Back to Hazards Directory
- Terrorism has been a long standing fact of life in certain countries around the world, like Northern Ireland, England, Israel and Japan. It is, however, no longer a problem that happens somewhere else. Bombings at the World Trade Center, the Oklahoma City Federal Building, the 1996 Atlanta Olympics, and incidents in many other locations throughout the U.S. brought the threat home. The September 11th deadly attack on the World Trade Center and Pentagon suggested that the terrorism bar has been raised to a new level in the U.S.
- 9-11 brought terrorism to the forefront of our consciousness. It has been front page news since. It has challenged us to learn a lexicon of new terms and possibilities we never expected or wanted to know about... loose nukes, dirty bombs, sarin gas, small pox, cyberterrorism, narcoterrorism, leaderless resistance, terrorist cells, to name just a few.
- The threat of terrorism impacts all communities large and small, both in the U.S. and throughout the rest of the world. Incidents have occurred in cities of all sizes, as well as in rural America.
- While the weapons of choice in the past have been explosives and explosive devices, chemical and biological agents have also been used. In the future, terrorists will almost certainly resort to "weapons of mass destruction" including nuclear, biological, and chemical materials. Technology is improving and terrorists are learning to use materials that are much deadlier than any bomb of the past.
- More than 25 countries have or are developing nuclear, biological and chemical weapons.
- Terrorist acts are often deliberately spectacular, designed to rattle or influence a wide audience, beyond the victims of violence itself. The point is to use the psychological impact of violence or of the threat of violence to effect political change. Beyond this, terrorists may believe such acts also: win popular support; provoke the attacked country to act rashly; attract recruits to their cause; polarize public opinion; demonstrate their capacity to inflict pain; or undermine government.
- The attacks on the World Trade Center and the Pentagon harnessed modern technology to carry out the age-old tactic of suicide terrorism.
- After a significant drop off in suicide terrorism we are seeing a reemergence in the last two decades. The drop off was probably attributable to the development of more sophisticated weapons that made it possible for terrorists to kill from a distance. At the same time, many terrorist groups became more than willing to kill large numbers of innocent victims indiscriminately. But certain groups continue to favor suicide terrorism, believing it heightens public fear, allows for greater precision and large-scale attacks without sophisticated technology, and creates the opportunity for martyrdom.
- The emergence of religious terrorist groups with apocalyptic outlooks and the availability of weapons of mass destruction may indicate that inflicting mass casualties is supplanting publicity as the primary goal of some terrorist campaigns.
What Do We Know About Terrorism? The State Department defines terrorism as "premeditated, politically motivated violence perpetrated against noncombatant targets by sub-national groups or clandestine agents, usually intended to influence an audience." The FBI defines terrorism as the "unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof in furtherance of political or social objectives."
From a practical standpoint, whether or not an act of violence meets the technical definition of terrorism is not that important. What is important is the impact any such act has on lives, property, and our way of life. And, any impact, direct or indirect, on our business economy will have a profound effect on those who depend on it.
Is Terrorism A Threat To A Business Like Yours? No business regardless of size, type and location should assume it is immune from terrorist acts. As terrorism evolves, terrorists are becoming more sophisticated and better funded and are more likely to use weapons of mass destruction. The reach of terrorist acts and the devastation they can create will almost certainly take on horrifyingly new dimensions.
Businesses need not be primary targets to be victimized. In fact, a substantial percentage of the businesses impacted by the World Trade Center attacks were small businesses that hardly would have considered themselves terrorist targets. Many were collateral victims who just happened to be located in the vicinity of the Center. And, as we have seen, the ripple effects caused by terrorist acts can have dramatic and far reaching effects on the economy as a whole, on consumerism, on specific industries (like tourism, insurance, and transportation) and on business practices and performance in general. 9-11, no doubt, accelerated the failure of many already fragile businesses around the country and significantly contributed to the nation's business downturn. As the country turned its attention to responding to the attack and strengthening its homeland security, significant amounts of public and private money has been redirected away from "business as usual." Air travel halted, consumer spending fell, businesses reduced investment and companies announced massive layoffs.
