Counter-terrorism training for business in UK crowded places: is the desire for quantity to the detriment of quality?

Abstract

There is a dearth of evidence to indicate the effectiveness of counter-terrorism (CT) training for workers in crowded places to achieve their objectives of preventing attacks, helping staff to cope in a critical incident and then return to some form of normality afterwards. This study conducted semi-structured interviews (N = 23) of key stakeholders involved in devising, commissioning, and delivering CT programmes. It was found that lack of regard for adult learning theory, the skills and experience that particularly security officers bring to sessions and a complete absence of structured evaluation mean that the desire to increase the quantity of sessions delivered was to the detriment of quality. A series of recommendations are made to improve the future development and delivery of CT programmes to improve resilience.

Introduction

In 2004, the UK approach to protecting soft targets evolved from merely physical target hardening, to incorporate the development of a range of training and awareness events targeted at staff employed in busy crowded places. Due to the accelerating and diversifying terrorist threat picture, a step-change was needed to combat the shortened attack planning periods, with lone attackers using low-sophistication methods. As the UK terrorist attacks of 2017 found, it is workers, particularly security staff that will be the first on the scene of an emergency. A raft of ten portable training and awareness products were gradually devised, targeted at staff working in vulnerable crowded places. These sessions are intended to improve organisational ability to prevent attacks by raising employee awareness about what constitutes suspicious activity and hostile reconnaissance, inform the behaviour of workers to help them cope at the time of an incident, and assist organisations and their employees to recover and return to some form of normality afterwards. The training events were devised through a partnership between the Centre for the Protection of the National Infrastructure (CPNI 2020a, b)¹ and the National Counter Terrorism Security Office (NaCTSO, 2020). CT training is delivered almost exclusively by the Police Service, predominately in the workplaces of participants and sessions last between 30 min and four hours depending upon the product. A breakdown of these CT training and awareness products and the agencies that devised them are outlined in Table 1.

Table 1 UK CT training and awareness events since 2004

The majority of CT products delivered in the UK, particularly in the case of Projects ARGUS and GRIFFIN (now both being discontinued) have been used for over 10 years and are gradually being phased out. The product range has been revised under the umbrella brand of ‘ACT: Action Counters Terrorism’ (Home Office 2017). There is a concerted move on the part of the authorities to increase the quantity of events delivered, with these events being increasingly conducted in partnership with private business to fill gaps in police numbers due to public sector austerity. Efforts to refresh and update products, including GRIFFIN being replaced by ‘ACT: Awareness’ and ARGUS by ‘ACT: Operational’, do not appear to be coupled with an evidence-based understanding of how best to educate employees and subsequently embed learning in their businesses (Aplin and Rogers 2020). There is an absence of any overarching strategic guidance or policy, to either connect the courses together or guide their delivery at any given crowded place. This means that events predominately stand alone and are seldom integrated to increase their effectiveness. Additionally, lack of evaluation and follow-up make it difficult to ascertain the effectiveness of these programmes in translating the training into learning, increased knowledge, understanding, or any changes to operational practice.

Aplin and Rogers (2020) also found that the lack of evaluation had impeded the development of improved training products, with indicators of success merely being seen as the increased number of courses delivered and total of people attending, with overall success left unquantified. Despite these findings, the number of courses delivered has progressively increased, in response to a rapidly evolving security backdrop, particularly following the pan-European attacks in the first half of 2017 (Table 2).

Table 2 UK CT training and awareness events per financial year

Demand for training is driven by several factors. There can be an element of corporate ‘box ticking,’ and CT practitioners often zealously seek to hit performance figures, although in an unstructured way. More significantly, motivated security managers want to do the right thing and improve resilience but are challenged by a state keen to transfer more responsibilities to the private sector but with little openness to share information on an equal basis, or investment in time to first build greater trust (Pyysiäinen et al. 2017).

At the same time there is a dearth of data available to assess the effectiveness and impact of industry-facing training courses for protecting crowded places and to establish if the extensive programme of events is achieving their overall objective of enhancing preparedness. Set against this context, this research also sought to examine the challenges faced by organisations and the Police Service representatives tasked with improving resilience by educating workers, in the limited amount of available training time. At variance with the clear desire for increased delivery, the CT training area is plagued with uncertainty. For example, the development and delivery processes for CT events need improvement to become more systematic and grounded in educational theory. It is also unclear what educational qualifications are held by CT trainers, to help them identify the needs of diverse audiences, to deliver security related content and set achievable learning objectives for their training events. Finally, there is minimal evidence of evaluation or assessment of embedded learning to quantify the effectiveness of CT training during or after delivery. These considerations are brought into stark relief by the training shortcomings identified in the public inquiry into the Manchester Arena bombing (2021). Additionally, the inexorable development of a ‘Protect Duty,’ also known as ‘Martyn’s Law,’ will potentially transform the CT training landscape, signalling a shift from Security Service and police-led programmes to industry-led CT training for protecting publicly accessible locations (PALS). These topics have only been superficially explored in the available literature (Home Office 2021).

An interview study was selected as the most appropriate tool for obtaining personal and first-hand insight into this previously under-explored area of research. The study sought to consider the experiences of the private and public sector representatives responsible for commissioning or delivering events, with the intention of drilling down into the interests of the operators of crowded places, security companies and the Police Service. Specifically, interviews provided an opportunity to engage with and obtain research data from senior individuals who were directly involved in delivery or commissioning of events. One-to-one interviews were preferable to group-based discussions or a questionnaire study, as interviews allowed the researcher to gain the personal trust of the subjects and probe key areas in greater detail. It was also possible to address commercial and security concerns as the participants did not have to discuss potentially sensitive information in front of competitors or colleagues. The author also sought retired police officers and private sector trainers, to reflect the historical evolution and ongoing delivery of CT training courses, but also to probe their skills and qualifications. This approach broadened the understanding and evidence base beyond current practice. This study generates new evidence and insights by presenting the results of an interview study designed to examine, how theories of education informed both the development and delivery of UK CT training events, if commissioning bodies and trainers reflected the evidence supporting systematic evaluation practices, and if educators sought to identify methods of embedding learning in organisations that attend training courses?

Method

Design and procedure

23 semi-structured interviews were conducted in-person between July 2018 and June 2019. The semi-structured format was used to retain flexibility whilst keeping the conversation on track. The interviews lasted between 30 and 90 min and all were audio recorded. The study was approved by the King’s College Research Ethics Committee (MRS-17/18-6347). This approach also allowed participants to discuss issues related to their own background, and the interviewer could still probe key areas requiring closer examination or challenge (Silverman 2006). The majority of interviews took place at the participants’ places of work, while seven were conducted in a private office at King’s College London.

Participants

The public sector participants were drawn from the Police Service, either Counter Terrorism Security Advisers (CTSAs) or ‘Awareness Advisers’ (CTAAs) as well as uniform officers involved in either Project SERVATOR or SCaN. Other participants were police officers or staff working strategically in NaCTSO or the Security Industry Authority (SIA). Private sector participants were drawn from senior managers involved in commissioning or devising security solutions, or trainers involved in delivering events. The broad representation of crowded place sectors reflected in the interview cohort included governmental and public buildings, commercial and financial, transport (including rail, aviation, and road), shopping centres and Business Improvement Districts (BIDS) can be seen in Table 3. The sample included 16 male and 7 female participants.

Table 3 Interview cohort by sector and remit

Interview Schedule

The interviews were structured around the stages of arranging and delivering a CT training session, through to seeking to embed learning and exercising (Table 4).

Table 4 Precis of subject areas for interviews

The schedule was loosely followed to keep the conversation on track, but participants were free to discuss issues related to their own experience beyond the interview schedule. The order of topics covered varied depending upon the interviewee. For example, NaCTSO staff had been intimately involved in the development of products, but not delivery, whilst CTSAs are delivering events daily.

Analysis

The interviews were transcribed and thematically analysed following the six-stage interpretative analysis methodology of Braun and Clarke (2006):

1. 1.

   Familiarisation—transcripts were firstly read, re-read and annotated.

2. 2.

   Initial coding—coding of interesting features across the whole data set.

3. 3.

   Searching for themes—sorting the codes to identify themes.

4. 4.

   Reviewing themes—tabulating patterns and accuracy across the whole data set, with important moments or comments in the data being noted and categorised. Emerging themes were married with quotations from the transcripts.

5. 5.

   Defining and naming themes—explaining the content and naming themes.

6. 6.

   Writing up—telling the story of each theme.

Results

The most prevalent themes are now reported, supported by appropriate quotes from the interview participants, coupled with job title and unique reference number.

Challenges to delivering counter-terrorism training to private industry

There are significant challenges to engaging with business. To set the scene, the current economic climate means that the private sector, in the form of corporate bodies and private security companies ubiquitously use either mobile technology or e-learning to deliver training. This approach helps to control the content or save money on staff time away from the workplace. These cost saving actions, coupled with the absence of any legal compulsion to undertake any form of CT training or awareness activities, provide challenges for CT practitioners seeking to deliver events. On the ground the security industry is also varied and diverse:

“There are 360,000 SIA licence holders out there so if we can improve or build on the CT training, brilliant, but the turnover is about 60% a year so it’s a very casualized industry. If you go to The Mumbles Mile in Swansea it’s a dad and his three sons running a door. At London Bridge, the guys who were heroes there, weren’t from Mitie or G4S. They were small, some of them sole traders who worked this door, and that door, and this door. So, actually accessing them is really challenging, certainly not between 8-4.” (0005—SIA manager)

This disparate structure creates challenges for engaging with and educating the sector. Respondents reported that SIA ‘badged’ security officers can go unchecked for many years after initial training with little continued professional training (CPD):

“[….] 20,000 stewards in sports grounds and 10,000 of them might not have done counter-terrorism training even after 12 months service.” (0017—security manager)

These findings explain the inconsistency of knowledge and experience in a crowded place, coupled with a mixture of short-term contracted and in-house security staff. This can lead to a lack of collective understanding of what hostile reconnaissance looks like, dealing with suspicious items or managing evacuation. A private security trainer (0012) was exasperated at how difficult it was to change this situation because, “if it’s going to increase cost, then private companies won’t buy into it.”

A contrasting picture was painted for security officers in the more affluent Canary Wharf financial district, who are hard to distinguish from Home Office police officers:

“[….] they are on £32,000. So private security is in public places. Partly it’s a financial issue. I mean the Police is shrinking and has been shrinking for many years. The first 20 people on the scene of an attack won’t be police officers they will be security guards. So, the Police and UK PLC need to prepare the Security Industry for that responsibility.” (0005—SIA)

This security team are trusted to deploy Project SERVATOR themselves and the site is regularly used for national training (CPNI 2017). This substantial investment by business and government is to keep the financial infrastructure of the country working. Business clearly gets what it pays for, often bringing in training from retired police officers and is less reliant upon the authorities to increase CT awareness. Contrastingly, at an average shopping centre, talk there was only of cutting costs and “the bottom line” (0013—security contractor). As a national security manager added:

“[.…] if we compel people to attend, we have a liability to pay them.” (0017—security manager)

The Police Service still do not charge for delivering CT training events and uniquely they hold the most accurate and up to date threat information. These two factors incentivise business to attend events, but the risk is that they merely become a ‘tick box’ exercise, unless accompanied by rigorous evaluation. If evaluation is not used to measure the success of CT events, then it will be harder to resist pressure from the private sector to run diluted CT training, an almost inevitable outcome if the proposed ‘Protect Duty’ is to work.

These interviews did find an appetite within the private security industry themselves to deliver more training. One company was already internally facilitating the delivery of ACT: e-learning:

“I suppose I would say 15-20 in a room, no more than that and I will not do any work and I will ask for six volunteers and the volunteers will do one module each with everybody answering the questions, so, it’s a consensus in the room.” (0012—security trainer)

However, there were clear reservations from within the industry about the standard of training that could be provided:

“Most presenters are ‘Mr Monotone.’ We do 50% theory and 50% practical on searching and involve the CTSA to deliver ARGUS.” (0008—aviation security trainer)

Larger corporate organisations were more optimistic, suggesting that products such as SCaN could readily be delivered by the private sector, but only if the wider range of CT products were improved and their staff:

“are left with a very clear understanding about what the 3 key messages are.” (0021—private security trainer)

The SIA felt badly let down by NaCTSO, following the disastrous launch of the GRIFFIN ‘self-delivery’ initiative (Home Office 2016):

“There were 324 companies that signed up to deliver GRIFFIN. It was an absolute disaster, lastminute.com, they came to us and said would you mind bringing together I think it was 20 groups, or something like that. Where is the evaluation, this was over 12 months ago?” (0005—SIA)

The message from the private security industry was encapsulated by a security manager:

“When they say, ‘they want the private sector to do more’, they’ve gotta be clear about what they want us to do?” (0013—security manager)

The private sector may be able to do more but there were still potential problems uncovered around capacity and oversight. Umbrella organisations such as the SIA were seen to have little influence, having myriad responsibilities to not only administer the constant badging of security staff, but also to investigate breaches of regulations and safeguarding standards. The call from these interviews was for CPD of existing staff, but also a reform of the SIA CT training, to at best achieve a basic grounding in the subject.

The demerits of e-learning

Private sector commissioners of training preferred e-learning as a cost saving measure, despite the evidence in favour of experiential and ‘immersive’ learning:

“[.…] staff are travelling on public transport, making tea, so we’ve now created a voice over on our training so that while people are conducting other elements of work, they can still listen to the voice over or listen on a train.” (0017-security manager)

The result was that in the first 8 months of ‘ACT Awareness e-Learning’ going live in 2018:

“[….] about 125,000 people have used it online and probably about 140,000 have used it via their organization.” (0014-NaCTSO)

A company hosted the product on the company intranet:

“[.…] all of our staff get that with the 6 modules of training, that goes to every member not just security.” (0012-security trainer)

But a dichotomy exists for a number of trainers that were interviewed. They felt that the experiential collective problem-solving element was missing on-line, and preferred face-to-face delivery instead of just ‘clicking’ through in isolation. To such an extent that the above trainer runs the training in a classroom with a group of staff who work together to run through the product. An activity that serves to undermine the credibility of the product.

E-learning also creates challenges when it comes to quality assurance. A NaCTSO staff member (0014) commented that the data collected on usage is not reliable. One person would log in, but the account was used to do, “do multiple sessions with multiple learners present.” This provides additional evidence of the general lack of systematic evaluation in CT and feeds into more fundamental scepticism of the e-based methodology:

“[….] we absolutely hate it because you go click, click, click, click, click to the end, click, click, click, click, click to the end of that section and then you get to the questions and you can do the questions as many times as you want and pass—didn’t learn anything, ticked the box.” (0026—emergency planner)

These views were also shared by the largest single user of ACT e-learning:

“[….] we’re playing a government game simple. When they launched GRIFFIN, umm, in 2016, umm, they said we want a million people trained in a year, right I won’t necessarily quote anybody, but the figures were less than 200,000. So now with the e-learning, they want two million—so sorry call me cynical […] it isn’t high on their profile—they’ve got other things to worry about, anti-social behaviour and crime.” (0012—security manager)

UK CT e-learning courses provide a way to put the onus on the employees to train themselves in their own time and expense, ostensibly to give them more control and flexibility. At the same time, the approach is considered unreliable, both from the perspective of quality assurance of satisfactory completion and learning, to being regarded as merely a ‘tick box’ exercise, necessitating companies to facilitate learning. The first volume of findings inquiry into the Manchester Arena bombing found that staff there failed to complete their on-line training diligently (UK Manchester Arena Inquiry, 2021).

Failure to understand private business

A golden thread through these interviews was the lack of understanding on the part of the authorities of the needs of business. Firstly, perception of threat is important because it influences the appetite for customers to commission CT training. Public and private sector interviewees outlined how the demand for CT session amongst business clearly correlates with an increase in attacks domestically or globally, then subsides as normality is perceived to return. In London it was found that:

“It took the high-tech marauding attack, you know, like a Paris November 15 type attack to get a lot of investment here.” (0016—security manager)

The perceived threat from terrorism was also geographically bounded. Outside London, despite reports of disrupted plots and a prevailing high national threat level, businesses would not:

“[….] take the threat seriously because they don’t think it’s going to happen here in the West Country…I think that’s the biggest problem.” (0004—CTSA)

Other priorities were vying for attention amongst SMEs:

“[….] crime, vandalism and the decline of the high street. The larger retailers get it because they get security for crime and, of course, they don’t really want it for their shopping centre to be seen reputationally as having the CT attack.” (0018—South West BID)

The prevailing lack of understanding was articulated by a national trainer at the Emergency Planning College, who ran courses for music festival operators, and suggested that there was a deep tension between the operators and CTSAs around perception of threat in relation to CT advice at major events. This undermined the credibility of CTSAs advice:

“Most of the time at a public event, HVM barriers around the site that would have stopped evacuation…they didn’t need a ring of steel. Some of this advice was going against other risks, so fire risk.” (0026—emergency planner)

Operators felt the threat has remained static, but CTSAs still over-specify impractical physical security measures. The sentiments of this interviewee are supported by other research that found evidence of CTSAs making inappropriate recommendations leading to sites being unable to function normally, undermining efforts to improve resilience (McIlhatton et al. 2020).

The above obstacles and absence of any means to compel business to participate in CT training, requires a credible and highly skilled CT professional to negotiate attendance. A key requirement is an understanding of how a target business works and their learning needs (Schein 2010). A re-occurring theme from these interviews was that CT practitioners often fail to understand:

“[.…] their local concerns…you need voices that will support you and you can’t expect it to happen, if the community doesn’t grasp it.” (0025—business continuity adviser)

Trainers were once more seen to be too rigid in their approach and were then surprised that few people turned up for a 2–3 h session. Some successes were recounted by capable, persistent, and flexible CTSAs, who managed to deliver events in hard-to-reach areas, including a street market:

“[….] sometimes there were […] 15-20 people there and I didn’t think it was a waste of my time delivering to 3, to commit to a once every 6-week event for a shorter GRIFFIN, so it was only an hour’s input.” (0007—London CTSA)

Another experienced CTSA used a blended and flexible approach, with smaller independent businesses:

“I’ve got 10 minutes. Can independents attend a 3-hour session? —no, never. I can go to them and do short sessions in different locations, so, it’s coming out with more of a diverse approach.” (0024—CTSA)

This flexibility also meant actively taking time to explore audience interests and the expertise they brought to the room:

“[….] they forget there are thousands of very, very good people in the private security industry…you go into these presentations, and they talk down to them, like they are 10 years of age.” (0005—SIA)

So, this study has found it vital to strike a balance between shortening the content to fit with business needs, whilst still retaining a sound educational methodology. An approach not lost on the CTSAs:

“I’m all in favour of the doing to learn because people will remember umm, that’s kind of one of the key, umm, messages that you, bring away from your Certificate in Education and Training.” (0024—CTSA)

The private sector interviewees also saw the ability of the trainer as key to achieving this fine balance:

“[.…] the session stands or falls on the quality and credibility of the person presenting and on one session unfortunately both the quality and the credibility was lacking, and I think it meant that the experience of those people who, who were listening to it was significantly reduced as a consequence. It was a police officer.” (0021—BID)

From these interviews the success or failure of events appears to hinge on the skills of the trainer. Having legitimacy within the eyes of the audience, grounded in sound teaching skills, a capable educator can understand the needs of attendees and deal with challenging questions, which feeds into the next theme around the importance of adult learning theory in the development and delivery of events.

The application of adult learning theory to CT events

This theme serves to underpin the need once more for CT trainers to better understand their adult audience. Several experienced CT trainers were interviewed in this study. They supported the benefits of experiential learning for adult workers (Kolb 2015). They expressed the desire to better involve participants:

“[….] as opposed to training that people see as something being done to them and I think they should get to shape those learning outcomes actually.” (0023—police trainer)

Respondents also supported a clearly defined framework of achievable aims and objectives for events, coupled with subsequent testing to evaluate learning. For example, CTSAs argued that for the Police Service derived products, the objectives could be boiled down to:

“[….] they need to react quickly […] and take control…to understand how you could have prevented it and how could you perhaps recover.” (0004—CTSA)

Then for the SCaN product:

“[…] you give them an understanding of what hostile reconnaissance is and then you start to talk about where the hostile would get their information.” (0009—SERVATOR trainer)

However, what eventually became clear from this study, was that these aspirations for centrally produced training products, often had little connection with the reality of on the ground delivery. One CTSA highlighted that, while objectives might be on a lesson plan, they were open to individual trainer interpretation. This CTSA was scathing about ACT products:

“You need your overall aim (laughs) and you need your SMART objectives....so, I need to be able to read those objectives out to the people in front of me and know that I can achieve them by the end of the session and I, and it’s difficult, because they don’t seem to, whoever’s writing the stuff to me, they haven’t done the courses, they don’t understand the basics.” (0024—CTSA)

The day-to-day experiences of the customers for CT training mirrored these comments:

“[….] objectives are a problem, there really aren’t any objectives and perhaps there should be. It is just about a bespoke session, raising awareness of terrorism and they can be poorly attended. Don’t get me wrong, we are grateful [….] but we would like it all a lot better co-ordinated.” (0018—SW BID)

It is apparent that participants in CT events need to clearly understand what is expected of them to learn and retain focus. There is also a corresponding need to tailor the CT training product to the training need and the ability of participants. The objectives need to be simplified, agreed beforehand and achievable, again a job for a skilled educator. This conclusion opens the door to more fundamental questions around CT products and their delivered which are covered in the next theme.

The credibility of CT trainers and the products they deliver

Unfortunately, these interviews suggest that CTSAs can be on the back foot in their attempts to ‘train’, even before their CT event starts. These interviews have highlighted issues around the credibility of CT initiatives by uncovering a fundamental and persistent debate amongst the CT community about the definition of CT events, as either ‘training’ or mere ‘awareness raising.’ The reluctance may be born of a post-Manchester Arena fear of litigation. Amongst the CTSAs and NaCTSO staff below, there was clear discord:

“It’s awareness in my book that we’re delivering, it’s not you know I think you’ve got to be very careful when we use the word ‘training’, it’s giving people a brush stroke, bit of knowledge.” (0004—London CTSA)

Then outside London:

“Are we awareness raising? Absolutely […] we want them to remember things, we do want them to change procedures or adapt them or give them praise if they have already done that.” (0024—CTSA)

Even within NaCTSO, a senior manager was of the view:

“[….] very much we come from an awareness perspective at that, umm, rather than specifically training, umm, so just trying to improve the general knowledge.” (0020—NaCTSO)

Although this was in stark contrast to the then NaCTSO head of training:

“[….] learning is obviously absorbing the information to then apply to their day-to-day job or whatever it happens to umm, if learning is taking place that is a form of training ‘awareness’ is just information giving. Historically we wouldn’t have any idea about what was being taken out the door.” (0022—NaCTSO)

It is impossible to assess or quantify the success of CT programmes, be they training or awareness events, without clearly defined, achievable aims and learning objectives. This undermines events before they start.

CT events require skilled facilitation, and some interviewees brought up the topic of the variable level of teaching qualifications held by CT trainers. Of the seven public sector trainers interviewed, five held a minimum of a BTEC Level 3 in Education and Training and two held a Certificate in Education, a skill level not typical of the wider network, as in 2018 NaCTSO reported that only 19% of CTSAs had any form of even a rudimentary training qualification.² A current CT product SCaN, was initially devised by the CPNI but then passed to the City of London Police to manage. It was the CPNI who had insisted that SCaN could only be delivered by CTSAs holding the Level 3 BTEC training qualification. This indicates a drive by the CPNI rather than NaCTSO, to improve the quality of delivery by CTSAs. These education-relevant skills are important baseline requirements for course designers and trainers. Individuals with these qualifications are more likely to focus on understanding the learning needs of an audience, set clear aims and objectives, and evaluate the learning they hope to instil. The then NaCTSO head of training appeared to appreciate the importance of ensuring that all CTSAs held basic teaching qualifications:

“CTSA’s will say that they are not trained trainers so as part of their professional development we are obviously rolling out the Award in Education Level 3 for all CTSA’s and CTAA’s in the network to give them the different tools to be able to […] deliver the same message.” (0022—NaCTSO)

Although, as one CTSA remarked:

“[.…] there’s a whole, there’s a vast disparity across the network, in terms of ability and knowledge.” (0004—CTSA)

Another added:

“[….] there was a CTSA within the Met who I shall not name that said, ‘I can’t do presentations’…well who employed her?” (0007—CTSA)

The police respondents also reported that, in addition to teaching skills, training courses would benefit from regular observation of delivery through a national structure. A College of Policing assessor emphasised:

“It’s really important to have a training development officer, to go in and sit at the back of the class and look at all aspects of the training yeah, look at the aims and objectives of the lesson plan and see if they were met, and debrief the trainer.” (0023—College of Policing)

The one-to-one discussion could be aided by a reflective journal with ongoing development objectives for the trainer. The then head of training at NaCTSO (0022) expressed an aspiration to undertake, “official assessment of CTSA’s delivering any course will form part of their professional development.” A CTSA (0024) agreed, “we could do it better, we need peer assessment.” The only form of assessment found in these interviews was the action taken by companies who were dissatisfied with CT training, and according to one security manager (0016) this merely meant, “don’t ask the trainer back”, rather than informing the authorities. The result is that a lack of structured assessment makes it impossible to identify effective or ineffective practice, which impedes any change or improvement.

Product suitability and a ‘scatter gun’ approach to delivery

Interviewees repeatedly undermined the NaCTSO mandate that individual CT products must be delivered to defined specific audiences:

“ARGUS is meant to be for decision makers, well I think the reality is, if you spoke to colleagues up and down the country then they have probably all delivered an ARGUS to 6 people and 2 of them were security guards who have been told to go.” (0014—NaCTSO)

It was consistently found to be extremely challenging to get CEO attendance at CT events, although CTSAs, also disagreed with NaCTSO and preferred a cross-section of attendees:

“It’s good to have the person at the coal face, it’s good to have the cleaner there—these are the people who are about their business a lot of the time, so they are the people who are likely to pick up on hostile reconnaissance, it’s not going to be the CEO. Equally, in the same breath you want the person at the top of the tree or the person who has the finances to say, yes we will invest in that.” (0004—CTSA)

Whether or not they continue with siloed audiences or adopt a more inclusive approach, CTSAs reported a lack of control and clarity over who attends the training events, and the minimum numbers required to gain benefit from a diversity of voices at events. These issues are compounded by an absence of robust record keeping about the audiences receiving training and locations of delivery. As a CTSA outlined, the lack of control over attendance has made it difficult to follow-up and embed learning:

“In terms of staff trained, businesses say ‘well I don’t know really’…and they don’t know who has left, who was trained and who has left that wasn’t trained.” (0007—London CTSA)

The cumulative effect of these comments was a sense that UK CT training adopted a scatter gun approach to delivery which dilutes effectiveness and militates against evaluation. These findings depict the CTSA community as being reactive. The pressure to deliver more events means that they lack control over targeting events in areas of greatest vulnerability, over ensuring the right staff attend, and any opportunity to mutually agree training objectives with the host organisation. These failings may necessitate a paradigm shift in thinking about the CTSA role, as the CT profession may have set the ‘bar too low’ in recruiting the right people to elicit any real organisational change. A preponderance of bespoke CT events identified by interviewees also suggests a lack of practitioner confidence in the existing training materials, or pressure to complete events in a shortened timeframe to accommodate business needs:

“The last sessions were short 20-minute ones run by […]. This is in addition to the previous ones run at the rugby club. But it is notoriously hard to get the right people to attend and join things up across the city.” (0018—BID manager)

The bespoke nature of events was attractive to this BID representative and colleagues. Adaptation of existing courses allowed for ‘short-sharp’ inputs. This addressed the challenges of getting people to attend CT training when they had other preoccupations. BIDs preferred events to be wide-ranging in appeal for business, perhaps to additionally discuss crime trends. Once again, this emphasises the importance of a trainer having the skills to adapt delivery to the needs of the audience and not just rigidly deliver the same old product. Tacit but non-official support also came from NaCTSO:

“[….] however, are people delivering bespoke products? Well, of course they are. But an edict has gone out saying no bespoke products.” (0014—NaCTSO)

The security industry (SIA) felt more strongly that the then current CT products simply failed to meet their needs:

“So, what we immediately identified was the products NaCTSO offered were inadequate for the security industry. Its generically business focussed, which is fantastic, it was a good product and it raised awareness. But actually […] no, NaCTSO still have no knowledge of the industry, they are quite arrogant.” (0005—SIA manager)

This re-occurring theme of not understanding industry, appears to be what led the SIA with Police Scotland to develop the ‘You Can ACT’ product, which they felt was more aligned to the needs of an SIA trained guard force. Although positively evaluated the initiative was not supported by NaCTSO (SIA, 2018). Another interviewee highlighted the case of a major UK shopping centre where they had further taken matters in their own hands developed a bespoke CT exercise:

“[….] more bespoke to what businesses wanted. They worked with business together to make sure that everybody took it really seriously […] they’ve got their own RUN HIDE TELL now from it.” (0026—emergency planner)

A rigid centralized and ‘top down’ approach by NaCTSO creates a situation where CTSAs are using their own initiative to improve products and commercial interests can act with impunity if they do not feel that the current CT products meet their needs. A transport security manager outlined how NaCTSO released new public transport security guidance in 2018, without the knowledge of the regulator or the industry:

“[…] the first I knew was when the CTSA mentioned it to me.”

(0011—transport security manager).

These interviewees recommend a much more consultative approach to help build trust and establish how business operates. For example, the Police Service can either seek to acquire the knowledge to deliver security related content, or allow the security industry itself to lead on such content. These findings mirror evidence from wider policing suggesting that initiatives co-produced with the public are more successful (Crawford 2017). If new CT training products are not developed in partnership with business, the risk is that the programmes will fail to connect with the experiences of their audience and minimise the opportunities for learning. Systematic evaluation of the existing products was considered the best method to determine what works and aid the development of new and improved products.

There was equal exasperation reported around the lack of understanding of how events are targeted, with the risk that CT events are being delivered randomly to the organisations with the loudest voices. The view was expressed that the choice of training product was secondary to protecting areas of ‘grey space’ in aggregate crowded places, areas where there is little demarcation of responsibility amongst business and operators, significant in the Manchester Arena bombing (Aldworth 2018). There was clear evidence here that security operatives wanted to be proactive, to work together and CT training was a tool to help them:

“In our security meeting, at each meeting we get 40-45 people but that, that can be where those grey space issues and questions start to crop up.” (0019—BID manager)

To address grey space, the respondents supported a multi-skilled approach that does not just rely on the police running a SERVATOR deployment and then seldom being seen, but advocates working more closely with the best of the private security industry, using all of the skills advocated in the range of SCaN products. In the City of London, for example:

“[.…] one security officer from those 5 premises come out and do a joint deployment […] not just security, but all those customer experience people and the company ambassadors, all of those types of people by doing it totally yeah, to improve your corporate identity and your customer experience.” (0015—SERVATOR lead)

These interviews indicate an appetite within the private sector to undertake more CT training and then to integrate their new skills in their crowded places. At the same time, it was also clear that strong facilitation and delivery skills were needed from CT practitioners to make these advances happen on the ground. To secure wider attendance it was necessary to offer more flexible content whilst still achieving core CT objectives.

NaCTSO did aspire for CTSAs to have a key partnership role to improve communication but were unable to articulate how a cohesive plan might be achieved. Other respondents considered it essential to find a way of ‘speaking the language’ of business and the security industry, to mutually understand each other’s concerns and encourage greater collaborative working, but this requires longer term investment:

“[.…] you can’t organize them, umm, and walk away and expect it to happen, if the community doesn’t grasp it.” (0025—resilience manager)

In vulnerable crowded places it was also clear that interviewees felt that to improve matters, the relationship between the CT authorities and the private security industry needed to be more open to improve trust and co-operation. A senior shopping centre security manager perceived a reluctance on the part of the Police Service to delegate police powers and share intelligence, which was and an impediment to improved partnership:

“[….] there’s an opportunity for the police to review those relationships and perhaps be a bit more open around intelligence and information.” (0013—security manager)

Greater joint working would lead to the needs of the security industry being incorporated into jointly designed training programmes. Such action would create a two-way street, to enhance co-operation and trust.

The absence of evaluation and embedded learning

Finally, inadequate evaluation was mentioned several times by participants, having previously come up in relation to the demise of Project GRIFFIN ‘self delivery’ by the security industry (Sect. "Challenges to delivering counter-terrorism training to private industry") and the inadequate management information data collected for ACT. Evaluation of e-learning is especially poor. The only measure of success was found to be increased participation numbers at CT events, suggesting that the priority is being placed on quantity, rather than the quality of training. A CTSA noted:

“[….] we don’t do enough in terms of feedback and evaluation, no. I suppose the emphasis has become over time more about delivering events rather than kind of umm more about quantity.” (0004—CTSA)

Only very small-scale attempts were mentioned concerning post-event evaluation. For example, following the 2017 Borough Market attack, one CTSA shared that some businesses in the area had attended a Project ARGUS event on the previous day. Unfortunately, it had been run in daytime hours, preventing workers attending who may have been there for the attack. He confided:

“So, sites had briefed their staff on a lock-down procedure and certainly a couple of the pubs went into lock-down, which they wouldn’t have done before the ARGUS is what they said.” (0007—London CTSA)

The example noted above took place in the wake of a terrorist attack in London. The importance of translating training to the day-to-day work environment was also noted:

“I tend to major on when you go back to your place of work the three things that I would like them to do. There is definite merit in going back to these sites, to the organiser in say 12 months’ time and major on it they got a grab bag and perhaps embarrass an individual into thinking perhaps we ought to invest in something.” (0004—CTSA)

When these interviews were undertaken there had been little update to CT training products for 10 years, with frequent overlaps in the aims and objectives for events and little understanding of what success looked like in respect to UK CT training for protecting crowded places. Principally this derives from little collective agreement about the achievable objectives for CT sessions even at the point of delivery. This impedes the development of both improved events and any organisational learning through action planning.

Discussion

These interviews supported the application CT training events tailored to the needs of the adult workers in crowded places. Key components of such an approach maximise joint problem solving and are grounded in the participant’s workplace experiences (Kolb 2015), are immersive (Aplin and Rogers 2020) and based on the principles of andragogy (Knowles 1984). Qualified trainers appreciated the importance of theory underpinning development and delivery, but little evidence was found of this happening in practice. Reducing CT events to the mere status of ‘awareness raising’ risks participation by workers being viewed as no more than a tick box exercise and gets CT professionals ‘off the hook’ in terms of helping businesses to become more resilient. There was support for trainers acquiring basic teaching qualifications, to help them understand the importance of recognising learning needs, lesson planning and how to quantify learning (Gravells, 2020). In day-to-day reality, however, it was found that trainers lacked basic skills, and some customers for events even questioned the credibility of some CTSAs, with a complete absence of any systematic quality assurance of delivery or training outcomes.

In the face of low threat perception and the post-pandemic economic downturn, respondents here did still provide a small number of examples of the successful application of educational theory to CT training. These examples provide a road map for future improvements. Evidence was found of highly professional CTSA trainers who disregarding the rigid parameters set by NaCTSO and produced innovative bespoke events, tailored to the needs of their customers. These CTSAs reflected the urgent need to devise integrated but shorter training sessions that were still experiential, contained core CT content, but often broadened out into crime, other front of mind concerns of business and the security industry and addressed the key challenge of ‘grey space.’ These events emphasised sound educational theory, and the necessity to have clear achievable objectives linked to the PSIA survey.

No evidence was found of attempts to establish if learning had taken place at the end of sessions, or if changes were implemented after events as outlined by Kirkpatrick (1994). There was also no evidence that participants in CT training were encouraged to reflect on their learning or action plan for the future as recommended by Schon (1987). Only a limited number of CTSAs articulated their understanding of the need to evaluate events, to show that objectives had been achieved, and subsequently return to businesses and assess improvements against the PSIA. But this desire was offset by the pressure to hit performance figures based on quantity of events delivered, rather than the quality of learning. If this challenge is met, with a resultant increase in CTSA professionalism and credibility, it may usher in opportunities for improvement, as too might a legal obligation to protect against terrorism. This may force the CT authorities to be less reactive, to ensure that an appropriate audience attends events that complement a security survey. Improved records of attendance would make it possible to monitor learning and effectively follow-up in the workplace. The views expressed in these interviews, clearly supported the widely held belief that the Police Service is generally poor at evaluation (Lum, 2006, Mitchell, 2016). Increased professionalism, control and trust on the ground at CTSA level, would encourage innovation in delivery, but also provide the capacity and skills to systematically evaluate learning. Enhanced trust should lead to better partnership and improved collective resilience. Barker (2009) found that training participants were ‘eager’ to implement workplace change following training but needed an ‘active workplace mentor and support’ to ensure that change became a reality. She also highlighted the important role of the trainer or facilitator who can build a relationship with an employer in order to motivate the change. Linking a security survey to training and then following-up on learning will help to embed organisational learning. However, only anecdotal accounts were heard here of organisational learning. Examples included the wasted opportunity at Borough Market, where the right product was delivered, and some learning did take place, but with little consideration of delivery time or audience composition. A lack of intent and capability to follow-up and validate organisational learning was consistently reported by interviewees.

These interviews were conducted before the government consultation on the nature of a ‘Protect Duty’, which has the potential to have a radical influence on embedded learning (Home Office 2021). No longer would CT have to compete in the workplace with health and safety, or manual handling training, but it may need to be considered amongst the other topics, such as crime or anti-social behaviour. A downside of a Protect Duty would be that private training providers could be trained to train, but at a cost. Little evidence was found here of capacity or capability outside larger corporations and the result could just be a potential diminution of quality and oversight, leading to a two-tier system. A positive outcome could be the formalisation of the need identified in the interviews for an ongoing relationship between CT practitioners and operators of crowded places. Any embedded learning is essentially dependent upon partnership to follow-up on learning from training events and elicit organisational change.

Conclusion

This interview study is unique in its use of semi-structured interviews with both private and public sector staff involved in this previously unexplored area of UK policing. Little evidence was found of applied educational theory despite a recognition of its importance in the interviews. CT practitioners need urgent up-skilling to better understand both individual and organisational training needs. The appetite to improve CT events was detected from trainers and participants. There was a clear call amongst respondents for improved CT products that are tailored to the needs of an adult audience in an immersive and simulation-based format. Although, it was recognised that there are enormous financial costs associated with producing training products with the high-quality production values of, for example, Project ARGUS. In spite of this, significant challenges prevailed: differences in opinion over the function of CT events; an obsession with quantity over quality; little control over attendance; and confusion around the aims and objectives of conflicting products. A continued absence of systematic evaluation will offer little opportunity for sustained embedded learning within participating organisations.

At the same time, however, a number of examples were identified of CTSAs resisting the seemingly inexorable demand for on-line rather than in person training. As a result of the long-term relationships formed with businesses, they were able to better understand these organisations as suggested by Schein (2010). This approach offers the best opportunity for improved training and embedded learning. The mutual understanding of security need based on the PSIA, enables the correct training product to meet the organisational need, with a small number of achievable objectives. These CT training products can be tailored to the location but still contain the over-arching learning objectives. The CTSA then has more control and time to collate a post event action plan and follow-up to help embed learning, using a clearly understood evaluation strategy, based on the model advocated by Kirkpatrick (1994). Local knowledge and sustained relationships offer the best opportunity to embed learning, but with appropriate quality assurance and evaluation structures in place. There were private sector examples seen in the interviews of security officers working co-operatively and patrolling the whole crowded place together, rather than just their own, to ‘push-out’ and defeat hostile reconnaissance. This partnership approach should be encouraged by CT practitioners, to not only defend areas of ‘grey space’, but also to resist a ‘two-tier’ approach, and include as wide a range of businesses as possible, regardless of their size or corporate influence.

Recommendations

The following recommendations are made for the UK authorities to improve the development, delivery and evaluation of CT training sessions to maximise both individual and organisation learning from events.

Delivery of CT training must be based on proven need

These interviews identified an unstructured and random approach to the delivery of events, with widely unreliable national figures for delivery. A baseline of data is needed for the locations of historical delivery, to map against the tiered national PSIA list. This data will help to identify gaps and any best practice, and to ensure that delivery is focussed on the specific security needs of most vulnerable crowded places. Emphasis should also be given to those aggregate sites with significant areas of ‘grey space’, where responsibility is unclear and disparate businesses have the potential to work more collectively. Engagement must be better co-ordinated, and activity recorded. Integrating CT training with emergency planning activities will provide a more professional and comprehensive response to vulnerability and build resilience in a sustainable manner.

Deliver experiential counter-terrorism training events

The interviews identified the benefits of training products that promote experiential learning for adult workers. Such events, emphasise active learning, ‘doing’, ‘testing’ and most importantly relating the session to places of work. Rather than the ACT products, the now discontinued Project ARGUS and You Can ACT, and the current SCaN programme, were found to fit better with the post-Coronavirus landscape, which also demands the use of either bespoke or shortened events that retain the experiential methodology. Future CT delivery must be tailored to wider security planning needs, particularly identifying hostile reconnaissance and encompassing newer attack methodologies, including the use of vehicles and bladed weapons. For example, events can be co-produced with the security industry and if the Police Service lack the expertise to facilitate security training, the industry should be trusted to deliver sessions.

Quality assurance of both CT products and delivery of events

A skilled facilitator is required to deliver CT events from both the public and private sector, as the Protect Duty will signal increased security industry-led CT training. Sect. "Challenges to delivering counter-terrorism training to private industry" illustrated the appetite within the private sector to become an integral part of CT delivery. Although NaCTSO reported that the number of AET trained CTSAs had increased from 35 in 2018 to 106 out of a cohort of 200 in 2020, this trend must be accelerated.³ A structured process must also be introduced by NaCTSO to quality assure and improve future CTSA and private sector training delivery through regular observation, feedback and support. These interviews reported significant variation in quality and credibility amongst CT trainers. A format currently exists within the lifelong learning sector to gain accreditation, known as a Level 3 Certificate in Assessing Vocational Achievement (Gravells, 2020). This training is supported by the College of Policing and some regional police training schools offer the qualification for their teaching staff. Structured and staged evaluation is also needed of the existing CT products themselves to increase the potential for embedded organisational learning (Kirkpatrick 1994). At the end of the CT event a measure of learning is formally undertaken and linked back to the objectives for the session. Time should then be allocated for participants to reflect on their learning and to prepare and record an action plan for their workplace. Follow-up on this action plan can take place after a minimum of three months, between a CTSA and a nominated manager as part of the ongoing PSIA relationship with the site.

Develop a crowded places exercise programme

CT training has run for more than 10 years, and several interviewees in this study identified the need to now test and validate any learning and embed organisational change. A short and portable suite of evidence-based CT exercises for workers in crowded places should be devised, to be delivered by CTSAs or skilled industry representatives. They can be of a ‘penetration (PEN) test’ format to test the organisational response to specific scenarios covered in CT training events (Cerastes, 2021). Validation of the learning from training will also provide evidence to business managers of the benefits in participation. These exercises must be co-designed and developed in partnership, particularly with the security industry, to ensure they are tailored to the specific needs of the sector being tested. Possible scenarios could be developed around: identifying hostile reconnaissance; dealing with a suspected IED to include decision making around evacuation or invacuation; or a VBIED seeking to enter the under-croft area of a shopping centre without appointment. These small exercises should be portable enough to deliver quickly, genuinely test the application of learning and the results must be de-briefed in a timely manner. Explicit tailoring to the needs of a crowded place, avoids the temptation to construct an elaborate exercise, builds trust and partnership, and offers the greatest opportunities for organisational learning.