Back in 2004, STRATFOR began publishing reports noting that militants — primarily Islamist militants — were changing their target set. We observed that after 9/11, increased situational awareness and security measures at hard targets like U.S. government or military facilities were causing militants to gravitate increasingly toward more vulnerable soft targets, and that hotels were particularly desirable targets. Indeed, by striking an international hotel in a major city, militants can make the same kind of statement against the West as they can by striking an embassy. Hotels are often full of Western business travelers, diplomats and intelligence officers. This makes them target-rich environments for militants seeking to kill Westerners and gain international media attention without having to penetrate the extreme security of a hard target like a modern embassy.
In early 2005, STRATFOR began writing about another trend we observed: the devolution of al Qaeda and the global jihadist movement from an organizational model based on centralized leadership and focused global goals to a more amorphous model based on regional franchises with local goals and strong grassroots support. As a result of this change, the less professional local groups receive less training and funding. They often are unable to attack hard targets and therefore tend to focus on softer targets — like hotels. Following several attacks against hotels in 2005 — most notably the multiple bombing attacks in Amman, Jordan, and Sharm el-Sheikh, Egypt — we updated our 2004 study on the threat to hotels to include tactical details on these attacks.
Now, following the November 2008 Mumbai attacks and the July 2009 Jakarta attacks, we are once again updating the study. The most likely method of attack against a hotel is still an improvised explosive device (IED), whether vehicle-borne (VBIED), planted ahead of time or deployed by a suicide bomber in a public area. However, after the Mumbai attacks, the risk of a guerrilla-style armed assault including the use of high-powered assault rifles and explosives against multiple targets within a given radius is quite high. The relative success of the Mumbai operation and the dramatic news coverage it received (it captured the world's attention for three days) mean that copycat attacks can be expected.
Additionally, attacks targeting specific VIPs remain a possibility, and hotels are likely venues for such attacks. The continuing (and indeed increasing) threat against hotels presents a serious challenge for the hotel and hospitality industry and foreign travelers staying at such establishments. Beyond the obvious necessity of protecting guests and employees, taking preventive security measures is emerging as a corporate legal imperative, with the failure to do so opening companies up to the possibility of damaging litigation. There are numerous ways in which hotel operators can mitigate risks and make their facilities less appealing as targets. In addition to physical security measures such as security checkpoints — which are believed to have deterred attacks against some hotels in the 2005 strikes in Amman — and protective window film, employee training and protective countersurveillance programs are invaluable assets in securing a property.
The Shift to Soft Targets
One of the important results of the Sept. 11 attacks was the substantial increase in counterterrorism programs to include security measures and countersurveillance around government and military facilities in response to the increased threat environment. The attacks had a similar impact at U.S. and foreign airports. The effective "hardening" of such facilities — which in the past had topped the list of preferred targets for militant attacks — has made large-scale strikes against such targets measurably more difficult. As a result, there has been a rise in attacks against lower-profile "soft targets" — defined generally as public or semi-public (some degree of restricted access) facilities where large numbers of people congregate under relatively loose security. Soft targets include various forms of public transportation, shopping malls, corporate offices, places of worship, schools and sports venues, to name a few. Between the first World Trade Center bombing on Feb. 26, 1993, and the second attack on Sept. 11, 2001, al Qaeda focused primarily on hitting hard targets, including:
- Nov. 13, 1995: A U.S.-Saudi military facility in Riyadh, Saudi Arabia, where two VBIEDs exploded. Seven people, including five Americans, were killed.
- June 25, 1996: A U.S. military base near Dhahran, Saudi Arabia, was hit with a large VBIED. The attack killed 19 U.S. soldiers and wounded hundreds of Americans and Saudis.
- Aug. 7, 1998: U.S. embassies in Nairobi, Kenya, and Dar es Salaam, Tanzania, were attacked with large VBIEDs. More than 250 people were killed and 5,000 injured.
- Oct. 12, 2000: The USS Cole was attacked with a suicide IED in a small boat while harbored in a Yemeni port. Seventeen sailors were killed in the attack.
After Sept. 11, there was a marked shift in attacks consistent with one of al Qaeda's key strengths: adaptability. The enumeration of al Qaeda-linked militant strikes since then reads like a laundry list of soft targets. While there have also been attacks — both foiled and successful — against harder targets like embassies since Sept. 11, the present trend of attacking softer targets (and specifically hotels) is unmistakable. Since the start of 2008, we have seen the following attacks:
- Jan. 14, 2008: At approximately 6:30 p.m. local time, three militants opened fire on security guards with AK-47s and hand grenades on the perimeter of the Serena Hotel in Kabul, Afghanistan. A suicide bomber then made his way inside the hotel before detonating the IED he was wearing. A local Taliban spokesman quickly claimed the attack, which killed six people and injured six more.
