26 February 2010

Emerging Threats: Active Shooter Scenario

I want to start a new series of posts titled, Emerging Threats. The goal is to "White Board" future threats, discuss possible threat outcomes, and discover ways to prevent/thwart future attacks. The 9/11 Commission stated that one of the primary reasons our intel agencies were unable to connect the dots was due to a lack of imagination. The goal of the Emerging Threats series is improve our imagination, and hopefully generate feasible defensive measures.

Active Shooter Scenario
On December 25, 2009, Al Qaeda proved that air travel was still their primary high payoff target. I believe that this event will focus the majority of our homeland security efforts on air travel safety. I am confident that the failed attack will serve as a shot in the arm and ensure al Qaeda will not be able to successfully target American aircraft for a reasonable amount of time. Once a government highlights its security focus, their enemies will naturally look for other ways to achieve their end state.

The Active Shooter Scenario is not a new phenomenon to America. Active shooters are individuals or groups who, for a number of reasons, decide to murder innocent people in a shooting rampage. Columbine, Virginia Tech, and Ft. Hood are all examples of the active shooter scenario. Law enforcement statistics show that the average Active Shooter Scenario is a single individual who is rounds complete within 8 minutes. What I want to focus on is a terrorist scenario with the intent of lasting longer than 8 minutes, like Beslan (334 dead) and Mumbai (173 dead). We know al Qaeda seeks the spectacular attack with maximum media exposure and casualties. Mumbai was not spectacular because of the number killed, it was spectacular because it showed India's inept response to neutralize a mere 10 individuals.

I think we can benefit from looking at past incidents and attempt to gleam what al Qaeda can learn from our experiences in these scenarios. The Columbine school shooting was a watershed event that significantly changed law enforcement reactions to the active shooter scenario. The Columbine response had three phases. First, establish a cordon and contain the shooters in order to deny freedom of maneuver and allow the local SWAT team to arrive on scene. Second, the SWAT team systematically cleared Columbine High School, room by room, searching for the suspects and ensuring they did not miss any other unreported suspects. Third, neutralize the shooters and provide medical care to the wounded. The primary lesson learned was; when you have active shooters in a populated building methodically killing people, you no longer have the luxury of containing the shooters and waiting for the SWAT team. Al Qaeda now knows the United States will not allow a Mumbai style attack to proceed for 60 hours. Our local law enforcement officers will bravely challenge any shooter actively targeting innocent civilians. Two local law enforcement officers, who were the first to respond, neutralized the Fort Hood shooter, Nidal Hassan. This is our current neutralization TTP. Since it looks like we have a viable option to thwart a Mumbai style terror attack, how can al Qaeda successfully use the active shooter scenario and still achieve their objectives?

Law enforcement officers have to make the distinction between a hostage situation and the active shooter scenario because the response is vastly different. If a first responder receives a 911 dispatch to a mall or school where a suspect is actively shooting and killing citizens, that officer will undoubtedly move toward the small arms fire and attempt to neutralize the suspect. If that same officer is responding to an armed hostage situation at a school or bank, the officer will most likely establish a perimeter and evacuate any bystanders. This is how al Qaeda can target America using a combination of the active shooter scenario and a hostage situation. I believe we have a solid response to both hostage situations and the active shooter scenarios; however, a combination of the two provides al Qaeda a viable option for a low technology spectacular attack.

First lets white board what al Qaeda needs to avoid:
Foreign Nationals who infiltrate America from terrorist hot spots (Pakistan, Yemen, Somalia, Saudi Arabia, ect.) We are watching those areas closely.
Explosives, excluding low technology pipe bombs. We are focused on the logistics and explosive facilitation.
Large Metropolitan areas because of increased law enforcement response capacity.
Airports large enough to facilitate C-130/C-17 aircraft landing (hard to do), mitigating rapid transportation of the FBI's Hostage Rescue Team (HRT).

Now lets look at plausible aspects of a future attack: Planning, Facilitation, Execution, and End State.

