By Andy Jabbour, Founder and Managing Director, Gate 15.
At Gate 15, we promote a simple idea – understand the threats, assess the risks, take action. The 06 Jan 2020 Siege on the Capitol demonstrated a massive failure in analysis, preparedness, coordination, and security. We strongly encourage the development and release of a publicly shared after-action report to help the public understand how the Siege was able to occur, and to help ensure leaders are held accountable, and responsible, for improvements. Regardless of whether such a report is released or not, there are some simple lessons all security leaders can consider with regards to their organizational security and preparedness from the abject failure of the incident.
“We have a lot of lessons to learn from this,”
acting U.S. attorney in Washington, D.C., Michael Sherwin, at a briefing Thursday, 07 Jan, via the Wall Street Journal.
TL;DR:
- Understand the threat environment.
- When it comes to threats, anticipate what could be, not just what has been and what is known.
- Be prepared for a realistic worst-case scenario.
- Leaders have to expect that things will escalate and prepare accordingly.
- Effective coordination and response need to be developed ahead of time.
- Build security partnerships and develop “hometown security”.
- Be ready to adjust on the fly, because the unexpected happens.
A Note on the Capitol Police. Arianne Cohen did a good job succinctly talking to the Capitol Police for Fast Company. “The building’s security is manned by the U.S. Capitol Police, which is small: The force provides roughly 2,000 officers (with 2,300 employees total, including civilian employees) and is ‘responsible for protecting Congress and the public, and maintaining order while protecting the U.S. Capitol.’ It is overseen by the four members of the Capitol Police Board, with Congressional oversight. The Capitol Building is over 16 acres large, and on Wednesday was surrounded by many thousands of armed rioters.” Cohen continues and touches on the absence of National Guard presence and response.
“The physical breaching and desecration of our temple of democracy must never happen again. This was plainly a failure.”
Sen. Brian Schatz (D-Hawaii), quoted in Politico
No Analysis Required. That there was a clear threat was obvious and it didn’t require breaking encryption or dark web monitoring to identify it. As the New York Times wrote, “The police force… has sole jurisdiction over the Capitol’s buildings and grounds, (and) was clearly outnumbered and unprepared for the onslaught, even as it was openly organized on social media sites like Gab and Parler” (emphasis added). In a separate article, the NYT wrote, “For weeks, President Trump and his supporters had been proclaiming Jan. 6, 2021, as a day of reckoning. A day to gather in Washington to ‘save America’ and ‘stop the steal’ of the election he had decisively lost, but which he still maintained — often through a toxic brew of conspiracy theories — that he had won by a landslide…
“On Monday, several posters in the chat room boards.4chan.org/pol/ said Trump supporters planned to force an evacuation of the Capitol as lawmakers voted to affirm President-elect Joe Biden’s victory in the Electoral College. Multiple posters on a site created last year—TheDonald.win—also discussed storming the Capitol in the days leading up to Wednesday’s attack.”
The Wall Street Journal, 08 Jan.
“But if the chaos in the Capitol shocked the country, one of the most disturbing aspects of this most disturbing day was that it could be seen coming. The president himself had all but circled it on the nation’s calendar. ‘Big protest in D.C. on January 6th,’ Mr. Trump tweeted on Dec. 19, just one of several of his tweets promoting the day. ‘Be there, will be wild!’” (at the time of this writing, that tweet can no longer be verified as Twitter has suspended Donald Trump. It was also reported via Yahoo! News on 20 Dec but the tweet will not load at this time.).
Given the close and very partisan and divided election, the President’s continual denial of defeat, his supporters’ publicly planning to protest, and previous incidents that have escalated to violence such as recent anti-mask protests, “stop the count” protests at polling places, and other confrontations, the very real potential of escalation was more than obvious.
“The secretary of the Army and the chief of D.C.’s police force acknowledged Thursday that they did not expect President Trump’s supporters to try to enter the Capitol building, despite extensive online conversations in which far-right groups publicly discussed their plans to do just that.”
The Washington Post, 07 Jan.
As the events of 06 Jan progressed, security leaders should have been actively monitoring the developments, to include watching the demonstrations and observing the language used by Rudy Giuliani and President Trump as they were encouraging action and exciting the crowd.
