Exclusive: The importance of threat and risk assessments

The recent Manchester Arena Inquiry in the United Kingdom has shone the spotlight back on the consequences of attacks against soft targets. Attacks of this nature have been used increasingly by terrorists to exploit the open attributes of the public domain and target a societal soft spot – civilians.  While this makes it obvious, a security threat and risk assessment should be carried out to help make informed decisions on the protection of soft targets and their application to buildings. Although buildings are considered hard targets, the consideration of holistic protection measures is a necessity which is sometimes overlooked.

In retrospect, the deadly fruition of the Manchester Arena attack drew similarities to the Paris attacks of 2015, whilst also having a striking resemblance to the 2008 Mumbai attacks in terms of weapons that were used and target selection. Although the Paris attacks’ targets consisted of a sports stadium, restaurants, bars, cafés and a concert hall, the fatalities could have been much higher if one of the terrorists had succeeded in entering Stade de France. The only failed attack was that against the stadium, which can be considered a hard target. So, this raises the question: why was a hard target selected?

Counterterrorism experts frequently discuss the potential target environment for terrorists as a separation between ‘hard’ and ‘soft’ targets; this distinction simply reflects the degree of investment made in security measures. Venues such as cafes, restaurants and shopping malls are considered soft targets because they lack recognisable security features like vehicle and pedestrian access controls, hostile vehicle mitigation and standoff distance that prevents car bombs getting too close to buildings. Therefore, soft targets can be summarised as targets that have no defence against violent attacks. Apart from having a higher success rate, attacks against unprotected targets (civilians) are also selected as they generate a lot of media attention, which fulfils one of the basic aims of terrorism – to spread a suspected group’s message to a wider audience. Lastly it also stirs fear within target audiences, thus generating wider psychological impact beyond the immediate victims, which is a common trait of terrorist organisations.

So, given the vulnerabilities of soft targets, why would a hard target ever be considered? It has been observed that certain terrorist organisations have displayed a sustained interest in attacking hard targets, such as embassies and military targets. This is because these targets are perceived as symbols of strength for nation states. An example of this was the attack against the USS Cole off the coast of Yemen in 2000. By showing competence in attacking a United States Navy destroyer, the associated terrorist unit portrayed it has the strength and resources required to dent the national pride or strength of a global superpower.

It’s not just terror groups that decide to select hard targets. In 2020, a South Carolina man – who pleaded guilty to plotting a ‘Netflix worthy’ attack – was reported as stating an intention to target government centres rather than locations “like malls where innocent children are”.

Attacks like this also help draw support for a group or individual’s causes; publicised incidents of terror groups effectively strike governments’ hardened establishments and have been noted to play a role in helping raise financial and personnel resource for terrorist groups. It is also noted that groups’ whose attacks on civilian targets outnumber attacks on hard targets often fail to communicate their objectives or agendas. Therefore, opting to attack hard targets suggests that terror groups are serious organisations compared to other groups who only attack unarmed civilians. 

Conduct a full threat and risk assessment

With hard targets being perceived by some attackers as a more viable choice, the notion that only soft targets are at risk is a dangerous mindset. This dichotomy in analysis is often the case when only a vulnerability assessment is carried out for some projects; while this highlights the gaps in security it also assumes a group’s motives and capabilities, therefore creating an inaccurate picture. For example, a vulnerability assessment may identify that a lack of standoff around a building means a vehicle-borne improvised explosive device can be parked in close proximity. While this may be true, it has not considered if the building is an ideal target, who would want to target it and whether or not they have the capabilities to follow through with malicious intent.

To this end, it’s essential that a full threat and risk assessment is conducted regardless of any preconceptions about the building or project. Without one, informed decisions cannot be made in regard to security planning, which is required to both ensure proportionate security mitigations are put in place and to avoid unnecessary overspend on security.

By Brett Taylor, Associate Consultant – Security Risk Management, WSP Middle East