ShooterHeightened alerts for terrorist activity have prompted many to review their response procedures for armed intrusion, particularly after the Lindt Café Siege in Sydney’s Martin Place in December 2014.

There had been a number of mass shootings committed in Australia prior to the introduction of national gun laws by the Howard Government in 1996. Of particular interest to security and property managers are the Queen Street Massacre (1987), Strathfield Plaza Massacre (1991) and Port Arthur Massacre (1996).

Each shooting incident was over in less than 15 minutes. The Port Arthur spree involved multiple locations, with 20 of the 35 victims killed within two minutes at a café and gift shop. Although the change in gun laws has limited access to the types of weapons used, it is still imperative that building management and security are prepared.

The Australia Post building at 191 Queen Street, Melbourne was the scene of the December 1987 murders. A rampage by 22-year-old Frank Vitkovic in his attempt to shoot a former friend and anyone else was fortunately restricted by a faulty M1 Carbine. He still managed to kill eight people and wound five others before plunging from an 11th floor window to his death.

The Strathfield Massacre occurred on Saturday 17th August 1991 at Strathfield Plaza and is considered one of Australia’s worst and most violent crimes. Within a ten-minute period, 33-year-old Wade Frankum, armed with an AK-47 rifle, knife and machete, killed seven people and seriously injured six other people before turning the gun on himself (Jones, 2011).

On Sunday, 28th April 1996, the name Martin Bryant was infamously etched into Australian history. His murderous onslaught at the Broad Arrow Café and surrounds of Port Arthur resulted in the death of 35 people and 23 injured. His initial shooting spree lasted 15 seconds, with 17 shots fired, 12 people dead and 10 injured. The sequence of events into the wanton killing of so many people is too much to describe here. His arrest after setting fire to the Seascape Bed and Breakfast ended the carnage.

What is the profile of a mass shooter? Usually, a white male, 20 to30 years old, isolated by choice, with feelings of insignificance, who usually commits the crime for revenge (Pappas, 2012).

Vitkovic, Frankum and Bryant all had psychological issues. Frank Vitkovic would have been certified as insane if he had been referred to a psychiatrist instead of a Scientology course. Frankum was diagnosed with depression after the death of his father and suicide by his mother. His diary showed a decline from loneliness to murderous intent. Bryant was intellectually moderate with an IQ in the mid-60s and bordering on schizophrenia. His behaviour deteriorated markedly following the deaths of his carers – his father and a female mentor.

Is there anything that can be learned from each incident? It is impossible to predict when they might occur. Security and building management must rely on others for early identification and intervention to prevent such events. However, they must be prepared for when the system fails. The following examines the security that exists in most modern buildings.

CCTV is a great crime deterrent and evidentiary tool for investigators. Clear signage and overt cameras identify the presence of a security conscious building management. The presence of CCTV may be a pre-requisite for the killer, the chance to record their notoriety. Bryant set up a video camera on a café table prior to commencing his murderous spree. The mass shooter has moved from a feeling of insignificance to chasing his own 15 minutes of fame (Nuwer, 2014).

Terror is a much more effective tool. Having restricted access minimises the risk of intrusion and maximises the safety and security of occupants. If the systems and procedures are not maintained, there is a risk that control measures will fail.

Level 12 of Queen Street was a secure area with a security entry door and bullet-resistant viewing panel on the adjacent wall. Material stored on a desk in front of the panel prevented anyone from using it. One Australia Post employee was shot by Vitkovic when he opened the door after the killer knocked or rang the bell. He was fortunate to survive after being shot three times, but three others were less fortunate, all killed in that area.

Security procedures must be maintained to ensure the integrity of the system. This of course includes a rigorous training and induction program to make sure that all occupants are aware of those procedures.

Public and common areas are at greatest risk. Both Frankum and Bryant had either coffee or a meal in the cafés prior to their respective rampage. Frankum’s stony-faced presence and his constant looks at two nearby teenage girls (one of whom became his first victim) may have indicated some of the mental torment that was occurring. Bryant was noticed talking to himself rather than anybody in particular, referring to the presence of wasps in the area. Irregular behaviour was displayed by both, but certainly not enough to predict their eventual actions.