“I know that everyone here will soon be marching over to the Capitol building to peacefully and patriotically make your voices heard… If they do the wrong thing, we should never ever forget that they did. Never forget. We should never ever forget… We must stop the steal and then we must ensure that such outrageous election fraud never happens again… So we’re going to… walk down Pennsylvania Avenue… and we’re going to the Capitol and we’re going to try and give… The Democrats are hopeless… But we’re going to try and give… them the kind of pride and boldness that they need to take back our country…”
President Donald Trump, 06 Jan, via rev.com
When the President said that they would march on the Capitol, that should have been a clear trigger to increase security immediately and request support as the crowd and events had the clear potential to get out of hand quickly. Flashpoints and escalation can occur in moments. Leaders need to anticipate those and prepare accordingly, ahead of time and as events develop.
“Three days before supporters of President Donald Trump rioted at the Capitol, the Pentagon asked the U.S Capitol Police if it needed National Guard manpower. And as the mob descended on the building Wednesday, Justice Department leaders reached out to offer up FBI agents. The police turned them down both times, according to senior defense officials and two people familiar with the matter.”
AP, 08 Jan.
A Failure of the Imagination… Beyond known information and established, credible and / or imminent threats, leaders need to anticipate what could be.
“There was no intelligence that suggested there would be a breach of the U.S. Capitol…”
D.C. Police Chief Robert Contee III, via The Washington Post, 08 Jan.
A consistent failure among leaders – in the military, in government, in law enforcement, and in the private sector, is a failure of the imagination. No one expected 9/11, we were not ready for the 2017 WannaCry ransomware attack, we were pathetically ill-prepared for the COVID-19 pandemic (despite calls for preparedness since the Bush Administration in 2005), thrown for a loop by the recently discovered SolarWinds compromise and the complexity of supply chain risk, and we weren’t expecting a Christmas morning attack on soft target critical infrastructure in Nashville… Today, we are still not ready for a pandemic – even as we fumble our way through a fairly gentle one in comparison to what could be coming next. We’re not ready for the inevitably coming catastrophic earthquake that will happen in California, off the Pacific Northwest, or along the New Madrid Seismic Zone. We’re not prepared for an extended blackout. We’re not ready for a long-lasting internet disruption… Leaders need to get their heads out of the past, while understanding both past and present, and anticipate the future and evolving threats. Since 2017, our team at Gate 15 has been banging the drum about blended threats. DHS CISA has recently shared new guidance on this convergence. Blended threats have already begun to occur, and more dangerous ones are coming. A complex coordinated attack is coming. That “There was no intelligence” to suggest a particular threat was present does not mean we don’t need to be prepared – at least to some reasonable level – for what could still happen.
Be Prepared for a Realistic Worst. In the military, one plans a variety of “courses of action”. These often include most dangerous and most likely options. Counting on a best-case scenario is foolish, arrogant, and dangerous. As a young captain in the Army on the ground in post-invasion Iraq in 2003, I heartbreakingly witnessed the results of the poor planning by the Bush Administration for a conflict sold as one for which we would to be greeted with cheering crowds and waving flags, a cakewalk as many suggested. As Bob Novak wrote back then, it was certainly no cakewalk.
It is an imperative for leaders to understand worst-case scenarios, and to invest time and resources into planning for realistic worst-case scenarios. No, maybe don’t plan for a nuclear device detonation, but plan for a potential escalation and attempted breach. When planning, leaders have to anticipate that things will escalate and then plan and prepare accordingly. Identify and understand key decision points and actions that need to happen when thresholds are met. That didn’t effectively happen in D.C.
“This was a piss-poor planning performance… They weren’t prepared for whatever reason. They weren’t prepared to protect the Capitol. Shame on them.”
retired NYPD Deputy Chief Thomas Graham, former commanding officer of the department’s Civil Disorder Unit, via The Daily Beast
Joe Scarborough, as quoted by The Daily Beast, had some pointed, and fair, comments on 07 Jan, but the blame can’t be put on the Capitol Police alone, though their absolute failure is evident (here’s one example). As The Washington Post reported, “On the streets of Washington, federal law enforcement agencies and the National Guard — which had been intimidatingly visible during protests this summer following the death of George Floyd — kept a much lower profile. And at the Capitol itself, police had set out low barriers and officers were largely in street uniforms, not riot gear. All were prepared to confine a protest, but not to deter an attack, law enforcement officials said… One woman was shot and killed by Capitol police as officers tried to stop a group from penetrating the building, according to two law enforcement officials, who, like others interviewed for this report, spoke on the condition of anonymity to describe security operations. But other police seemed to stand by, observing the disorder instead of stopping it: One image posted on social media showed an officer taking a selfie with one of the intruders, and a video seemed to show officers opening the security fence to let Trump supporters closer. Police did not appear to try to detain the rioters, allowing them to leave unhindered. One even held a woman’s hand to steady her on the Capitol steps.”
