MALLS AS TERRORIST TARGETS

Nov 1, 2004 12:00 PM, By DAVID W. GAIER

AT 6 P.M. on a crowded weeknight in the spring of 2004, a middle-aged man of unassuming appearance walked toward the lobby entrance of a busy shopping mall. It was typically warm, but he was wearing a heavy wool jacket over a dark blue sweater, although this was difficult to discern among the crowd, walking, talking and eating.

The man's appearance set off an alarm in the mind of a security guard, who sprinted to intercept him. Wrestling with the man just outside the entrance, the security guard noticed that the man's jacket bulged at the waist and that there was something concealed underneath. All that came next was light and heat. In a flash, eight people were dead and dozens injured.

This is a true story, although it took place thousands of miles away, in a major city in the Middle East. If the guard had not been alert, well-trained and responsive, many more people would have died.

And it could just as easily have taken place in the quintessential Midwestern city of Columbus, Ohio, where it nearly did (see sidebar). Such incidents should serve as a wake-up call to shopping mall developers and operators in the United States. This group has generally neglected its responsibility for security based on the theory “it won't happen here.” Additionally, developers tend to want to minimize the overhead common area maintenance (CAM) fees they charge tenants. Naturally, tenants tend to resist CAM increases, and the developers will not carry these costs themselves. The private sector generally has refused to ante up for security in any meaningful way, thus leaving it to the federal government and local law enforcement. But government simply cannot carry the load.

False sense of security

Given the possiblity of a major terrorist attack, most mall developers and operators have done very little where it really counts. Malls are intended to be friendly cocoons of bland and soothing ambience, and as such promote a false sense of security among shoppers. As for vulnerability, one should consider the thousands of square feet of potentially lethal glass in most malls, glass being the number one cause of casualties in bomb blasts. And most malls have relatively few entrances — imagine thousands of patrons scrambling madly out of a crowded mall. The mere rumor of a chemical attack could cause a stampede and mass casualties.

Protecting malls — and therefore mall patrons — starts by recognizing that they are a reflection of a self-indulgent and consumer-oriented culture, and therefore appealing targets because they embody so much of what terrorists detest — or envy — about Americans.

Malls also capture a nice demographic cross-section of potential victims: elders mall-walking for exercise, adolescent mallrats checking each other out on a Friday night, families screening the latest animated entertainment and munching at the food court. From the terrorist's point of view, malls are a “target-rich environment.”

Lessons learned in Tel Aviv

While lessons can be learned from Israel, Americans simply do not have the same situational awareness — for obvious reasons. If someone puts a backpack down in Jerusalem or Tel Aviv, people scatter 15 seconds later and a bomb-disposal team and robot are soon on-site. Americans are generally averse to using profiling — a tool that Israeli businesses and security people use carefully, but widely. The Israelis also have developed “scripts” — with input from sociologists, criminologists, intelligence agencies, the military and psychologists — that help identify people and situations of concern.

Israel also has a lot of private-sector experience discovering and foiling plots and attacks that the United States simply does not have. Israelis are also accustomed to a level of inconvenience that Americans will not tolerate. Of the limited security experience and expertise there is, it surely does not exist in shopping centers.

People or technology?

Technology can be a useful tool, but only as part of an overall security and anti-terrorism strategy. In any event, people are the linchpin. Untrained, poorly paid and unmotivated security guards are not much of a deterrent. What is valuable, however, is being able to recognize an unfolding situation, or even someone casing the mall for a future attack; instinctively knowing how to react; being able to communicate the threat; and having the resources and authority to respond.

In the average mall, most or all of these capabilities are typically missing — they don't come easily or quickly, and they cannot be developed or implemented by low-wage security guards. It is a much more sophisticated, layered and strategic approach — and an expensive one. Most mall operators and tenants simply refuse to pay this price, and prefer instead to play the odds. Most will win that bet, but a handful may not, and their price will be high.

Learning from transit systems

There are many security similarities between leading transit systems and shopping malls: lots of people in closed spaces, present for relatively short duration, entering and leaving in somewhat random patterns through limited numbers of portals. Malls, as transit systems, should employ a visible, well-trained, uniformed security force on foot inside and on bicycles outside. Malls should ask local police to include the mall grounds on regular patrols — or establish a sub-station on the premises. Malls should also:

• ensure secure access control to HVAC equipment, gas mains and fuel tanks for generators.

