By John S. Hollywood, Keith Gierlack, Pauline Moore, Thomas Goode, Henry H. Willis, Devon Hill, Rahim Ali, Annie Brothers, Ryan Bauer, Jonathan Tran

Soft targets and crowded places (ST-CPs) are easily accessible to large numbers of people and have limited security or protective measures in place, making them vulnerable to attack. Examples include sports arenas, shopping centers, schools, transportation systems, and houses of worship. Although attacks on them are relatively rare, they result in significant loss of life and contribute to an atmosphere of fear throughout society. Researchers performed a landscape assessment of the threat to and major vulnerabilities of ST-CPs, existing security measures and initiatives, and ways to improve allocation of security resources. The researchers then developed a road map for future investments and made recommendations for improving ST-CP security and response to attacks. These recommendations include research, development, test, and evaluation priorities to improve prevention and protection, such as seeking methods of deterring and dissuading would-be attackers, more evaluation of the effectiveness of security measures, and developing a model concept of operations for open and nonsecure spaces. In addition, they recommended funding and policy priorities focused on public education and training, providing additional resources to cross-organizational security teams and managers, and increasing funding for access control systems.

Key Findings

• The most-common motivations for attacks are personal, followed by terrorism and extremism.

• Education and private buildings are the most–frequently targeted types of ST-CPs.

• Attacks on ST-CPs with large, accessible crowds, such as houses of worship, shopping malls, restaurants, bars, and nightclubs, have the highest average lethality.

• Layered security strategies, in which measures work together, improve the chance that an attack will be prevented, halted, or mitigated.

• Tips from the public have prevented attacks. Public education on what to report and how, and support for threat assessment teams, would make tips more effective.

• Access control systems, such as locks, secured windows, and secured entryways, have been effective and efficient but need to be trained on and maintained.

• Bystanders and security have both stopped attacks. Groups of bystanders tackling shooters have been highly effective. Training can make responses even more effective.

• Response command, control, and communications need to be improved. Alternatives to traditional, push-to-talk voice radio communications are needed.

• Security measures need more effectiveness and efficiency evaluations. The security community has growing interest in artificial intelligence (AI); evaluations of security systems with AI will be needed as these systems deploy.

Recommendations

• Find ways to deter and dissuade would-be attackers.

• Develop indicators of and education about suspicious seeking of weapons.

• Develop protocols and education for wellness checks.

• Further evaluate the effectiveness and cost-effectiveness of security measures.

• Develop a model concept of operations for open and nonsecure spaces, such as shopping malls and restaurants.

• Continuously track and analyze mass-attack plots.

• Review mass-shooting events to determine whether some ordinary criminal shootings should be treated as mass attacks on soft targets or crowded places.

• Find ways to reduce the mass psychological effects of attacks, including societal fear and secondary trauma.

• Focus on basics, such as provision and maintenance of access control equipment and public education campaigns on what to look for and how to report it.

• Strengthen the system-based, layered security framework.

• Ensure that funding and policy priorities reflect research findings.

• Fund enhanced public education and training on what to report and how.

• Provide additional funding to cross-organizational threat assessment teams and managers.

• Fund enhanced public education and training on how to respond to an active attacker.

• Provide additional funding to cross-organizational security teams and managers.

• Fund and distribute updates of site security guidance documents and training.

• Fund access control systems

Santa Monica, CA: RAND, 2024. 24p.