held cyber intelligence and threat analysis firm serving companies and organizations around the world. It does this by providing early threat detection through Internet surveillance operations, data

gathering, and in-depth analysis of economic, financial, and geopolitical issues. Intelligence is shared with clients through an array of packages that meet both their cyber needs and their bottom line. Wapack Labs also supports and maintains a leadership role through the Red Sky Alliance and others, offering expert-level, targeted cyber-intelligence analysis. What is Red Sky Alliance? It’s an information sharing group, a private social environment for exchanging cyber security information, advice, and defensive strategies. Red Sky Alliance’s staffs are also staff members of Wapack Labs. The Alliance’s goal is to build a strong community of trusted professionals that can identify and neutralize cyber threats to the membership from organized, covert, targeted, criminal, or advanced cyber threats and cyber espionage.

Fusion centers manage the flow of information and intelligence across all levels and sectors of government and private industry. The fusion process turns information and intelligence into actionable knowledge. The goal is to maximize the ability to detect, prevent, apprehend, and respond to criminal and terrorist activity with the main focus on public safety.

Fusion Centers In the US, there are federally funded fusion centers, such as The Northeast Ohio Regional Fusion Center (NEORFC). According to the Department of Homeland Security and the United States Department of Justice, a fusion center is a collaborative effort of two or more agencies to provide resources, expertise, and/or information to the center. These agencies can include local, county, state law enforcement agencies, and any of the “alphabet” federal law enforcement agencies such as the FBI, DHS, and DEA. Fusion centers manage the flow of information and intelligence across all levels and sectors of government and private industry. The fusion process turns information and intelligence into actionable knowledge. The goal is to maximize the ability to detect, prevent, apprehend, and respond to criminal and terrorist activity with the main focus on public safety. There are guidelines and policies to be adhered to, but fusion centers

Wapack F35 160519-F-GS664-011. Federal government awareness to cyber espionage heightened when Northrop Grumman’s F 35 fighter had been hacked by Chinese governmental hackers. Apparently all or most of the contractors of the F 35 had been hacked; in the aftermath the Defense Industrial Base (DIB), a security alliance between industry and government was founded. Wapack Labs was started with financial backing from companies involved in the DIB, finance, energy and telecommunications sectors. Stutzman stated: “We started the company with a focus on cyber spies.”


prioritize and address threats within their specific jurisdictions for all crime types, including terrorism. Does Wapack Labs have any connections with Defense Industrial Base (DIB), a security alliance between industry and government? Yes. Jeff Stutzman is now the CEO of Wapack Labs, but back around 2009, he was a GS15 at the Air Force’s DoD Cyber Crime Center (DC3), the US civilian equivalency to the military rank of Air Force Colonel. Stutzman built the analytic component of the DIB program--the Defense Industrial Base Collaborative Information Sharing Environment-the DCISE (pronounced DICE).

About Wapack Labs Wapack Labs was started with financial backing from companies involved in the DIB, finance, energy and telecommunications sectors. Stutzman stated: “We started the company with a focus on cyber spies. We track dozens groups and hundreds of espionage actors today. As far as cybercrime such as the hacking and corrupting of financial accounts and financial fraud, the company does a ton of work and has extensive experience in tracking these adversaries. Likewise, in regard to hackers bypassing normal security controls such as log-ins, passwords, and emails from those thought to be trusted sources.” Wapack Labs is a private business, but it is similar to state and regional fusion centers in the collection of information and intelligence, except it identifies ongoing and potential attacks for its clients in the cyber underground, better known as the Deep/Dark Web and TOR. But this is only half of the battle to thwart cybercriminals. The other half requires getting the information to the people who need to know. Fusion reporting, which blends technical information with non-technical analysis, geopolitical briefs, priority intelligence reports, early warning alerts, and threat indicators are all means by which the company shares vital knowledge with clients.

