Professional Documents
Culture Documents
Rand Rra2260-2
Rand Rra2260-2
JOHN S. HOLLYWOOD, KEITH GIERLACK, PAULINE MOORE, THOMAS GOODE, HENRY H. WILLIS, DEVON
HILL, RAHIM ALI, ANNIE BROTHERS, RYAN BAUER, JONATHAN TRAN
I
n 2018, the U.S. Department of Homeland Security (DHS) released “Soft Target and Crowded
Places Security Plan Overview” to provide key stakeholders in the public and private sectors with
an overview of its mission to enhance security and resilience of soft targets (STs) and crowded
places (CPs). The plan defines ST-CPs as including “sports venues, shopping venues, schools,
and transportation systems . . . locations that are easily accessible to large numbers of people and
that have limited security or protective measures in place making them vulnerable to attack.”1
Although they are relatively rare, ST-CP attacks result in significant loss of life: One type of attack—
KEY FINDINGS
■ The most-common motivations for attacks are personal, followed by terrorism and extremism.
■ Education and private buildings are the most–frequently targeted types of soft targets (STs) and crowded
places (CPs).
■ Attacks on ST-CPs with large, accessible crowds, such as houses of worship, shopping malls, restaurants,
bars, and nightclubs, have the highest average lethality.
■ Layered security strategies, in which measures work together, improve the chance that an attack will be
prevented, halted, or mitigated.
■ Tips from the public have prevented attacks. Public education on what to report and how, and support for
threat assessment teams, would make tips more effective.
■ Access control systems, such as locks, secured windows, and secured entryways, have been effective and
efficient but need to be trained on and maintained.
■ Response command, control, and communications need to be improved. Alternatives to traditional, push-
to-talk voice radio communications are needed.
■ Security measures need more effectiveness and efficiency evaluations. The security community has
growing interest in artificial intelligence (AI); evaluations of security systems with AI will be needed as
those systems deploy.
2
Data Sources venues. We also collected 22 AARs of mass attacks
in public spaces authored by law enforcement orga-
The Mass Attacks Defense Toolkit nizations, federal agencies, law enforcement research
The primary data used for the quantitative analysis institutes, and independent commissions.
were those collected for the previously conducted In addition to the literature review, we con-
Mass Attacks Defense Toolkit (MADT) project. ducted six case studies of high-profile ST-CP attacks
The MADT drew on 27 existing datasets to identify between 2013 and 2021. The purpose of the case stud-
628 mass-attack plots, including foiled plots, failed ies was to compare key aspects of the incidents and
plots, and completed attacks, from 1995 through evaluate factors that might have affected the number
2020. The dataset consisted of every violent attack of fatalities.6
or plot (conspiracy) to engage in an attack in a
public space (including schools and workplaces) in
Interviews
the United States that endangered or was intended
to endanger the lives of four or more people, but We conducted semistructured SME interviews to
it excluded noncriminal and domestic-violence gain insights into the existing state of the ST-CP
incidents in which the public was not involved and security environments, security practices, emerging
excluded terrorism cases prior to 2002, such as the technologies, and cost trends. We chose the interview
September 11, 2001, terrorist attacks and Oklahoma candidates from a diverse group of security special-
City bombing. This project expanded the analysis of ists. These included regional law enforcement per-
the MADT effort to include incident site configura- sonnel and intelligence specialists, security industry
tion, incident site types, attributes associated with system integrators, cost experts, technology vendors,
low-fatality incidents, and elements of attacker and and security industry association leaders.
bystander location during an incident, including
elevation differences between attackers and bystand-
Cost-Model Inputs
ers, distances between attackers and bystanders, and
movement of attackers or bystanders.5 The cost model used different data sources to deter-
mine the effort’s scope (i.e., what security strategies
to include), the unit cost of the security hardening
The Literature Review and Case Study strategies, and the appropriate quantity. We reviewed
Analysis academic and industry literature to determine the
An extensive literature review was conducted to appropriate measures to implement within a school
capture past and existing federal, state, local govern- to protect against potential mass attacks. The next
ment, and nongovernmental guidance, regulations, step was assigning unit costs for each of the security
and recommendations related to protective factors and safety hardening measures. We relied primar-
for ST-CPs. We also searched the research literature, ily on the construction cost–estimating software
both peer-reviewed and non–peer-reviewed publica- RSMeans to estimate unit costs but also used indus-
tions, and focused on the use of technology and phys- try literature. Last, we estimated the appropriate
ical security measures employed at ST-CP venues. quantity through a parameterization based on the
The literature review identified 178 sources pub- size of the school in square feet (e.g., the number of
lished between 2002 and 2022 that contained infor- entrances per square foot) or the size of the school
mation on protective measures employed at ST-CP in enrollment (e.g., number of security guards per
student).
