Terrorist Threat Blog

by Antiterrorism Consulting

 10 / 14 / 2014


Terrorist attack ... can you prevent?  



The possibility that a terrorist attack takes place against a critical infrastructure or industrial activity, toda always arouses in society apprehension and fear. But the question that burns in each of us is: is it possible or not prevent, and thus avoid, a terrorist attack?

In order to respond to this question, you have to understand:

  • the process necessaries for a terrorist group to plan and carry out an attack;
  • how prevention and protection of a terrorist attack is structured


First, it is important to understand that a terrorist attack (whatever type - CBRNE) is planned and studied very carefully, it does NOT born spontaneously

A terrorist attack, to happen successfully, needs of 6 passages of time. If one of these steps fails, even the attempt could fail, and then the terrorist groups are exposed to intelligence. 

These 6 basic steps are listed below:

  • surveillance
  • elicitation
  • test of security
  • acquiring of funding and supplies
  • rehearsals
  • execution

Surveillance is the first step to planning a terrorist attack. The terrorist group need of this step to study the behavior, use, and routine of target, and also on how the goods, people and public move inside the facility.  The Surveillance can be done internally or externally to the target. 

Elicitation is done through questions, direct or indirect, to the personnel that work in the facility. These questions regard, in general, internal procedures, security systems, working time, and location of offices and utilities.

Test of security is the part that is normally be overlooked by everyone, but it is of extreme importance to terrorist groups. It consists in testing the effectiveness of structure's security in the most natural way possible, through actions that can be classified as everyday accidents. 

Acquiring of funding and supplies is demand to money and weapons by terrorist group. The request for funding and supplies is made according to the needs that a terrorist group faces to attack the objective.

Rehearsals is the final part, and it is necessary to evaluate the whole environment how it behaves in an event out of the ordinary. For examples, we can imagine a bag abandoned in a station. The time that elapses from the abandonment and early reporting, and the beginning of security procedures, is the responsiveness of the environment to an event out of the ordinary.

Execution is the part in which takes place the terrorist attack 


After analyzed the process required to plan a terrorist attack, you should understand how the prevention of a terrorist attack, against a target, is structured. To better understand this concept you may think that the prevention of a terrorist attack has a pyramidal shape. (see figure below)

This pyramid is divided into three parts, not equal to each other. The base of the pyramid is occupied by Intelligence, Police and law enforcement. The central part is occupied by ATMS, and the top of the pyramid is occupied by police elite unit, "Counter-Terrorism Unit", units specialized to fight the terrorists in the first person.

This pyramid is not divided into equal parts, because every actor plays a role. The "Counter-Terrorism Units" usually account 1% of the pyramid, because they are used only when all the remaining 99% fails. if a facility does not adopt the ATMS the remaining 99% of prevention must be done by the police (see Figure a). If the structure adopts ATMS, prevention is carried out by two actors who cooperate and collaborate together, law enforcement and the structure itself (see Figure b).

 Pyramid A


Pyramid B


Now we analyze the Case A. In this case, the temporal process is negatively affect on the following points: 

  1. Surveillance: through constant and continuous vigilance of a sensitive target, law enforcement may make difficult and arduous the surveillance by terrorist group.
  2. Elicitation: This point is usually contrasted with the normal techniques of investigation, but the facility staff is not trained to don't reveal sensitive information about the structure. 
  3. Acquiring of funding and supplies: task performed exclusively by the police through a investigation. 
  4. Rehearsals: also in this case a constant presence and continuous vigilance  can prevent this phase, making it almost impossible to perform.
  5. Execution: an increased presence of law enforcement and vicinity of "Counter-Terrorism Unit" to a sensitive facility, ensures less or almost no chance of an attack, or at least, makes it much more difficult to implement it.


We analyze the Case B. As we know, the facility adopts the ATMS. In this case the structure is protect by ATMS and Law enforcement that cooperate, and then all 6 steps are negatively affected. 

  1. Surveillance: the structure is protected 24/7 by active and passive perimeter defence. The presence of law enforcement, if any, further increases the defense.  
  2. Elicitation: the personnel is trained to don't disclose sensitive information, and it is constantly updated on any threats to the structure. In this way suspicious people or suspicious questions, made outside of the work environment, will be promptly reported to the police who will start the appropriate investigations.
  3. Test of security: In a structure with ATMS, any behavior that normally is classified like a daily error, it is treated as a "security incident", and then analyzed and investigated to control if it is a real error or it is a voluntary act.
  4. Acquiring of funding and supplies: task performed exclusively by the police through a investigation.
  5. Rehearsals: This phase can be prevented, because any behavior or suspicious object is promptly reported to police and internal security, and at the same time are activated the required procedures. 
  6. Execution: there are a constant exchange of information between the facility and law enforcement. In this way the law enforcement have the full knowledge of the entire structure, thereby facilitating a possible intervention. The structure, that adopt the ATMS, became dynamic and reactive to a terrorist attack from the first moments, whatever the type of terrorist attack - CBRN.


