Swift Response: Protecting Crowded Spaces From Terrorist Threats

The incident in Vienna last week highlights several concerning trends that have become increasingly prominent in the field of counterterrorism (CT), including: the continued relevance of extremist ideologies connected to the Islamic State, five years after the so-called ‘caliphate’ lost the last of its territory in Syria; the worrying involvement of increasingly younger individuals in terrorist activities; and the challenges of online radicalisation. In addition, the Vienna plot also shines a spotlight on the critical importance of protective security. This is especially relevant as the UK is moving towards implementing Martyn’s Law, which aims to enhance security in publicly accessible locations.

While the focus in counterterrorism efforts often revolves around preventing radicalisation and recruitment into violent extremism, and disrupting plots before they materialise, such efforts, though crucial, cannot always guarantee absolute security. The arrests in Vienna revealed a potentially catastrophic breach of security when one of the suspects involved in the plot managed to gain employment within the stadium, alongside at least eight other men known to authorities for their potential extremist connections, all working for a security firm at the venue, raising serious concerns about the need for mandatory screenings at such events. This serves as a reminder that even when intelligence and law enforcement agencies are vigilant, there remains a need for robust, on-the-ground protective security measures to safeguard public events and venues.

Martyn’s Law, due to be introduced in the UK soon, seeks to address precisely these kinds of vulnerabilities. Named after Martyn Hett, a victim of the 2017 Manchester Arena bombing, the law will require publicly accessible premises and venues of a certain capacity to assess and mitigate the risks of terrorist attacks, implement security training for staff, and ensure that appropriate physical security measures are in place.

The Vienna plot highlights why such a law is not just timely, but essential. However, it also raises broader questions about how protective security is implemented. The fact that individuals allegedly associated with the plot managed to gain employment at the venue suggests that security measures should include not only physical barriers and other measures to manage access to crowded places, but also thorough background checks and ongoing monitoring of personnel.

Evolving Threats and Evolving Approaches

Protective security must evolve with the threats it seeks to counter. While past threats may have focused on highly organised groups, today’s dangers often come from individuals or small groups radicalised online or finding encouragement for violence online, and capable of launching attacks with little to no warning. Protective measures must therefore be dynamic, capable of adapting to the changing nature of the threat, and robust enough to address both physical and personnel vulnerabilities.

Technology is playing an increasingly crucial role in CT. Advanced systems such as AI-driven surveillance, facial recognition, and predictive analytics are becoming integral to detecting and responding to threats more efficiently. These technologies can analyse vast amounts of data in real time, identifying potential risks before they materialise into actual incidents. For example, facial recognition can flag known suspects entering a venue, while predictive analytics can assess behavioural patterns that may indicate malicious intent.

However, the integration of such technologies also brings challenges. Cybersecurity concerns are crucial as the digital systems used to enhance physical security are themselves vulnerable to hacking and other forms of cyber attacks. This creates a new layer of risk, where a breach in cybersecurity could undermine the very protective measures designed to keep the public safe. Thus, a comprehensive approach to protective security must include robust cybersecurity defences alongside physical measures.

Getting Protective Security Right

As Martyn’s Law comes into effect, it will be critical for venues to not just implement the bare minimum, but also take a proactive stance on security, learning from incidents like the foiled Vienna plot. This approach includes integrating the latest in security technology, fostering a culture of vigilance among staff and patrons, and ensuring that security measures do not become mere formalities, but are actively and effectively enforced. Recent research from RUSI highlights the importance of getting protective security right, emphasising the need for comprehensive monitoring and evaluation and continuous improvement of these measures to adapt to evolving threats. The research underlines that effective protective security is not only physical barriers, but also creating a resilient, well-prepared environment that can respond to a wide range of threats.

This also includes finding a way to implement robust security measures without creating a pervasive sense of fear. Terrorism aims to not only to cause physical harm but also instil fear and disrupt daily life. Effective protective security, therefore, must balance robust measures with the maintenance of public confidence. Overly intrusive or visible security measures can, paradoxically, increase public anxiety by constantly alerting people to the potential threat. This points to the importance of ‘toned down’ or invisible security measures that protect without creating an atmosphere of fear. Clear communication about these measures can help to reassure the public that they are safe, without unnecessarily raising alarm. It is also crucial to consider the role of public resilience in the face of terrorism. Protective security is not just about preventing attacks; it is also about empowering individuals and communities to feel secure and resilient.

Another important consideration in this context is the economic impact of implementing such protective measures. While the protection of public spaces is critical, the costs associated with comprehensive security protocols can be substantial. For many venues, particularly smaller ones, the financial burden of upgrading security systems, training personnel and maintaining these measures can be prohibitive. However, these costs must be weighed against the potential consequences of not taking action. A successful attack could have devastating human, social, and economic consequences far exceeding the cost of preventative measures. As the cancellation of the three planned Taylor Swift concerts in Vienna less than 24 hours before the first concert was due to begin showed, even security concerns resulting from a foiled attack can result in significant economic costs. Such decisions impact not just the venues but also the broader local economy, including tourism, hospitality and associated industries. It is therefore essential to strike a balance: security measures must be robust enough to mitigate threats, while also being economically viable and not so burdensome that they become unsustainable.

The Vienna case is a sobering reminder that the stakes in protective security are high. The failure to adequately protect a public venue can result in not only loss of life, but also a deep and lasting impact on public confidence and societal stability. As the UK prepares to roll out Martyn’s Law, the lessons from Vienna should be considered, alongside those from similar events in the UK, Russia and elsewhere. Protective security is not a one-size-fits-all solution; it requires continuous assessment, adaptation and above all, a commitment to safeguarding the public from the very real threats that continue to exist in our world today.

The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.

Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.