3
The Landscape Assessment attacks by a perpetrator with personal grievances
against specific groups or those with “poly-grievances
We combined the information gathered in the quan-
or unknown motivations.”7 By far, the most plots
titative analysis, literature review, interviews, and
have been for personal reasons (both formally stated
spending analysis to create a landscape assessment.
and unstated, 63 percent), followed by ideological
The findings drove recommendations for funding
motivations, such as al Qaeda– and Daesh-related
and policy changes, as well as RDT&E efforts. Using
plots (19 percent), then domestic extremist motiva-
those findings, we generated an innovation road map
tions (17 percent).
to improve ST-CP defenses; Figure 1 illustrates this
Plots for some of the ideological motivations—
process.
notably, for al Qaeda and Daesh and for militia-
related violent extremism—were significantly likelier
to be foiled in advance than attacks conducted for
The Nature of the Threat and
personal grievances. This could be because of the
Protective Measures high-profile nature of the threat actor and the atten-
A Summary of the Threat to Soft tion that the U.S. government and law enforcement
Targets and Crowded Places give them. Ideological plots also tended to be more
complicated and involve more people, thus leading to
The ST-CP threat landscape has changed in the past a greater chance of discovery. In contrast, a perpetra-
30 years. This includes an evolution in the type of tor planning an attack for personal reasons might
threat actor, the rise in the number of mass shoot- well not speak with anyone about their motivations
ings, and the nature of the online environment and intentions, increasing the likelihood of proceed-
that allows perpetrators to broadcast their actions. ing undetected.
Research also shows that the ST-CP threat is primar- The online environment has also changed the
ily from mass shootings, although knife, explosive, nature and impact of ST-CP attacks. Online chat-
and vehicle-ramming attacks are part of the overall rooms, blogs, and the ability to live stream events
threat environment. have given potential attackers the ability to connect
The threat actor in ST-CP attacks has evolved with audiences globally in an effort to seek fame or
over time from more–ideologically driven individu- spread their message. These types of online forums
als and small groups (notably, with al Qaeda– and provide the ability for attackers to connect with like-
Daesh-inspired motivations) to more-individual minded people and post manifestos explaining their
actions.
FIGURE 1
The data showed little concentration by geo-
Landscape-Assessment Structure graphic region. In terms of threat to specific types of
venues, the most plots by far were against educational
Case Grant facilities (schools, colleges, and universities). Other
studies analysis
locations with comparatively high numbers of plots
Cost included private buildings (workplaces), government
Literature
review
analysis and facilities, houses of worship, open streets, and restau-
modeling
rants, bars, and nightclubs.
Fatalities caused by attacks at these types of
Data Landscape Recent venues were the highest for outdoor events, although
analysis assessment events
the average was skewed because of the high number
of fatalities suffered during the Route 91 Harvest Fes-
tival attack in Las Vegas in 2017. Other types of loca-
tions with high average numbers of fatalities include
ST-CP defense
road map houses of worship, shopping malls, buildings on mili-
tary facilities, and restaurants, bars, and nightclubs.
4
By far, the most plots have been for personal
reasons, followed by ideological motivations,
such as al Qaeda– and Daesh-related plots, then
domestic extremist motivations.
The denseness of a crowd present at a venue and the outside attacks), can affect whether a security tech-
type of weapon the attacker chose increased the like- nology will have its intended benefit.
lihood of a high-fatality event. Handguns were most Although the efficacy of protective measures
often used in attacks, causing more attack fatalities is not well understood, the research identified sev-
than any other weapon type. The second-most fatali- eral important points about the implementation of
ties were caused by attacks using multiple guns, and protective measures at a venue. First, a critical com-
the third-most fatalities were caused by rifle attacks. ponent in protection is gaining information on an
attack before it has commenced so it can be stopped.
Our research indicated that preattack informa-
A Summary of Protective tion came from four sources: tips from the public;
Measures individuals’ associations with terrorist or extrem-
ist organizations; suspicious activity, such as online
The most-common types of protective measures
postings; and discoveries made from law enforcement
identified in the literature review and case studies
investigations. Information from the MADT dataset
were
indicated that attacks were thwarted 80 percent of the
• closed-circuit television time when initial clues were reported or acted upon
• physical barriers and that tips from the public were responsible for
• entry screening and access points almost two-thirds of initial clues.
• law enforcement or security personnel For facility security measures, the research
presence pointed to access control systems—notably, locks that
• detection technology were properly installed, maintained, and used—as
• environmental and interior design. being effective and comparatively inexpensive. The
Although a great deal of information exists research also pointed to having dedicated security
on what measures are being employed and their managers as being effective and efficient.
expected benefit, evidence about the effectiveness In terms of reducing casualties, the research
of protective measures to prevent, mitigate the out- points to several courses of action. Direct action
come of, and respond to attacks against soft targets is by bystanders can stop or shorten an attack when
largely inconclusive and heavily context dependent. it occurs. Overall, the data make clear that, if con-
What little evidence does exist is based primarily on fronted directly with a shooter, bystanders should
anecdotes or descriptive analysis and often yields immediately attempt to tackle and disarm the
mixed results. Another complication is that contex- shooter. This was the most frequent and consistently
tual factors affect the effectiveness of measures. As effective intervention. Group tackling successfully
noted above, certain factors, such as the behavior of stopped shootings in the dozen times it happened,
building occupants during emergencies, occupants’ and individuals were always at least partly success-
awareness of how various countermeasures work, ful and were fully successful in four of five attempts.
and the nature of incidents themselves (insider versus Armed responses by guards, on-scene officers (typi-
5
cally off-duty), and, occasionally, civilian bystanders Another emerging consideration is the growth
were often effective at stopping shooters. However, of artificial intelligence (AI) technology. Although
they were sometimes ineffective in cases in which an the term AI has different meanings depending on an
armed responder could not or failed to engage (could individual’s personal perceptions and AI itself is still
not reach the shooter for whatever reason) or the a technology in its infancy, many security experts
shooter shot the armed responder first. point to it as a future capability in protecting ST-CP
Once an attack begins, coordination of response sites. Some existing video analytic technologies can
assets is critical and requires joint training to be alert security personnel to someone who is behaving
effective. Training and response drills improve readi- suspiciously or might have a weapon hidden in their
ness and response and can lead to fewer and less clothing. Likewise, virtual fencing can alert security
severe casualties. These drills are most effective when when an unauthorized person penetrates a venue’s
they expand participation beyond the standard group perimeter and expedite response.
