Skip to main content

Introduction to TeRA

Terrorism Risk Assessor (TeRA) is an automated terrorism risk assessment tool based on the ‘Crowded Places Security Audit’ (2017) from the Australia New Zealand Counter Terrorism Committee, along with the ‘Publicly accessible locations guidance’ (2022) from ProtectUK and ‘FEMA 452’ (2017) from the US Department of Homeland Security. It is designed to allow users to conduct self-assessments of terrorism risk with the analysis of the results handled by an automated system using both the answers to the self-assessment in combination with real-time, historical and geospatial data to generate the risk assessment results.

TeRA comprises of several components: a threat score, a resilience score, analysis based on the historical data, and recommended actions. This document provides additional information on how each of these components works, including the sources of data and information it uses and how it generates and calculates its results using formulas and algorithms.

This documentation is relevant for the standard version of TeRA, that is, TeRA without any additional customisation, adjustments or modifications specific to any use case, user, or organisation. It should be noted that this standard version of TeRA represents one method for assessing terrorism risk and can be (and is often) modified by individual users or organisations to meet their specific requirements.

Threat#

Threat is a measurement of the risk that a site will be targeted or attacked. TeRA quantifies this risk in terms of whether a site possesses features and characteristics which make it an attractive target for an attack. The threat score is determined via an algorithm which has two components: a background risk component and a site-specific risk component. These components are comprised of various features outlined in more detail below. The background risk component is determined via analysis of trends in number and type of terrorist attacks occurring globally, regionally, within a given nation and within the immediate vicinity of a site. The site-specific risk component is determined by gathering information on the site and analysing its online profile, its function and industry type, and the nature of where it is located.

warning

The method used to calculate the threat score in the standard version of TeRA should be treated as a general approach which has been developed and optimised to work with the broadest range of sites around the world as possible. Individual users and organisations may have their own risk scoring methodology or may be required to adhere to more local and specific risk scoring methodologies. Adjustments or customisation of the standard TeRA scoring method may be required to align TeRA with these methodologies.

Background Risk Score#

The background risk score is calculated using historical data of past terrorist attacks. The purpose of this score is to contextualise the risk exposure of a site based on its location and by looking at historical trends, taking into account the proportion of global terrorist attacks which have occurred within the region, the number of terrorist attacks in the region which have occurred within the country, and the number of terrorist attacks in the country which have occurred within a 10km radius.

Site Score#

The site risk score is based on the number of online results returned for the reference name provided in the assessment. This is determined using open-source data, web-scraping and search engines which provide a count of the number of references made to the search terms provided in the assessment on websites, online media sources and so on.

Resilience#

Resilience is defined as the ability for a site to recover from an incident or attack. TERA uses threat and resilience as its primary metrics for assessing terrorism risk. This differs from other methods to assess terrorism risk which typically use a combination of threat and vulnerability.

Vulnerability is defined as the probability that damage occurs to a site, given a particular threat. The decision to move from vulnerability to resilience was based on the difficulty of quantifying vulnerability given that it can only be calculated in relation to a specific threat i.e. vulnerability to an IED attack, vulnerability to a vehicle attack, vulnerability to a drone attack and so on. As the nature of the threat, and more specifically, the types of attacks, weapons and methods used by terrorists change and are often unknown, this makes vulnerability a less stable basis for assessment, planning and decision making in relation to terrorism risk. In contrast, the primary reference point for the assessment of resilience is on the ability for a site to return to a particular state, that is, the pre-incident or pre-attack state. As the pre-incident or pre-attack state of a system or a site is a known value, it provides a more stable basis for assessment, planning and decision making in relation to terrorism risk.

Every question related to the security measures in place are assigned to one of these seven categories. A user’s answer to a question is converted into one of two response types: a positive or a negative response. A positive answer means that the answer reflects a positive impact on the risk of the site, that is, it decreases its vulnerability or risk exposure. A negative answer means that an answer reflects a negative impact on the risk of the site, that is, it increases its vulnerability or risk exposure. This conversion is necessary as there are instances where an answer to a question, such as “yes”, will be considered positive (e.g. “Do you have CCTV cameras in place”) and other instances where it will be considered negative (e.g. “Is the site exposed to vehicle traffic”).

The resilience score comprises of seven categories: planning, deterrence, detection, prevention, protection, response, and recovery.