Planning: Al Qaeda needs to conduct their planning using the courier system in order to avoid raising concerns for a future martyrdom operation. I believe the initial planning would take place in the known terrorist havens, ie Yemen, Somalia, or Pakistan. The External Operations Network is the most likely point of origin for initial concept development. I think this operation would have a long range planning horizon, preceding the operation by more than 12 months. The plan would be simple and require less coordination than the 9/11 attack. The reason for such a long planning horizon is to ensure successful infiltration of the terror cells.

Facilitation: The active shooter scenario is logistically simple. LeT's doctrinal template, utilized in Mumbai, is a viable option. 10 shooters is a large enough group to simultaneously attack several objectives, while also being small enough to fly under the intelligence radar. One group of 4, and three groups of 2 allow al Qaeda to use a similar leadership scenario as the 9/11 hijackers. The could have 4 leaders who are knowledgeable of the operation, with 6 muscle men who are largely in the dark until immediately prior to the operation's execution. I also think the 9/11 hijacker model would be followed concerning the infiltration of the 10 terrorists. The 10 shooters would assimilate into a normal American life style for as long as a year in order to disguise intentions. The year dwell time would also be used for a deliberate accumulation of automatic weapons and body armor. The armament would logistically look similar to Larry Phillips Jr. and Emil Matasareanu's set up. The group leaders could also use this time to conduct surveillance and rehearsals on site.

Execution: (Location) Taking a look at the number of casualties from both Beslan and Mumbai shows us that a large metropolitan area is not needed and in fact would increase the likelihood of successful law enforcement interdiction. This is why I believe an attack on a small town would increase the likelihood of successful execution while still netting a significant number of casualties. A rural town will not have a full time SWAT team, will increase the response time of national law enforcement, and the local law enforcement might initially have to operate on a 1:1 ratio of officers to terrorists.
(Targets) A mix between hostage situation and active shooter scenario is more advantageous. A combination of Beslan and Mumbai is a viable scenario. Four well trained terrorists, could control a local high school and initiate a hostage situation, drawing the events out long enough to facilitate the media's live reporting. Once the media is in place, the active shooter scenario with the remaining three teams of two could over whelm the local 911 network and sow enough disorder to create havoc among the responding officers. The active shooter scenario could take place on mini-malls or other locations that provide multiple areas with moderate to high civilian density. They could use spike strips on the highest traffic road/highway and create a traffic jam while shooting civilians stuck in their vehicles. One of the objectives would undoubtedly be to show the government's inability to protect its citizens. This would be highlighted if the local medical response is over whelmed along with the law enforcement. Molitov cocktails are a cheap, easy option to start fires once they leave each objective. Changing vehicles between targets would also add to the confusion with 911 callers reporting more groups than there actually are.
(Command and Control) Again, the Mumbai attacks illustrate the best way to C2 an active shooter scenario. The live media feeds allow terror leaders to use cell phones to direct multiple teams throughout the operation. They also allow the terror leaders to warn their shooting teams of pending SWAT team assaults. One way to increase the effectiveness of the attacks is to have prepared lists of targets that allow the active shooting teams to conduct the operation with limited direction. The leadership could inform other shooting teams that an adjacent team has been neutralized and they should pick up their target set.
End State: What would be the benefit of an attack of this style for a terror group that is largely under the gun in all corners of the World? I think the best possible outcome for al Qaeda is for an attack that creates a situation for America to loose inherent freedoms or degradation of our system of values. I want to offer up two worst case scenarios that may be unlikely, but not impossible.
1) What if AQIM could tap into the drug cartels they currently collude with and use their members as the active shooter teams? These teams would infiltrate through the porous Mexican/US border and assimilate into daily life within the States along the border. If al Qaeda could use South American's from Venezuela, Columbia, or even worse Mexico, it would cause a massive amount of rage toward illegal immigration. It could cause a situation of hysteria and increase the risk of acts of violence against anyone with South American/Mexican decent. Also, it utilizes a race of people that we currently don't associate with acts of random non-Narco terrorism.
2) Another possible scenario looks to our Northern border. I think it would be beneficial for al Qaeda to use the United Kingdom and/or Canada as a pool of recruits to carry out an active shooter scenario. Both countries could have citizens that hold dual citizenships, who travel to terrorist havens and hand carry instructions to terrorists who will cross into America illegally or legally from Canada. Canada is a viable launch pad for a terror operation. This may cause a rift between the intelligence collection and sharing between these nations. It may lead to alleviating pressure from Pakistan since the latest attack originated from an ally nation. These are just two possible scenarios, we could play the "what if" game all day, but I think it is important to highlight unlikely scenarios in order to get our analytical powers moving. I left out the most obvious scenario, a home grown terror attack like Nidal Hassan's.