Let's see the pros and versus of the various pyramid structures.

Structure A

  • Pro:
    1. structure very protected by the law enforcement and is therefore difficult to attack by terrorist groups and common criminals;
    2. rigid frame and ready to react in case of an attack;
    3. time of implementation - immediate.
  • Versus:
    1. high cost of personnel and equipment for the state;
    2. not possible for all sensitive targets and industrial activity;
    3. rigid structure against organizational change, because these changes have to be agreed with the law enforcement;
    4. if law enforcement are NOT present, the structure is exposed to the terrorist threat, and then to the probability of suffering an attack.


Structure B

  • Pro: 
    1. lean and flexible, adapts quickly and with very low cost to any threats; 
    2. Resistant and Resilient, at the same time, to terrorist threat; 
    3. costs by the structure is very low, or almost zero; 
    4. high benefits in terms of insurance and finance; 
    5. if the base of the pyramid (Intelligence) should fail, the ATMS is able to give protection to the structure without exposing the structure to terrorist threat and then the probability of an attack.
  •  Versus: 
    1. if ATMS is not already adopted, the time of implementation is not immediate;


In light of all these considerations, we can answer the original question: is it possible to prevent a terrorist attack against a sensitive target? The answer is YES, it is an chemical, biological, radiological and conventional attack (ie, explosive) - CBRNE.



by - Antiterrorism Consulting ®

 08 / 23 / 2014


The defense against a "terrorist attack" is only a cost, or can it may also have an economic return?  



The term 'terrorism' refers to intentional acts, criminal or malicious. There is no universal definition of terrorism. Officially, terrorism is defined in the Code of Federal Regulations as "... the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in support of political or social objectives" (28 CFR Section 0.85). The terrorist threat can also characterizes like a national or international, depending on its origin. However, the source of the terrorist threat is irrelevance for this article. 

The industrial activities, whether they are classified as Critical Infrastructure or "reality at high risk of terrorist attack", are unprepared to handle the terrorist threat, both in terms of physical security and management.

After the attacks of 9/11 to WTC (World Trade Center), 2004 to Madrid and 2005 to London, several countries in the world have enacted legislation regarding obligation to adopt of systems able to prevent or delay an terrorist attack to strutture. United States approved legislation 6 CFR Part 27, in Europe approved legislation 2008/114/EC and the Russian Federation approved numerous regulations in this regard.

Because all of these regulations require investment from managers / owners of assets under "risk of terrorist attack", an obvious question arise: can we have an economic return from implementing a defense against terrorist risk, or those laws are always a cost to industrial activity without economic return? All the investments that are made, are designed to generate an economic return, then see an economic return in anti terrorism defense that may seem impossible, unless you operate in countries with very high risk of terrorist attacks.

This article will attempt to explain that the implementation of a defense against the terrorist threat, is not only a cost, but it falls into the category of investments that generate an economic return, other than that which can generate a new plant. 

Protecting your business and / or assets from terrorist threats would greatly affect two factors that are very important nowadays for a productive activity: 

  • Insurance Sector 
  • Financial Sector 

These factors do not seem to be connected with each other, but live together closely. To better understand how these factors are influenced by effective protection will be analyzed in detail.


Insurance Sector 

In today's society, insurance companies play an important role in risk management, as they provide a breakdown of the risk itself, allowing people to accept the risks that would otherwise be unacceptable. Obviously the price of insurance is based on a set of data that identifies the risks to which a structure is subjected and which mitigation measures are required to reduce their risk. On this basis, the "terrorism risk" is a new concept and not well defined, because there are no current data and the experience is very limited.

The demand for insurance coverage for the "terrorism risk," provides coverage for a catastrophic loss of value of the property, and then the insurance premium should be assessed according to the exposure of the asset to the threat, the interest that a likely group terrorist can have in attacking the industrial activity and what impact on social structure it can have. 