Obviously it is unproductive to become paranoid about the threat of terrorism... but, at the same time, it is unwise to become blasé. As time passes, we tend to forget and hope to resume life as normal. Unfortunately, the acts of terrorism may have redefined the boundaries of normalcy forever.
Assessing Your Organization's Risk and Vulnerability How attractive is your business as a target of terrorism or workplace violence? Here are some questions you should be asking yourself:
- Are you a high profile operation or do you have high profile employees or representatives that could be singled out by terrorists to make a statement?
- Are there domestic or international individuals or groups that are vehemently opposed to your line of business your organization performs?
- Are you co-located with, near to, or doing business with, other businesses, organizations or physical structures that might be targeted by terrorists?
- Are there characteristics of your business or workforce that could be used as an excuse for hate crimes?
- Do you do business with organizations or segments of the population that could serve as an excuse for hate crimes?
- Are there any characteristics of your business, facility, location, products, services, practices or personnel that might make you a potential target?
- Has your organization had to make organizational or personnel decisions that could be rationalized as an excuse for workplace violence?
- Do you have customers, suppliers or vendors who could be attractive targets to terrorists?
- Has your organization received previous threats of violence or intimidation?
- How vulnerable is your business to a terrorist attack, and are there practical, affordable measures you can take to mitigate your vulnerability? Somethings to consider in each of the following areas:
- Type of structure
- On-site population monitoring and control (employees, customers, visitors)
- Resources for prevention, response and recovery
- Do you have Terrorism insurance potection.
Assessing What Resources You Can And Are Willing To Devote To Terrorism Preparedness:
- The 9-11 attacks have prompted a range of responses from the business community... some measured, some perhaps extreme.
- You need to consider what resources you can reasonably mobilize to deal with threats posed by terrorism.
- Instead of attempting to deal with terrorism as a unique and different hazard in your disaster plan, it may make more sense to focus on the issues of business survival and continuity common with other disaster types.
- Keep Things In Perspective
Preparedness Measures You Might Consider:
- Preventive measures
- Procedures for dealing with terrorist threats
- Day to day precautionary measures
- Immediate response to an act of terrorism
- A time for quick decisions
- Personnel and visitor safety
- Assist victims or not
- Evacuation procedures
- Preserving the crime scene
- Calling for professional help
- Helping first responders - do's and don'ts
- Establishing a safe temporary holding area
- Employee release decision criteria and instructions
Bomb ThreatsResponding To Telephone Bomb Threats
- Instruct all telephone contact personnel, especially receptionists/telephone switchboard personnel, on what to do if a bomb threat is received.
- Take all threats seriously.
- If possible, have more than one person listen in on the call (a predesignated signaling system might have to be used).
- Remain calm. A calm response is likely to yield more useful information.
- Keep the caller on the line as long as possible.
- Ask him/her to repeat the message...every make not of words spoken by the person.
- If the caller does not indicate the location of the bomb or the time of detonation, ask for this information.
- Inform the caller that the building is occupied and detonation of a bomb could result in death or serious injury to many innocent people.
- Pay particular attention to background noises, such as motors running, music playing or any other nose which may give a clue as to the location of the caller.
- Report information immediately to the police department, fire department, ATF, FBI or other appropriate agencies
- Listen closely to the voice (male, female), voice quality (calm, excited), accents and speech impediments. Note any familiarity in the voice to acquaintances.
- Remain available, as law enforcement personnel will want to interview you.
Written Bomb Threats
- Save all materials, including any envelope or container.
- Once determined to be a bomb threat, avoid further handling
- Make every effort to retain evidence such as fingerprints, handwriting or typewriting, paper and postal marks.
- While written messages are often associated with generalized threats and extortion attempts, they should never be ignored.
Bomb Threat Evacuation Options And Considerations
- Do nothing. This option is a highly risky judgment call in that it assumes the telephone call was most certainly a hoax and any threat to life and property is highly improbable.