40

However, while the focus is on the company’s clients, if analysts identify threats to others, Wapack Labs doesn’t hesitate to share the knowledge with other companies and law enforcement agencies. An attack on one entity can easily become an attack on many, and Wapack Labs maintains an ethical standard by warning those who could be victimized by the attack, and giving heads-up to law enforcement agencies so they can apprehend attackers before they strike.

Wapack Labs Shares Information Three examples of Wapack Labs warning the government of criminal cybercriminal events include: 1) The 2016 Republican National Convention (RNC) Operations -- In a dimly-lit private research lab, several cyber security analysts toiled with the tedious task of researching surface and Deep and Dark Web information. Over the whisper of CNN Headlines news coming from the monitor, an analyst shouted that she had something. “I found the leader of the protest group.” “Great job. This fits exactly into what I was checking on,” said her colleague, a U.S. Army, Iraq veteran. Collectively they pieced together an intertwining web of protest leaders, protest sub-groups, mobilization locations, and group ideologues and motivations. This information was quickly passed to law enforcement officials involved in support of the 2016 Republican National Convention. Police professionals, in turn, were quickly able to use this information to disrupt what could have been very disastrous results. Operational security plans were successful because of diligent intelligence collection and analytical cooperation. This was just one example of private cyber security capabilities helping government safety and security operations. Also in regard the RNC, cyber warfare, activists--such as and including Anonymous--have been at work and their attacks have a history in regard to hacking into government, law enforcement, industry, and private

businesses. Wapack Lab has had over 100 hits in regard to the RNC, Cleveland. 2) Port operations -- While ships passed through a very busy port in Europe, a cybercriminal spoofed a tanker’s identity by creating a fake web site. Using this web site, the hacker posed as the ship’s Master and requested crew provisions at various ports. The email used collected the victim’s computer credentials, and movement through the network. The bug spread throughout the maritime industry until it found a computer worthy of the attacker –who used it to steal information, conduct fraud, and log into new systems Through this series of serious intrusions, vessel information, crew lists, product information and ship’s manifests were stolen. The hacker was poised to fraudulently conduct financial transactions totaling thousands. 3) Mayday -- In the darkness of the night, a “Mayday” call was issued via radio for a sinking ship, allegedly sent from a submarine. Hundreds of ships immediately turned to help with rescue efforts. Cyber hacking information was discovered through Wapack Labs’ communication sounding via key loggers and sinkhole type operations. It was theorized that a rogue country created the Mayday call so that ship prop-wash noise would mask diver intrusion into the underwater fiber optic cables.

Wapack Labs’ Approach to Cyber Security The company’s approach to cyber security starts globally. By monitoring geopolitical and economic issues, analysts are able to identify areas where hackers – either independent or state sponsored – may turn their attention. From the expansion of the Panama Canal to the conflicts in Syria and Ukraine, Wapack Labs’ big picture analysis reveals fertile grounds where seeds of cybercrime can easily take root. With the global view in mind, analysts at the company home-in on international industries that hackers find both valuable and vulnerable, such as oil and gas, telecommuni-

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2

cations, finance, manufacturing, and shipping. Manipulating financial markets, constructing shipping routes, or cutting off internet access to countries or regions can cause economic upheaval, and hackers have the potential to carry out such attacks without leaving the comfort of their homes. Wapack Labs analysts are able to identify attacks on specific companies to determine when and how they will take place, and use cyber forensics to follow the trail of evidence back to likely perpetrators of these crimes. Reconnaissance missions take analysts into the cyber underworld. Here stolen information is exchanged, leased, or sold, and malicious software programs are developed to outwit network security measures. Analysts also tune into social media sites including blogs, chat rooms, Facebook, and Twitter, listening for chatter that reveals clues about planned or perpetrated attacks, and identifies the forces behind them. Wapack Labs also watches for cyber activity carried out by--or against-government agencies around the world. Hacking election returns, filling the internet with erroneous information designed to sway public opinion, tapping into the confidential and sensitive correspondence of governmental officials, monitoring the websites frequented by political rivals, and stealing intelligence reports and other classified information are all tricks of the cyber trade. In assessing a hacker’s motives, the company’s analysts carefully evaluate cyber activity to determine if their goals are short-term financial gain, espionage, or long-term aims.