- Sept. 20, 2008: Around 8 p.m. local time, a VBIED consisting of about 1 ton of explosives detonated at the security barrier of the JW Marriott Hotel in Islamabad, Pakistan. More than 50 people were killed and some 270 were injured. The attack was blamed on the Al Qaeda-linked Islamist group, Lashkar-e-Jhangvi.
- Nov. 26, 2008: Attackers armed with rifles and grenades stormed the Oberoi Trident and Taj Mahal Palace hotels in Mumbai, India. Over the course of the three-day siege, 71 people were killed and more than 200 were injured. The attackers belonged to the militant group Lashkar-e-Taiba.
- June 9, 2009: Attackers with guns and a VBIED targeted the luxury Pearl Continental Hotel in Peshawar, Pakistan, around 10 p.m. local time. The attackers breached the security gate and detonated the explosive-laden vehicle next to the hotel. Sixteen people were killed and more than 60 were injured. The attack is believed to have been carried out by the Tehrik-i-Taliban Pakistan.
- July 17, 2009: Two suicide bombers belonging to a Jemaah Islamiyah splinter group detonated IEDs nearly simultaneously in the adjacent JW Marriott and Ritz-Carlton hotels in Jakarta, Indonesia. Nine people were killed and 42 were wounded in the attacks. The bombs had been assembled in the hotel room of the JW Marriott where one of the attackers had been staying.
This trend toward seeking out soft targets will continue as Islamist militant cells become even more autonomous and "grassroots" jihadists become more numerous in various regions. The emergence of regional al Qaeda franchises such al Qaeda in the Islamic Maghreb and al Qaeda in Iraq in recent years has further supported this trend. STRATFOR has even begun to see these regional franchises develop more autonomous and localized cells. Grassroots jihadists are al Qaeda sympathizers inspired by Sept. 11, the war in Afghanistan, the war in Iraq or some other event, but who often lack specific training and usually have little or no direct connection to the wider jihadist network.
Nevertheless, they can be dangerous, particularly if they are attempting to prove their value or if they are able to link up with someone who is highly tactically skilled. In either case, a lack of resources, planning capabilities and operational experience will necessitate the choice of softer targets. Staging operations against such targets allows militants to maximize the casualty count while limiting the chance of preoperation interdiction or operational failure. Whether the targets are hit, however, is a question of access and security countermeasures. Generally, soft targets attract high levels of human traffic and are surrounded by small — if any — security perimeters, often limited to gates and poorly trained guards. They are known to lack professional security personnel and rarely use countersurveillance measures. This makes them attractive targets in the eyes of a militant. The downside of hitting soft targets, from the jihadists' perspective, is that such strikes usually have limited political and ideological mileage. Islamist militants prefer targets with high symbolic value, but they have proven willing to forego some degree of symbolism in exchange for a higher chance of success. However, attacks against certain soft targets, such as synagogues and large Western hotels, can at times provide the necessary combination of symbolism and a high (primarily Western and Jewish) body count.
This trend toward seeking out soft targets will continue as Islamist militant cells become even more autonomous and "grassroots" jihadists become more numerous in various regions.
The Threat to Hotels
Hotels are the quintessential "soft targets." They have fixed locations and daily business activity that creates a perfect cover for preoperational surveillance. Extensive traffic — both human and vehicle — inside and outside the buildings still goes largely unregulated. This is especially true for larger hotels that incorporate bars, restaurants, clubs, shops, pools, gyms and other public facilities that cater to clientele besides the hotels' own guests. Because Westerners are very likely to be found at large hotels — either in residence or attending meetings, parties or conferences — such hotels offer the best chance for militants in many countries to kill or injure large numbers of Westerners in a single attack. The casualties could even include local business and government leaders, considered high-value targets especially if they are seen as collaborators or supporters of "illegitimate" or "apostate" rulers in Islamic countries like Pakistan, Saudi Arabia or Jordan.
