BY BRETT M. MARTINEZ AND JAMES M. McLOUGHLIN
“The Fire Service and Counterterrorism,” in the January 2006 issue, explored the reasons the fire service should become involved in counterterrorism operations and the role it should play. The Department of Homeland Security (DHS) color-coded threat system and its implications for the fire service were also presented. This article explains how to develop an information/intelligence (INTEL) dissemination network and strategies for helping the fire service win the war on terror.
The first step in developing an information/intelligence (or Intel) dissemination network is to identify the type of Intel you will need. Remember, Intel is distributed only on a need-to-know basis. We do not need to know everything, nor should we ever want to know specific Intel. Lives are at risk, and many factors go into developing and analyzing Intel. As with any critical process, the methods and techniques employed have taken years to cultivate. The fire service is a new player in the counterterrorism world, and we do not want to be responsible for any Intel asset’s being lost. Our sole purpose is as an end user. This does not prevent us from developing information for others to investigate and analyze, but it should stop us from taking confrontational action. Before an agency releases any form of Intel to us, we must tell the agency why we need it, what we will do with it, and how we will protect it.
SOME COMMONLY USED TERMS
To understand the type of Intel on which we should be focusing our efforts, it would be helpful to learn the following commonly used terms.
Open Source Intel. Open Source information is gathered or received through noncovert (or overt) sources. They may include the news media, public propaganda Web sites run by the terrorist organizations, or political statements by organizational figure heads or authorized government officials. Intelligence officials who monitor multiple communication outlets usually develop Open Source reports. Intelligence officers take the information, analyze it, and confirm its accuracy by checking it with additional sources. All Intel must be guarded and should not be released to anyone who has not been specifically identified. Once validated, the information is packaged for presentation to the counterterrorism community that would be affected or would be able to put the information to good use.
Actionable Intel. This involves putting the Intel to good use. For our purposes, it is information that can be used to take immediate and direct action to counter a potential or imminent terror attack. The actions could be as simple as securing facilities from public access, implementing high-profile inspections, or establishing rapid response teams to deal with specific target threats.
Operational Security. For the fire service, this term relates to direct preventive action needed to counter (or thwart) terrorist attacks. These operations could take many forms, but the key is security-or more specifically, the methods and tactics we take to establish security. Actionable Intel often is needed to achieve operational security.
Scenario
The following hypothetical scenario incorporates the above terms. Based on Open Source Intel, a Security Threat Advisory provided by the local point of contact (POC) on the Joint Terrorism Task Force (JTTF) has been issued. It instructs all public safety personnel to take all the actions necessary to prepare for attacks on chlorine storage and distribution facilities.
In addition, the DHS has issued a Security Information Bulletin on the common vulnerability of chlorine as a weapon of mass destruction (WMD). Based on this Open Source and other Intel, the National Color-Coded Threat System has been raised to orange for all chlorine storage and distribution facilities.
With this Actionable Intel, we can begin to review all such targets within our jurisdiction and surrounding jurisdictions so we can prepare for an incident at one of these facilities. We might do the following:
• Increase our inspections and confirm emergency contact numbers for those facilities. These inspections will enable us to monitor the bulk quantities of chlorine stored there and supply counts that are ready for transport (these are most easily stolen and deployed as weapons).
• Disseminate preplans of these targets to all responding agencies and make them aware of the potential for such incidents.
• Check and ensure the availability of equipment specific to handling chlorine leaks, including detection and monitoring devices.
• Assess how many trained personnel would be available to handle specialized equipment or devices that might be used at such incidents.
All these actions are examples of Operational Security.
If the news media or the general public asked what we would do in case of a WMD attack, tell them we are constantly training to deal with these potential threats. Do not discuss the specifics of our tactics or the location of our resources that will be used to respond to the threats; we must maintain Operational Security.
During the increased inspections of these facilities, note any unusual interest shown by individuals or groups not related to the industry or public safety. Information on these individuals or groups should be passed on to the POC at the JTTF or the Anti-Terrorism Advisory Council (ATAC) and to other fire service agencies. Notify other fire service agencies with a “Be on the Look Out” advisory (BOLO) of suspicious activity. BOLO advisories should be issued only after consulting with law enforcement counterterrorism personnel.