The Way Forward: Fred Leland, Law Enforcement Security Consulting Inc., has a two part series that dives into the Active Shooter Scenario, here. Fred focuses his attention toward the response and law enforcement training. He coined the term, "Full Spectrum Policing" which alludes to the wide problem set law enforcement officers have to deal with. Our officers across the board need to have quarterly or bi-annual training responding to an active shooter scenario. I have a few points to add in addition to Mr. Leland's recommendations. First, law enforcement officials need to identify likely locations for active shooter scenarios and conduct mass casualty drills on location. Next, the local news executives need to be brought into the fold and agree to delay live footage of active shooter scenarios for at least 30 minuets. This should almost be a non issue since the majority of active shooter incidents are over within 8 minuets and most news agencies cannot respond fast enough. My concern would be for a Mumbai style attack where the shooting teams have commanders who are directing their activities from another country through live news footage. Finally, the intelligence sharing between the federal agencies and local law enforcement needs to be improved. This is a topic that will need continual improvement; however, we need to ensure that credible threats make there way down to the state and local level.

My hope is that this new series of posts can bring in expert opinions, as well as average citizens, who can throw out ideas and continue build/improve doctrine templates, that homeland security officials can turn into individualized situational templates.


  1. To be honest I find this scenario a bit unlikely. To start most terrorists, despite common opinion, do not want to engage in missions where they are sure to die or be captured. True, suicide bombers do just that but they are also clearly the minority in terrorist organizations. Also, most suicide bombers do not engage in activities such as spending large amounts of time shooting people. Most use a trigger to explode after they have reached the target, making law enforcement responses less of an issue.
    The second problem is that Al Qaeda does not seem especially interested in causing the United States to overreact and damage freedom in the US itself. The reasons given in AQ documents were that the strategy was to cause the US to attack Afghanistan and other areas where AQ was known to be, thereby recreating the circumstances of the Soviet-Afghan war. Causing the US to be more authoritarian at home was not mentioned.

  2. 1. Thanks for freaking us out.
    2. I think it is more likely a small group (Ft. Dix or N.VA 5) would try to do this than a FATA based operation. The logistics of getting 10 into the USA are hard, maybe even a long shot.
    3. I agree that small towns are the ultimate target. The reaction would be hysteria.

  3. I'd agree with Anon @ 5:15pm that this kind of operation would more likely be carried out by a fellow traveller organisation than as a planned AQ attack. I also believe that it would probably be more attractive in the UK where the proportion of armed police/civilians who could respond is significantly different to the US. The average UK shopping centre (mall) has a 3-4 main entry-exit points with additional access to parking - that really wouldn't need a lot of people to control.

  4. Gyre: I believe your logic is mainstream and is why I think this scenario is a possibility. Simply put, we need to remain imaginative. I have personally witnessed over 10 suicide bombers, thus I have no doubt they can facilitate this.