of law enforcement, venue security, and medical
response personnel to also include facility employ-
ees, volunteers, patrons, and members of the public. The Potential of Cost Modeling
Cross-agency coordination and training are criti- for Improving Venue Security
cal for responding agencies to understand who is in
An Overview of Grant Programs
command on scene and what information is available
and to deconflict communications. For this research project, we conducted an exten-
However, there could be unintended conse- sive search of available federally sponsored security
quences of employing some measures in certain loca- grants to better understand the resources available
tions. Several security experts with whom we spoke to state, local, tribal, and territorial jurisdictions and
stated that many venue operators wanted to create a other organizations to increase ST-CP security. These
welcoming atmosphere at their venues, whether it is a grants, originating from several federal agencies,
sports arena, house of worship, or a school. The addi- include DHS’s Homeland Security Grant Program
tion of overt security apparatus, such as cameras and and Urban Area Security Initiative, the U.S. Depart-
metal detectors, can create a more threatening envi- ment of Transportation’s Capital Investment Grants
ronment for a venue’s patrons. Additionally, mea- program and Airport Improvement Program, and
sures that restrict the flow of people into a venue can the U.S. Department of Justice’s Students, Teachers,
create long lines or large crowds outside the secured and Officers Preventing (STOP) School Violence Act
areas, thus creating an attractive target for a would- Program. These funds, measuring in the billions of
be attacker who would not even have to gain access to dollars per year, are meant to assist with hardening
the venue to conduct a mass-casualty attack. ST-CP venues and the public to terrorism, mass vio-
TABLE 1
An Overview of Cost Modeling Cost Categories Included in the Bottom-
The amount of spending on school security prod- Up Cost Model
ucts and services in the United States is consider-
Cost Category Item
able. In 2017 and 2021, schools and colleges in the
Security personnel Security guards
United States invested approximately $2.7 billion
and $3.1 billion, respectively, on improving security Surveillance technology Security cameras and system
in facilities through such strategies as installing Metal detector Walk-through metal detectors
high-resolution security cameras with facial recogni-
Security guards at metal
tion software, training staff and students on secu- detectors
rity protocols, and making improvements to doors
Alarm and Intruder-detection system
and locks.8 However, the implementation of school communication systems
Emergency public address
security strategies has not been consistent across all
system
schools throughout the United States. As of 2020, for
Emergency phone call stations
instance, approximately 9 percent of public schools
did not have security cameras to monitor school Existing system integration
activity, and approximately 23 percent of public Physical security Updated doors and locksets
schools did not require faculty and staff to wear
Site fencing and gates
badges or picture identification.9 To better under-
Security film on glazing
stand the nature and order of magnitude of spending
on school security at a national level, we developed Credentialing system Card access control system
a bottom-up cost model to estimate costs for imple- Site improvements Vehicle barriers
menting safety and security hardening strategies for
Site lighting
kindergarten through grade 12 (K–12) public schools.
The safety and security strategies included in Program design Security and office administration
the cost model are based on (1) a system approach Staff professional development
and training
to physical security for K–12 schools developed by a
team of HSOAC researchers and (2) standards and School resource officers and
programs
7
total number of public schools in the United States. of the total costs are attributed to labor for security
Finally, we added factors to account for safety and guards and approximately 37 percent of the total
security strategies already in use (and hence paid for). costs are attributed to resources for school safety
For instance, we applied a 91-percent reduction to the and security programs, such as training school staff.
costs in the surveillance technology category because Cost categories related to physical infrastructure
approximately 91 percent of public schools in the improvements, such as security fencing, site lighting,
United States had already installed security cameras. or updated doors, represent a smaller percentage of
According to the model, the total annualized the total annualized costs. A breakdown of the total
costs in 2022 dollars at a per-school level, per–school estimated annualized costs per school is illustrated in
district level, and national level are estimated at Figure 2.
approximately $251,600, $3.2 million, and $20.5 bil- Assuming that the current allocation of fund-
lion, respectively.12 The model accounts for a range ing for safety and security measures is valid, the
of costs based on different assumptions of unit costs cost model serves two primary functions.13 First, the
(minimum, mean, and maximum) and quantities model can serve as a framework to help individual
(minimum, 25th percentile, mean, median, 75th schools and school districts predict costs of enhanc-
percentile, 95th percentile, and maximum) for a total ing safety and security measures. Although there is
of 21 possible combinations. Several factors con- uncertainty in the model and it might not accurately
tribute to the variation in these assumptions, such calculate costs for budgetary purposes, individual
as the size of the school, location of the school (e.g., schools can use the model as a guide to determine
urban versus rural), or material specifications (e.g., what safety and security measures to implement and
high-end locksets versus industry-standard locksets). the expected costs for each measure. The second
Table 2 summarizes the annualized costs for three primary function of the cost framework is support-
scenarios of unit cost and quantity, and Table 3 pre ing national-level decisionmaking about improv-
sents a similar overview of annualized costs but for ing school safety and security hardening measures.
only the nonlabor elements of school safety and secu- National-level decisionmakers can use the model to
rity hardening measures. estimate the scale of investment needed to implement
Labor constitutes a significant portion of the school safety and security measures across the port-
total estimated costs for safety and security harden- folio of public K–12 schools in the United States and
ing strategies. For instance, approximately 45 percent compare those investments under different policies.