TYPES OF INTEL
The fire service should focus on Open Source or Unclassified/For Official Use Only (U/FOUO) documents related to WMD and assessments of bomb threats and weapon capabilities and effects. The Intel can be requested from the local ATAC operated by the U.S. Attorney’s District Offices. Fire service executive officers should ask to be placed on the general information alert list for notification by secure e-mail or secure fax. The types of information requested would include DHS advisories/bulletins related to infrastructure threats; vehicle-borne improvised explosive device studies; Bureau of Alcohol, Tobacco, Firearms and Explosives indicators of clandestine explosive manufacturing; and all other bulletins related to threats on hazardous materials transportation and those related to first responders (theft of uniforms, vehicles, and use of secondary devices during recent attacks). In addition, apply for the DHS’s “Daily Open Source Infrastructure Report” (DHS/IAIP), which can be requested at dhsdailyadmin@mail.dhs.osis.gov.
RECIPIENTS OF INTEL
Who in the fire service should receive the Intel? To assist in formulating this network, consult the nearest ATAC coordinator or JTTF (if available) for guidance.1
Once this network is established, formulate methods that will ensure that all necessary personnel will be informed of the general information alerts by methods such as secure mail, daily tour briefings, and secure e-mail or secure fax. Make sure all personnel understand the necessity and importance of securing the Intel. Begin all disseminated documents with a reminder that the information in the document is not for public discussion. Also, ensure that personnel within the network have all the proper points of contact so that the information developed by the fire service will be passed on to the proper investigative agency.
SUFFOLK COUNTY TASK FORCE
The Suffolk County (NY) Terrorism Response Task Force (TRTF) was formed in May 1998 by the Suffolk County Department of Fire, Rescue and Emergency Services and the Suffolk County Police Department. The federal government had recently designated the county one of the top 20 areas at risk for a terrorist incident. After this realization and responding to major incidents (such as the TWA Flight 800 crash), both agencies recognized the need for such a task force. Its members met to discuss the effective ways to prepare for a response. The only way off Long Island (Suffolk County) is through New York City. A number of ferry services offer transportation to Connecticut, but the majority of the transportation systems (all rail and road services) pass through the boroughs of New York City. In addition, a large portion of Suffolk County’s (1.4 million) population works in New York City and commutes using these transportation systems. Any type of incident in New York City would seriously affect Suffolk and neighboring Nassau County.
The TRTF’s original goal was to bring together the public safety agencies within the county to address the response needs during a WMD attack, but it also became a great way to exchange information about threats and stay informed of potential grant projects. The 109 volunteer fire departments, 27 volunteer emergency medical services, and 12 local police departments within the county were able to focus on properly equipping themselves for a terrorist event and also on Intel notification and task assignments.
Today, the TRTF has grown to more than 40 member agencies that include the local town governments; several Suffolk County agencies including Health Services, Sheriff and Parks; New York State agencies including State Police, Court Officers, and the Department of Transportation; federal agencies including the Coast Guard, FBI, DHS, National Parks, U.S. Marshals, and the TSA; and the New York City and Nassau County Offices of Emergency Management. The task force meets bimonthly; working subcommittees meet as necessary. Fire, rescue, and emergency services and the county police cochair the task force.
The TRTF focuses also on how responders would coordinate before, during, and after an attack. Communications (face-to-face, written, and electronic) capabilities are a large part of the TRTF. By establishing these POC networks, the TRTF members remain aware of counterterrorism developments. One of greatest benefits of the task force is bringing the partner agencies together for a common cause, which helps develop a professional relationship before meeting in the field. This promotes trust and fosters cooperation relative to sharing Intel and other information among task force members. It is more comfortable working an incident when you know the players and have developed a working relationship and also to be able to contact an individual about a concern or suspicious activity as it presents itself.
Joint training exercises help to build this relationship. These activities can begin as tabletop exercises that eventually lead to a full-scale drill. The TRTF has organized several exercise scenarios and provided this training throughout the county.
Another focus of the TRTF has been to develop response protocols for WMD incidents that can be incorporated into the SOPs of member agencies. In addition, the TRTF was instrumental in formalizing the mutual-aid agreements necessary for WMD events and determining who would be in charge at such an incident. The TRTF defines each agency’s role ahead of time. This preplan promotes the incident command system and the unified command concept.
The TRTF has been tremendously successful in Suffolk County. If and when another terrorist or WMD incident is attempted, Suffolk County would be better prepared, better equipped, and better trained to respond to the needs of its people because of the task force members’ efforts and hard work.
LESSONS LEARNED AND STRATEGIES
The following are some methods for maintaining vigilance pertaining to potential terrorism threats.