    Anon & DC: The Current Threat level is Yellow (I googled it), so I don't think we need to worry about this tonight. I do think that we need to flush this scenario out in order to bring awareness and generate options. I picked a scenario that didn't use FATA based terrorists or home grown terrorists because, as you both alluded to, we are highly vigilant toward these groups. Could 10 hand picked terrorists infiltrate The United States from the story below? http://refugeeresettlementwatch.wordpress.com/2010/02/23/ice-looking-for-270-illegal-somalis-who-could-be-connected-to-al-shabaab/

    I like all three comments, we need to keep picking away at this!

  5. JD,

    On this date in 1993, AQ bombed the WTC (garage). Last week, Zazi pleaded guilty. I think air transportation remains the #1, but these scenarios remind us that land transportation is a close #2.

    I advise we study in more depth, for example, NYPD CTB's (Counterterrorism Bureau) Manhattan Project: a "think web of security."

    Of course, this is gearged for NYC financial district, but it shows us how satellites can be used in the future for even smaller, more rural locations. We need connected hubs that can accurately drive information sharing in order to provide a timely response.

    I think a matrix-like system is needed, and I have shared some thoughts (initial) on past posts: "bubblenet intelleigence." It would pragmatically use a social networking venue like, for example, twitter - but be used (and secured) for intel and first responders officers only.

    I am one to advocate planning, so I feel there is a continued need for this brainstorming.

  6. Dan,

    I would love to get some law enforcement perspective, especially concerning the sharing of intelligence, in fact we need to do a well researched post on the regional fusion cells.

    Gyre, I think you brought up an important aspect that I failed to address, what's the end state? Why would AQ conduct an active shooter operation, how could they benefit? This question is probably the most important one to ask because it helps us focus our efforts. I can remember an instance when Pat and I put our heads together and asked the very same questions about a reported threat toward my COP. We both came to the same conclusion, the threat report was focused on the wrong location, and we nearly picked the correct location all from asking ourselves, "why would they attack here?". Multiple heads are better than one, so throw out some plausible reasons.

    Our Predator drone program has successfully applied pressure on AQ senior leadership and their external operations cell. Ali Abdullah Saleh's government is targeting AQAP with some degree of success. Since both of those are the most effective AQ elements, they will probably attempt to divert our focus from those areas. AQ needs to create some breathing room. The best scenario for them is an attack that originates in an ally nation (Canada or UK) or a nation/region that we don't currently target with regularity (Somalia, South America). Gyre you were dead on when you pointed out the previous AQ attacks were meant to draw us into Afghanistan. Since that plan is not working for them, they need to get us out of the region before their network is reduced. I really think that if a terror cell infiltrates the United States from the Mexican border, it would cause our government to immediately dump billions of dollars into border security. Those are billions we don't have right now, which would affect Afghanistan's budget. Keep the ideas flowing!

  7. I can't figure out why no terrorists have attempted the following. Total manpower requirement: 10 to 20, depending on how ambitious they are. Total cost: less than $100,000.

    Two or three terrorists cause a non-threatening accident and/or simply block traffic on the interstate during rush hour - say on I-395N going into DC. The interstate becomes an instant parking lot. They set the vehicle(s) on fire to block the highway and then start hosing people with automatic weapons (think guys with AKs and a backpack full of loaded mags). 2 more terrorists do the same exact thing a mile behind them. 5 or so terrorists with automatic weapons (think M240, M60, or similar) are positioned on the edge of the highway, between the two scenes, and start hosing people who are trapped on the interstate. After spraying 2000 rounds of 7.62 per weapon, they grab an AK and backpack full of ammo and join in with the others to hose anyone still moving/fleeing. They could kill hundreds in mere minutes for whatever the cost of the weapons, ammunition, and car rentals (with or without rental insurance). Throw in anything more, such as improvised weapons intended to set vehicles on fire (which would spread quickly in gridlocked traffic) and the bill does not go up very much, nor does the required level of sophistication (oily rags + dry matches).

    Depending upon the speed of the law enforcement reaction, they could kill hundreds more. How are you going to stop that?

