Download eBook for Free

FormatFile SizeNotes
PDF file 1.4 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback148 pages $47.00

Research Question

  1. How can prevention, protection, and response and recovery investments reduce the risk of casualties from attacks on ST-CPs?

Attacks on soft targets and crowded places (ST-CPs) represent a significant challenge. The U.S. Department of Homeland Security requires research and development to assess methods for reducing the propensity and loss of life from these types of attacks. In response, researchers from the Homeland Security Operational Analysis Center conducted a comprehensive landscape assessment of the threat to ST-CPs and corresponding security measures. This assessment integrated literature reviews, attack plot analyses, grant data reviews, and security cost modeling to identify both needs for improvement and recommended research and investment priorities for addressing those needs.

The number of attack plots is broadly aligned with regional population counts. The most-common motivations for ST-CP attacks have been personal, followed by terrorist and extremist motivations. Education and private buildings (workplaces) are the most–frequently targeted types of ST-CPs. Attacks on ST-CPs that have large, accessible crowds, such as houses of worship, shopping malls, restaurants, bars, and nightclubs, had the highest average lethality.

To defend ST-CPs, a layered approach has security measures work together to improve the chance that an attack will be stopped or mitigated. Prevention measures stop attacks before they reach execution; however, the public needs to know what warning signs to look for and how to report them, and threat assessment teams need to assess tips and follow up appropriately. Access control systems, such as locks, secured windows, and secured entryways, have been effective and efficient. Bystanders and security have both stopped attacks; groups of bystanders tackling shooters have been highly effective.

Key Findings

The conditions that a would-be attacker must fulfill to successfully execute a high-fatality attack are collectively the attack chain; interrupting that chain can prevent or reduce casualties

  • An attacker must carry out many steps to complete a high-fatality attack. The attacker must become fully committed, plan, acquire weapons and skills, and make other preparations without being detected and reported by others. Once on scene, the attacker must get through the site's security layers and engage a crowd without being stopped quickly.
  • A system-based, or layered, approach helps security measures work together to improve the chances that an attack will be stopped or mitigated at any of these steps, guarding against single points of failure.
  • Prevention measures are perhaps the most-important factors in interrupting the attack chain because they can and have halted many plots before they reached execution. Reports of warning signs have been key. However, the public must know what to look for and how, and authorities need threat assessment teams and training to assess tips and follow up appropriately.
  • Access and entry-control systems, including locks, secured windows, and secured entry spaces, have been effective and efficient in protecting against attackers.
  • Both bystanders and on-scene security have been effective in stopping attacks. Groups of bystanders tackling shooters have been highly effective in ending attacks.


  • Seek methods for deterring and dissuading would-be attackers from becoming committed to plots.
  • Develop indicators and training to detect suspicious seeking of weapons and ammunition.
  • Develop enhancements to "see something, say something" campaigns.
  • Develop and evaluate campaigns to reduce hoax threats of violence.
  • Develop rules and processes for assessment, monitoring, and follow-up with reported threats, including processes for initial wellness checks.
  • Evaluate the effectiveness of site security technologies in stopping simulated attacks.
  • Study the social costs of security measures more.
  • Develop a model strategy for open and nonsecure spaces, such as parks, parking lots, shopping malls, and restaurants.
  • Improve command and control, leadership, and coordination during attack responses.
  • Study alternatives to traditional voice radio communications during attack responses.
  • Continuously track and analyze mass-attack plots.
  • Determine whether some ordinary criminal shootings should be treated as mass attacks on ST-CPs.
  • Seek ways to reduce the mass psychological impacts of attacks.
  • Support detailed tracking of grant spending related to ST-CP security.
  • Fund enhanced public education and training on what to report and how and on how to respond to an active attacker.
  • Provide funding to cross-organizational threat assessment teams, security teams, and managers, and provide training on how to report on and how to respond during an incident.
  • Fund access control systems.
  • Fund medical supplies and training to match updated medical standards.

This research was sponsored by the U.S. Department of Homeland Security's Science and Technology Directorate and conducted in the Management, Technology, and Capabilities Program of the RAND Homeland Security Research Division.

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.