Motivation and Types of Cybercrime In many cases, hackers are simply motivated by money. They are able to use malware to tap into bank accounts, manipulate ATMs, blackmail victims by holding critical data captive, and access insider information on publicly traded companies in order to gain the upper hand on the trading room floor. In a recent case, hackers were found to have broken into a public rela-



tions company to steal press releases about the company’s annual earnings reports before they were made public. With this stolen information, ethically-challenged traders were able to anticipate whether a company’s shares would rise or fall, and could buy or sell them accordingly. More insidious criminal activity involving drugs, the sex trade, and the transport of illegal immigrants is aided by hackers. In the shipping industry, for instance, hackers may attempt to gain access to ships’ manifests or customs documents in order to keep law enforcement away from cargo containers filled with drugs or the victims of human trafficking. Terrorists know the value of cyber and can carry out vicious attacks against rival states or organizations without having to strap on a bomb vest. Cyber terrorists can manipulate the networks of media outlets to release erroneous videos or reports intended to create widespread panic, can shut down the websites of vital agencies and organizations, and can steal information that can help them facilitate attacks.

them, analysts at Wapack Labs are able to identify and warn potential targets before hackers make their move.

Key Wapack Labs Programs Cyberwatch® -- Wapack Labs’ job is to watch the people who are watching their clients, and to show those clients what the enemy sees so they can mitigate cybersecurity threats. There are bad cyber guys all over the world. Through the new Cyberwatch program, clients receive all the information they need to make smart, proactive network security decisions. Cyber Threat Index® -- This index monitors and quantifies intelligence chatter by employing easily-understood math to monitor the potential for cyberattacks and present it in a way easily understood by all. Through this index, Wapack Labs can find out what the client compa-

Cybercriminals may also be motivated to disrupt legal proceedings or to avenge arrests or prosecutions. Attackers have targeted federal, state, and municipal law enforcement agencies across the US, including a recent spate of attacks by Eastern European hackers in April 2016. In these attacks, the hackers have locked down agencies’ access to critical information and charged a ransom, paid in bitcoin (a form of digital currency, created and held electronically) to release the information. Aside from the financial bounty gained through that type of blackmail, the hackers are able to compromise investigations, access witness lists, or reveal defense or prosecution strategies which can upend trials and result in the release of dangerous criminals back into society. By monitoring these attacks and understanding the motives behind

42

Wapack Labs staff members at work inside Wapack Labs headquarters. Wapack Labs Corporation identifies cyber threats before they become attacks. Founded in 2013, the company is a privately held cyber intelligence and threat analysis firm serving companies and organizations around the world.

ny is really worth through their new monitoring system. This matches real-time intelligence with rapidfire data analysis to deliver hard numbers that predict the risk of cyber attacks. The S&P 500 Cyber Threat Index® measures the client company’s value as a target for cyber attacks by keeping an ear to the ground for Internet chatter. DJI Cyber Threat Index® determines how one company’s worth stacks up against another’s in the eyes of cyber criminals. Wapack Lab news gets the latest information and breaking news about ongoing cyber attacks, new threats, and a look at who the enemies are. For example, say a threat actor is attributed to Wekby. Operated out of China, this actor has adversary capabilities that have been assessed as Tier IV – criminal or state actors who are organized, highly technical, proficient, wellfunded professionals working in teams to discover new vulnerabilities and develop exploits. Wapack Labs’ analysts read in-depth intelligence reports from analysts who scour the underworld and the real world for cyber threats, then take over the bad guys’ electronically stored information and report on it. Threat ReconTM is a free cyber threat intelligence analysis service developed by Wapack Labs, powered by GO to make it fast. Search f o r a n i n d i c a t o r. If they’ve seen it, they’ll tell you what they know from their own sources as well as select sources on the Internet. Indicators are analyzed and ranked by confidence from 0 to 90%. Custom Intelligence. Wapack Labs offers packages tailored to meet client’s unique security information needs.

