In preparing organizations and persons for response to a high-impact emergency incident, two of the most often overlooked requirements are operations security (OPSEC) and site security. Bound inextricably with coordination and integration strategies for response, OPSEC and site security are often compromised in the “heat of the battle.” Well-intentioned responders frequently converge on the scene of the disaster, unbidden, and they implement strategies without addressing OPSEC and site-security considerations. The discipline to apply the principles of OPSEC and site security following a preestablished, organized, and well-practiced plan is crucial given the nature of the threat and the variety of conditions that may present themselves. Failing to address these priorities before an event amounts to failing to protect the protectors. It jeopardizes the viability of the response mission itself. Terrorist attacks present the contemporary emergency services manager or chief officer with challenges that are more complex and risks of greater magnitude.
Site security and OPSEC are multifaceted and diverse concepts, ranging from protecting an organization’s information concerning activities, intentions, or capabilities to controlling scene access, traffic control, and evidence protection. Because this involves so many different aspects of disaster response, and because it cannot be completely achieved without full integration of each of those aspects, site security is best understood broadly. Robust control of the incident and surrounding areas should be the desired goal. This includes controlling the human and material flow into, out of, and around the site; providing for the security and safety of responding personnel; providing these responders with the ability to perform their jobs; and ensuring personnel accountability and the fulfillment of performance requirements. It is recognized that OPSEC infrastructure and strategies may necessarily develop over the course of the event response. Much like safety, OPSEC is the responsibility of every provider. Both the discipline of the initial responders and adherence to key principles provide the initial security until assessments and mitigation strategies that are more deliberate are implemented.
For an OPSEC program to be effective, personnel must be aware of OPSEC concerns. They must implement OPSEC countermeasures when appropriate and be observant of potential intelligence collection activities directed at their organization. This is only possible if the members understand the range of threats affecting their organization and actively support the OPSEC program.
Under these definitions, the framework that makes for effective and successful deployment of OPSEC and site-security strategies is the Incident Management System/Unified Command (IMS/UC) as articulated in the National Response Framework (NRF) and the National Incident Management System (NIMS). Many OPSEC and site-security issues can be addressed merely by properly applying these disciplined and standard structures, practices, and protocols. For example, interagency integration problems involving the establishment of a chain of command, which produced many of the issues that plagued security at the World Trade Center site in the aftermath of the September 11, 2001, events, could have been significantly ameliorated by the implementation of an effective IMS/UCS early in the event, as well as the requisite immediate establishment of a workable security perimeter. Simply restating the requirement for implementing the IMS/UCS structure, which has already been established with the release of the NRF and the resulting NIMS, is not the purpose here. Moreover, this chapter seeks to address the roles that OPSEC and site security play in the response to a terrorist incident within the framework of the IMS/UCS process.
Incident management/unified command as the foundation
All people who choose to devote their life’s work to responding when others are fleeing must resist the urge to “run in” without fully understanding what lies beyond that door, on the other side of that cloud of smoke, or around the next corner. Although difficult in a terrorist event, the success of the response mission and the survival of responders depend on projecting or knowing what threats lie ahead. The organizational protocol established by IMS/UCS is simply the framework by which OPSEC and site security can be established efficiently, effectively, and successfully; in other words, IMS/UCS is required but not sufficient on its own. Although not a panacea, IMS/UCS implementation is crucial for us to remediate the hard lessons learned in the recent past, fixing the problems inherent in past responses and implementing standards for OPSEC and site security.
The adoption and implementation of the NIMS-IMS/UCS framework addresses and corrects a large portion of site-security issues by the incorporation of the talents and services provided via the law enforcement community at the command post; it is important to note, however, most (or many) of these concerns are not limited to terrorism-related events, and the UC concept is appropriate at most emergency scenes. Many of the difficulties inherent in the massive response of multiple agencies are just as prevalent in an earthquake as in a dirty bomb attack or other disaster. It is the particular nature of the threat that makes OPSEC and site security so salient, and unique in the context of terrorism is the particular nature of the threat.
The unique challenges posed by acts of terrorism create conditions that are fluid, requiring speed and flexibility of thought and action, as well as thorough planning and preparation. These attributes must be institutionalized in the response doctrine and responding personnel to achieve safe, effective, and sustainable responses to an incident. Moreover, the After Action Reporting (AAR) from the Boston Marathon Bombing further amplifies this requirement when leaders from all disciplines reported that the response performance really emerged from intuitive reactions by their personnel who had been training for years using a variety of evolving scenarios to achieve adaptability of response. Further, it is critical to remain mindful that the targeting of responders and “soft targets,” such as health care facilities and schools, makes this an even more complex matter to address and manage to ensure one’s own safety and the safety of those responders that are being coordinated at the scene.
By analyzing the experience from the major recent terrorist attacks, particularly the 1993 World Trade Center Bombing and those following, numerous areas of concern consistently emerge. By focusing on each of these identified areas of concern and the pitfalls encountered during event response, we can identify opportunities to improve and lessons to be learned, and can develop best practices to shape future responses. As just noted, these concerns fall into two general categories. The first elements to consider are those that are universal to all event types and that can be remedied by the proper implementation of IMS/UCS. These include the following:
Perimeter establishment and access control.
Traffic and crowd control.
Victim rescue in the immediate aftermath of an incident.
Personnel needs including work-rest cycle, shift duration, feeding, watering, hygiene, adequate personal protective equipment (PPE), as well as the continuation of normal emergency medical services (EMS), law enforcement, and fire services operations over the course of the event.
Organizational integration and interoperability communication issues.
Public relations, including interactions with dignitaries, media, charities, and families of the victims and the missing.
OPSEC and site security.
Staffing support for other elements.
Second, some considerations are particularly relevant following terrorist events and cannot be addressed simply by the implementation of IMS/UCS; these therefore require further attention and creativity and are listed as follows:
Search for secondary devices and hostile threats to the scene and responders.
Perimeter establishment and access control (although relevant in all emergency events, it takes on special significance following terrorist events).
Traffic and crowd control (although relevant in all emergency events, it takes on special significance following terrorist events).
Evidence recovery and protection.
Operations Security and Site Security: Challenges of a General Nature
The important role IMS/UCS plays in enabling successful OPSEC and site security cannot be overstated. Perhaps the essential component in OPSEC and site security is communication and coordination among responders, and IMS/UCS, by design, provides a mechanism for exactly that. The following section addresses each aspect of OPSEC and site security that can be helped by the implementation of IMS/UCS, including multiple examples from recent terrorist attacks, where such implementation would have directly resulted in saved lives or property. Suggestions are then made as to how these issues can be dealt with in future events.
The first challenge to OPSEC and site security is victim rescue in the immediate aftermath of an incident. This is the initial and most dramatic problem faced by all responders during and immediately after a terrorist attack or large-scale event. A driving characteristic common to most responders is the natural instinct to rush forward, nobly intentioned, to do whatever one can to quickly save as many lives as possible. However, for both the safety of the responders and the victims, as well as the sustained good of the mission, some deliberate restraint and organization must be exercised. Absent this disciplined wisdom, the overall incident management may be negatively affected, and people may die needlessly. Among the lasting images from the events of 9/11 and the Boston Marathon attack are the hundreds of first-responder personnel rushing to the scene to help all who were impacted by these horrible attacks. The counterpoint is the striking example of misguided good intentions observed at the Shanksville, Pennsylvania, United Airlines flight 93 crash site, which on September 11, 2001, became overwhelmed and severely congested because of both on- and off-duty units responding, making their way to the scene either by self-dispatch or by convincing dispatchers to send more help. The resulting chaos clogged the scene, severely complicating command and control, and confusing perimeter maintenance.
This area of OPSEC and site security primarily deals with ensuring an effective response rather than an unorganized, potentially dangerous, and surely less-effective response. Implementation of IMS/UCS could have diminished the reported congestion because it states that off-duty response personnel should not respond to an event unless directed to do so. Although operational doctrine dictates that you “man your post” until otherwise directed, the reality is that such a situation rarely exists.
