'Soft Targets' Remain Vulnerable to Terrorist Attacks


Once the drama in Boston is over, attention will inevitably turn to how to prevent another terrorist attack on an event with limited security.

These so-called soft targets–places like malls and movie theaters, as well as sporting events–have always been vulnerable to terrorist attack, especially given how much harder it is to attack aircraft since 9/11. But until Monday’s deadly bombings, it wasn’t a fear for many people.

After the Sept. 11 attacks, security was boosted for airports, government offices, and other high-profile "hard" targets as well as nuclear and chemical plants. And while local authorities were given technologies and resources to respond to an attack--more paramedics and mobile command centers--their ability to prevent attacks on soft targets remains limited--whether it's a crowded mall during the holiday shopping season or an outdoor summer concert.

“You have to combine the ability to allow people to go in and out and do what they want to do on a normal basis, and separating those who are intent on doing bad things,” said Bob Liscouski, who served as assistant secretary for infrastructure at the Homeland Security Department from 2003 to 2005.

The idea of placing a metal detector in every mall in the U.S., Liscouski said, is not realistic. So, what’s stopping a terrorist from going to a department store or a sporting event and causing mass casualties? 

In all reality, the only real limits for terrorists to attack these locations comes down to their desire to carry out the attack and their accessibility to the types of materials they need for the attack—whether it’s for a bomb of some sort or another high-impact weapon. It’s a low-cost task with a high impact.

One encouraging note, say experts, is that the kinds of things that help prevent attacks on hard targets will help at least a bit with soft ones--border security, surveillance cameras, confidential informants, and so on. Those safeguards probably wouldn't have helped prevent the Boston Marathon bombings, but they could conceivably forestall other attacks on targets, hard or soft.

The idea is to prevent those who could do harm long before they load up a pressure cooker with an improvised explosive device. Experts also point to the importance of making sure that mental-health services are available and to encourage mental-health professionals to come forward if they think their patients are a danger to themselves and others. No system of attack prevention is flawless, of course. But a quilt of different solutions can help. Unfortunately, while there are expensive but relatively simple solutions for preventing hijackers from ramming a plane into a building--more security guards, hardened cockpit doors, air marshals--the idea of distinguishing a troubled adolescent from a troubled adolescent killer can't be solved by hiring a few more TSA agents.

“The government can never guarantee 100 percent security,” said Rick Nelson, a senior affiliate at the Center for Strategic and International Studies. “And even if they could, we wouldn’t want to pay the cost both in terms of dollars and in the erosion of civil liberties.”

Where local authorities can make the most difference happens right after an attack takes places, using surveillance technology, social media monitoring, or even license plate readers to catch suspects.

“Not everything is a technology solution, but there is a lot of great technology can be applied that can give you a better sense of situational awareness,” Liscouski said. “You may not be able to prevent the incident, but you can certainly enhance the response rate to limit the amount of damage.”

But for many locations, the resources aren’t there. A security officer at a mall being paid $10 per hour cannot properly respond to a terrorist attack. The burden of the cost of boosting security for these soft targets falls on the owners of the locations, whether it's a stadium or a movie theatre. For example, the real estate group that owns a mall would have to invest heavily in security. And until there’s a mall bombing at a mall, the likelihood this investment would take place across the country is remote.

At its root, one way to detect and stop an attack, Nelson explains, is simple and for those in Washington well-known: If you see something, say something. Homeland Security officials consistently say that everyday Americans should continue to stay vigilant and aware of their surroundings.

“Every individual, every American has a role in this, a responsibility,” Nelson said. “If you are aware of suspicious packages or know first aid, those type of skills are critically important to building a developing a resilient society that can overcome these kinds of events more quickly.”

The news surrounding the Boston bombings will fade, and Liscouski warns this will be the time when an attack will be most likely.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.