In light of this, it is clear that some variables may undergo a rise or decrease, depending on how risk is managed. Some insurance products, that cover the "terrorism risk", may have a direct or indirect relationship with the security of the structure. Some terrorist threats may have some relationship with some insurance coverage: 

  • Property 
  • Interruption in production 
  • Insurance on workers 
  • Safety
  • Dead

Several terrorist attacks may result in losses, which are covered in several lines of insurance. Other terrorist attacks, however, may result in losses that are not covered by some insurance, because it doesn't produce physical damage to the property.

In addition to "material damage", there are other insurance clauses that are closely linked to the performance of the industrial activity, and are of direct interest to owners and managers. The insurance on interruption of activity, which covers the business income lost, presents particular problems for insurers, owners, and lenders in the event of a terrorist attack. The policy on the loss of income (generally within a standard policy) is written by insurers for a specified period of time or on the basis of "an actual loss sustained", and requires that insurers and owners or tenants are agree on actual losses.

Usually the loss of productivity is insurable, if the building is damaged by an insurable hazardous. Not all hazards are insurable. In the case of the terrorist attack of 9/11 to WTC, several adjacent buildings were evacuated by order of civil authority. The evacuation in response to the civil authority may be excluded from the coverage of a risk, even for a limited period of time. To deny access to the building without physical damage to the structure, as in the case of a CBR terrorist attack is currently excluded from insurance coverage, for some policies. Therefore, a terrorist attack with a CBR release without physical damage, but with only a contamination of the facility, would result in the unavailability of the same structure for a long time, and the damage associated (interruption in production, decontamination) may not be covered by the insurance policy.

After the terrorist attacks of 9/11, the DoS - Department of State of United States - enacted the Terrorism Risk Insurance Act of 2002 (TRIA), which regulates the insurance on the "risk of terrorism". According to this document, so that activity can be compensated against damage caused by a terrorist attack, the malicious act must be certified as terrorist attack by the government, and it must have these characteristics:

  • Must be a violent act or an dangerous act on human life, property or infrastructure.
  • Must have caused damage.
  • It must have been committed by someone that wants influence the policy or affect the conduct of government by coercion or using the force against the civilian population.

Note that this definition excludes hazards like contaminants such as chemical, biological, radiological.


Financial Sector 

The Finance, like banks and financial resources, provide the financial resource for investment to owners and managers of infrastructure and industrial activities.

The financial sector is concerned about the adequacy of insurance coverage on the property and the protection of the structure itself for a potential loss of good and therefore the default of the debtor. Insurance on employees, and on liability and on business interruption are indicators of salvation or default of a debtor. 

Credit and solvency are now threatened by the terrorist threat ; a proper asset protection and adequate insurance cover has an impact on the asset value and the financial health of the borrower.

The potential impact of terrorist attack on a structure, it affects the financial sector in 3 points: 

Loss of activity: The approach to this risk is to purchase adequate insurance coverage for all relevant risks, and to ensure an adequate defense of the good, in order to ensure that no may be lost due to external causes. "Terrorism risk" includes modes of attack that can be classified into two main types: 

  • attacks that directly damage the building, 
  • attacks that do not physically harm the building, like a CBR release

Some terrorist attacks may not be covered by insurance policies, therefore, these pose a risk to the lenders, because they can affect the value of the property. To better understand the problem you think of a contamination of a well. The cost of decontamination (if not covered for insurance) can cost more than the asset value of the asset. 

Default of the debtor: The protection of the industrial activity is of fundamental importance for the maintenance the solvency of the borrower, as well as providing a guarantee for the loan. A denial access to activity or interruption of production for a long time, can lead to a default of the debtor, resulting in loss of credit by the financial institution. 

Cost of capital: an investment resulting risky, because it is exposed to terrorist threat, it can become very expensive, as it will be present in a rise in interest rates and less access to finance itself.


In light of these considerations, we can answer the question posed at the beginning: "a defense of industrial activity from terrorist threats is only a cost, or has it an economic return?"  You can deduct the cost that an operator of a industrial activity or CI (Critical Infrastructure) must face in order to reduce its exposure and vulnerability to the terrorist threat, it will bring an economic return different from what you usually think. The adoption of a AntiTerrorism Management System - ATMS  (Physical Security, Standards, Procedures, Business Continuity Plans, Design Basis Threat) can leverage on the insurance and financial industries. 

The financial sector will consider the investment safer and more secure than another of the same type but without the same guarantees, while the insurance will be more inclined or to cover risks not covered before in the policy (eg. contamination) or lowering the insurance premium or increasing the total amount of damage coverage. 