“‘This lack of planning led to the greatest breach of the U.S. Capitol since the War of 1812,’ when British forces burned the Capitol”
Gus Papathanasiou, head of the Capitol Police union, via The Washington Post, 08 Jan.
When there is a known event with a strong possibility of escalation, security needs to be ready. One can think of recent events such as controversial speakers on college campuses for examples of how local law enforcement prepared additional reserves of personnel in riot gear and National Guard presence. Partially as a deterrent and partially to be prepared, robust security was on hand. As noted in many comments in the last few days, there was no shortage of federal reinforcements during protests this summer. While it is good to see Acting DHS Secretary Wolf condemn the Capitol violence, where were the DHS resources that we saw in DC and other cities earlier this year? DHS was unprepared for the coronavirus and was not seemingly prepared to support the Siege. But what about the Mayor’s office and the DC police?
“In a letter to federal officials on Monday, Washington Mayor Muriel Bowser urged federal law enforcement to maintain a light footprint for Wednesday’s protests, seeking to avoid the type of show of force that had inflamed tense situations in the city last year.”
The Wall Street Journal, 08 Jan.
Washington, DC maintains a Homeland Security and Emergency Management Agency and has a fusion center in the National Capital Region Threat Intelligence Consortium (NTIC). The NTIC was monitoring events on the day of Siege – certainly aware of potential escalation. The Metropolitan Police Department is the primary law enforcement agency for the District of Columbia. Given the potential of escalation and the close proximity of pedestrians and private businesses – offices, transportation, etc. – law enforcement beyond the Capitol Police should have been prepared for potential escalation and response. It does not seem anyone anticipated the potential escalation and neither law enforcement in and around the Capitol nor the decision-makers that could bolster the response were prepared.
“Army Secretary Ryan McCarthy, who directs Washington’s National Guard, said Thursday that U.S. officials believed the protests would be similar to other recent pro-Trump protests in Washington. He said they ‘had no wildest imagination that you could end up breaching the Capitol grounds.’
“At the Department of Homeland Security, an intelligence unit that commonly issues threat assessments to law enforcement decided not to do so for the protests, believing they didn’t pose a significant security risk, people briefed on the matter said. The assessments are usually jointly issued with the Federal Bureau of Investigation. Neither agency would comment.”
The Wall Street Journal, 08 Jan.
“In memos issued Monday and Tuesday in response to a request from the D.C. mayor, the Pentagon prohibited the District’s guardsmen from receiving ammunition or riot gear…”
The Washington Post, 07 Jan.
A Failure in Coordination. Jurisdictional boundaries and jurisdictional authority can complicate the response of law enforcement, National Guard forces, and other responders during an incident, and that there had been challenges in securing the Capitol previously was known (for example, see “There’s a history of garbled law enforcement communication during threats to the Capitol,” NBC News, 09 Jan). These aren’t new issues and ideas like the Multiagency Coordination System (MACS) and Incident Command System (ICS) developed from firefighting coordination challenges identified in the 1970s. More recently, DHS has put a lot of time and resources into the Multi-Jurisdiction Improvised Explosive Device Security Planning (MJIEDSP) program, a program to assist “with collectively identifying roles, responsibilities, capability gaps, and how to optimize limited resources within a multi-jurisdictional planning area.” Given the potential escalation of an incident into areas outside of the Capitol Police’s responsibility, and with the potential of needed reinforcements, coordination should have been (far) better planned.
The federal government does this on a regular basis for major events, National Special Security Events (NSSE), and with multi-jurisdictional and private sector partners, such as in planning for the Super Bowl. Key leadership for security on the day of the Siege had experience in planning those exact types of events.
“Sund served more than 25 years with the Metropolitan Police Department in Washington, D.C., retiring as the commander of its special operations division, according to a biography of him on the USCP website. ‘During his career, Sund coordinated a number of National Special Security Events by the Department of Homeland Security, to include the 2001, 2005, 2009, and 2013 Presidential Inaugurations,’ it said.”
Fox News, 08 Jan.
Given, some of those events start planning and coordination a couple years out, but also given previous events in the Washington, D.C. area, some of that experience should have been available to inform coordination planning. It was widely believed that this was going to be more intense and divisive than the usual presidential election certification, which is traditionally a non-event most Americans don’t even notice.