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2

How Wapack Labs Tracks the Bad Guys Through an extensive series of techniques, analysts at Wapack Labs mesh real-world knowledge with technical expertise to flush out perpetrators of cybercrime. When information culled by analysts is shared with companies, organizations, and governmental agencies, hackers quickly lose their power to do harm. In some cases, analysts begin at the attack site and work their way backwards, following email chains, identifying the locations of servers, studying and reverse-engineering malware, and connecting their findings with what they have learned from observing known suspected attackers. In other cases, analysts are able to observe the behavior of potential attackers on the internet and watch for signs that imminent attacks being planned. Among the techniques employed by Wapack Labs are: 1) Monitoring and analyzing intelligence chatter in social media and the cyber underground; 2) Sifting intelligence data through algorithms in order to isolate trends; 3) Establishing an open information exchange with industry leaders to identify current or potential motivations and means of attack; 4) Reverse-engineering malware to determine its function and source; 5) Conducting roundthe-clock monitoring of specific networks and systems; 6) Building and maintaining profiles of known attackers; 7) Analyzing emails and following the chains back to the sources; and, 8) Identifying network and software vulnerabilities that open doors to hackers. With these and a host of other techniques, Wapack Labs has been able to identify hackers involved in financial crimes, espionage, and terrorism, and they’ve been extremely successful at upending cyber attacks before they happen.

About the Authors Jim Weiss is a retired Police Lieutenant from Brook Park, Ohio, and a former Army Military Policeman and State of Florida Investigator. In 2001, Mickey Davis, a Floridabased journalist and editor, became Jim’s writing partner.


Protective Driving Executive Awareness Security Driver Bodyguard Seminar Protective Security Operations Threat Detection Nanny Driving & Security Awareness High Risk Driving Firearms Programs Corporate Fleet Driver Training Sport Utility Vehicle (SUV) Training

ADSI is an internationally recognized advanced driving school, specializing in training Security Drivers, Executive Protection Teams and hosting many Corporate Fleet Safety Programs. We have the ability to design and implement courses for a wide audience, specializing in Corporate Security, Military and Law Enforcement training.

Advanced Driving & Security Inc.

5 Franklin Rd. Suite 5 East Greenwich, RI 02818 1-401-294-1600 Office Ext 2 Corporate/Private Security / LE / MIL Ext 3 High Performance 1-401-398-7932 Fax info@1adsi.com

www.1adsi.com


Secure Driver:

Hydroplaning By Anthony Ricci

O

ur alarm clock goes off, we awaken and look out the window to see what the day will bring. We are greeted by dark, dismal skies, fog and rain. Be it heavy rain or not it poses a variety of issues for us while we are out on the road. Complications such as decreased visibility due to fog outside, heavy rainfall or windows fogging up relative to temperature variations, reduced traction, other drivers abilities (or inabilities) to drive in wet weather, condition of your windshield and windshield wipers, condition of your tires, etc. These complications alone are not a definitive causation of a crash or incident, however it is more how you respond or react to these situations. There are steps we can take to reduce this risk, not only by having the knowledge, but by adjusting our mindset and applying the knowledge we know while we are out on the road. 44

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


Before you get out on the road for the day completing a thorough self assessment of how you react to rain is required. Ask yourself important questions, not only about yourself, but also about the environment, the risks and challenges it may pose to you and whomever you are driving, your vehicle, and other users sharing the road with you. What does rain do to your mindset? For some it is a relaxing, enjoyable weather pattern, for others it induces stress. A positive mindset is required to reduce the risk of accidents occurring while we are out on the road. A positive mindset allows the mind to be more aware and allow you to drive with a sound mind which will translate to your hands and feet when controlling the car.