TABLE 2 TABLE 3
Total Cost for School Safety and Security Total Cost for Nonlabor Elements of
Hardening Measures, in Millions of School Safety and Security Hardening
Dollars Measures, in Millions of Dollars
Total Annualized Cost Total Annualized Cost
Cost Level Mean Minimum Maximum Cost Level Mean Minimum Maximum
School district 3.2 2.4 5.3 School district 0.4871 0.1708 1.2
All schools 20,200 8,000 39,700 All schools 4,200 1,500 10,100
in the United in the United
States States
NOTE: Values presented for mean, minimum, and maximum are based NOTE: Values presented for mean, minimum, and maximum are based
on the respective unit cost and unit quantity for each group (i.e., values on the respective unit cost and unit quantity for each group (i.e., values
in the “Mean” column represent a mean unit cost and a mean unit in the “Mean” column represent a mean unit cost and a mean unit
quantity). Each unit cost group (minimum, mean, maximum) includes a quantity). Each unit cost group (minimum, mean, maximum) includes a
range of annualized costs based on a range of assumptions for the unit range of annualized costs based on a range of assumptions for the unit
quantities (minimum to maximum). quantities (minimum to maximum).
8
FIGURE 2 A Landscape Assessment:
Annualized Costs for School Safety and Toward a Layered Model of
Security Hardening Measures, by Cost
Category
Security for Soft Targets and
Crowded Places
Forming the Model
The results from the quantitative data analysis, litera-
Program Security ture review, examination of AARs and case studies,
design personnel interviews with SMEs, and cost analysis formed the
37.0% 45.4%
landscape assessment of the current state of ST-CP
threats, risks, and areas for improvement. HSOAC
Site
improvements researchers have previously developed the concept of
0.4% layers of security around a building or site of inter-
Credentialing est, with the idea being that an attacker would have
systems to breach all these layers in whole or in part to attack
Physical
2.5% Surveillance
security Alarm and
technology a site successfully. In previous work, based on a K–12
5.3% communication Metal
2.0%
systems detectors setting, we have modeled defensive layers spatially,
5.3% 2.0% showing them on stylized site plans. Figure 3 illus-
trates this model.
NOTE: The breakdown presented in this figure is based on
annualized cost per school assuming a mean unit cost, a mean unit From this earlier analysis, we developed a
quantity, and implementation of all safety and security hardening
measures. Percentages do not sum to 100 because of rounding.
system-based conceptual model of the ST-CP attack
chain and defensive layers, modifying the initial
Although the cost model described here is spe- spatial representation to include the series of steps an
cific to public K–12 schools, the framework can be attacker must complete in the attack chain to suc-
applied to other facility types. For example, updated cessfully carry out an attack. Figure 4 presents this
locks and doors, credentialing systems, and security model.
guards can serve as protection measures in some A system-based approach to physical security
venues, such as office buildings. For some other can help mitigate some of the challenges that ST
venues, however, the cost-estimating framework facilities encounter when planning physical security
presented for schools might not be applicable and improvements. These approaches situate physical
instead will require an alternative framework. For security and protective measures as components of
instance, estimating costs to implement safety and a broader approach to safety and security, including
security strategies for a larger venue, such as a sta- activities to prevent attacks and recover from trau-
dium or arena, is likely to benefit from a system- and matic incidents, thereby encouraging planners to take
operational-level approach in which event logistics, a holistic view. Moreover, system-based approaches
specific facility characteristics, and coordination emphasize the benefits of planning for layered secu-
with the existing security staff are considered. rity, in which the integration of various measures and
technologies help facilities avoid single points of fail-
ure and both policies and training help reinforce and
ensure the security benefits of protective measures.
9
FIGURE 3
A Spatial Representation of Security Layers in Soft Targets and Crowded Places: A
School Model
Campus perimeter
School grounds
Security administration
School buildings and management
Design, planning,
coordination, training,
Building interior
and exercising
Personnel, surveillance
technology, credentialing,
and physical security
Communication
Building access systems
Lighting, personnel, Telecommunication and
surveillance technology, networks
credentialing, and physical
security
Athletic, performance,
and event spaces Campus access
Similar components to
Fencing, lighting, personnel,
school buildings
and surveillance technology
SOURCE: Features information in Moore et al., A Systems Approach to Physical Security in K–12 Schools.
ing motivated, planning, gathering materials, and online is not always easy for the public to report to
conducting logistics activities. Each of these steps authorities.
can present an opportunity for the plot to be discov- The number of false threats is high. Discus-
ered through observable activities, or leakage, such sion at a 2023 National Institute of Justice confer-
as social media posts or the purchase of weapons or ence included multiple comments that authorities in
ammunition. This leakage then provides opportuni- schools and elsewhere were being overwhelmed with
ties for detection, often through tips from the public, false threats of mass shootings, taking up resources
to prevent the attack before it begins. Figure 5 illus- that could be much better spent on the few true
trates the attack steps, corresponding measures to threats.
detect and stop attacks, and major findings and gaps Suspicious weapon- and ammunition-seeking
about each. behavior is not well understood. We found little
Guidance on what should be reported and material on the warning signs of someone attempt-
on avenues for reporting is lacking. Tips from the ing to acquire weapons and ammunition for attacks
public are the main source of initial clues in foiling or on how to report them. There is a strong need to
an attack. Thus, there is a strong need to build on identify key indicators of gun and ammunition diver-
the ubiquitous “see something, say something” adage sion while filtering out legitimate purchases (for, e.g.,
with more information on what to see (top indicators hunting, sporting) and development of subsequent
of potential plots) and how to say it (how to report education campaigns.
