Gun violence threats to critical infrastructure are the “new normal” – implementing mitigation strategies can immediately boost your security posture, says Brian Harrell, Shooter Detection Systems Advisor and Critical Infrastructure Security Professional.

Threats to critical infrastructure

Time and again, we are heartbroken by the news of another mass shooting. 

Critical incidents such as school shootings, workplace violence incidents, domestic violence attacks and extremist threats are occurring with alarming frequency.

Throughout the first half of 2023, the US has had no reprieve from its epidemic of mass shootings.

As of mid-July, the Gun Violence Archive has counted nearly 400 mass shootings in the US this year.

Recent increases in gun-related violence stress the need for the critical infrastructure community to prepare for an active shooter incident. 

All security professionals should plan now to improve their resilience against gun violence threats.

This includes building a comprehensive response and recovery plan, using technology like gunshot detection to detect gun violence in and around your facilities and then exercising your security plans to respond to an active assailant. 

Seems straightforward, yet critical infrastructure security professionals struggle to find the time and resources to mitigate such a threat and then exercise their planned response.

Active shooter situations at critical infrastructure sites are unpredictable and evolve quickly.

Typically, these situations are dynamic and evolve rapidly, with immediate deployment of law enforcement officers to stop the shooting and mitigate harm to innocent people.

As active shooter situations are often over within 15 minutes, before law enforcement arrives, organizations must prepare their staff for an active shooter situation. 

Now is the time to assess, mitigate and educate your critical infrastructure company.

Your organization’s security measures, or a lack thereof, could be scrutinized if your property experiences an active shooter incident.

This information will be reviewed. If your business neglects to create or implement proper security measures or emergency action plans, you’re at greater risk of liability.

If your company fails to initiate steps to avoid or minimize a shooting, your company may be held liable for third-party injuries and damages.

Specifically, your critical infrastructure company has a “duty to warn” or inform all necessary parties and take preventive measures when identifying any potential onsite hazards.

For instance, your company could be considered liable if the mass shooter was an employee who had repeatedly displayed violent or threatening behavior and your response was considered inappropriate.

Security planning recommendations

1. Identify key roles and responsibilities among stakeholders in crisis management, internal communications, business continuity, human resources and other related roles. List their positions, their responsibilities related to the security procedure and their contact information
2. Disseminate the information to stakeholders and plan for how you will inform employees, visitors, non-English speakers and individuals with impaired vision or sight. Ensure a clear and effective information dissemination plan, making certain that the documentation is readily accessible and not difficult to access. Remind stakeholders that have emergency action plan roles to review and commit their responsibilities to memory
3. Maintain up-to-date contact information and keep your documentation current. Assign a human resources or administrative staff member the role of keeping contact information up to date to allow for personnel and role/responsibility changes. Consider assigning roles to junior staff members to offload some of the more administrative tasks related to collating and disseminating the information once the plan is approved or when it is updated. When employees feel connected to the plan, they are more likely to internalize their roles and responsibilities when an emergency happens, even if their role is to simply arrive and stay at their assigned reunification spot until the incident is resolved
4. If you are using gunshot detection or other advanced technologies, build easy-to-understand information about how these systems work into your emergency action planning, including how systems integrate to disseminate emergency information, so there is no doubt or confusion about the information coming from these systems in a live emergency
5. Train your employees so they know how to react to an active shooter situation. This can include workplace active shooter training programs such as the “run, hide, fight” model and training on how to engage with responding officers and emergency medical services. Train regularly and update all employees when there are changes to security protocols that impact their training. Work with human resources to ensure that all employees take the training and receive all updates

Establish effective co-ordination with first responders

It is vital to meet with law enforcement in advance of any incidents at critical infrastructure sites to build a rapport and communicate your plan to them.

Establish a law enforcement liaison person or team who is responsible for acting as the point of contact during emergencies.

This team should collaborate closely with police leadership, inviting them in as a partner in the process.

This would include an invitation to the property where the liaison team can provide comprehensive information about the internal emergency action plan and the layout of the facilities and campus to ensure smooth access during emergencies.

Emphasize the importance of this relationship with the liaison team.

This step cannot be overstated, as close collaboration with law enforcement authorities can significantly increase the chances of saving lives during critical situations like an active shooter event.

This is especially true when gunshot detection systems are a part of the technology stack you’re using to detect and respond to incidents.

Educate your local law enforcement on how you’re using the system and involve your security integrator or gunshot detection manufacturer into the partnership to answer any questions police might have about how the system works.

Technology can act as a force multiplier and gunshot detection serves as a valuable tool in the critical infrastructure security department’s arsenal, enabling rapid response and effective mitigation of shooting incidents.

Consider the emergency action plan as a well-organized toolbox, where each tool has its designated spot and everyone knows how to use them.

Ensuring easy accessibility and clear understanding of the plan to protect critical infrastructure is essential, since the safety and lives of your people rely on it.

About the author

In 2018, Brian was appointed by the President of the US to serve as the sixth Assistant Secretary for Infrastructure Protection at the US Department of Homeland Security.

He was also the first Assistant Director for Infrastructure Security at the Cybersecurity and Infrastructure Security Agency (CISA).

He has spent time during his career in the US Marine Corps and various private sector agencies with the goal of protecting the US from security threats.

Make sure to keep an eye out for the next installment of the Shooter detection miniseries, coming 11 September. Find our previous installment here.