Call Us 833 759 3271
Available 24/7
Contact Us

What could have been done to prevent a mall attack like Nairobi?

What could have been done to prevent a mall attack like Nairobi?


ABC news image westgate

It’s not necessarily that we need “More” security, We need smarter security practices.   This means far better training for security professionals.  There are great tools and gadgets that enhance security, but at the end of the day, It’s the human factor that will detect or deter an attack like the one in Nairobi Kenya.  The Westgate mall was a natural target for Al Shabaab.  The nation of Kenya and the terrorists had a long history between them.  The mall should have started with acknowledging that the venue was likely a high value target.  Kenyan forces with western support  defeated Al Shabaab in Somalia.  There should have been a recognition that a venue in Kenya  that drew large crowds and was frequented by foreign tourists would be  a natural target.  The security posture did not adequately reflect or address  this reality.  Conducting a thorough threat assessment which looks at who would want to target the venue and what type of access/capability would they have if they chose to act is the key first step in preventing this type of attack.  Once you have identified potential threats, you begin your risk mitigation strategy.    Malls and other venues are designed for the free flow of large amounts of pedestrian traffic.  Entry/exit points are not strictly enforced because the mall is designed to invite people in rather than turn them away.  Once inside, most of your retail shops are single entry/exit points to funnel people in to natural choke points so that they maximize the amount of time that the shoppers eyes are on the retailers wares.

  Effective security is accomplished with a concentric ring or layered approach.  Every ring is a barrier that an attacker must breech or negotiate which in turn buys the person or facility time.  More time means that the attacker has to commit more resources and possibly expose themselves and their intentions in order to breach each ring.    There is an outer ring which is your demonstrable security.  A second layer that is composed of surveillance detection efforts. A third layer which is attack recognition skills and the final ring,  your attack  “counter-measures” meaning the hard skills that you use to repel an attack.  Every attack  has its own set of events that have to take place in order for an attack to be successful.  It’s called the Attack cycle.   We break it down into 5 key components:
1. Target Selection
2. Target Surveillance
3. Planning stage
4. Attack execution
5. Escape and exploitation
The  attack cycle is just like the old “Fire Triangle” that you learned about in grade school and any safety training that you  had at work.  If you remove any component of the Fire triangle, (Heat, Fuel, Oxygen) You can’t have a fire.  Its the same with the attack Cycle.  If you remove any one part of the components of the attack cycle, You can not carry out an attack.   Out of those 5 components, You realistically control the first two.  The bad guys are not going to invite you in on the planning stage, and the last two are all post action events.  The horse is out of the barn by then.  That does not mean that there are  not mitigation strategies for them, but I am going to focus on the two most important.  Of the two, the Surveillance phase is the most critical.
The mall in Kenya was chosen because it was perceived as a soft target.  I am sure that Al Shabaab looked at several different venues as potential targets, but they settled on the mall because it gave them the most bang for the buck.  (Surveillance told them that)  The security at the mall as in any mall in the western world was perceived to be ineffective against a dedicated aggressor like Al Shabaab, Al Qaeda or any decently armed lone wolf.   For retail groups and security companies,  who you hire and maintaining certain professional and physical standards is extremely important.  Part of your “Demonstrable security measures is the security staff.  Generally, security personnel at a mall are there to deter retail theft, not necessarily prevent a terror attack. When an attacker is in the selection phase,  who and what your facility represents and the exposure that a terror group would gain by attacking your facility are realistically elements that are out of your control, however, the professionalism  that your team displays and how your security team carries themselves as they perform their job are elements that you do have control over.  Other factors you control such as Entry/access points, CCTV coverage all play a critical role in their decision-making process.  You must understand that the layout of a mall also makes for an ideal attack site because of its design.  Large crowds of people can be herded like cattle toward a waiting ambush team.   (I don’t know if this happened in Nairobi, but i would not be surprised).    An effective security posture must also encompass a malls retailers and facility maintenance  staff members.  Raising their alertness level is a key mitigation strategy.  As the attack has shown, everyone there has a “stake” in effective security.
  You can limit the likelihood of being chosen for an attack if you look like a hard target.  This starts with raising the awareness levels of all parties involved.  Invest in quality training of your security staff to spot unusual or suspicious behavior.   Physical or “demonstrable security” practices such as placing overt security measures as you enter the grounds like  vehicle tag readers at all vehicle entry points, parking lot cameras, metal detectors at all pedestrian entry doors, once inside, highly visible camera systems and integrating  pattern recognition tools.   Security Patrols that are not only looking  inward but also understands that this type of threat starts well beyond the parking lots.  Inside the facility you can highlight emergency exit points inside the retail establishments so that pedestrian traffic will not be channelized into kill zones, but disperse large crowds in random patterns which takes away the ability to broadcast extreme casualty rates.
 When we teach Counter-Surveillance, I tell my students that there is no such thing as a “sucker punch”, just missed cues by the victim that an attack was imminent.  It is the most critical phase for an attacker whether they are an armed Terrorist group or run of the mill criminal.  It is the most important part of the attack cycle because it is the one and only time that the attacker will have any interaction with their intended victims.  They have to obtain essential information meaning that they will either have direct contact with the victim or they will be orbiting around the peripheries of the intended attack site. This is when a series of pre-incident indicators will begin to appear.  The key to spotting the pre-incident indicators is well-trained counter-surveillance team.  Using effective Counter-surveillance tactics such as overt security measures made up of uniformed patrol teams that prohibits surveillance as well as covert surveillance teams who are specifically trained to identify surveillants is critical.  There is a whole host of technology that is available to aid in counter-surveillance, Facial recognition software to integrate into camera surveillance platforms, Tag readers and other technological advancements are great tools, but at the end of the day, It’s the human interaction that is key in spotting Surveillance or suspicious behavior.   Take away the ability of an attacker to surveil their intended target, you take away their ability to carry out a successful attack.

Leave a Comment