Although hotel security workers do occasionally monitor and confront suspicious loiterers, militants have found that one way around this is to check into hotels, which gives them full access and guest privileges. The bombers who conducted the July 17 twin suicide bombings of the JW Marriott and the Ritz-Carlton in Jakarta, Indonesia, had checked into the hotel two days prior to carrying out the operation. The constant flow of large numbers of people gives militants ample opportunity to blend into the crowd, both for extensive preoperational surveillance and actual strikes. Furthermore, it is not uncommon to see anonymous and unattended baggage in hotels, unlike airports and other facilities. Attacks in recent years have caused hotels to increase security, especially at sites in high-risk locations like Pakistan and Afghanistan. But in many parts of the world, hotel perimeters are frequently unsecured, with limited to nonexistent standoff distance and easy access for cars and trucks — including buses and taxis that could be used as Trojan horses for a bombing. Also, it is common for vehicles to be parked and left unattended in front of many hotels. Loading ramps and parking garages offer other opportunities for those seeking to detonate VBIEDs.
Unlike an embassy, a hotel is a commercial venture and is intended to make money. In order to make money, the hotel needs to maintain a steady flow of customers who stay in its rooms; visitors who eat at its restaurants, drink at its bars and rent its banquet and conference facilities; and merchants who rent out its shop space. On any given day, a large five-star hotel can have hundreds of guests staying there, hundreds of other visitors attending conferences or dinner events, and scores of other people eating in the restaurants, using the health club or shopping at the luxury stores commonly found inside such hotels. Such amenities are often difficult to find outside of such hotels in cities like Peshawar, Pakistan or Kabul. Therefore, these hotels become gathering places for foreign businessmen, diplomats and journalists residing in the city, as well as for wealthy natives. It is fairly easy for a militant operative to conduct surveillance on the inside of a hotel by posing as a restaurant patron or by shopping in its stores. These hotels are like little cities with activities that run 24 hours a day, with people, luggage, food and goods coming and going at all hours. The staff required to run such a facility can number in the hundreds, with clerks, cooks, housekeepers, waiters, bellboys, busboys, valets, florists, gardeners, maintenance men, security personnel and others. There are emerging reports that one of the suspects in the July 17 Jakarta attack was a florist working for an outside vendor at the Ritz-Carlton and had been working there for four years. He apparently used his position to smuggle IED components into the facility among floral supplies. Such an inside placement could explain how the attackers managed to conduct the detailed surveillance required.
The long-term placement of militant operatives within hotel staff could pose daunting challenges to corporate security directors. There is also a risk that militants might be able to recruit or bribe someone already on staff in a target hotel to aid in an operation.
For jihadists, the ideological justifications for attacking hotels are numerous. In many countries with heavy militant presences, large hotels are among the most prominent symbols of Western culture — especially recognized Western hotel chains such as JW Marriott, Hilton, InterContinental and Radisson. The jihadists and their supporters view hotel attacks as in keeping with the Koranic injunction of prohibiting vice and commanding virtue: Hotels are places where men and women mix freely, and guests can consume alcohol, dance, and engage in fornication and adultery. Jihadists might also see an attack on a large hotel as a strike against a corrupt elite enjoying life at the expense of the impoverished majority.
The long-term placement of militant operatives within hotel staff could pose daunting challenges to corporate security directors.
Additionally, jihadists increasingly have shown an interest in attacks with economic effects. Spectacular attacks against hotels in certain countries — especially those with tourism-based economies — can cause substantial economic pain. The armed attack on the Trident and Taj Mahal hotels in India's financial capital, Mumbai, is a prime example of a strike that targeted not only Westerners but also the national economy. Another example is the 2002 nightclub bombings in Bali, Indonesia, which temporarily paralyzed the island's tourism trade and affected the wider Southeast Asian tourism industry.
Ultimately, security rests primarily in the hands of hotel workers and private security guards. Globally, police and other government security forces are stretched thin; their priority is to protect official VIPs and critical infrastructure. Threats to hotels and other private facilities are of secondary concern, at best. However, many large hotels and hotel chains have been unwilling to incur the direct costs associated with hardening security, such as hiring more and better-trained guards. Guards and other employees are rarely trained in countersurveillance techniques, which could be the most cost-effective method of preventing an attack. Furthermore, though some hotels have expanded the use of video surveillance, many lack the trained professionals and man-hour staffing needed to turn electronic gadgets into intelligence tools. Generally, this technology is most useful after an attack, during the investigative phase, and thus has little preventive value. This point was amply illustrated by the closed-circuit video footage released after attacks in places like Jakarta, Islamabad and Peshawar. Even in the wake of recent hotel attacks, many hotel managers have been unwilling to risk alienating their clients by incorporating more cumbersome security measures — such as identity and key checks upon entry, baggage screening and more extensive standoff areas. Guests might consider those measures inconveniences, and thus they could directly and negatively affect business.
