Over the past decade, the changing political landscape has dictated that
public, private, and governmental organizations not only understand terrorism
risk, but also develop a proactive plan to assess and/or manage this risk. As
demonstrated by the attack on the Alfred P. Murrah Federal Building in Oklahoma
City in 1995, simply being located in a less populous city or region does not
guarantee safety. In fact, it is the lower profile targets with lower levels
of security awareness that may appear to be the "softer" target to a potential
terrorist.
In addition to the terrible loss of life, the events in 2001 also highlighted
the financial costs of terrorism. As with other natural and man-made hazards,
financial coverage may not be available and or affordable to protect the financial
assets of an organization when faced with a terrorism threat.
Developing a Terrorism Risk Management Program
Managing risk associated with the threat of terrorism can be a daunting task
for companies. Some of the most common questions include how to begin a terrorism
risk management program, what assets should be protected, and what are the most
effective mitigation solutions. Similar to managing the risk from other hazards,
a terrorism risk management program should provide a logical and systematic
framework for identifying and dealing with potential terrorism threats. A three-phase
terrorist risk management program, detailed in the following figure, can be
used as a framework for establishing a terrorism risk management program.

Phase I—Threat Identification and Initial Site Assessment Understanding the type, source, and probability associated with different
threats is an important element in the program. The key elements of the threat
identification phase include the following.
- Threat Recognition and Identification
- Threat Potential
- Site Security Assessment
While many organizations have some knowledge of the various threats facing
their facilities and employees, many do not recognize how vulnerable their sites
actually are until a detailed assessment is performed.
As shown in the figure, one of the products that may result from the site
security assessment is a detailed site survey that includes the determination
of the effective standoff distance at all exposed sides of the building perimeter.
Even for sites that are considered "secure," existing security measures are
often found to be insufficient to deter a well-planned terrorist attack.
Phase II—Detailed Risk Assessment The information gathered in the Phase I assessment can then be used to focus
organizational resources to determine the impact of a particular terrorist event
on the facility. Analyses that may form part of the detailed risk assessment
include the following.
- Blast and Explosion Analysis
- Progressive Collapse (Structural Stability) Analysis
- Chemical, Biological, and Radiological Threat Assessment
The Blast, Progressive Collapse, and Chemical/Biological analyses can provide
a detailed assessment of the threat to the structures, nonstructural elements,
and the employees. Examples of these analyses are shown in Figure 1: Three-Phase
Terrorism Risk-Management Program. The graphic adjacent to the Phase II Assessment
box depicts the varying pressure contours on the face of a building that result
from an explosive charge placed at the location of the minimum defended perimeter.
Software tools are available to estimate the impact and dispersion of toxic
releases and produce similar types of contours as a result of a biological or
chemical terrorist attack.
Phase III—Risk Management Once the risks have been identified and assessed, putting a comprehensive
risk management plan in place for terrorism risk is similar in many respects
to understanding and managing the risks due to other hazards, such as extreme
wind or earthquakes. Often, emergency planning and disaster recovery preparations
that are in place for other types of hazards can be extended to prepare for
and/or protect against terrorist attacks.
A comprehensive terrorism risk management plan should, at a minimum, include
the following components.
- Protection of the Facility and Its Occupants
- Emergency Planning and Disaster Recovery
- Reduction of Financial Risk
Protection of the building occupants through the implementation of physical
or electronic security measures, the application of window film to reduce glazing
hazards, and increased employee awareness is often a first step in many terrorism
risk management plans. Reducing the financial risk associated with a terrorism
event may be a more challenging issue. As with other natural and man-made hazards,
the cost of insurance for losses associated with a terrorism event, if available,
may have risen to a level that is no longer affordable. The financial exposure
may need to be addressed though a combination of risk mitigation measures, alternate
or back-up facilities, and insurance.
The risk management plan should have a capability for determining changes
in risk due to threat information or changes to security operations and building
protection. The regimented procedure will maintain a focus on effectiveness
and prevent fragmented decision making for risk reduction.
Summary
With the increased threat of terrorism, both in the United States and abroad,
public, private, and governmental agencies face an increased need to understand
and manage the risk to their employees and organizational assets due to the
terrorism risk. A three-tiered terrorism risk management plan, which includes
initial and detailed assessments and a variety of risk management techniques,
can be implemented to effectively reduce the risk from a terrorist attack.