it to authorities). In addition, information gathered
10
FIGURE 4
The Attack Chain and Corresponding Defensive Layers for Soft Targets and Crowded
Places
Managers, planning, training, and funding for all defensive layers above
Support
Site probing and breaching are not uncovered taurants that allow direct access to patrons. Secured
in time to prevent attacks. Carrying out advance buildings, such as schools or office buildings, often
reconnaissance of attack sites is an inherent part of utilize some kind of access control system to prevent
mass-attack preparation. However, the MADT data- unauthorized people from entering the facility. Major
set includes few examples of plots being discovered venues, such as arenas, theme parks, and airports,
via on-scene surveillance and probing, implying an have security measures intended to screen people
opportunity to find more plots by improving detec- arriving on site for weapons and other contraband,
tion of these activities. in addition to controlled access and guards. These
venues will likely have police and medical personnel
on hand during events. Figure 6 illustrates on-site
Findings on On-Site Security Measures
security defensive layers and key findings.
The second set of defensive layers in the ST-CP attack Security concepts for open and nonsecured
chain focuses on protective measures for on-site spaces are not well developed. Little research exists
security. On-site security can be broken into three for these types of spaces. The most-consistent secu-
categories: open spaces, secured buildings, and major rity measure present is bystanders themselves. There-
venues. Open space can be defined as an area that fore, measures are needed to provide the public with
does not employ any access control measures. These education and tools to report attackers more quickly
can include parks and parking lots but also com- or respond more effectively, either by leaving the
mercial establishments, such as malls, bars, and res- scene earlier or by physically halting the attacker.
11
FIGURE 5
Prevention Layers of Security and Issues
Conduct more RDT&E on Develop indicators and education Develop indicators and
dissuasion and deterrence for dealers and the public education
• Online observations
Create social media Provide reliable routing to Conduct more technical assessments and Develop
reporting channels assessment teams leverage interagency sharing guidance
Potential
defensive
layer Provide more support Managing, planning, and funding for prevention measures
NOTE: Bold signals that we identified an issue (typically a gap) with that indicator or prevention step; the callouts indicate ways to close the gaps.
FIGURE 6
Protection: Site-Based Layers of Security and Issues
Open
• Surveillance cameras and sensorsa Avoid blind spots, and provide • Bystander response
spaces
• Public education and community training maintenance and monitoring training for physical or
• If the attacker is seen, calls for service via 911 or apps armed response
Provide
• On- and off-duty police and guards, if they are where the attacker enters • Calls for service
RDT&E
and
support Provide more guidance, especially on
Ensure that locks are working
tackling shooters from multiple directions
and windows are secured
Secured + + + +
buildings • Fencing and walls • Secured entries • Secured doors • Medical supplies
Response measures
Major venues + + +
• Guards • Metal detectors or other Same as above • Guards
• Police, optionally entrance screening • Police, optionally
Cost-effective and
• Medical personnel, optionally
necessary for site
Avoid creating crowds awaiting entry security
Potential
Provide more support Managing, planning, and funding for site-based security measures defensive
layer
NOTE: Bold type signals that we identified an issue (typically a gap) with that indicator or prevention step; the callouts indicate ways to close the gaps. + = Add these items to the ones
above (e.g., the perimeter-defense response measures for secured buildings consist of those for open spaces plus fencing, walls, and gates).
a
In some cases.
Bystander response can be effective if bystanders
know what works.
Additionally, there is a need to consider options and in practice. Secured doors and windows can prevent
conditions for upgrading the security of open sites attackers from entering a facility or limit their move-
in a cost-effective, nonintrusive manner by possibly ment once inside; these measures can be highly effec-
adding perimeter protections, additional entryways, tive and efficient. However, these measures failed in
layers of doors (external and internal), alarms, and several mass shootings. Proper door and lock main-
capabilities to lock doors quickly. tenance is necessary for the equipment to function
Bystander response can be effective if bystand- properly. Although security film for windows does
ers know what works. This project largely validated not make a window bulletproof, it does decrease an
the DHS “run, hide, and fight” concept of bystander attacker’s ability to easily enter through a window.
response, although several clarifications are neces- Protocols for ensuring that doors and windows are
sary. Most important is that the public needs more locked are not always enforced.
details about the fight concept. A bystander near a Crowds awaiting entry to a venue become
shooter, with less chance to successfully run or hide accessible targets. Security screening measures that
than a more distant bystander, is effectively in fight create large external crowds waiting to go into a
mode and must respond with overwhelming physical venue can create an accessible crowd for a would-be
force. Instructions on the best techniques to subdue attacker.
an attacker should be provided to the public. Addi-
tionally, armed responses have been effective but
Findings on Responding to Attacks
depend on a responder having the necessary training
to stop an attack and being able to engage (e.g., not on The final layer in the security model addresses
the other side of a large complex from an attacker). first responders’ responses to attacks. This layer is
When an armed responder is ineffective, unarmed intended to stop attacks as quickly as possible; mini-
security and bystanders should be ready to respond. mize casualties during law enforcement’s efforts to
Some site plans could put more distance, move- stop an attack; and maximize emergency medical
ment, and barriers between would-be attackers personnel’s ability to safely enter the venue, begin
and bystanders. Measures that disrupt an attacker’s treatment, and evacuate casualties to definitive care.