The instinct to respond is powerful and is complicated by the “touch the plane” phenomenon, in which people feel they have to be at the disaster scene so they can tell anyone who will listen that they were indeed there “when it happened.” Therefore it is incumbent on the agency and organizational leaders to stress and practice operational discipline that demands coordination and adherence to strict deployment protocol. Another relevant example is provided by the Bali Bombing of October 2002. As with other examples, the Bali responders rushed in to help victims, with the intention to save as many lives as possible, and, in doing so, rendered OPSEC and site security nonexistent, and it placed many more lives in danger in the event of another coordinated secondary attack. Even though it is difficult to find fault with the selfless actions of such responders, it is, however, crucial that this emotional response be tempered by reason and the knowledge that restraint and discipline are essential. They are necessary for a measured and effective response, in addition to ensuring an effective investigation to bring the perpetrators to justice.
Finally, there is the example of the brave responders to the World Trade Center attacks. In their zeal to charge into the scene and save as many people as possible, the “tunnel vision“ they experienced allowed them to neglect properly assessing the danger to their own lives. Based upon this historical experience, responders must consider the full gamut of threats posed by formal secondary attacks or secondary effects of the primary attack mindfully. This includes the possibility that the initial event is actually a precursor to a campaign of attacks, as well as the expanded implications of fire, hazardous materials, and associated infrastructure failures. Any one of these elements presents daunting challenges for a responder, and the collective effects of multiple known and unknown operational variables further complicate the response exponentially. The potential confluence of events compounds the threats to environmental safety, and demands that the responsible emergency-response chief establishes and maintains aggressive safety policies throughout the event.
OPSEC and site security involve understanding the situation as accurately possible, including the possibility that attempting to rescue victims immediately may not be the wisest, safest, or most appropriate course of action. Although it may seem that delaying rescue efforts is tantamount to abandonment of our duty to act and is contrary to the oath many of us swear to, in the end, lives may be saved by taking the time to assess the situation fully, in a coherent fashion, before executing operational response.
The security needs of response personnel are a major issue to be addressed when planning a response to a high-impact and high-yield emergency incident. These needs are varied and can be very complex, complicated, and resource intensive, particularly during and after a terrorist event. These demands are further increased given the likelihood of hazardous materials being present, and the intent of the terrorist to hurt or kill as many people as possible, including responders.
One very good example of this occurred during the 1997 Tokyo Sarin attacks in the subway. Japanese medical personnel lacked proper PPE; more than 20% of the staff of St. Luke’s International Hospital exhibited detrimental physical effects after treating victims of the attack. Had the hospital planned properly and equipped the facility and personnel, in addition to regularly training all employees, the instances of secondary contamination may have been greatly reduced once a nerve-agent attack was recognized.
Another well-known example of responders lacking proper PPE was the September 11, 2001, attacks. Early in the response, heavy particulate asbestos was found at the site, and later, Freon, cadmium, and other hazardous materials were identified, yet there were many personnel operating without proper protective equipment. This can be attributed to poor planning, poor operational discipline, and/or lack of threat awareness. Logistics-acquisition problems also contributed because there was simply not enough equipment to go around. This suggests that planners failed to conceive or believe that an attack of this scale could possibly occur. Poor logistics further contributed because the equipment that was present was not distributed properly.
Another critical aspect of protecting responders in a traditional sense involves personnel rest and rehabilitation, which are critical to the success and sustainability of an operation. Although rescuers are often willing to work to the point of exhaustion, this is dangerous to the responders, the victims, and the effectiveness of an operation. Fatigue creates more casualties through impaired decision making, increased stress and frustration, and impaired judgment. The medical profession continues to address the effects of sleep deprivation and fatigue, because of errors directly traceable to exhausted health care providers. Several well-publicized studies chronicling the effects of long work hours in life-and-death stressful environments reveal that errors have produced increased morbidity and mortality in the patients being cared for by these well-meaning professionals. Studies conducted over the last several years reveal that moderate sleep deprivation produces impairments in cognitive and motor performance equivalent to legally prescribed levels of alcohol intoxication.