- Search without evacuation. Again this is a risky Option. If the risk is not deemed to be high or imminent and a panic situation can be avoided, occupants may be considered to be the most qualified to carry out a search of the premises. It is assumed occupants have a better understanding of what belongs or does not belong in any particular location at any given time. The objective is to identify potentially suspicious objects. Und no circumstance should such objects be handled.
- Evacuate and search. This option takes no chances and leaves searching to the professionals. Time permitting, evacuees should be instructed to leave doors and windows open and to remove personal belongings such as handbags, briefcases, shopping bags, etc. which might draw attention as suspicious objects and slow search efforts.
- Evacuation only. The decision to evacuate only should take into consideration the risk of injury, the potential for panic and the re-entry to the premises.
- Although the practice of evacuation and search can be very expensive, inconvenient and play into the hand of crank callers likely to repeat false calls...it is usually the most judicious option.
Coping With Workplace Threats And Violence
Angry or hostile customer or coworker:
- Stay calm. Listen attentively.
- Maintain eye contact
- Be courteous. Be patient. Don't become confrontational.
- Keep the situation in your control.
- If the customer or coworker vents and calms down, attempt to lay out a constructive course of action.
- If demands are irrational, quietly seek assistance of a coworker or supervisor if you don't think the situation will escalate and become dangerous.
Shouting, swearing, threatening person:
- Signal a coworker or supervisor (use a subtle duress or prearranged warning system) that you need the help of contract security or police.
- Do not make any calls yourself.
- Do not inflame the situation by being confrontational.
- Acknowledge that you understand they are upset.
- Patiently let the person vent their anger.
Threats with a gun, knife or other weapon:
- Stay calm. Quietly and carefully signal for help (use a subtle duress or prearranged warning system).
- Maintain eye contact.
- Stall for time.
- Keep talking...but follow instructions of the person with the weapon.
- Don't risk harm to yourself or others.
- Never try to grab a weapon.
- Watch for a possible chance to escape to a safe area.
SabotageA saboteur can be a competitor who's spreading lies or one of your own employees sabotaging the company in any one of a number of ways. You have to address this problem, because if you don't, there could be devastating consequences for your business.
Here are some ways to identify and confront saboteurs:
- First of all, understand that it can happen. In a slowing economy competitors may resort to some very unprofessional means to try and gain an edge. Dismissed or disgruntled employees with access to your business should not be overlooked.
- Make sure you understand the difference between a pattern of intended sabotage and the occasional disgruntled remark or criticism.
- You must identify exactly who the saboteur is, what they are doing and why. Are your competitors spreading lies? Is an employee sharing confidential information? Usually the motivation of the competitor is to drive your customers away while the motivation of the employee may be anger or insecurity.
- Once you have identified these things you must confront the saboteur. Have as much evidence as possible and be specific. Be as composed and confident as possible. It is usually best to confront them one on one, but if the sabotage continues confronting them in front of others can be effective. In the case of employees, your human resources policies will help you in this area.
- Don't ignore the problem. Ignoring the problem and hoping it will go away seldom, if ever, works.
CyberterrorismWhat is cyberterrorism?Terrorism that involves computers, networks, and the information they contain. Computer networks have been attacked during recent conflicts in Kosovo, Kashmir, and the Middle East, but the damage has mostly been limited to defaced Web sites or blocked Internet servers. However, with American society increasingly interconnected and ever more dependent on information technology, terrorism experts worry that cyberterrorist attacks could cause as much devastation as more familiar forms of terrorism.
Is the United States vulnerable to cyberterrorism?Experts disagree about how large and immediate a threat cyberterrorism poses. In 1997, the Pentagon simulated a cyberattack and found that attackers using ordinary computers and widely available software could disrupt military communications, electrical power, and 911 networks in several American cities. Hacking tools and expertise have become only more widespread since then.
Is cyberterrorism the same as hacking?While some people use the term "cyberterrorism" (which was coined in the 1980s) to refer to any major computer-based attack on the U.S. government or economy, many terrorism experts would not consider cyberattacks by glory-seeking individuals, organizations with criminal motives, or hostile governments engaging in information warfare to be cyberterrorism. Like other terrorist acts, cyberterror attacks are typically premeditated, politically motivated, perpetrated by small groups rather than governments, and designed to call attention to a cause, spread fear, or otherwise influence the public and decision-makers.