Focus on threat assessment and what constitutes suspicious activity. Be familiar with the potential threats and targets within your jurisdiction. Know what forms of surveillance are in place at the vital infrastructure such as electrical power plants, and monitor activity outside the facility, such as the presence of unidentified vehicles or people photographing potential targets. Alert law enforcement personnel who would be conducting any investigation of suspicious activity. Document any vehicle license plate number and vehicle type that appears suspicious. Most terrorist attacks are well planned and documented. Report any suspicious activity at sites that might be attractive targets for terrorists.
Terrorist Indicators
Not all terrorists are foreign-born or represent international interests. Domestic terror groups are just as dangerous and should be monitored as well. Terrorist organizations are constantly reevaluating and evolving their methods of attack. Stay on top of current trends in terrorist attacks. In the past, the majority of this type of Intel was classified and limited to only a select few. As already discussed, most studies and general threat Intel are now accessible to most public safety personnel.
In the past two decades, there have been some historical trends in domestic and foreign terrorist groups. Consider the following general guidelines when assessing potential threat sites and potential surveillance operations. When the targets are financial trading centers or large government centers, the time of the attacks tends to be between 0800 and 1000 hours, Monday through Friday, and the attack site is on or near mass transit hubs.
Terrorist attacks on resort or vacation sites have occurred between 1900 and 0000 hours near nightclubs, restaurants, or other locations where large crowds congregate during the hours between 1900 and 0000 hours, with an emphasis on Thursday, Friday, and Saturday nights. Most domestic terror groups tend to target individual locations. Foreign terror groups prefer attacking multiple targets simultaneously.
Terrorists often strike at government and civilian targets to instill fear. Since persons engaged in terrorism are trained to blend into their surroundings, it is often difficult to identify them. However, since most attacks are well organized and planned, terrorists generally will conduct training, surveillance and “dry runs” prior to the attack. Sometimes, these activities might provide an opportunity for detecting a terrorist act in progress. Weapons vary in size and type but are designed to harm the greatest number of people within a given target area. WMD deployment will vary with the weapon and delivery system.
The most common types of WMD attacks are biological, nuclear, incendiary, chemical, and explosive (BNICE). Each type requires a specific target and environment within the target area to be effective. BNICE weapons will not be a single-agency or single-region response. Fire service personnel should study each type of threat to prepare for counterterrorism or assessing threats within their jurisdiction and neighboring jurisdictions.
Around the Fire Station
What should you do around the fire station and your administration facilities? First, secure assets, especially apparatus and equipment within the station. Your station, of course, will remain open to the public, particularly those seeking help, but you should assign personnel to observe visitors. Do not allow visitors/strangers to roam the facilities unescorted. The structure would be locked down only when the National Color Coded Threat is raised and government buildings or fire stations have been identified as potential targets.
You can gather Intel on visitors to the fire station by having them sign in and give their address and phone number. When visitors are taking extensive notes using an audio or video recorder or if they ask specific technical questions such as the gross vehicle weight of an apparatus or how many personnel ride it, be sure to ask why they want to know and where they work. If these individuals are offended by your questions or fail to provide identification, write down as much information as possible about their physical appearance. If possible, have them pose for photos with you. Use a camera from the department; focus on the subjects’ features. Pass the photos on to your ATAC or JTTF POC. Make sure any theft or loss of any item with official company identification is reported. In addition, report any attempts to recruit fire personnel for unlawful activity or to unlawfully purchase a vehicle, equipment, or agency identification.
In addition to a description of the individuals, describe the vehicle they used to get to the fire station.
Obtaining Adequate Descriptions
The following information was developed by the DHS, the Federal Bureau of Investigation, and the Federal Bureau of Alcohol, Tobacco, Firearms and Explosives and was adapted for fire service use.
When operating at an incident, report any documents (particularly information written in a foreign language) that show diagrams, drawings, or photographs of potential or identified targets. Because of the potential loss of documents on fire or hazardous-materials scenes, a detailed list of notable items is given below. Keep in mind that terrorist groups usually make and test weapons or components of weapon systems before they are deployed. The potential for fire personnel to respond to a test gone wrong or preoperational test is considerable.
Item List
• Drawings that note sketches or architectural plans of key infrastructure or government sites.
• Documents that are handwritten or typed, in English or a foreign language, that reference targets, weapons, times, dates, and names of individual terrorists or terror groups.
 |
• Photographs that have written messages noting key infrastructure or government sites.
Recommended Behavior
• During the sighting of an immediate or perceived immediate threat, do not approach a suspicious person or challenge him in a way that would place you or others around you in jeopardy. Instead, take down as much information as possible about the suspicious subject (see suspect description form), and contact the responsible law enforcement agency as soon as possible. Points of contact are critical. If all personnel do not know the proper contacts, at least all communication centers should know them.