To help ensure safe and effective sustained operations, IMS/UCS empowers the Incident Commander to plan for sustained operations by dividing the available workforce across shifts. Work-rest cycles are implemented, and shift durations deliberately established, allowing for the necessary rest and rotation of personnel, even if it must be mandated. The final strategic and operational concern addressed in this chapter is the continuation of public services, including EMS, medical, law enforcement, and fire service, through the end of the incident and into the recovery stage. Sustaining 911-response capacity for an entire community should be a necessary goal that agencies and first responders must accept and embrace. Just because one is being confronted with a large disaster in one’s community does not alleviate the obligation to ensure that “all” emergencies in the community are managed appropriately.
Clearly, and especially in the case of EMS, the fiscal implications of having a sustainable and robust response system that can handle any and all 911 calls at all times is strictly prohibitive. Burden sharing has become accepted widely by way of mutual aid compacts between communities, regions, and now states under the Emergency Management Assistance Compact. The key to successful sustained operation is embracing this concept and employing it, as required, on a regular basis. Further, reviewing scene-safety response protocols for commonality, ensuring interoperability, and having a shared vision of OPSEC and site-security tactics are integral during the duress of a real event.
Hospitals share the same concerns for their facilities and staff. During the planning phase for disaster response, hospital planners must consider a number of issues that previously did not require their attention. Such matters include increased security, physical management of patient flow, PPR, decontamination strategies, and staff training and support. One hospital failure that drew much national media attention occurred in Florida during the hurricane season of 2004. Florida Hospital Ormond Memorial fired and/or suspended more than 20 nurses for not working during Hurricane Frances. The nurses were fired for not calling in, not showing up, or refusing to work, whereas others were suspended for not completing a shift. The hospital stated that hospital policy required critical care employees to work during a disaster. In media accounts, some nurses alleged that they were not trained to deal with these extreme scenarios, and they questioned who would protect their families. Nevertheless, in a crisis, staffing rosters based on the internal disaster plan were not followed, leaving the facility poorly positioned to cover staff vacancies and sustain operations.
Another unfortunate occurrence in the aftermath of disasters is the potential for civil unrest and criminal activity. Police resources are often allocated elsewhere, concentrated at the site of the disaster. Coverage is degraded in the areas where law enforcement officers would normally patrol or deploy, and if the presence is weakened enough, citizens may loot nearby houses, commercial districts, and in some cases emergency-response equipment. Examples of this can be found in the history of countless disasters, including the looting after Hurricane Sandy in 2012, Hurricane Charley’s August 2004 landfall in Florida, the events in the aftermath of Hurricane Katrina 2005, as well as the unsubstantiated accusations of looting by the responders themselves following the 9/11 attacks on New York City.
Community planners, responders, and emergency services personnel must also consider the potential for events to have rendered a large-scale area too dangerous even for emergency responders to enter. Such examples might include significant hazardous materials release or large radiological incidents. Responders must ask themselves two questions and answer them honestly: (1) In such a situation, what are the primary responsibilities of responders in getting people out, keeping people from entering, and making sure that the area remains contained? (2) Are the responders prepared to evacuate, relocate, secure, and effectively close a significant portion or an entire city, as was necessary during the Chernobyl disaster?
Proper and effective deployment of law enforcement officers is a key aspect of the incident management, NIMS, and NRF. Successful integration of law enforcement partners firmly within the Unified Command framework promotes effective coordination among responders of different disciplines. It affords greater cohesiveness and security for all personnel operating on site. Moreover, it facilitates integrated operations and the investigative process and provides for sustained reliable evidence collection. Similar concerns exist for fire services in the wake of a disaster, particularly in fire-heavy disasters. The standard fire service response is to rush to the scene of a major working fire and engage to control the threat and resolve the problem rapidly. This traditional response strategy was illustrated in the 2001 World Trade Center response. One can imagine the collateral dangers if concurrent fires were to emerge in other parts of the city, particularly in the event of a secondary terrorist attack. The effectiveness and value of mutual aid are clearly apparent in the responses to any number of large-scale disasters, but this was particularly evident on September 11, 2001. There is also precedent for terrorists using fire as a weapon to drive victims from positions of security or to hamper the emergency response.