Hackers break in to computer systems for many reasons, often to display their own technical prowers or demonstrate the fallibility of computer security. Some on-line activists say that activities such as defacing Web sites are disruptive but essentially nonviolent, much like civil disobedience.
Terrorists try to leverage limited resources to instill fear and shape public opinion, and dramatic attacks on computer networks could provide a means to do this with only small teams and minimal funds. Moreover, "virtual" attacks over the Internet or other networks allow attackers to be far away, making borders, X-ray machines, and other physical barriers irrelevant. Cyberterrorists would not need a complicit or weak government (as al-Qaeda had in Afghanistan) to host them as they train and plot. On-line attackers can also cloak their true identities and locations, choosing to remain anonymous or pretending to be someone else.
Terrorists might also try to use cyberattacks to amplify the effect of other attacks. For example, they might try to block emergency communications or cut off electricity or water in the wake of a conventional bombing or a biological, chemical, or radiation attack. Many experts say that this kind of coordinated attack might be the most effective use of cyberterrorism.
What kinds of attacks are considered cyberterrorism?Cyberterrorism could involve destroying the actual machinery of the information infrastructure; remotely disrupting the information technology underlying the Internet, government computer networks, or critical civilian systems such as financial networks or mass media; or using computer networks to take over machines that control traffic lights, power plants, or dams in order to wreak havoc.
How do cyberattacks work?Attacks on the physical components of the information infrastructure would resemble other conventional attacks: for example, a bomb could be used to destroy a government computer bank, key components of the Internet infrastructure, or telephone switching equipment. Another option would be an electromagnetic weapon emitting a pulse that could destroy or interrupt electronic equipment.
Attacks launched in cyberspace could involve diverse methods of exploiting vulnerabilities in computer security: computer viruses, stolen passwords, insider collusion, software with secret "back doors" that intruders can penetrate undetected, and orchestrated torrents of electronic traffic that overwhelm computers - which are known as "denial of service" attacks. Attacks could also involve stealing classified files, altering the content of Web pages, disseminating false information, sabotaging operations, erasing data, or threatening to divulge confidential information or system weaknesses unless a payment or political concession is made. If terrorists managed to disrupt financial markets or media broadcasts, an attack could undermine confidence or sow panic.
Attacks could also involve remotely hijacking control systems, with potentially dire consequences: breaching dams, colliding airplanes, shutting down the power grid, and so on.
- The Love Bug virus caused damage, expected to run into billions of dollars, by invading business computers. Can you afford the loss of business, staff time, or the repair costs that such an attack could bring?
- Hackers scan thousands of computers looking for identities to steal and vulnerable systems to attack. They could break into your Website and deface it and even reroute your customers.
- As many as 90 percent of all information security breaches originate from inside the company in which they occur. Do you have a dissatisfied employee who could corrupt your customer information or disrupt your billing?
Is your information protected against...
- Computer viruses?
- Software bugs?
- Technical failure?
- Disgruntled employees?
- Cyber criminals?
- Human error?
Why is information security good business?Today's customers are becoming very security conscious. In our electronic age, information is the foundation for success. Whether you're a wholesaler, manufacturer, doctor, realtor, or philanthropist You could suffer major losses in profits or credibility if your:
- financial records were lost.
- customer records were stolen.
- business strategies fell into the hands of your competitor.
What can you do?
- Install and maintain a computer anti-virus program or, if applicable, consult with your information technology supplier to find out the best method for you.
- Be prepared to do without services you normally depend on that could be disrupted - electricity, telephone, natural gas, gasoline pumps, cash registers, ATM machines, and internet transactions.
- Be prepared to respond to official instructions if a cyber attack triggers other hazards, for example, general evacuation, evacuation to shelter, or shelter-in-place, because of hazardous materials releases, nuclear power plant incident, dam or flood control system failures.