The U.S. Capitol Invasion: Lessons In Physical Security

Facility Executive assembled a panel of security experts to explore what went wrong, and the lessons to be learned from the violence that took place at the U.S. Capitol on January 6.

By the Facility Executive Staff

On January 6, 2021, thousands of demonstrators gathered in Washington, DC to show their support for outgoing President Donald J. Trump and to protest the results of the November 2020 presidential election. As the day progressed the crowd became increasingly angry and violent, eventually leading to a large group of protestors storming the U.S. Capitol building, where lawmakers were trying to confirm the Electoral College votes from President-elect Joe Biden’s win, resulting in the deaths of five people. The Wall Street Journal has compiled a video timeline of the day, which you can view here.

This breach of U.S. Capitol security marked the first such event since 1958, when a group of protestors forced their way into the building with violent intent, according to an AlliedUniversal report.

On January 6, 2021, hundreds of supporters of President Donald Trump stormed the Capitol building in Washington, DC, where lawmakers were trying to confirm the Electoral College votes from President-elect Joe Biden’s win in November. (Source: AlliedUniversal)

“The violence and destruction of property at the U.S. Capitol building yesterday showed a blatant and appalling disregard for our institutions of government and the orderly administration of the democratic process,” said Christopher A. Wray, Director of the Federeal Bureau of Investigation (FBI), said the day after the event. “As we’ve said consistently, we do not tolerate violent agitators and extremists who use the guise of First Amendment-protected activity to incite violence and wreak havoc. Such behavior betrays the values of our democracy. Make no mistake: With our partners, we will hold accountable those who participated in yesterday’s siege of the Capitol.

The United States 59th Inaugural Ceremonies for President-elect Joe Biden and Vice President-elect Kamala Harris will take place tomorrow on the west front of the U.S. Capitol. The ceremony will be managed by the Joint Congressional Committee of Inaugural Ceremonies (JCCIC). The 2021 Presidential Inauguration was already going to be unique, due to the limitations in place due to the COVID-19 pandemic, but after the violence of January 6 even more changes were made and the focus on security is more intense than ever.

Now, a security force of more than 6,000 National Guard troops from six nearby states will help Capitol Police and other law enforcement in DC before, during, and after the inauguration. Tall fences that are considered “unscalable” have been erected around the grounds. In years past, 200,000 tickets to the inauguration were distributed to members of Congress for their constituents, but this year only about 1,000 people will be invited to attend the Inauguration Day events.

Witnessing the security breach at a government facility assumed to be as protected and locked-down as the U.S. Capitol was eye-opening. Many were left wondering, how could this happen? What went wrong? To explore these questions and the lessons that can be learned from the violence on January 6, we turned to experts in the field of security and asked for their thoughts and insights.

Participants in this roundtable discussion include:

How should facilities evaluate perimeter security? How does the specific type of facility and its functions dictate what kinds of perimeter security are needed?
Randy Atlas, Ph.D. FAIA CPP, Atlas Safety & Security Design Inc.

Randy Atlas: The Security Vulnerability Assessment (SVA) and or CPTED Analysis [Crime Prevention Through Environmental Design] should have a clear understanding of how persons, vehicles, visitors, deliveries, staff and more can approach, be directed, and enter a site property.

It was the duty of the Capitol Police to know what was coming. In fact, we now know that the Capitol Police were warned ahead of time by the NY Police CounterTerrorism Unit a week before the uprising, and the FBI field office contacted Capital Police two days before the insurgency that the threats were real and to be prepared. Calling the Pentagon for National Guard troops while the crowd in surging inside the Capitol is a day too late, and many dollars short. When certain possibilities are unfathomable, then one cannot clearly see the threat(s), risks, or vulnerabilities, nor accurately understand the intelligence information that was being passed to the Powers that Be with a sense of urgency and with a direction to take action. The inability to imagine the impending scenarios reflected the lack of vision, competence, and where with all to take the necessary action to prevent a breach of catastrophic proportions. CPTED used properly is about being aware, being predictive, and being effective that could have provided the territoriality and boundary definition to withstand the well financed and well organized intrusion. The mission statement of the facility drives the level of risk and threats that must be planned for. The same type of lack of vision resulted in catastrophe at the Stoneman Douglas High School, the Fort Lauderdale Airport active shooter incident, the bombing at the exit of the Ariana Grande concert hall in Manchester, and many more.

Gregory P. Guidice, President & CEO, Elite Detection K9

Gregory P. Guidice: Whether you are evaluating inner or outer perimeter security, it should start with what is required to secure normal operations and the image management wants to project. Once that is established, consideration should be given to the number and type of special events that take place and what is required to secure them. K9 teams should be used prior to an event taking place to secure the area prior to crowds arriving and during the event to monitor the movement of people and vehicles.

U.S. Capitol Security
(Photo: Elite Detection K9)

The type of facility must dictate the type and level of perimeter security needed. Securing a confined, stand-alone inner perimeter with designated ingress and egress with a K9 enables areas to be cleared and secured. Securing an outer perimeter that may not have physical boundaries requires continual, non-repetitious searches. In these scenarios the mere presence of the K9 team acts as a visual deterrent.

Brian Dusza, Vice President, Consulting Services, Allied Universal® Risk Advisory and Consulting Services

Brian Dusza: Perimeter security of facilities should be evaluated based on pre-defined risk factors. Generally speaking, perimeter security should start at the outermost control point which, in some cases, may be a fence line or other barrier and then move inward to the building perimeter and then interior spaces. When no site perimeter fence or barrier exists, then the first line of defense becomes the perimeter of the building itself.

Addressing specific types of facilities is difficult; however the types of perimeter security control measures would be dictated by many factors including facility operation and function, types of assets maintained within the facility, facility occupancy and many others. Building perimeter security can include architectural elements ranging from vehicle barriers to hardening of walls and glass. The use of security patrols, electronic access control and video surveillance systems are some of the most widely used forms of facility perimeter security.

U.S. Capitol Violence
Dave Hunt, President, Homeland Security Consulting

Dave Hunt: 2020 was a challenging year for facility managers, beyond dealing with the pandemic. Violent protests and riots affected many cities across the nation, changing the nature of the threat facilities face. Addressing these challenges requires a diligent approach to identify and implement security measures.

The traditional method to determine needed security measures is to identify the level of risk, including threats (individuals or groups with capability and intent) and hazards (natural hazards as well as man-made hazards such as hazmat releases and other non-intentional incidents). With a clearer view of the threat and hazard picture, we examine the vulnerabilities of our sites and staffing to address these potential incidents and develop a multi-layered defense, which may include hardened perimeters, cameras, card access, gates, fences, guards, etc. (Read more from Hunt in the sidebar below.)

To manage crowds preventatively, what strategies do you recommend to maintain safety? What security measures and equipment aid in these goals?

Atlas: When the range of possibilities are perceived as unfathomable, then the security direction and management cannot clearly see the level of threat and risks to the assets of that facility, or property. The security perimeter was modified greatly after 9/11 of the Washington Monument a few years back to respond the the threats of a car or truck bomb. But after protests in the plaza and Capitol since the 1960s, how can a civil uprising not be planned for with the measures that are invoked all over Washington DC, since 9/11? To manage crowds the solutions are simple and straightforward, it is all in the planning and the choices of where are the entrances and the exits. A great example of the master of crowd control is Disneyland. Millions of people are in the park, and there are never points of conflict or confusion. There is always a one way directional flow to keep the crowds going forward, and the opportunity to control the flow, and do weapons checks, and state the ground rules of behavior.

Guidice: To manage crowds preventatively, the presence of a K9 team provides a proactive, visual deterrent. They can patrol and secure large areas very quickly and efficiently. A key benefit and advantage of a K9 team is the canine’s capabilities are unknown to the individuals attending the event. They do not know if the canine is capable of detecting explosives, guns, or narcotics, or if it is capable of tracking and apprehension (biting). The uncertainty of the canine itself is a deterrent.

Dusza: The ability to manage a crowd depends on the ability to properly plan, and the reason(s) why the crowds are gathering at a specific location/site. The best situation is to screen all persons entering a pre-defined area using security personnel trained in the searching of personal belongings. Certain articles should not be allowed into the pre-defined area. The list of restricted articles should be determined during the planning process. Any articles that could jeopardize the safety of others should be restricted. As an example, alcohol, any type of weapon or anything that would be used as a weapon.

Setbacks should be established between the crowd and those drawing the crowd. Perimeters and setbacks should be established using appropriate types of barricades and should be monitored and controlled by security personnel. Emergency egress routes should also be established.

Remote video surveillance of the area can also be used as a tool for monitoring and aid in response activities.

When a security incident involving people breaching perimeter security does occur, what are examples of protocols that should be in place to mitigate the situation?

Atlas: There was apparently no inner security doors of the Capitol, like fire doors, that could be automatically activated to lock up the Capitol areas and floors into secure zones. As the mob breached the windows and doors, where were the secure safe rooms, or fire/security doors that are seen in hospitals everywhere. You can’t walk mindlessly through a hospital. There are double doors with security access devices that prevent entry from public areas to private areas. Security layering is a basic foundation of CPTED and when applied mindfully, serves as a great deterrent from people violating the security clearances of each defined space.

Guidice: The K9 team would follow the facilities security protocols and procedures. They can be used to search areas vacated by the perpetrators checking for explosive material they may have left behind. They can also be used to secure areas in advance of where people may go to seek safety.

Dusza: Much of this depends on the electronic systems in place and the ability to respond with security personnel. If the facility has personnel monitoring their systems, breaches of perimeter security should trigger an alert with monitoring personnel. From a communications and response perspective, if there are security personnel, they would be directed to the area of the breach. If there are no internal response capabilities, monitoring personnel would contact local authorities and provide them as much information as possible.

If the breach occurred while the facility was occupied, additional protocols might include utilization of a mass communication platform to alert occupants of the situation and location. Occupants would then follow pre-defined protocols.

Everbridge To Provide Mass Notification During Presidential Inauguration

The Everbridge Software Platform will provide the National Capital Region, DC Government and U.S. Park Police with event notifications and emergency alerting before and during the event.

Everbridge, Inc.’s Mass Notification system will be used to help keep Washington, DC area residents and visitors safe and informed in the days leading up to and during the 2021 Presidential Inauguration. The United States Park Police (USPP), one of the oldest uniformed federal law enforcement agencies in the country, and the District of Columbia government will use the Everbridge platform to provide subscribers with safety, weather, traffic, event and emergency alerts, at a time when the ongoing COVID-19 outbreak poses new challenges for organizers and attendees.

“The National Capital Region is responsible for promoting a safe environment for over five million residents in Virginia, Maryland, and Washington,” said Sulayman Brown, Assistant Coordinator for Fairfax County Office of Emergency Management. “NCR needs to communicate securely and effectively to our residents during both emergencies and non-emergency events. We leveraged Everbridge to quickly inform citizens across the region of impacts caused by unrest at the Capitol.”

Given the rising number of coronavirus cases around the country, the incoming administration plans a scaled-back Inauguration Day with a focus on pandemic safety procedures, fewer public events, and a smaller gathering on the National Mall. City officials encourage residents and visitors to sign up to receive the latest information and updates leading up to and throughout the event. Current subscribers in the Washington, DC area will continue to receive their regular local alerts from Everbridge and can choose to opt-in to Presidential Inauguration specific information.

This marks the second Presidential Inauguration in which DC-area public safety agencies utilized Everbridge to help protect residents and attendees and ensure a smooth day of activities. In 2017, USPP and D.C. Homeland Security teamed up with Everbridge to keep everyone informed throughout Inauguration week.

“We are honored to partner again with the Washington, DC government and the United States Park Police in their efforts to provide timely and actionable information on Inauguration Day,” said Brian Toolan, Head of Government Strategy for Everbridge. “With COVID-19 making this an Inauguration unlike any before, it remains imperative to follow the guidelines put forth by officials to make this a safe experience.”

More than 70 federal agencies rely on the Everbridge CEM platform including the General Services Administration, the Federal Communications Commission (FCC), the U.S. Nuclear Regulatory Commission, the Departments of Defense, Commerce, Energy, Interior, Justice, and Health and Human Services, the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corporation, the Environmental Protection Agency, the Social Security Administration, the National Cancer Institute, and the Peace Corps.

The FBI is seeking information that will assist in identifying individuals who were involved in rioting and violence in the U.S. Capitol building and surrounding area. Two of the men in these photos have already been arrested: Jake Angeli, of Phoenix, the man wearing a fur hat with buffalo horns and wielding a spear (above), was arrested and charged with knowingly entering or remaining in any restricted building or grounds without lawful authority, and with violent entry and disorderly conduct on Capitol grounds, according to the Justice Department. Kevin Seefried, the man photographed inside the Capitol carrying a Confederate flag (below) was arrested along with his son, Hunter. Court documents say the Seefrieds entered the Capitol through a window that Hunter helped break.

U.S. Capitol Violence

How does security for special events differ from the usual day-to-day security facilities need?

Atlas: Is there really a difference in a football stadium or soccer stadium, a government office building in Oklahoma City, a U.S. Embassy, or outside concert at the 1996 summer Olympics, or Christmas tree lighting at Rockefeller Center, or country concert in Las Vegas in 2019? Not really. The property management and organizers have the exact same duty to conduct a SVA and plan for all contingencies. The negligence and liability of a catastrophic event, whether man made or weather, intentional or not, is sill within the scope of duty of the security assessment to plan for. The only difference in my perspective, is the element of timing, repeatability (one time event, or regularly occurring), and resources that are willing to be used to protect the legitimate users and uses of the property. There is no excuse for failure except incompetence or death (as my Major professor threatened me with, while doing my Doctorate in Criminology at FSU).

Guidice: Security for special events depends upon the specifics of the event itself. Questions that will help determine the level of K9 support are: Will the attendees match the demographics of the facility’s regular crowds, will the number of attendees be larger/smaller than normal, is the content of the event controversial, will national media be present? Generally speaking, the higher the visibility, the higher the risk. In these situations, it is advised to have pre-event searches clearing certain areas and posting security personnel and having a visual presence throughout the event.

Dusza: Special events take on many shapes and forms. Unlike facility security which, in most cases, has already been defined, special events require much more planning. The type of security needed above and beyond the standard facility security in place, greatly depends on the following:

  • Type of event
  • The level of risk
  • Is the event inside a secure facility or outside?
  • Is the venue public or private?
  • The ability to secure the perimeter.
  • The ability to provide access control through credentialing.
  • The persons attending.
  • For larger events, there may be a need to utilize security personnel to manage access control
  • Depending on the persons attending, there may be a need to work with outside security personnel protecting certain attendees.

Clear View Of Threats Reveals Vulnerabilities

By Dave Hunt, CPP, FBCI

Identifying the “correct” level of physical security has challenged facility managers for millennia. One important lesson is that as physical security measures are hardened, the nature of the threat and the capabilities will be modified. When the castle walls were hardened, and the moat and drawbridge were complete, the opponents would lay siege to the castle. While they were waiting, the opponents would catapult infected corpses over the walls of the fortress. Similarly, today, we see tactics constantly evolving and physical security measures must be modified to address the current threat.

It is important that the threat identification be conducted by a team, rather than the head of security. Whenever possible, add in the IT management, facility management, maintenance, finance, human resource manager, legal counsel, and labor representatives as appropriate. Your team knows your facility, operations, staffing and what solutions will fit the culture of the organization. The decisions that are made will be influenced by all of these members and the plan will have “buy in” rather than being “dictated” by one group.

While it is important to recognize that the nature of the threat (individuals or groups intent on harm) has expanded, it is also necessary for the team to carefully define what we are protecting. Obviously our most valuable assets are our employees and customers, and protecting them is paramount. Not having people on site during a threat incident is an important option for protection. One bright spot in the pandemic response is the ability to have employees in many of our businesses work remotely at a site outside the threat area. If there are no persons present at the time of the incident, the risk level drops significantly. While the facility may be compromised, the workforce is safe.

The social justice movement has also altered the assumption of rapid response from law enforcement. 2020 saw the rise of “autonomous zones” where mob rule reigned, and mayors prohibited law enforcement from entry. In many cities police we ordered to stand by as businesses were looted.

The “Defund the Police” movement has decimated morale in many law enforcement agencies. The animus displayed toward law enforcement has caused a drop in recruits joining departments. While this issue is not a concern in every jurisdiction, it does require physical security measures to be more proactive. The days are over when your plan could rely on dialing 9-1-1 and waiting for law enforcement to arrive.

The most common emergency measures taken during the protests were closing businesses, boarding up entrances, and in some cases, removing high dollar assets. Determining when to take these measures is challenging, as social media can whip up “spontaneous” protests in minutes. You must identify and prioritize the actions your facility should take prior to an incident, to be able to respond quickly when the threat intelligence indicates potential for civil unrest. Taking these actions would be triggered, for example, by a police shooting in the community which would require almost immediate response to secure facilities. We also may be facing significant unrest related to the presidential inauguration, which has been threatened at cities across the nation.

A key mitigation measure in managing incidents is the ability to notify employees, contractors, suppliers, and key customers of the facility status and any actions they should take, to prevent them from arriving on site and being exposed to the threat. There are many quality notification software tools available. The software tool must be able to be activated from offsite in case the facility is evacuated. Effective use of a notification system requires planning, training, implementing and testing. Notification tools are an important element in managing any emergency incident.

It is also critically important to expand threat assessments to include an “inward focus.” Looking only at threat outside the organization ignores insider threat, which may become a much larger problem for management in the coming year. Social justice protestors may be willing to compromise corporate IT systems, commit intellectual property theft, pilferage, or sabotage to avenge the injustices they perceive. With a significant percentage of the nation convinced there must be “justice,” it is likely your facility has employees who may feel justified to act.

There is no valid profile of an employee posing insider threat. However, in a similar manner to workplace violence, these employees will likely exhibit behaviors that may indicate their intentions. It is far more likely that a disgruntled employee would compromise corporate assets than bring a gun to work and kill other employees. They likely feel justified in committing these acts, and over time, will “leak” their true feelings about the company and their “righteous” motivations.

Including insider threat recognition in corporate training sessions will allow all employees to be aware of the behaviors that would indicate an employee is a potential threat. Many companies are moving to computer-based training sessions managed on learning management platforms. Organizations should also have an anonymous reporting system in place to allow employees to share their concerns without fear of blowback. Unlike normal workplace violence concerns in which employee assistance is effective in de-escalating the concern, insider threats should be handled by a threat management program, using a trained threat assessment team. This team should have the ability to conduct additional research, such as social media postings, criminal history search, and other public sources to determine what, if any, action should be taken.

Be proactive in protecting your facility and your people. Establish your team to evaluate risk, identify threats, and build capabilities to quickly respond. While it may seem that you need a well-polished crystal ball to identify risk, a careful evaluation of incidents around the nation will provide the questions to ask your team: “How would we handle that threat?” Partner with local law enforcement to access relevant information from state and federal intelligence fusion centers that can be shared with private partners. Joint the FBI InfraGard program to be able to access law enforcement sensitive reports, and partner with other regional companies and special interest groups in similar industries. And remember, threat is constantly changing, so conduct these sessions on a regular basis, and update protection measures based on events in your region and in the nation.

U.S. Capitol Violence

Hunt, CPP, FBCI is the President of Homeland Security Consulting, and has a 30-year background in law enforcement, terrorism response, fire/arson/explosives investigation, hazardous materials response, and emergency medical response. He has been a presenter at our Facility Executive Live! conference and delivered our 2019 active shooter preparedness webinar.

In addition to developing many of the nation’s terrorism response training courses, Hunt is a subject matter expert on workplace violence and active assailant preparedness. Over the past few years, he led the effort to develop and deliver a completely revised Active Shooter Preparedness curriculum for the Department of Homeland Security and hosted the DHS Active Shooter Preparedness Emergency Planning video. He served on the ASIS technical committee to revise the National Standard for Workplace Violence Prevention and Mitigation. Working with the FBI, Justice Department and other federal agencies, Hunt has developed many of the United States’ catastrophic emergency preparedness programs. He conducts risk assessments and mitigation programs for major corporations, including continuity planning, enterprise-level crisis management and computer-based training for employees.