ability to surprise a crowd at close range are of high It also indicates the coordination and communica-
value. Secure outer perimeter defenses, such as tion requirements to ensure that all responders can
fences, gates, and cameras, can ideally keep attack- set up initial incident command protocols and suc-
ers far outside the site or at least provide the timeli- cessfully share information. Figure 7 illustrates the
est possible warning. Likewise, facilities with secure key aspects of this layer and key findings.
walkups and entry vestibules, in addition to locked Incident command procedures and operations
doors and windows, provide an opportunity to keep suffer from multiple issues. The literature review,
an attacker from accessing the interior of a building. AARs, and case studies indicated significant chal-
Secured pathways for bystanders to escape create lenges with incident command operations, including
time and distance from an attacker, as do sensors that initial setup, lack of clarity of roles, and dealing with
provide early warning of a possible weapon-carrying an influx of responders. These cause delays in getting
attacker or a shooting as it occurs. responders to the appropriate locations, address-
Secured doors and windows were the most- ing the threat, and providing medical assistance. To
critical and -efficient measures but also had flaws remedy these problems, AARs have suggested follow-
14
FIGURE 7
Protection: Response Layers of Security and Issues
Line
• Finding and closing • On-scene triage • Medical evacuation
response
with attackers • On-scene treatment • In-transit treatment
• Providing tactical (stabilization)
response • Permitting entry for
• Deconflicting Update firefighters and emergency
standards medical service personnel
Response measures
15
16
Evaluation of security measures should include
placement and monitoring for access controls,
cameras, and shot sensors; the effectiveness of
sensor and analysis systems intended to detect
weapons or other kinds of attacks from greater
standoff distances; and screening systems.
in some cases, someone has ready access to a fire- new walk-through-at-speed systems. We also antici-
arm but not to hundreds or thousands of rounds of pate evaluations of technologies incorporating AI
ammunition and corresponding magazines. features in coming years.
Develop Protocols and Education for Wellness Develop a Model Concept of Operations
Checks for Open and Nonsecure Spaces, Such as
We were unable to find formal guidance for conduct- Shopping Malls and Restaurants
ing initial meetings with and assessments of those Although bystanders in open spaces have the advan-
reported as being at high risk, despite the importance tage of being able to flee more readily than those in
of such encounters. We recommend working with other venues, most of the traditional security mea-
mental health and law enforcement personnel with sures, including doors, locks, and guards, are gener-
experience in doing checks and following tips to ally absent in open spaces. The only constant ele-
develop these protocols. ments are generally bystanders and their cell phones.
Other security measures, including the presence of
Improving Protection barriers, entry points, guards, and surveillance, are
Further Evaluate the Effectiveness and expected to be present intermittently. Concepts of
Efficiency of Security Measures operations for open and nonsecure spaces are needed
We identified few studies examining the effectiveness that
or cost-effectiveness of security measures in stopping • leverage what bystanders and their cell phones
active shooters and other types of mass attacks. The might do
comparative rarity of mass attacks hinders assess- • leverage what security measures a given
ment of specific technologies based on past perfor- ST-CP site has present
mance. Instead, we envision lab and exercise testing • assist in prioritizing which security measures
against simulated attackers. Alignment of products to add that would most increase security while
and nonmaterial measures with past attacks, plus maintaining an open characterization, given
performance with security proxies,15 can also be limited resources.
analyzed.
According to our landscape-assessment results,
topics should include placement and monitoring for
access controls, cameras, and shot sensors; the effec-
tiveness of sensor and analysis systems intended to
detect weapons or other kinds of attacks from greater
standoff distances; and screening systems, including
17
Improving Defenses of Soft Targets and Seek Ways to Reduce the Mass Psychological
Crowded Places in General Impacts of Attacks, Including Societal Fear and
Continuously Track and Analyze Mass-Attack Secondary Trauma
Plots The sociopsychological impacts of mass attacks have
An ongoing effort is needed to collect and analyze been enormous and are further believed to have
data on plots (foiled, executed, and failed), as close to helped inspire would-be attackers. Potential reduc-
the time they are exposed as possible, to detect mean- tion mechanisms might cover potential public health
ingful changes and trends. campaigns at both macro and micro levels, along
Experts we interviewed emphasized that most with potential changes to immersive, saturation cov-
threat assessments from tips end with some actions erage of shootings.
taken but no charges filed or publicized (commonly
referred to as the gray area). The experts also men- Funding and Policy Priorities
tioned that formal records about the numbers of such
assessments are not available because of the sensitivi- In general, we have three recommendations pertain-
ties involved. We recommend considering survey ing to funding and policy priorities:
research to estimate and characterize the annual • Focus on the basics, such as provision and
numbers of threats that authorities regarded as cred- maintenance of access control equipment and
ible but did not culminate in arrest because that will public education campaigns on what to look
help agency planners, policymakers, and the public for and how to report it.
understand the true magnitude of activities con- • Seek to strengthen the system-based, layered
ducted to prevent ST-CP attacks. security framework, funding improvements
to layers of security in ways that reinforce
Review Mass-Shooting Events to Determine each other.
Whether Some Ordinary Criminal Shootings • Ensure that funding and policy priorities
Should Be Treated as Mass Attacks on Soft reflect RDT&E findings as they become
Targets or Crowded Places available.