You have to take this important aspect:  a successful terrorist attack carried out against a structure, may cause damage in order from hundreds to thousands of millions of euros, for example: 

September 11, 2001: $ 84,000,000,000 

March 11, 2004 - Madrid: $ 269,000,000 

July 7, 2005 - London: $ 2,540,000,000 

Obviously a structure protected by "terrorism risk" is also protected from the other risks like theft, sabotage, espionage etc ..., so the benefits of doing so are many, in addition to those that were sought to explain in this article.



by - Antiterrorism Consulting ®

 05 / 29 / 2014


Design Basis Threat : What's this?  


We will try to briefly explain this new concept of crime prevention. The subject is very vast and wide, but the purpose of this article is to try to explain the economic benefits of the use of DBT.


In recent years, we have seen in the world, urbanization of the industrial areas, leading to encompass industrial activities within towns and cities. A rise of the inhabitants around the industries under terrorist threat has influenced the national and international law (U.S., Russia, Europe). Globalization and immigration has contributed to change in a way remarkable, the character and the footprint of the city. Now we can see a mixture of races, religions, political and philosophical thoughts that are completely different from each other.

The biggest challenge is the need to ensure adequate security to the surrounding community. The common criminal activities involving industrial or infrastructure, recently dropped, since physical systems that have been adopted to prevent this type of crime; but some criminal activities, such as terrorist attacks or sabotage have increased substantially, even coming to be labeled in some sectors. 

In this article we will explain how during the process of modernization (or newly developed) of an industrial or critical infrastructure, it would be appropriate for managers and Security Manager, use the new design and philosophy of "Design Basis Threat - DBT"  for the prevention of criminal activities.

The concept of "Design Basis Threat" - DBT - was created to manage the terrorist threat to nuclear power plants, but later was expanded to adapt to the military sector, and finally to the civilian sector, particularly in the design and modernization of infrastructure and industrial activities under risk of terrorist attacks and other criminal activity (sabotage or espionage very high).

The level of exposure of an industrial or infrastructure to terrorist threats or various crimes, it is quite difficult, because it is impossible to predict how and when an criminal event can occur. In this field there are no databases, as it may be for the design of earthquake-resistant structures, and therefore it is based on the study of local criminal activities, especially on their "modus operandi". These criminal acts are usually classified into low probability of occurrence (espionage or terrorist attack), but the damage associated with them is high or incalculable, both for the industrial activity itself (loss of productivity, structural damage, theft of patents) and for the the surrounding society.

Through the DBT, it has been shown that the crime can be reduced even in the design phase, through careful urban design. Through a study of the urban environment, designers can study and plan the urban areas (access roads, parking areas, entrances, etc ...) to deter potential aggressors, both from committing a crime, that also by gathering information on the property (assets known as "intelligence"). A well implemented design, lead the surrounding population, insurance corporation and authorities, to consider the area more safe and secure, and less exposed to probable crimes against society or the structure itself. At the end, we obtain that the industrial and infrastructure become more resistant to the crimes with an economic cost for the same irrelevant, and at a cost much lower.

As we have already mentioned, the DBT doesn't apply only to new structures, but we can appaly it also during the process of modernization. In practice, if you think to modernize your perimeter, or parking or gates, you should consider the option of evaluating the impact that may have on crime, because a subsequent review may involve additional costs. Normally you underestimate that urban design (gates, perimeter fence, benches, fountains, street lamps ... ) will have a significant impact on reduction to criminal activity, like also a careful choice of materials and placement, can reduce significantly the exposure of the structure itself to criminal activity. For example, a correct placement of trees can be a barrier that prevents an terrorist attack to the structure, and the cost associated with it is virtually "zero".

The DBT helps industrial activities to understand how to locate offices or furnishings within it. In this way you can reduce the exposure of occupants to debris that can be generated in case of an explosion. It has been shown that the majority of victims of terrorist attack, can be originate from debris / missiles that are generated by an explosion, therefore, a strong reduction of debris, consequently leads to a reduction of the victims and damage to surrounding structures.

The systematic use of DBT in all new industrial or infrastructure, or only in the early stages of restructuring, rappresent an economic advantage and allows a continuity production that should not be underestimated. Prolonged interruption of production activities for a "non-evaluation or terrorist threat" may represent a competitive disadvantage and a cost, sometimes not sustainable, as a subsequent adjustment can lead to higher spending instead would have been clearly set out in the planning stage.


by - Antiterrorism Consulting ®


04 - 17 - 2014

Food terrorism poses eminent danger  – agroterrorism experts

Interview vith Antiterrorism Consulting

Voice of Russia 




04 - 29 - 2014



Bomb Threat: evacuation of the entire structure or not?