    Now consider the response. How many emergency personnel are you going to need to treat casualties? Before they can do much in the way of evacuation, how many firefighters will you need to put out the fires? Before that happens, how are police going to simultaneously clear traffic for the fire trucks and respond to the shooters? Generally, fire trucks make it through traffic because people move their vehicles out of the way. That's not the case if everyone is running away from their vehicles or dead behind the wheel.

    If said terrorists really want to up the ante, they only need to have a few other individuals waiting for the first responders before they start shooting (say, for example, in a hotel room overlooking on and off ramps, or in a van that they intend to ditch and set fire to before beginning). Now nobody knows if there are more shooters, where they would be, whether they are still hiding.

    Even after it all plays out, now you've got an interstate full of charred or abandoned vehicles. How long is that going to take to clear? Until then, I don't know if you've ever seen a good traffic jam in DC, but the city would be paralyzed. In my opinion, this would be far more chaotic than the Pentagon attack.

    And, even if we were to see this play out, how do you prevent it from happening again? I don't think it's preventable unless we are damn good at detecting plans for such stuff. But given how easy it would be to plan and execute, how would we stop that? Maybe that's just one of the trade-offs of living in a free and open society.

    I typed all of this on the assumption that no aspiring terrorists read your blog.

  8. In re. to JD, I would say that from AQ's perspective their strategy actually worked very well. Remember that these are people who argue (and probably believe) that the Soviet-Afghan war was the sole cause of the U.S.SR's collapse, rather than contributing to the economic problems which were a greater cause. AQ may even believe based on the current global problems that they have even succeeded. In my opinion AQ only has a limited understanding of the U.S, and may actually believe that by forcing the U.S to leave and defeating the current Afghan government they can bring about the collapse of the U.S. Therefore, for AQ the correct strategy would probably be to actually intensify the war and probably try to reestablish links with Iraqi Sunnis.
    Regardless of my pet theories, I've actually considered what I would do if I were an AQ member about to launch an attack in the U.S. To start I assume I would be a bit narcissistic, I would think myself better than the people around me who didn't try to make the world better, I would be in my mid-twenties, I would probably have a degree in engineering, and I would be an American who was also a second-generation descendant from some nation in Northern Africa/Middle East or possibly South Asia.
    My target would be a national monument/train or a public figure, probably a mid-rank government official.
    For the monument I would probably assume that I would not be able to sneak a gun or bomb directly into to it, so instead I would decide to use a bomb at the entrance way. Based on my own experiences at several it is likely to be a relatively narrow hallway with several dozen people close together. I also assume that there probably would be two or three guards of varying quality and ability nearby, possibly armed. My strategy would be to enter, let several people enter behind me, assume that hidden sensors had detected my bomb and detonate it. I assume that the explosion, smoke, smashed glass, and heat would kill at least a dozen people and possibly two or three dozen.
    For the train I haven't extensively studied security on trains but the strategy would be effectively the same. I know based on information from a friend formerly in the military who now does security consulting that train and airport detection is flaky. In some places they're good, in some places they're terrible.
    For the public figure I would spend far more time studying the situation. My priority would be to test the security by arranging to visit the official or a similar one at the workplace (without any bombs) simply to see how it proceeded. If it seemed as though I would not be able to reach them without being detected I would try an attack outside the workplace*. Outside the workplace I would try to find their home address (not that difficult), and guess based on a month-long study (in a crowded area of course) at what time they would be likely to travel near me. Then I would stop all actions for perhaps a month or two to throw off any possible detection. At the end of this I would return to that position, and once I had confirmed the official's presence I would detonate. To be honest I find the assassination approach the most dangerous of the three. Personally I would prefer the monument approach.

    I am fully aware that a terrorist could read this and get ideas, but to be honest if they needed my thoughts to do this they probably aren't capable of carrying off an attack and should go back to being an angry young man.

    *Interestingly, I noticed during projects on criminal justice that a county courthouse had much better security (though still fallible) than a state senator did.