This review should start with mass-shooting cases at
From a financial perspective, we have two
ST-CP venues in which large numbers of uninvolved
recommendations. First, we could not find much
bystanders were shot. In some cases, a shooter might
information about how grants for ST-CP prevention
have been targeting the uninvolved bystanders delib-
and protection are spent, other than basic topics and
erately for personal reasons instead of (or in addition
overall budget requirements. We recommend that
to) targeted violence for criminal purposes, mean-
grant requirements and reporting systems be updated
ing that those cases should be treated as ST-CP mass
to track specific budgets and spending on ST-CP
attacks.
security items. Second, we recommend further devel-
opment of cost-modeling tools to help security man-
19
In general, site management plans, including Conclusion
floor plans, should reflect having defensible and
Figure 8 summarizes the road map’s recommen-
delayable entries and capabilities to secure interior
dations, overlaid on the model of ST-CP attack
portions from attackers; they should also avoid gen-
steps and defensive layers. The figure shows rec-
erating accessible crowds waiting to enter the site.
ommendations to improve attack prevention, site
security, and incident response, plus crosscutting
Fund Access Control Systems
recommendations.
This funding is especially needed for the basics of Overall, the United States has already made
procurement and maintenance of locks, doors, win- substantial progress in reducing the threat of ST-CP
dows, and security film for accessible glass windows attacks by, for example, preventing a strong majority
and doors. The funding should also provide training of plots. As shown in this road map, there are sub-
on how to use the systems correctly. stantial opportunities to improve defenses further.
By supporting key RDT&E and funding initiatives
across the ST-CP defense chain and improving the
system of layered defenses for ST-CP security in gen-
eral, the country can reduce attacks and casualties.
20
FIGURE 8
A Summary of the Road Map to Improve Security of Soft Targets and Crowded Places
General: help security measures work together to improve chance of halting the attack at any step
• More research, development, testing, and evaluation (RDT&E) on effectiveness of measures
• Security cost analyses
Layered Security–
• Ongoing analysis of mass attacks, including high-casualty “crime” events
General Priorities
• Grant tracking
• Research and development on reducing mass psychological impacts of attacks
N.B.: High interest in AI
Priority
Funding and Training Research and Development
Detection and prevention Can • What to report and how • Deterrence and dissuasion
(can occur at any preattack stage) halt or • Threat assessment teams • Gun diversion indicators
mitigate • Wellness-check protocols
Become Obtain Identify
Plan logistics
attack
motivated materiel at any
21
Perimeter defense Entry security Interior security Interventions • Security management teams • Concept of open-space security
• Bystander response
Infiltrate the Infiltrate the Infiltrate the Attack the
• Access controls, starting with
perimeter entrance interior occupants locks and windows
• Medical supplies
Protection: Site security
Law enforcement response Medical response Medical evacuation • Command, control, and • Alternatives to traditional voice radio communication
High communication
Extend the Cause on- Cause later
number
attack time scene deaths deaths
of deaths
Protection: Response
Managers, planning, training, and funding for all defensive layers above • Grant tracking • More RDT&E on the effectiveness of measures
Support • Attention to AI • Security cost analyses
• Ongoing analysis of mass attacks, including
high-casualty ordinary crimes
Potential defensive layer • Reducing the mass psychological effects of attacks
Notes References
1 DHS, “Soft Target and Crowded Places Security Plan Over- ASIS International, Physical Asset Protection, Standard ASIS
view,” p. iii. PAP-2021, 2021.
2 Federal Bureau of Investigation, U.S. Department of Justice, ASIS International, Protection of Assets: Physical Security, 2021
and Advanced Law Enforcement Rapid Response Training ed., 2021.
Center at Texas State University, Active Shooter Incidents in the DHS—See U.S. Department of Homeland Security.
United States in 2022, p. ii; Federal Bureau of Investigation, U.S.
Federal Bureau of Investigation, U.S. Department of Justice, and
Department of Justice, and Advanced Law Enforcement Rapid
Advanced Law Enforcement Rapid Response Training Center
Response Training Center at Texas State University, Active at Texas State University, Active Shooter Incidents in the United
Shooter Incidents in the United States in 2021, p. 4. States in 2021, May 2022.
3 The landscape assessment incorporated information from data Federal Bureau of Investigation, U.S. Department of Justice, and
analysis, literature review, subject-matter expert (SME) inter- Advanced Law Enforcement Rapid Response Training Center
views, and cost analysis to form a picture of the ST-CP security at Texas State University, Active Shooter Incidents in the United
environment. States in 2022, April 2023.
4 Hollywood, Gierlack, et al., Improving the Security of Soft Tar- Hollywood, John S., Richard H. Donohue, Tara Richardson,
gets and Crowded Places. Andrew Lauland, Cliff Karchmer, Jordan R. Reimer, Thomas
Edward Goode, Dulani Woods, Pauline Moore, Patricia A.
