By Dr. David Mussington, Executive Assistant Director for Infrastructure Security

By Dr. David Mussington, Executive Assistant Director for Infrastructure Security

The Nation faces a dynamic threat environment fueled by a range of threat actors that promulgate violence across communities. The National Terrorism Advisory System (NTAS) Bulletin issued this week notes that, “In the coming months, DHS expects the threat environment to become more dynamic as several high-profile events could be exploited to justify acts of violence against a range of possible targets. These targets could include public gatherings, faith-based institutions, schools, racial, ethnic, and religious minorities, government facilities and personnel, U.S. critical infrastructure, the media, and perceived ideological opponents.” 

Public venues are particularly vulnerable to targeted violence and terrorism. Though security measures are often in place, these locations are typically more accessible than other critical infrastructure. Recent tragic and senseless attacks underscore the dynamic nature of the threat environment and the devasting impacts from attacks at public gathering locations. The mass shootings at a hospital in Tulsa, a grocery store in Buffalo, a school in Uvalde, and a church in Laguna Woods are recent examples. 

The Cybersecurity and Infrastructure Security Agency (CISA) provides innovative capabilities that support efforts to build security capacity to mitigate risks posed by targeted violence and terrorism. 

A critical first step is to understand risk. Being apprised of the dynamic threat environment is foundational to improving security. At the national level, DHS periodically issues the aforementioned NTAS Bulletins to provide insight into evolving threats facing the nation. It is also important to gain a better understanding of the potential threats more endemic to a region or locale to best serve local communities and the threats they may face.

Every facility faces unique challenges; identifying potential vulnerabilities in relation to national and localized threats is also vital. CISA provides access to several tools that owners and operators can leverage to independently assess facilities. For example, the Faith-Based Security Self-Assessment Tool was designed for individuals with little to no security experience to determine potential vulnerabilities of a house of worship. In addition, the School Security Assessment Tool walks users through a tailorable vulnerability analysis of a school or educational institution and provides results and recommendations to mitigate vulnerabilities. CISA also has Protective Security Advisors in all 50 states and Puerto Rico. These trained subject matter experts in critical infrastructure protection and vulnerability mitigation can facilitate local field activities, advise, and assist state, local, tribal, territorial, campus and private sector officials, as well as facility owners, operators, and other officials responsible for facility security.

Based on the results of the assessment, officials responsible for facility security should implement recommended measures to address identified vulnerabilities. This can be achieved through a combination of technology, people, and policy. CISA provides capabilities to support these efforts generally and by threat type specifically. For example, CISA provides training and best practices to enhance understanding of bombing prevention and active shooter preparedness. And, in partnership with the Departments of Education, Justice, and Health and Human Services, CISA maintains, which provides resources, guidance, and best practices on a range of school safety topics. These resources can also augment organizational training programs geared toward personnel and volunteers. 

Subsequently, officials responsible for facility security should develop a plan (security and/or emergency action plan) that specifies the steps personnel and volunteers will take to enhance security before and following an incident. CISA provides templates to facilitate the development of plans and encourages officials to coordinate with local law enforcement to increase familiarity with the facility and ensure personnel are aware of the actions first responders will take upon arrival. A plan, however, is only valuable if personnel are properly trained to execute it and if it is exercised. Through the CISA Tabletop Exercise Packages, and other officials responsible for facility security can also access multiple comprehensive resources designed to support independent exercises through a variety of scenarios. 

To augment security beyond traditional protective measures, and to position officials responsible for facility security to identify potential suspicious behavior to thwart a potential attack, CISA also provides access to a range of resources that improve soft skills. These products can be leveraged by security or non-security professionals and can be utilized as a cost-effective additional layer of security. For example, the Power of Hello Guide suggests questions to consider when navigating a potential threat and includes information on when and how to obtain help. The De-Escalation Series is comprised of four products that assist in recognizing the warning signs of someone on a path to violence; assess if the situation or person of concern is escalating; de-escalate the situation taking place through purposeful actions; and report the situation through established protocols including 9-1-1 for immediate threats. 

All these capabilities are available from CISA at no cost; and many are translated into multiple languages to reach a wide range of communities. CISA will continue to prioritize efforts to engage communities across the country to provide direct subject matter expertise and access to resources that inform cost-effective risk mitigation solutions. In collaboration with interagency partners, CISA is committed to building community- and facility-based security capacity to better mitigate the threats posed to our nation.