Deep water can get into the vehicles electrical system and cause serious damage and ruin the engine. In the event you need to pass through deep water, wait until the coast is clear from other vehicles and proceed through slowly but using steady gas. If you back off the gas you could allow water into the air intake causing a big engine problem -- worse yet, your feet will get wet.

Lastly, let’s take a second and address the actual roadway problems. What type of surface are we driving on? Smooth asphalt is much more prone to water buildup and slippery conditions than ribbed or rain grooved cement. How much oil and vehicle fluids are on the pavement? Is it a hard driving rain, or just a misty day? All of these questions seem pretty logical but how many of us really think about or actually check these factors every time we are about to navigate through another day of heavy rains.

Hydroplaning, otherwise known as aquaplaning, is much more serious. You’re driving alone and suddenly you have no control. What actually happens is your tires cannot displace the water buildup underneath them quick enough. Smart-motorist.com says “On a smooth polished road in moderate rain at 60mph each tire has to displace about a gallon of water every second from beneath a contact patch no bigger than a size nine shoe. Each gripping element of the treat is on the ground for 1/150th of a second; during this time it must displace the bulk of the water, press through the remaining thin film and begin to grip the road surface.” Therefore, if water isn’t displaced quickly enough, your tires will begin to ride upon a layer of water causing you to lose control. There are no specific speeds at which hydroplaning happens. It is not an exact science but rather an accumulation of several factors adding up to a “holy shit” situation. Tread design, treat depth, the speed and weight of the vehicle, tire pressure, the surface you are traveling on, water depth and even the intensity of the rain are some major factors that must be considered. So if the vehicle starts to feel unstable or if the steering becomes loose you are probably hydroplaning. Therefore if you begin to hydroplane do not hit the brakes or jerk the wheel suddenly. Look where you want to put the car and point the wheel in the direction you want the car to go. Hopefully it will head that way.

Did you ever wonder about driving through that deep puddle in front of you? When crossing large puddles or deep flooded areas first make an assessment as to the depth of the water. Never drive through deep water at high speeds, always stop and look before proceeding. If you do proceed you could run the risk of severe vehicle damage. If the water level is over or deeper than the bottom of your door line, find an alternate way around the area.

In addition, never use your cruise control while in the rain. In the event of a hydroplaning incident you have less of a chance to correct the situation quickly. This is due to a few reasons. Initially it takes longer for your thumb to reach the cruise control off button than for you to remove your foot from the accelerator if you were driving without cruise control. Some cruise control systems will add more throttle when the system detects the reaction of the tires

Now that we have assessed ourselves, the next step is an assessment of the vehicle we are in. How much tread remains on the tires? Did you check the tire pressure? Is the tread pattern appropriate to disperse water, or is the tire more performance oriented? How wide is the tire profile? Newer vehicles come with wider tires than vehicles of years past, these wider widths do not translate to great success when dispersing water on the road. How heavy is your vehicle? Are the wiper blades worn? Do they work well? Does the defroster work?

speed during a hydroplane. Other ways that you could traditionally turn off cruise control would make the situation worse: applying the brakes (which could cause the vehicle to skid and immediately lose control), or adding more throttle. The proper response during an incident is to hold a light, but firm grip on the wheel, and remove your foot from the accelerator to allow the vehicle to reconnect with the road. Cruise control goes against all these corrective actions by adding an additional step. With all the aforementioned assessments and data considered, what can we do to help reduce the possibilities of a hydroplane situation? There are four main things we consider to be most important in reduction of risk: 1. Most important - lower your speed while driving on wet pavement 2. Be aware of the water depth, the deeper the water the greater your chances of hydroplaning 3. Check your tires regularly, for correct pressure and tread depth 4. Be aware and in touch with your vehicle. Think ahead and drive with your head not your foot. Prepare yourself, prepare your vehicle, maintain a safety margin and a positive mindset and your response to any water related situation out on the road should prevent the accident chain from linking, keeping your drive free of incident.