Evacuation for a "bomb threat" is not how to handle a evacuation for a fire, where we are in the presence of a certain tranquility. The evacuation for "bomb threat" has serious implications, risks and real costs. But then, how we manage this problem?

"Bomb threats" are not an extraordinary event as you could think. Every week and month are recorded several "bomb alarm", which then fortunately prove to be forgeries. Unfortunately, these alarms aren't always taken seriously, as it should be done, and such behavior is due to the lack of information available to the Security Manager.

Unlike a fire, some accidents that involve the "security" don't have an evident danger and, therefore, a equally evident response. The Security Manager who choose to evacuate each time where is present an "alarm bomb", adopts the philosophy of "prevention is better than cure", but we must be aware that each evacuation always has serious implications, risks, costs and production losses.

During a mass evacuation, there is nothing safe to manage hundreds or thousands of people that move under psychological pressure, so that they reach a safe and secure place. Some facilities may have various floor, and evacuation of some people with mobility problems may need to use elevators, in order to make the evacuation faster. In this manner we expose them to additional risks.

People during evacuation are exposed to risks, because this process normally creates congestion at exit points. Another problem is, that people must be protected from the weather, traffic and other dangers that are created due to the high concentration of people in a short time. The release of hundreds or thousands of people in the urban landscape in a very short time creates a domino effects, that can be multiplied if other buildings must be evacuated. To really understand the problem you can think of a suspicious package that requires mandatory evacuation of 50 m. for both "inside" and "outsite" staff.

Not all evacuation plans provide routes or areas of collection alternatives, and people must be prepared to decide the right route or area to use for proper evacuation. For example, for a "bomb threat" some "SAFE ZONEs" may be compromised compared to other, thus exposing staff and people to a greater risk. Inside the structure may be present HAZMAT substances (chemical, biological, radiological, explosive and toxic) or "sensitive" or "confidential" information; therefore during evacuation we have to put in safety and security this material, because this alarm may have been done to be able to access undisturbed to such substances or information.

In addition to all these issues, we must considered as financial costs, which are not to be neglected. Evacuate a structure for a "bomb threat" will require the closure of the site. The research and the defusing a bomb (if there is), likely, it will may take several hours or days (the research depends on the extent and type of activity). In these cases, the Continuity of Operation Plans -COOP- must provide the various possible options, for example in some cases it may be cheaper for the propriety considers the total closure of the production and proceed with the research in total safety and security. An unexpected or anticipated closure of the activity, caused by a "bomb threat", could have repercussions on traffic and also on public transport. So, this situation should be coordinated with the local authorities. 

When a Security Manager receives a "bomb threat", he has to decide or continue productive activity, waiting the police, or begin the evacuation. The choice can be crucial, both for the business and for the lives. The choice should be made based on personal knowledge. If the company or the structure adopts the ATMS - AntiTerrorism Management System, the Security Manager is able to assess the threat and the various solution to choose. If the property doesn't a management system, the information in possession of the Security Manager can be very scarce, and the options to be taken are equally scarce. 

In a company with a AntiTerrorism Management System - ATMS - the question about "the threat is real or not", becomes "is it possible for an outsider to have done this or not, and if it is yes in which area?". As you can see, the two claims involve different options with different operating costs. A solution to the first question may be the evacuation of the entire structure, while a solution to the second question can be the evacuation of only one part of the structure.

The solution to these question is done by several factors:

  • excellent knowledge of the place;
  • awareness of productive activities;
  • full control of public areas, risk areas and internal areas of activity;
  • access systems reliable;
  • credentials of staff;
  • opportunity to review suspicious behavior on video-surveillance system (CCTV);
  • research in high-risk areas.

These system produce the informations that Security Manager can use to resolve the question about the "bomb threat". In this way, the ATMS transforms the question "the threat is real or not" in "is it possible to do this or not?" 

In these years it has been observed that there are two types of Security Manager: one, who adopt the philosophy "prevention is better than cure" and then evacuate always, and second who did not evacuate ever considering apripri that this type of threat is false. The first choice has a huge cost for companies, in terms of production losses, while the second choice accepted an incalculable risk and that it may go against all international standards.

During this period, governed by the economic crisis and cost control, an appropriate management system (in this case ATMS) is able to help the Security Manager to choose the right option for the right threat, minimizing costs and production losses, and while ensuring adequate security in same way. Therefore, correct and accurate informations provide to Security Manager a valuable help, and they can reduce the costs associated with these "threats".


by - Antiterrorism Consulting ®