What it's like to respond to a bomb threat

Fredrick Foster, vice president with Andrews International, is an authority on recognition and response to potential violence.

Fredrick Foster: I was a police officer before I migrated into the world of private security. Back in the day, we used to respond to bomb threats. Law enforcement agencies don't typically do that anymore. There are a variety of liability reasons for that and also couple of practical ones, but we used to regularly do bomb searches.

For the last 20 years, I've worked as a contract security manager and have been helping clients deal with these types of problems. I teach response tactics to client emergency-response teams and security managers.

Also see A procedural checklist for handling a bomb threat in CSOonline's Security tools and templates resource center

Over 98 percent of all bomb threats are false—and very few actual bomb incidents, where someone successfully plants an explosive device, are preceded by threats. But with both, a small business can be targeted as much as a giant corporation, or a school system, or a church or synagogue.

What it's like to...

* ...get hit with a DDoS attack

* ...steal someone's identity

* ...dodge IED bombs

* ...see all our "What it's like" stories

A well-prepared organization has an emergency-response team. It's very common in today's corporate environments to have people who are volunteers, or in some cases even compensated for the extra duty and responsibility of being emergency responders for everything from medical emergencies to fires to evacuations due to bomb threats. In well-organized companies, the primary gatekeepers of the corporation—the receptionist for example, because nearly 100 percent of bomb threats are perpetrated by telephone—need to be trained. Ideally, everyone is oriented to the fact that when any person within the organization receives a bomb threat, there are certain things they need to do.

Various law enforcement agencies, including the FBI's bomb data center, provide a formula for responding to such a threat. The one from the FBI is actually on card stock and is small enough that you can keep it right with you near your phone. It contains the essential questions you need to ask if you get a threatening call.

There needs to be a calmness and a matter-of-fact quality to a well-managed call. There's no point in getting hysterical. There are certain things you are trying to get from the caller. But I can tell you that in well over 98 percent of all bomb threats, there isn't any conversation at all. It's a one-sentence conversation. The caller says, "There's a bomb in your building." That's it.

We train people to ask questions like, "Where is the device in the building? When is it going to go off? Why are you doing this?" The most important thing to find out is when. The second most important thing to know is where. The third is what it looks like.

Obviously if you can get all the way to "Why are you doing this?," it's a signal that it is indeed a genuine threat. If the guy is on the phone with you that long and is willing give that much information, there is a high chance it is real. Specificity is a defining feature of a valid threat.

What are the motivations for someone to make a bomb-threat call? The first is an overwhelming desire to cause destruction, panic, concern and anxiety. If a person is calling and there is a device, it could be that the bomber wants to cause terrific property damage but doesn't want to hurt anybody. In fact, that's the reason a great number of actual bomb incidents occur during non-business hours. You'd be surprised how often that is the case. They want to strike out against the organization, but they don't want to be guilty of murder.

Once you've received a threat, there's a general assumption among the public at large that the threat automatically means everybody leaves. But with all the companies we're working with, I can't think of a single one that in a knee-jerk reaction evacuates the building simply because a threat was made.

Also read Safe driving: How to back out of a kill zone by Tony Scotti

First of all, we know that 98 percent of bomb threats are false. Secondly, if it's a vengeful employee who wants to create disruption or, for example, it's Friday afternoon and someone decides they want a long weekend, they might call in a bomb threat.

Whatever the motivation might be, there's a definite trend that if you automatically evacuate the building, that pretty much ensures that you haven't had your last bomb threat. You're going to see more.

There are some other factors that are not generally considered. One is that, according to the Bureau of Alcohol, Tobacco, Firearms and Explosives, it's generally accepted that 80 percent of devices—roughly 8 of 10—that are planted are not left inside the building and but outside, on the perimeter. That's the most effective place to put a bomb because it's easier to get access. Consequently, if we take people that may be relatively safe inside the building and tell them to evacuate, we may have just taken them to straight to the device.

We recommend to clients that if they evacuate all or part of the building, then they should choose rally points that are at least 300 feet from the building and educate the workforce about them in advance. We also advise that they stay away from parking lots as rally points because anyone who pays attention to the news knows that in this day and age, the favorite delivery method for an explosive device is a vehicle.

How do you avoid panic? In the real-life incidents I have been involved in, I have never had anything that even remotely bordered on panic. Actually, the opposite is true. Most of the time the real problem is getting people to take the evacuation order seriously. Getting people to actually leave the building or, for that matter, getting them to stay out of the building if a search is under way, is more of a problem than panic.

This story, "What it's like to respond to a bomb threat" was originally published by CSO.

Copyright © 2010 IDG Communications, Inc.

9 steps to lock down corporate browsers
  
Shop Tech Products at Amazon