About the Author Anthony Ricci is President of ADSI (http://www.1adsi.com)


IACSP Homeland Security Bookshelf

By Dr. Joshua Sinai The following are noteworthy recently published books on various aspects of homeland

T

security. The capsule reviews are arranged alphabetically, by authors’ last names.

his review column focuses on two important components of homeland security: workplace violence prevention and maintaining safe campuses, whether at schools (K-12), colleges and universities, medical centers, or other campus-based facilities. The first review is a pocket handbook on workplace violence prevention, with the second review a recent conference this author attended that comprehensively covered the components involved in securing campuses, ranging from risk assessment approaches to security technologies developed by industry to safeguard campuses. 46

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


Violence in the Workplace: Prevention Guide,

CCOHS, [3rd Edition] (Hamilton, Ontario, Canada: Canadian Centre for Occupational Health and Safety, 2014), 182 pages, $15.00 [Spiral Bound], ISBN: 978-0-660-19694-7 Ordering information: http://www.ccohs.ca/products/publications/violence.html.

This spiral bound pocket handbook is an authoritative and comprehensive workplace violence awareness and prevention training and reference tool. It is intended for those involved in public safety, human resource departments, and front-line supervisors and managers across all business sectors and occupational groupings. It is organized into eight sections, beginning with a sheet for emergency contact information, and followed by an outline of “Top Five Violence Prevention Tips,” a section on objectives, scope, target audience, and how to use the guide. The first section, “Introduction,” explains the nature of workplace violence, ranging from threatening behaviors to physical attacks; why it is an important issue to an organization (e.g., the high cost to organizations in terms of lost productivity, low morale, and higher insurance premiums); the factors that might increase the risk of workplace violence (e.g., certain occupations that deal with difficult clientele, such as health care, social services, law enforcement, and others that handle money with the public); and what a workplace violence prevention policy needs to address (e.g., emphasizing a zero tolerance policy to workplace aggression and the disciplinary measures to enforce it). The second section presents the components involved in developing a workplace violence prevention program, such as a hazard assessment of the potential risk of violence against one’s organization, preventive measures, reporting and investigating incidents, establishing an emergency response plan (ERP), providing victim support, conducting incident follow-up, establishing a training and education program for staff, conducting periodic reviews of the program, and using community resources, including adhering to legal requirements in one’s jurisdiction. Once such a prevention program is in place, the third section presents the components of preventing workplace violence through an in-depth identification of the warning signs of a potential incident ranging from exhibiting negative personality characteristics to threatening and intimidating behaviors; the characteristics of violent incidents between employees; and the emergency preparedness measures managers need to implement in anticipation of such incidents, such as evacuation routes and ensuring their offices are secure in terms of access control and surveillance. The fourth section, “Responding to Workplace Violence,” presents information and protocols on dealing with a potentially violent person (whether an employee or an outsider), making an emergency service call, responding to a physical attack, implementing a lock-down procedure, and the procedures for emergency evacuation of personnel.

The fourth section, “Responding to Workplace Violence,” presents information and protocols on dealing with a potentially violent person (whether an employee or an outsider), making an emergency service call, responding to a physical attack, implementing a lockdown procedure, and the procedures for emergency evacuation of personnel.


Section five, “Conclusions,” presents a useful checklist of nine tasks to ensure organizational preparedness, based on the tasks discussed in the previous sections. These include tasks such as “Did you conduct a comprehensive hazard assessment of your workplace” and “Do you regularly review all of the above to ensure they reflect and respond to the current status of your workplace?” It also outlines common mistakes made in dealing with violence issues, such as “Not taking threats seriously” and “Ignoring warning signs.”

The appendices include valuable templates, such as a hazard assessment questionnaire, an inspection form, a reporting form, and reference resources on workplace violence prevention. The handbook’s text is accompanied by numerous safety tips, charts, diagrams, checklists and illustrations that will assist users in developing and implementing a workplace-specific violence prevention program. The Canadian Centre for Occupational Health and Safety (CCOHS), the handbook’s publisher, was established as a federal department corporation by the Canadian Parliament in 1978. Although some of the handbook’s references, such as legal frameworks for workplace violence prevention, are Canada-specific, the overall presentation is universal in its relevance and application. Its $15.00 price (plus shipping & handling) is a bargain for such a valuable resource and tool kit on workplace violence prevention.