Vigilance is another strategy that should be employed in security management. To be vigilant means to be keenly alert to or heedful of trouble or danger, while others are sleeping or unsuspicious (Collins Dictionary, 2015). Vigilance requires awareness – communication and coaching are important aspects of ‘whole of occupancy’ participation in preparedness.

Preparedness is not only about prevention, it is also about response. To have an effective response there must be an emergency management plan. Particular attention should be given to the following steps (Talbot & Jakeman, 2008):

  • review existing plans and procedures
  • seek and gain support from upper management
  • assign facilities or jurisdictions
  • identify resources
  • conduct a business vulnerability analysis
  • develop emergency management team

AS3745 Planning for emergencies in facilities provides a structure that should be used to develop the plan. The Australian Standard is the recommended model for compliance with work health and safety regulations in any workplace. The actions for Civil Disorder/Armed Invasion provide a simplistic response, without referencing the presence of an active shooter.

The standard provides for an emergency planning committee and emergency control organisation, with mandatory display of emergency procedures and occupant training. Compliance will ensure that there is a structured response to an armed person (identified as code black in AS3745).

The following should assist in the preparedness for any active shooter event:

  • an emergency control organisation (wardens) trained in code black responses
  • a sound system for emergency purposes (emergency management intercommunication system [EWIS], building occupant warning system [BOWS])
  • manual call points (break glass fire alarms)
  • evacuation diagrams showing the location of emergency exits and alternate routes
  • the existence of safe rooms

To encapsulate a managed preparedness to such an event, management should incorporate security and risk management initiatives and processes into emergency management. This requires the following program (developed from My Skills, Department of Education and Training, Maintain security awareness and vigilance in the aviation workplace):

  1. Maintain awareness of security measures and security risks – security policies and procedures are in place, security roles and responsibilities are clearly identified and current, occupants are aware of their role in the process, and security management is reviewed on a regular basis, particularly after any incident.
  1. Maintain security vigilance – potential security risks (public and common areas) are monitored during occupancy and effective communication skills are used to reinforce security vigilance amongst occupants.
  1. Recognise and assess potential security risks – one size does not fit all and in this case any planning would require a security risk assessment to identify security risks and security control measures. It is recommended that an independent consultant be used to develop this assessment.
  1. Respond to potential security risks – developing a team approach for security in building management makes sure that everyone ‘is on the same page’ and able to work as a cohesive unit during any crisis. Communication and involvement in the planning and implementation stage ensures a fluid response.
  1. Report potential security risks – as with any work health and safety management system there has to be a reporting procedure to identify any potential fail-points in the security system and/or procedure. That reporting process should be prompt, easy to use, informative and with provision for timely action.
  1. Responding to an active shooter (US Department of Homeland Security) – there are three options to be adopted by any building occupant during an active shooter event:
  • Have an escape route planned, evacuate even if others refuse to follow, leave belongings, help others and keep hands visible when heading to responders.
  • Find somewhere out of the shooter’s view, lock and barricade the door, silence mobile phones, turn off any noise, hide behind large items, remain quiet.
  • As a last resort and only when in imminent danger attempt to disrupt or incapacitate the shooter by acting as aggressively as possible, throwing items, yelling and committing to actions.

The last option saved numerous lives in the Queen Street Massacre, with two people subduing Vitkovic and removing his weapon. Although he had already fired 50 rounds, he still had another 150 in his pockets.

Key elements of a good security system are procedures, communication, participation and awareness, vigilance, review and continuous improvement.

How does this relate to the Lindt Café Siege? It shows that no matter how prepared security and building management can be, sometimes it is impossible to predict human behaviour. It is only possible to make sure that there are systems and procedures in place to minimise the damage. The possibility of any terrorist attack should be included in every emergency management plan, incorporating security and risk management principles.

Greg Muir
Greg Muir had 32 years as a police officer before starting his company in 2006. He provides risk management services for facilities, specialising in emergency management, work health and safety, security consultancy and workplace training.