Planning#

The planning capability of a site measures the extent of which terrorism risk management has been embedded into systems, processes and procedures, and forms a critical part of the overall preparedness of a site to deal with a terrorism incident or scenario. Comprehensive and detailed planning indicates that a site has taken time to consider the threats and risks presented by terrorism and set out a structured way in which these threats and risks can be dealt with in an effective and proportionate manner. Sites with poor planning capability will tend to perform poorly across other capability areas, or poorly manage their other capability areas and compromise their effectiveness in these areas.

Deterrence#

Deterrence is defined as the attributes which discourage a certain action before that action is taken, such as discouraging an attacker from attempting to attack or target a site. Deterrence is created by projecting the defensive capability of a site in a manner that is highly visible or would be noticed by a potential attacker, and thereby presenting the site as difficult or risky to attack successfully.

Deterrence can be facilitated through signage indicating that there are security measures in place, use of highly visible access controls such as bollards or barriers in public areas, having a highly visible security guard presence, or how the site is generally laid out. A site may be a prominent or high-profile target, but if it has strong deterrence capability, it dissuades a potential attacker by making it known that it is well secured and that any attack would be risky for the attacker.

Sites with poor deterrence capability may have effective security controls and measures in place, but without projecting the presence of these measures to outsiders and potential attackers, it may not exert a deterrent effect which would dissuade an attacker from attempting to attack the site.

Detection#

The detection capability of a site specifically relates to how well and quickly a site would be able to detect an unauthorised intruder or attacker within the site grounds, or otherwise detect any suspicious activity, items or objects. Detection covers measures and controls such as CCTV surveillance, as well as searches and inspections of the site area and of persons and vehicles entering the site. Sites with strong detection capability are able to quickly detect possible signs or indications of an incoming threat, such as an attacker conducting pre-attack planning or placing weapons or explosive devices within a site for an attack. This allows for faster response time and interception of threats before they can materialise into an actual attack or harm. Sites with poor detection capability lack the ability to quickly detect and react to potential threats, which may result in some threats which could have been stopped or intercepted developing into actual attacks or harm.

Prevention#

The prevention capability of a site relates to its ability to prevent an attacker or intruder from entering or accessing the site or reaching within the required range of their target to undertake an attack. This encompasses both measures to prevent persons or vehicles from physically entering a site or areas within a site, as well as non-physical measures such as software to prevent an attacker from gaining access to systems, data or information stored or used by the site. Sites with strong prevention capability are able to secure and control access into and out of their site and prevent an intruder or attacker from easily reaching possible targets such as people, property or information.

The stronger the prevention capability, the harder or longer it would take for an attacker to enter or reach within range of their target within the site, thereby diminishing the velocity of any potential attack. Sites with weak prevention capability allow an attacker to more easily and quickly access and engage their targets, which in turn increases the potential harm and damage they are able to inflict.

Protection#

The protection capability of a site measures how well a site can remove persons, property or information away from harm once an attack has started and can involve procedures to place people in protected and sheltered areas such as safe rooms, or reinforcement of existing structures to provide more protection against attacks such as explosives. The key elements of protective capability are to remove targets from attacking range, and thereby delay or disrupt the velocity of an attack.

Sites with strong protective capabilities minimise the potential harm that an attacker can cause, thereby diminishing the effectiveness of an attack. Sites with poor protective capability provide an attacker with substantial control over the direction and velocity of their attack, allowing an attacker to maximise the harm or damage they can cause or achieve their desired objective.

Response#

The response capability of a site measures how well a site can respond to an attack and either eliminate or render an attacker ineffective. Response capability typically focusses on measures or procedures which could be considered counter-offensive, such as having armed guards or police on site who can respond to an attack using force. It also includes measures which supress or mitigate the impacts of an attack, such as fire suppression systems, and emergency response plans and procedures which are activated once an attack is taking place.

Sites with strong response capability are able to counteract an attacker to stop or diminish the direction and velocity of an attack, thereby bringing it to an end quicker. Attacks which have weak response capability provide an attacker with substantial control over the direction and velocity of their attack, allowing an attacker to maximise the harm or damage they can cause or achieve their desired objective.

Recovery#

The recovery capability of a site measures how quickly a site can recover after an attack or incident has ended, including its ability to control and mitigate any ongoing impacts or harm that may stem from an attack or incident. This can include areas such as resumption of business operations, repairs to damaged property or sites, participation in investigation procedures, helping staff who may have been harmed in the attack, as well as managing potential impacts to non-tangible areas such as reputation and public perception. Sites with strong recovery capability are able to quickly return to normal operations after an attack has occurred and enhance their survivability to an attack. Sites with poor recovery capability may experience a delayed and costly recovery period and may possibly not be able to survive due to ineffective management of the impacts and costs inflicted by the attack.

Edit this page