  9. Schmedlap,

    Now that we have identified the feasibility of an active shooter scenario, we now need to develop our best counter strategy without getting too detailed for OPSEC reasons. I would love to get a local law enforcement officer's opinion on countering the active shooter scenario; training, IPB analysis, tip line program that can be enduring or pushed out upon receipt of threats, ect.


    You bring up several more scenarios that deserve their own attention. I think the "Emerging Threats" series will be a continual occurrence. I also want to develop a High Payoff Target List for AQ. You also made a comment that most people probably missed the importance of, "What would I do if I was an AQ member". It is vital that we put our "Red Hats On", and think from THEIR perspective. Only then will we attain the Zen level of imagination necessary to foresee and thwart future attacks. I will revisit your comments on a post that is more aligned to the type of threat you believe is likely. Great Job!

  10. Gyre,

    I agree that the economic hardship faced by the USSR was a great factor - if not the driving factor - in their collapse. I agree also that AQ's strategy is to intensify the war in Af/Pak, but think it is clear that they want to fight the "far enemy," America and Western Europe, and bring it directly to us.

    I am thinking here not only of Abdulmutallah but of thwarted attempts too, like that in 2006:
    "...intended targets were flights from the United Kingdom to the United States of America."

    Your comment, "...and I would be an American who was also a second-generation descendant from some nation in Northern Africa/Middle East or possibly South Asia," is exactly what they want (I think); which is why they exploit/co-opt Hasan and Awlaki in AQ propaganda.

    I think JD is right, though, that if they are recruiting persons to organically operate within the US, their best chance may be from Canada; i.e. Jabarah (2003).

    Let me know what you think.

  11. In re. to DP, my comment may be what they want but it also is backed by the reported heritage of multiple 'home grown' terrorists. In a common trend, a group emigrates to a nation with greater wealth and safety than their own but very different norms. The first generation who originally immigrated will probably avoid getting too close to the dominant population, and will experience discrimination and misunderstandings.
    The second and third generations will be brought up in a situation where they will theoretically have the advantages of the culture they are assimilating into, but at the same time they will be judged by stereotypes and see a gap in what their parents teach them and what the mainstream culture teaches them. From this comes uncertainty about what their values should be, and if their heritage includes a part of the world that is politically volatile at this time (as it is in the Middle East) they may become attracted to what appears to be a simple, pure ideology. As a note, they will probably be very different from their parents in this regard as one of the main reasons for why their parents left was probably to escape the violence of that nation.

    Now, if we base our actions simply on what I have stated here we are doomed to failure. You are correct that AQ and associated groups want 'white' America to react with racism and fear. Deciding that someone is dangerous because they were 'flying while Muslim*' is an incredible waste of resources and will probably cause even further radicalization rather than less. However, I made that statement with a reason. Unless you make an effort to understand the background and thinking of the people who are most likely to be targeted for radicalization, you won't have much luck in establishing rational guidelines for how to handle the situation.

    *The quote comes from the first episode of Little Mosque on the Prairie. Interesting series.

  12. Since our discussion has waned on the original subject, I think it's a good time to tie up the loose ends.

    Imagination: Schmedlap focused that active shooter scenario on the interstate system. AQ has shown a propensity for targeting mass transit systems around the world. If the mass transit system is well protected, then Schmedlap's view point increases in likelihood. Each metropolis is different, so, if a city's mass transit system is well protected, then law enforcement professionals should look to the next threat.

    My focus was a combination of Active Shooter and Hostage scenario. I received a scholarly paper that analyzed historical examples of this scenario, focused on Mumbai, Beslan, and the Moscow Theater siege. I plan on collaborating with the author to produce a better product than I can build myself. Using historical examples, we will continue to flush this scenario out in order to produce a product that homeland security and law enforcement officials can use to thwart similar situations. Hopefully we can produce a finished product some time around April/May

    Thanks for everyone's comments, I am a true believer of "Unity of Effort".