• If you observe suspicious activity,
DO NOT take direct action.
DO NOT confront the individual.
DO NOT reveal your suspicions.
DO record as many details as possible.
DO notify the appropriate authorities as soon as possible.
WHAT did you see? Be specific.
WHERE did you see it?
WHEN did you see it?
WHY is it suspicious? Do not touch or pick up suspicious packages.
Do not pursue suspicious vehicles or suspects.
WAYS TO IMPROVE OBSERVATION SKILLS
You can improve your skills for observation by doing the following:
• Employ good listening skills.
• Do not let personal feelings interfere with the incident.
• Look at the entire situation before making a judgment.
• Watch for nonverbal communication signs.
• Use feedback to obtain and verify the information report.
• Observe and report. Notify your local police contact.
• Do not become personally involved.
BUILDING A DESCRIPTION
• Person: sex , race, age (approximate), height (use two-inch blocks-for example, 5’8” or 5’10”), weight (approximate, use 10-pound blocks-for example, 180 lbs. or 190 lbs.), build (medium, heavy set, thin, for example), hair (color, long or short), complexion (light, dark, ruddy, olive), facial hair (beard or moustache), peculiarities (scar, tattoos, missing limbs), clothing (from head to toe, style, defects), weapons (if any), and method of escape (direction, vehicle, and so on).
• Vehicle: license plate (most important), year, make, model, and color; body type (two-door, four-door, van, SUV, for example); passengers (number of people in vehicle); damage or anything unusual (logos, for example); and markings or anything unusual.
CASE STUDY
The following case history shows how the concepts discussed in this and the previous article enabled a local Long Island volunteer fire department to play a key role in counterterrorism activity.
In Spring 2005, the Kings Park (NY) Fire Department responded to a structure fire along the village’s main street. During fire operations, firefighters noted items and documents related to terrorist activity. The firefighters became concerned and passed on the information to their officer. The fire officer passed it on to the chief, who spoke with the tenants and the fire investigators. The chief and the investigators were concerned that the subjects were not who they appeared to be. The chief and investigators notified the police on-scene, who informed their chain of command. The police command notified the detectives of the Intelligence Unit, who had Immigration and Customs Enforcement (ICE) pick up the building occupants. An ICE investigation led to the detaining and eventual deporting of the suspects.
This case shows how following through on a concern or “out-of-the-ordinary” subject resulted in positive counterterrorism results. The chain of events and notifications of this case are discussed for a reason. If the concerns related to the apartment’s occupants had been allowed to stop at the first fire officer or first police officer, the individuals would be continuing to plot to this day. It is not enough to pass on information with the hope that it will arrive at the best points of contact. Fire personnel must confirm that the matter is followed through. Not every item we note or see will lead to a major arrest; most information will be nonessential, but we are not in a position to make that call. If something does not appear correct or is perceived as a potential threat, report it. That is the only way the Intel analyst will be given the opportunity to resolve the issue.
• • •
The information in these articles represent only a starting point. Counterterrorism operations are constantly improving to meet all new threats. The biggest expenditure involved in the methods discussed in this series is time-that needed to read and disseminate the Intel. That is a small price to pay when you consider the alternative of doing nothing. ■
Endnote
1. The local JTTF numbers can be found at www.fbi.gov/contact/fo/fo.htm. The U.S. Attorney’s local ATAC can be reached through the U.S. Attorney’s District Office in your area. Ask the ATAC coordinator.
■ BRETT M. MARTINEZ, a veteran of the fire service since 1983, is a fire marshal for the Suffolk County (NY) Fire Rescue and Emergency Services. He is a state of New York-certified level II fire investigator and peace officer and ATF-certified accelerant detection canine handler. He is a member of the U.S. Attorney’s Anti-Terrorist Advisory Council (ATAC). He has an associate’s degree in fire science from Suffolk County Community College and is the author of Multiple Fire Setters: The Process of Tracking and Identification (Fire Engineering, 2002).
■ JAMES M. McLOUGHLIN, a 32-year veteran of the fire service, is a fire marshal with the Suffolk County (NY) Department of Fire, Rescue and Emergency Services and a past chief of the Sound Beach Fire Department. He previously worked in the county’s Emergency Management Office and its Fire-Rescue Communications Center. He has a bachelor of science degree in biological science from SUNY Stony Brook and is a New York state-certified fire investigator II and fire service instructor I and a peace officer.