Campus Safety Conference – East July 25-26, 2016, Gaylord National Harbor Hotel National Harbor, Maryland.

On 25-26 July 2016, Campus Safety Magazine held a conference on campus safety topics, including an exhibition by leading security industry vendors. The magazine’s print edition is published nine times a year and is distributed free of charge to more than 18,000 campus safety and security professionals in the United States. It is also published online at CampusSafetyMagazine.com.

The conference/exhibition was held over two days, but I attended the second day as it was focused on thematic panels, accompanied by an industry exhibition (which was only open the 2nd day). The panels were organized into two concurrently held sessions: “K-12” and “Higher Ed”. There were no plenary or joint panels (at least not on the second day), so I attended six “K-12” sessions and one “Higher Ed” session. The panels were tremendously useful for security professionals in this field, as follows: •

48

Nina Delgadillo, Manager II, Safe Schools Office, Sacramento City Unified School District, Sacramento, California (and a retired Senior Special Agent in the Bureau of Alcohol, Tobacco, Firearms and Explosives), highlighted the importance of the need for collaboration between School Resource Officers (SROs) and local law enforcement, particularly in conducting joint training and exercises, as a force multiplier in upgrading the preparation of schools to respond to a spectrum of potential disasters.

John Woodmansee, Security, Environmental, Health and Safety Coordinator, Connecticut Department of Education, discussed his department’s risk and vulnerability assessment program, which is a starting point for complying with the requirements by 33 states to comply with the Readiness and Emergency Management for Schools (REMS) program’s guidelines to conduct risk and vulnerability assessments of public educational institutions as part of their emergency preparedness and response plans. He mentioned that their prioritized listing of persons and systems to protect include students, staff, visitors, as well as school volunteers, followed by student personnel records, equipment, facility funds, Information Technology (IT) systems, and reputation. He also discussed the physical and technological concentric rings of security that are essential in protecting school campuses. Curtis Case, Director of Digital Learning, Millard Public Schools, Omaha, Nebraska. Mr. Case was involved, as school principal, in the January 5, 2011 shooting at Millard South High School in which a senior student, who had been suspended, proceeded to kill an assistant school principal, as well as injuring him. His presentation focused on the need, during the current period of reduced school budgets, to acquire security systems that would most efficiently integrate hardware with software, such as video software that manage access control in schools. Alan Walters, Director of Safety and Risk Management, Georgetown County School District, South Carolina. He made the important points that risk and vulnerability assessment templates need to be “legally defensible” by being based on government plans and protocols, that security barriers inside schools need to balance security with access, that school bus drivers also need to be trained in securing their busses since they represent frequent targets, and that, since risk elimination is impossible, the focus needs to be on risk management. Guy Grace, Director of Security and Emergency Planning, Littleton Public Schools, Arapahoe, Colorado. Mr. Grace was involved in managing the response to the December 13, 2013 school shooting at which it took an 18-year old school senior 80 seconds to enter the school and attempt to kill the librarian and debate coach, who was not present, with an innocent student bystander killed in the rampage. He discussed the full spectrum of how a school security director manages the response to such incidents, including the collateral impact on the other schools in the district, which were also placed in a lockdown mode in the event it was part of a simultaneous mass attack. Of special interest was his discussion of the mechanisms involved in establishing an Incident Command System (ICS), ensuring that commonly understood language was used among the first responders, that communications systems were interoperable, and that back-up teams were prepared to manage the reunification areas in the event that the designated teams might still be under lockdown. Dr. Randy Atlas, President, Atlas Safety & Security Designs, Inc., Fort Lauderdale, Florida. Dr. Atlas, an architect/criminologist, is also the author of “21st Century Security and CPTED: Designing for Critical Infrastructure