Moreover, from a business perspective, it can be difficult to justify the investment of millions of dollars in security precautions when the risk — much less the return — cannot be quantified. Given the highly competitive nature of the industry and guests' reluctance to accept inconvenient security practices, hotel owners often have been forced to take the calculated risk that their businesses will not be targeted. However, following the October 2004 attacks at the Hilton hotel on the Sinai Peninsula, there are indications that hotel owners and managers might have to change this mentality. An attorney representing some of the victims of the 2004 attacks has demanded that the Hilton hotel chain accept responsibility for the security and belongings of its guests. Terrorism-related liability considerations, which could be called a hushed concern among hotel industry insiders since Sept. 11, are becoming a much more prominent issue. And some shifts in practices can be seen; for example, luxury hotels in Indonesia, which has a tourism-based economy, have become virtual fortresses since the JW Marriott in Jakarta was struck in 2003, though the July 17 attack on the same hotel showed that crafty militants will look for ways around enhanced security and that it is nearly impossible to make a large hotel impenetrable. Additionally, there is reason to believe that some Western hotels in Amman, Jordan, were surveilled by al Qaeda operatives before the Nov. 9, 2005, attacks but were not targeted, specifically because of the security measures employed.
Given the highly competitive nature of the industry and guests' reluctance to accept inconvenient security practices, hotel owners often have been forced to take the calculated risk that their businesses will not be targeted.
Quantifying the Threat
A comparison of the number of major attacks against hotels in the eight years before 9/11 and the eight years since provides an interesting illustration of the trend we have been discussing. For the purpose of this study, we are defining a major attack as one in which one or more IEDs detonated or a hotel received rocket or mortar fire; an armed assault (like Mumbai); or a non-IED or rocket attack that resulted in casualties. These statistics include only attacks that could be defined as being perpetrated by militants (all militants, not just Islamist militants) or separatist groups. It does not include attacks conducted by any country's military operations. There were major attacks against 30 hotels in 15 different countries in the eight years preceding 9/11. For comparison, during the eight years after 9/11 the number of major attacks against hotels has more than doubled; 62 attacks have occurred in 20 different countries.
Hotels figure prominently as targets in a long list of successful attacks using either VBIEDs or human suicide bombers. Following the Mumbai attacks, armed assaults, assassinations and kidnappings at hotels also should be considered as an increasingly significant risk for hotels as well.
The most substantial threat comes from IEDs — either VBIEDs detonated at hotel entrances, inside a garage or other perimeter locations, or an IED used by a suicide bomber who aims to detonate within a lobby, restaurant or other public gathering place inside the hotel. Against unsecured targets, VBIEDs generate the greatest number of casualties. VBIED attacks targeting hotels have occurred in Karachi, Pakistan (May 2002); Mombasa, Kenya (November 2002); Jakarta, Indonesia (August 2003), Taba, Egypt (October 2004); Pattani, Thailand (March 2008); Bouira, Algeria (August 2008); Islamabad (September 2008), Peshawar, Pakistan (June 2009) and Beledweyne, Somalia (June 2009). VBIED attacks do have their drawbacks from the militants' standpoint.
The sheer size of VBIED attacks means they are not precise. They have been known to kill more locals than Westerners, which incurs a risk of alienating the local population and undermining support for militant causes. Furthermore, although VBIEDs generally cause the greatest number of casualties, security measures implemented against them have proven effective. The vehicle barriers at the Islamabad JW Marriott undoubtedly saved many lives by forcing the huge VBIED used in that attack to be detonated at a distance from the hotel. In some regions of the world, vehicles must pass through security checkpoints before they are allowed inside hotel perimeters or even on some roads leading to hotel entrances. In order to circumvent security measures designed to mitigate VBIED attacks and to more precisely target Westerners, in 2005 some militant groups began to use smaller IEDs strapped to suicide bombers. These attacks using what are essentially human smart bombs, capable of moving around and through security measures, have proven to be very deadly.