5 For more information about the dataset and how the data were Stapleton, Erik E. Mueller, Mark Pope, and Tom Scott, “About the
collected and processed, see Hollywood, Donohue, et al., “About Mass Attacks Defense Toolkit,” RAND Corporation, webpage,
the Mass Attacks Defense Toolkit.” 2022. As of October 6, 2023:
https://www.rand.org/pubs/tools/TLA1613-1/toolkit/about.html
6 The six cases studies were the 2013 Arapahoe High School
Hollywood, John S., Keith Gierlack, Pauline Moore, Thomas
shooting, the 2016 Pulse nightclub shooting, the 2017 Manches-
Goode, Henry H. Willis, Devon Hill, Rahim Ali, Annie Brothers,
ter Arena bombing, the 2018 Marjory Stoneman Douglas High Ryan Bauer, and Jonathan Tran, Improving the Security of Soft
School shooting, the 2019 El Paso Walmart shooting, and the Targets and Crowded Places: A Landscape Assessment, Homeland
2021 Waukesha (Wisconsin) Christmas parade ramming. Security Operational Analysis Center operated by the RAND
7 Corporation, forthcoming.
A polygrievance consists of multiple grievances that coalesce
into a desire to act. Moore, Pauline, Brian A. Jackson, Catherine H. Augustine,
8
Elizabeth D. Steiner, and Andrea Phillips, A Systems
Singer, “Schools Are Spending Billions on High-Tech Defense Approach to Physical Security in K–12 Schools, Homeland
for Mass Shootings.” Security Operational Analysis Center operated by the RAND
9 Corporation, RR-A1077-1, 2021. As of March 10, 2022:
National Center for Education Statistics, “Safety and Security https://www.rand.org/pubs/research_reports/RRA1077-1.html
Practices at Public Schools.”
National Center for Education Statistics, Institute of Education
10 ASIS International, Physical Asset Protection; ASIS Interna- Science, U.S. Department of Education, “Safety and Security
tional, Protection of Assets: Physical Security; Moore et al., A Practices at Public Schools,” Condition of Education 2022, last
Systems Approach to Physical Security in K–12 Schools. updated May 2022.
11 For some unit costs, such as security patrol or security admin- Peterson, Jillian, and James Densley, “Reflections on Researching
istration, a range was not available or applicable, so we used a the Lives and Crimes of Mass Shooters,” in National Institute of
single value. Justice, Office of Justice Programs, U.S. Department of Justice,
Advancing Understanding, and Informing Prevention of Public
12These ranges of costs assume a mean unit cost and a mean Mass Shootings: Findings from NIJ Funded Studies, Part 2,
unit of quantity. webinar slides, November 17, 2020.
13 As stated in the literature review section, there is little Public Law 107-296, Homeland Security Act of 2002,
research on the effectiveness of specific security measures. So November 25, 2002.
this model, like the literature review, focuses only on where Singer, Natasha, “Schools Are Spending Billions on High-Tech
funding is being spent, not whether it is effective. Defense for Mass Shootings,” New York Times, June 26, 2022.
14Peterson and Densley, “Reflections on Researching the Lives U.S. Code, Title 6, Domestic Security; Chapter 1, Homeland
and Crimes of Mass Shooters.” Security Organization; Subchapter III, Science and Technology
in Support of Homeland Security; Section 185, Federally Funded
15 Proxies are incidents that have some similarities with mass Research and Development Centers.
attacks but are much more common. For example, technologies
U.S. Department of Homeland Security, “Soft Target and
designed to prevent people from getting into a building can be
Crowded Places Security Plan Overview,” May 2018.
assessed against numbers of general break-ins, including for
ordinary criminal purposes.
22
About the Authors Devon Hill is a senior defense analyst at RAND.
He has a particular interest in military personnel
John Hollywood is a senior operations researcher at
policy; defense acquisition; and talent management
RAND, where he conducts decision science research
and diversity, equity, and inclusion. He has an M.A.
in the areas of criminal justice, homeland security,
in security studies.
and information technology. He has a Ph.D. in opera-
Rahim Ali is a technical analyst at RAND. His
tions research.
research interests include critical infrastructure pro-
Keith Gierlack is a senior defense analyst at
tection, community-level resilience planning, climate
RAND. His research addresses building partner
change adaptation and mitigation, and disaster pre-
capacity, law enforcement technology, critical infra-
paredness and recovery. He has an M.S. in civil and
structure protection, maritime and border security,
environmental engineering.
and China. He has an M.S. in strategic intelligence.
Annie Brothers is an assistant policy researcher
Pauline Moore is a political scientist at RAND.
at RAND. Her research interests include workforce
Her research focuses on violent extremism, targeted
development, refugee resettlement, public safety,
violence, terrorism and counterterrorism, and safety
police–civilian communication, emergency response,
and security in K–12 schools. She holds a Ph.D. in
behavioral health, domestic violence, and sexual
international relations.
assault. She has an M.S. in data science.
Tom Goode is a data scientist at RAND. His
Ryan Bauer is a senior defense analyst at RAND.
work focuses on national security, homeland secu-
His research focuses on information warfare and
rity, and public safety. He has an M.S. in statistical
information operations, disinformation and mes-
practice.
saging, Russian security issues, and emergency pre-
Henry Willis is a senior policy researcher at
paredness. He has an M.A. in security studies.
RAND. His recent work has addressed biosecurity
Jon Tran is a senior technical analyst at RAND.
risks and biodefense capabilities; border and ter-
He has supported and conducts research in the
rorism security; climate and natural disaster risks;
areas of policy related to national security, space,
critical infrastructure resilience; and national pre-
and aerospace systems. He has an M.S. in aerospace
paredness for chemical, biological, nuclear, and
engineering.
radiological attacks. He has a Ph.D. in engineering
and public policy.
23
H
HOMELAND SECURITY
C
OPER ATIONAL ANALYSIS CENTER
This report presents the results of research and analysis conducted under task For more information on this publication,
visit www.rand.org/t/RRA2260-2.
order 70RSAT22FR0000074, Soft Target and Crowded Places Landscape Assess-
ment and Research Roadmap. This research was published in 2024.
RR-A2260-2