Prevent Phase Framework

The following figure summarizes top steps and recommendations for attack prevention and includes a series of candidate programs and practices that can help with those steps and recommendations.

Overview of the Attack Prevention Framework

Deterring attacks

  • Awareness
  • Community responsibility
  • Training

Initial detection

  • Tips drive prevention
  • Warning signs are often observable
  • Active information sharing

Threat assessment

  • Model, team, and process
  • Information collection: fill in the gaps
  • Do not leave information in the field


  • Mitigation and support plan
  • Relentless follow-up
  • Forward prevention

Special areas of focus

  • Schools and universities
  • Mental health
  • Private sector (crowded spaces, critical infrastructure, and workplaces)

Deterring Attacks

  1. Awareness: Everyone needs to know what warning signs to look for, how they can play a vital role in prevention, and how to submit tips.
  2. Community Responsibility: The majority of potential threat reports are handled outside the criminal justice system, which underscores the importance of community responsibility in preventing a mass attack. Community leaders must work to provide support and resources across different organizations to foster the prevention mindset.
  3. Training: Training increases the number of tools in the tool chest and helps foster the critical thinking required to recognize possibly concerning or suspicious circumstances and understand the importance of follow-up. These are perishable skills; continuing training and exercises are needed.

Initial Detection

  1. Tips from the Public (When in Doubt, Call It Out—You Make the Call, You Make the Difference): Often, the only way organizations know of a concerning situation is through tips from the public. If you think you see signs of someone seriously intending an attack or carrying out preparations for an attack, let the relevant organization, such as law enforcement, know so that they have the chance to assess a possible threat.
  2. Observable Warning Signs: They are typically leaked by the would-be attacker to others, either in person or online.
  3. Active Information-Sharing: There are hundreds of databases maintained by partners that provide sources of information to conduct thorough investigations and threat assessments. There should be more awareness of these systems and how to access them while following privacy laws and collaborating with partners outside the systems if needed. The only way that these systems are valuable is if local agencies contribute data.

Threat Assessment

  1. Behavior Threat Assessment Model and Team: Adopt a model that works with the team of partners to look at the entirety of the available information and make a judgment of the level of concern, what additional information is needed, and what to do next.
  2. Information Collection: Fill In the Gaps. Look for the gaps in information to complete the full picture for an accurate assessment.
  3. Information Collection: Do Not Leave Information in the Field. Too much information is known by someone but does not make its way into an assessment team's consideration.

Follow-Up Actions

  1. Mitigation and Support Plan: Part of the threat assessment must be a mitigation plan to reduce the crisis or threat level in the immediate and long terms.
  2. Relentless Follow-Up: Run down all leads, reach out to partners, keep in touch with persons of concern, embrace a critical thinking mindset, and do not completely dismiss anything. Then, reassess on a regular schedule or when new key data come in.
  3. Forward Prevention: Find early opportunities to divert the person from violence. Do what you can to support the individual to mitigate the threat, but be ready to pursue a law enforcement route if the threat is high or is increasing.

For Leaders: The Confluence of Leadership, Accountability, and Policies

Leadership must instill the prevention mindset throughout their organization so that it will be institutionalized. Doing so requires constant reminders and holding all parts of the department accountable. Establishing policies for reporting, assessing reports, and following up will help maintain the commitment and make expectations clear. If there is no policy, there is no obligation and accountability for personnel to document an interaction, report suspicious activity, or take the extra step to do a wellness check. These extra steps might end up preventing violence. When personnel do the right thing, they should be commended so that the rest of the organization sees what is valued. When personnel fall short, they need to be provided feedback and, ultimately, held accountable.

Next Page in the Prevent Phase

The Prevention Team