Manchester Attack – Known Vulnerabilities

With the Manchester U.K. suicide bombing incident still under investigation, it is hard to draw final conclusions regarding security failures in this incident.

What we know now is that the Manchester Suicide Bomber exploded himself at the foyer of the arena immediately after the concert ended at around 10:30PM and just as thousands of young fans where exiting the show.  Twenty two people were killed and dozens injured.

In executing the attack, the bomber took advantage of three known security vulnerabilities at large, crowded events:

  • Security is focused mostly on crowd control and on preventing the infiltration of prohibited items (weapons, bombs, alcohol, etc.) into the event.
  • At the end of the event and as fans are dispersed, security is more lax, more attention is given to crowd control and safe exit of the audience.
  • Often security officers at such events are not equipped with the procedures or the training to identify suspicious indicators in a crowd.

These security vulnerabilities are not specific to the Manchester Arena. They can be seen and felt at every game, concert and large scale event each one of us attends in cities around the world. So, what can we do to close these security gaps and make it more difficult for adversaries to commit attacks such as the one perpetrated in Manchester?

Here are a few immediate solutions:

  • Extend your rings of protection outward. Security should not start at the perimeter but extend beyond the perimeter. Early detection of the adversary can make all the difference.
  • Teach your security staff members to identify suspicion indicators associated with the modus operandi you are trying to prevent.
  • Teach your security staff what to do once those indicators are found. How should they approach, question, assess, decide and act regarding the indicators found?

The horrific suicide terrorist attack in Manchester spiked deployment of security and law enforcement res ources to large crowed events all over the world. However, without taking the basic measures listed above, this massive show of force may put the general public at ease but will be unsuccessful in preventing the next attack.


  1. A.B. Slatkin on May 24, 2017 at 2:48 pm

    Sad, but true. Raising the threat level, as has been done in Great Britain (assigning military personnel to replace police in counterterrorism efforts), without changing fundamental security methods and training is not likely to result in a safer environment.

  2. David Clark on May 24, 2017 at 5:43 pm

    And do any governments heed this advice? I doubt it. They increase security measures at the inner ring, still not utilising suspicious indicator training for it’s staff. All this does is push the threat to another location or to an outer ring, which stops nothing, just the location and time of an incident. 30,000+ people inside a stadium might be protected due to rigorous security protocols on entry, but that doesn’t negate the danger posed to them approaching or departing the stadium.

    • Allon Knetemann on May 24, 2017 at 9:37 pm

      Well… we do see a change in attitude from especially European non-government clients who realize their responsibility doesn’t stop right after visitors exited the venue. (Or before they even enter). Even when just looking at possible reputation damage, it makes sense to (when possible in cooperation with local law enforcement) secure the visitors and clients when they’re most vulnerable: not even inside the venue but even so presenting as an attractive soft target.

      We are currently consulting and training both security and law enforcement personnel to mitigate these threats.

      Allon Knetemann, Chameleon Associates’ Director Europe

  3. Basil Gouge on May 28, 2017 at 12:38 am

    Sound assessment of weakness, vulnerability and possible mitigating measures.

    However, the one area missing in this analysis and comment string is that of personal responsibility.

    Not wishing to find excuse or portion blame, but the vast majority of the general public still treat security as someone else’s job and in doing so deny the security services that vital source of human intelligence and thousands of ‘eyes on’ surveillance tools.

    In the crazy world of litigation we now live in, most adults and some teenagers are now routinely exposed to security briefings and training as a routine requirement for work, school and special events. However, having delivered many such briefings, I can report that most choose to treat these activities at best, lightly.

    Instead of looking inwards, maybe we ‘the security industry’ should look beyond our activity and seek assistance from others who also have a responsibility to fight terror.

    Notwithstanding my comments, I do recognize the sensitivity of this issue (especially with so many young victims) and the timing may not be right for such reporting to the general public.

  4. Donald Szczesny on June 2, 2017 at 7:58 pm

    Howdy Basil, your assessment is good. However there are those in the general public who do not take terrorism and security lightly. Unfortunately many security personnel, law enforcement and especially federal LE agencies, ignore or treat lightly the “human intelligence” from “general public persons.” Whether it be ego, or assumption that these persons don’t have the “training or experience” they believe they themselves have. And this without even knowing the background, experience or knowledge of that human intelligence source.

  5. Gary Leather FSyI, Phd, MSc on June 6, 2017 at 11:21 am

    Agree with the points raised in the article and the comments that followed. However, the huge elephant in the room, is, in my opinion, that security operations at venues relies on cost beneficial (dare I say cheap) security personnel.

    + VERY basic training
    + Not particularly well paid (zero hours contracts being particularly problematic in this particular function)
    + Security providers having a profit margin ‘red line’ that they will not cross and will meet client cost requirements by simply cutting the hourly rates of their ‘contracted’ personnel.
    + Venues going for the cheapest security provider option in terms of meeting HSE/Safety/SIA legilslation. No more, no less. Inadequate oversight of what they are paying for. Absolutely no interest in how much security personnel are paid, so long as they are in possession of the basics that meet basic legislative standards and they have the required ‘bodies’ in place.

    This may be an opinion that will upset some of the the security industry ‘talking heads’ who are more interested in inflating the industry’s track record in influencing ‘C Suite’ decision makers but have done very little to convince the decision makers on the ground (purchasing, contracts etc) that cost benefit analysis is not an excuse to try and get services on the cheap.

Leave a Comment