DHS has been promoting the idea of “Hometown Security” for a few years now. Basic actions “to mitigate risk and enhance the security and resilience of public gathering sites and special events.” Part of that is the idea to Connect, Plan, Train, Report.
- CONNECT: Reach out and develop relationships in your community, including local law enforcement. Having these relationships established before an incident occurs can help speed up the response when something happens.
- PLAN: Take the time now to plan on how you will handle a security event should one occur. Learn from other events to inform your plans.
- TRAIN: Provide your employees with training resources and exercise your plans often. The best laid plans must be exercised in order to be effective.
- REPORT: “If You See Something, Say Something™” is more than just a slogan. Call local law enforcement.
This is good, simple guidance. Guidance is only effective if heard and implemented.
“The riot through the Capitol building laid bare the disjointed and overlapping nature of law enforcement authorities tasked with policing protests in the nation’s capital.”
The Wall Street Journal, 08 Jan
Always Have Your Tap Shoes Ready. Planning is important. Coordination and preparedness are vital. But for all the things we do to get ready – “left of boom,” as we often say in the security world (to describe activities that occur before an explosion, be it literal or figurative) – things will inevitably go in some “other” direction and require us to adjust. An oft referred to quote comes from boxing legend Mike Tyson in response to a reporter’s question as to whether he was worried about an upcoming bout with Evander Holyfield. “Everybody has a plan until they get punched in the mouth.” In the Army, we’d often say that a plan only last till you cross the line of departure – essentially, when a unit would move out on its mission. Since we can’t plan for every contingency and we can’t plan for what people will do in a given security environment, leaders need to always be prepared to pivot, make decisions, and quickly respond to events as they develop. While this is something done in the moment, preparing ahead of time – plans, procedures, decision points and processes, coordination for response and reinforcement, etc. – will facilitate an effective change in direction and response to the unexpected. The ability to pivot is vital to lead elements in security, and those who may be in a support role, or potentially impacted by evolving situations.
“early Wednesday afternoon, (Capitol Police Sund) made an urgent plea for backup from 200 troops during a call with top Pentagon and city officials, according to officials familiar with the call. On the call… Sund was asked whether he wanted help from the National Guard. ‘There was a pause,’ one of the D.C. officials said. And Sund said yes. ‘Then there was another pause, and an official from the [office of the] secretary of the Army said that wasn’t going to be possible’ … the “optics” of soldiers inside the Capitol building was not something they wanted”
The Washington Post, 07 Jan.
The Capitol Siege was a complete failure, but the aftermath doesn’t have to be. Leaders on site and supporting organizations – across the board they failed to do their jobs effectively. There is very little that seems to have gone well. Some have already resigned due this abysmal effort. Others need to be held accountable. In the heat of the current environment, the finger-pointing is mixed up with political wrangling and a lot of emotions. For leaders, there is a lot to learn from the sad day our Capitol was attacked by overzealous loyalists to Donald Trump. The political fallout will come, the law enforcement response to arrest and punish the traitors is aggressively underway. In the chaos of the start of 2021, let us not lose the lessons we can draw and consider as we move forward into what remains a very complex environment.
At the time of this writing, there is continued concern regarding potential follow-on threats relating to the Capitol Siege. Americans should find some comfort in knowing that the planning and preparedness for the 20 January Inauguration is much more robust, and that, especially following the Siege, we feel confident that a response will be much more vigorous and effective.
Statement from the U.S. Secret Service on Inauguration Security.
“The inauguration of the President of the United States is a foundational element of our democracy. The safety and security of all those participating in the 59th Presidential Inauguration is of the utmost importance. As the lead agency for all National Special Security Event (NSSE) security operations, the U.S. Secret Service is responsible for designing and implementing an appropriate operational security plan, which is carried out in concert with partners charged with specific areas of management and response leading up to and throughout the event. For well over a year, the U.S. Secret Service, along with our NSSE partners, has been working tirelessly to anticipate and prepare for all possible contingencies at every level to ensure a safe and secure Inauguration Day.”
Understand the Threats.
Assess the Risks.
Take Action.
Understand the threats! Subscribe to our free daily paper and subscribe to our podcasts!
Take action! Our team is here to help you build the relationships and capabilities you need and to assist in the development of plans, training, and exercises to support your ability to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk to your organization in our complex, all-hazards environment.