• establish specific policies about loitering and trespassing, and communicate them with clear signage at every entrance.

• prohibit curbside parking, and conduct regular sweeps for unattended packages.

• work with local police and fire departments to develop and implement an emergency coordination plan and team in which all tenants participate.

• review and take specific steps to improve fire protection and evacuation.

• improve lighting and place call boxes where appropriate.

• install or upgrade CCTV systems with “intelligent” event-based monitoring.

Above all, malls should use a “matrix” or “ductile approach;” that is, build in layers of security based on an intelligent mix of physical and procedural security, with redundancy when one or more measures fail. And while it's good practice to take measures against shoplifting and vandalism, being proactive against a terrorist attack is a far different thing — and all of this has to be tied together and continually overseen by people with experience, good judgment, leadership skills and the authority to act immediately.

Assessing risk

A risk and vulnerability assessment is a strategic place to start, along with an inventory of critical assets. This process can help determine what initiatives and tactics make sense. Malls cannot protect against everything, nor should they try, but starting with the basics — perimeter protection, situational awareness and monitoring, and response capability — is most important.

It is ideal to have an emergency generator, for example, but is the diesel fuel tank for that generator unprotected and in close proximity to stores and patrons? If a security guard needs to evacuate the mall, does he or she have a clue how to do that, or can he even make it happen on his own authority, immediately? And what if he's evacuating them right into a second ‘kill zone?’ Can the average mall security guard recognize when someone is surveying the property in a more than casual fashion? And if so, does he or she know what to do or who to contact about it?

Consider what the 9/11 Commission Report has said about the FAA's feeble — and unsuccessful — attempts to scramble combat air patrols on that terrible morning, even with all its resources. The procedures and training have to be in place, and rehearsed, over and over. And solid, redundant communications are needed — another lesson from Sept. 11.

IN THE NEWS

Columbus Mall Bomb Plotter Facing 80 Years

A Somali national accused of plotting to blow up a Columbus, Ohio, shopping mall appeared in front of a federal magistrate in June, where he was fidgety and nervous, even banging his head against a table.

Nuradin Abdi, 32, appeared before Federal Magistrate Mark Abel to answer charges that he conspired with terrorists, including a member of al-Qaida, to destroy a mall. The four-count indictment also charged Abdi with conspiracy, providing aid to terrorist groups and fraudulent misuse of immigration documents.

The mall they intended to destroy was not named. FBI spokesman James Turgal in Cincinnati said authorities presumed that a Columbus mall was targeted because that is where Abdi lived, the Associated Press reported.

“The American heartland was targeted for death and destruction by an al-Qaida cell, which allegedly included a Somali immigrant, who will now face justice,” Attorney General John Ashcroft said.

Abdi allegedly received military-style training in Ethiopia, including, Ashcrof says, “in guns, guerrilla warfare and bombs” and “anything to damage the enemy.”

The indictment says Abdi returned to the United States from Africa and was picked up at the Columbus airport by Iyman Faris, who has since been convicted as an al-Qaida operative. Faris is now imprisoned for never-acted-on plans to sabotage the Brooklyn Bridge.

Upon his return, he, Faris and “other people” initiated a plot to blow up a Columbus mall, according to legal documents. One of those co-conspirators gave Abdi bomb-making instructions.

Ashcroft said without elaboration that steps have been taken in the Columbus area to “mitigate this threat” from other conspirators.

Abdi faces a maximum of 30 years in prison on the two conspiracy and support of terrorists charges. The immigration fraud charges include a terrorism enhancement that boosts the maximum sentence on each count to 25 years. Each count of the indictment carries a fine of up to $250,000.

FOR THE RECORD…

About the Author

David W. Gaier is a writer and consultant on security, a former federal agent and U.S. Marine who served in Morocco and Lebanon. He studied Islam and terrorism in Egypt and Israel, and recently headed the security division of a Manhattan-based engineering and consulting firm.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue