ProtectUK publication date
This document outlines a set of options which can be used by the private sector and security industry to enhance the wider national security posture at times of raised threat levels or in response to a terrorist incident.

1. Introduction

They can work independently or in support of the police service National Menu of Counter Terrorism Tactical Options. They can be implemented independently by an organisation or can be deployed at the request of police following an extraordinary Security Review.

Business meeting

The tactical options included in this guidance are not exclusive and it is anticipated that this guidance will be reviewed periodically to ensure it is fit for purpose in meeting the ongoing and ever-changing threat from terrorism to the UK.

 

Threat level

This guidance has been developed in partnership with a number of security experts within the private sector and the authors would like to thank all of them for their assistance. 

Since 2006, information about the national threat level has been available on the MI5 and Home Office websites. In September 2010 the threat levels for Northern Ireland-related terrorism were also made available.

In July 2019, changes were made to the terrorism threat level system to reflect the threat posed by all forms of terrorism, irrespective of ideology. There is now a single national threat level describing the threat to the UK, which includes threats from Northern Ireland, Islamic extremism, left-wing and right-wing terrorism.

The three UK government response levels broadly equate to the five national terrorism threat levels as shown in the table below.

As response levels are the result of detailed assessments of risk, changes in the national threat level may not necessarily produce a change in response level.
 

Threat and response level

Building response level / UK threat level

 

MI5 maintain a history of threat levels:

Date

National Threat Level

Northern Ireland-related Threat Level to Northern Ireland

23-Mar-2022SUBSTANTIALSUBSTANTIAL
9-Feb-2022SUBSTANTIAL

SEVERE

15-Nov-2021SEVERE

SEVERE

4-Feb-2021SUBSTANTIAL

SEVERE

3-Nov-2020SEVERE

SEVERE

4-Nov-2019

SUBSTANTIAL

SEVERE

23-Jul-2019

SEVERE

SEVERE

Threat levels prior to July 2019

Date

Threat from international terrorism

Threat from Northern Ireland-related terrorism

In Northern Ireland

In UK mainland

1-Mar-18

SEVERE

SEVERE

MODERATE

17-Sep-17

SEVERE

SEVERE

SUBSTANTIAL

15-Sep-17

CRITICAL

SEVERE

SUBSTANTIAL

27-May-17

SEVERE

SEVERE

SUBSTANTIAL

23-May-17

CRITICAL

SEVERE

SUBSTANTIAL

11-May-16

SEVERE

SEVERE

SUBSTANTIAL

29-Aug-14

SEVERE

SEVERE

MODERATE

24-Oct-12

SUBSTANTIAL

SEVERE

MODERATE

11-Jul-11

SUBSTANTIAL

SEVERE

SUBSTANTIAL

24-Sep-10

SEVERE

SEVERE

(first published)

SUBSTANTIAL

(first published)

22-Jan-10

SEVERE

 

 

20-Jul-09

SUBSTANTIAL

 

 

4-Jul-07

SEVERE

 

 

30-Jun-07

CRITICAL

 

 

13-Aug-06

SEVERE

 

 

10-Aug-06

CRITICAL

 

 

1-Aug-06

SEVERE

(first published)

 

 

In general, when the threat level has been raised, it has been post-incident and because of something happening which has impacted on mainland UK. However, in August 2014, the threat level was raised because of a combination of factors (both internationally and UK based). These compelled the threat level to rise to Severe.

It should be noted that an increase to Critical has a significant impact on the UK, the resources across all agencies and potentially business and industry. It is therefore unlikely to remain in place for long periods of time.   

It should also be noted that the tactical options included in this document are not just for use after the threat level has risen to Critical.

Police Officer at desk

 

Attack Methodology

Under the Protective Security Improvement Activity (PSIA) introduced by NaCTSO in 2014, six methods of attack have been identified and remain current: 

  • non-penetrative vehicle attack

  • penetrative vehicle attack

  • PBIED – Person-Borne Improvised Explosive Device (suicide) attack

  • firearms/weapons attack including close quarter (Marauding Terrorist Attack)

  • postal device attack including courier and hand deliveries

  • placed improvised explosive devices

 
The tactics outlined in this document reflect the options for response to these types of threat. 
 

Overall Strategy  

The overall business strategy in dealing with an increase in threat level to Critical or in response to an attack is:

  • to understand the type of threat posed – Why did the threat level increase? What was the attack methodology used?

  • to consider the appropriate level of response and range of tactical options that are best suited to continue business-as-usual, in the parameters of this heightened state of alert.

 

Operational Requirement

The operational requirement to consider when planning for an increase in threat level to Critical is: 

  • to agree a menu of site-specific tactical options that are suitable for the organisation that can be considered if the threat level increases to Critical

  • regularly exercise the plan for Critical to make sure that key stakeholders and staff are aware of the impact on their area of work should a change be necessary

  • make sure that staff have been consulted and agreements in place if options impact on staff working practices (terms and conditions)

    Security looking at screen

     

The operational requirement to consider when reacting to an increase in threat level to Critical is: 

  • to escalate and quickly engage with key stakeholders to react when the threat level increases to Critical

  • to consider a range of options relevant to reduce the likelihood of the threat posed

  • to continually review the tactical options to make sure they remain suitable to meet the threat posed

  • make sure that any change to tactical options will provide reassurance to staff rather than cause alarm

  • implement communication strategy that provides advice to staff around changes to planned events, deliveries or changes to access points 

  • only react to information from official sources such as government, security services and police, as there is a lot of misinformation available through unsubstantiated sources

  • to have an immediate holding plan available to allow a more permanent solution to be found

  • consider implementing a command-and-control approach using the Strategic, Tactical and Operational planning system (formerly gold, silver, bronze system) which is similar to that of the emergency services and first responders

  • minimise disruption to business and promote recovery at the earliest time.

 

Strategic, tactical and operational planning

Strategic

Strategic is in overall control of the organisation’s resources at the incident and will formulate the strategy for dealing with the incident. 

 

Tactical

Tactical manages tactical implementation following the strategic direction given above and makes it into sets of actions that are completed below.

 

Operational

Operational directly controls an organisation’s resources at the incident and will be found with their staff working at the scene.

Menu of Tactical Options

The following list of tactical options should be considered to support an increase in threat level to Critical or following an incident or attack.

This is not an exhaustive list and there may be other site-specific options which are relevant to your particular location. 

The key to any change is that security patrols should remain unpredictable. Feedback from security services has proved that this is a real deterrent when planning an attack. 

A. Agree strategy and document all decisions (to include rationale for change or preserving status quo).

B. Make sure lock down procedures are tried and tested.

C. Implement emergency change to shift patterns (extended shift patterns, change to rotation etc. Agree plan with staff in advance).

D. Review patrol strategy (be unpredictable). Adopt high visibility clothing. (Deployment in hi-vis will be dependent on the intelligence available and the perceived risk to the site and staff.)  

E. Join up resources with neighbouring contracts (rotate and share external patrols with other security companies and widen patrol areas).

F. Report any suspicious activity in a timely manner.

G. Implement communication links with surrounding premises to pass on information about suspicious activity or behaviour.

H. Consider closing non-essential access and egress points.

I. Focus CCTV on all communal areas and vulnerable points.

J. Make sure CCTV is suitable for the task for which it is being utilised.

K. Review immediate parking areas and access to them.

L. All visitors must give 24 hours notice.

M. Implement search regimes (people, vehicles, baggage, etc.)

N. 100% staff ID checks (challenge ALL staff).

O. All staff and visitors to wear ID (if this is not usual practice).

P. Visitors to be accompanied at all times.

Q. Security officers must check all personnel and vehicles including emergency services – do not assume they are who they say they are!

R. Consider cancelling or postponing events.

S. Cancellation of all non-essential training, making sure staffing levels are maintained.

T. Staff are briefed on response and threat levels.

U. Restrict deliveries to essential deliveries only (out of hours only).

V. Couriers – essential deliveries only.

W. Post – where possible scan 100% of mail, making sure postal procedures are robust. 

 
Remember, there is evidence to support that strong, robust and vigilant ‘communities’ provide a hostile environment for terrorists/criminals to operate in. 
 

    Useful Links

    The following links provide additional useful information that may assist when deploying the tactical options:

    NPSA (formerly CPNI)

    ProtectUK Stay Safe (firearms and weapons)

    Mi5

    Publicly accessible locations 

     

    Keywords
    Attack
    National Security
    Threat