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


Protection and Crime Prevention,” CRC Press, 2013. In his presentation, he outlined the top security challenges facing schools as trespassing, vandalism, theft and robbery, and assault, and that potential problems in campus layouts include poorly defined campus borders and isolated spots located away from supervision. To counter such security vulnerabilities, safe school design must focus on securing interior (e.g., classrooms and corridors) and exterior spaces (e.g., formal gathering spaces), as well as effective alarms, surveillance, lighting, and mechanical systems. Marsali Hancock, Founder and President, IKeepSafe, San Jose, California. Ms. Hancock explained that students are extensively involved in the social media ecosystem, where some post threatening or “self-threatening” postings. As a result, ensuring the safety of students and their schools by monitoring such postings requires not only cooperation between schools and parents, but also bringing together teachers, counselors and nurses, IT directors, and principals and administrators to work together on these issues. Throughout this process, monitoring of students’ activities in the digital ecosystem also requires compliance with privacy laws and ethical standards, as well as balancing the need for security and privacy, reputation, and, above all, fostering safe and healthy relationships between schools and their students. Lieutenant John Weinstein, Commander, District 3, Northern Virginia Community College (NVCC) Police Department. Lt. Weinstein (who also holds a doctorate in political science) discussed the risk management methodology he employs to assess the spectrum of threats, vulnerabilities, and consequences facing NVCC’s campuses, and the prioritization of such risks to build and budget their security requirements for best return on investment (ROI) allocation of such resources. He also discussed the types of threats facing campuses such as NVCC, such as radicalization into violent extremism, including helping to make professors aware of what to look for in student radicalization and how to overcome a reluctance to report such early warning signs. In terms of new and evolving threats, he mentioned the possible use of drones by terrorists, for instance, to bomb a building’s occupants as they are evacuating due to an emergency alert. Such new threat trends need to be exercised against, he concluded.

The conference’s industry exhibition was highly informative in highlighting some of the latest development in security technologies for campuses in areas such as access control, mass alerts and notifications, voice evacuation systems, video surveillance equipment, networked command-and-control systems, mobile incident management, shot-detection technologies, emergency notification checklists, mobile communications, and various training solutions, including in areas such as workplace violence prevention.

About the Reviewer Dr. Joshua Sinai is Principal Analyst at Kiernan Group Holdings (KGH) (www. kiernan.co), in Alexandria, VA, where he specializes in assessments and curriculum development on terrorism, counterterrorism, active shooter, workplace violence, and insider threats. He can be reached at: joshua. sinai@comcast.net.

The conference’s industry exhibition was highly informative in highlighting some of the latest development in security technologies for campuses in areas such as access control, mass alerts and notifications, voice evacuation systems, video surveillance equipment, networked command-and-control systems, mobile incident management, shotdetection technologies, emergency notification checklists, mobile communications, and various training solutions, including in areas such as workplace violence prevention.


Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


Advance Your Homeland Security Career

100 % ONLINE 100% Online Degree HOMELAND SECURITY Fully accredited, nonprofit brick-and-mortar institution n Ranked by U.S. News among the best universities offering online degrees n

n

Rated by Military Times as one of the Top 5 schools for veterans in the nation

Go.EKU.edu/IACSP

Now Enrolling

!

I

859-622-7428


YOU ARE DRIVEN TO

LEAD

WE ARE DRIVEN TO HELP YOU GET THERE. At American Military University, we understand where you’ve been, what you’ve done and what you’d like your team to achieve. Choose from more than 90 career-relevant online degrees — respected by the intelligence community — which can help your squad advance their careers while serving their country. Your team will join 100,000 professionals gaining relevant skills that can be put into practice the same day. Take the next step, and learn from the leader.

To learn more, visit www.PublicSafetyatAMU.com/IACSP

Journal of Counterterrorism & Homeland Security International

Vol. 22, No.2


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.