At first glance, it would seem logical that the shift away from large VBIEDs would cause casualty counts to drop, but in attacks in Indonesia launched by militant group Jemaah Islamiyah (JI), the shift to smaller devices has, in fact, caused higher casualty counts. The August 2003 attack against the JW Marriott in Jakarta used a VBIED and left 12 people dead. Likewise, the September 2004 attack against the Australian Embassy in Jakarta used a VBIED and killed 10 people. The use of three smaller IEDs in the 2005 Bali attacks killed 23 — more than JI's 2003 and 2004 VBIED attacks combined. Additionally, the 2005 attacks killed five foreigners as opposed to only one in the 2003 attack and none in the 2004 attacks. The operatives behind the July 17 JW Marriott and Ritz-Carlton attacks surpassed the 2005 Bali attackers by killing six foreigners.
Smaller IEDs are proving to be more effective at killing foreigners because although a larger quantity of explosives will create a larger explosion, the impact of a blast is determined solely by placement. If a bomber can carry a smaller explosive device into the center of a heavily trafficked area — such as a hotel lobby or restaurant — it will result in more casualties than a larger device detonated farther away from its intended target. Attacks using suicide bombers equipped with smaller IEDs have occurred inside and outside hotels in Phnom Penh, Cambodia (July 2001); Jerusalem (December 2001); Netanya, Israel (March 2002); Bogota (December 2002), Casablanca, Morocco (May 2003); Moscow (December 2003); Kathmandu, Nepal (August 2004); Taba, Egypt (October 2004), Amman, Jordan (November 2005); Peshawar, Pakistan (May 2007) and Kabul, Afghanistan (January 2008).
In both types of attacks, the majority of those killed or injured were just inside and outside of the hotel lobbies and on the ground floors, with some impact also to the hotels' lower floors. Many of the deaths and injuries resulted from flying glass. Protective window film prevents glass from shattering; instead, in the event of a blast, the glass cracks and falls in large sections. Using window film is a cost-effective way of lowering the death tolls in this kind of attack. Indeed, from photos we have seen, the use of protective window film in Jakarta seems to have been very effective at controlling the glass fragments.
Assaults employing small arms and grenades have long been a staple of modern terrorism. Such assaults have been used in many well-known terrorist attacks conducted by a wide array of actors, such as the Black September operation against the Israeli athletes at the 1972 Munich Olympics; the December 1975 seizure of the Organization of the Petroleum Exporting Countries headquarters in Vienna, led by Carlos the Jackal; the December 1985 simultaneous attacks against the airports in Rome and Vienna by the Abu Nidal Organization; and even the December 2001 attack against the Indian Parliament building in New Delhi led by Kashmiri militants.
Most recently, the Nov. 26, 2008, assault against the Oberoi-Trident Hotel and the Taj Mahal Hotel in Mumbai, India, at the hands of some 10 militants armed with automatic rifles and grenades killed 71 people and injured nearly 200 at the hotels (though there were many other casualties at other sites the gunmen attacked). This incident showed how an active-shooter situation carried out by well-trained militants can cause more casualties than some VBIEDs. Security personnel in most hotels around the world would have been sorely outgunned in any of these situations and generally are not equipped to deal with active-shooter scenarios. Subsequently, they fall back on local law enforcement authorities — which can be problematic in several regions around the world.
As seen in Mumbai, inept or inadequately armed first responders can lead to prolonged active-shooter situations and lead to hostage situations as well. However, steps could have been taken before the attacks in Mumbai. After the three-day siege ended, authorities discovered that a separate surveillance team had done extensive preoperational surveillance. Staff from the two hotels noted in their debriefings that the militants moved around the hotels as if they knew the layout by heart. This reinforces the notion that hotel security and staff should be well-versed in countersurveillance measures and actively practice them to possibly thwart an attack before it starts and, more importantly, to avoid having to call on inadequate local authorities to resolve the situation. Given the relative success of the Mumbai operation — in casualties, negative economic impact, psychological impact and media coverage — similar armed assaults are likely to gain popularity in the jihadist community. We anticipate that they will be employed against hotels and similar soft targets elsewhere.
Kidnappings and Assassinations
While bombings remain a favored tactic globally, the number of kidnappings and assassinations has increased as Islamist militants adapt to changing circumstances. As events around the world — particularly in Iraq, North Africa, Afghanistan and the Philippines — have shown, jihadists have adopted kidnappings, often followed by murder, as a symbolic act and, to a lesser degree, a way of raising funds. Kidnappings are very unpredictable, and the militant kidnappers' true intentions are often masked behind religious or political rhetoric, although some kidnappings are truly political. Hotels, with their substantial traffic of affluent and Western patrons and relatively uncontrolled environments, are prime venues for kidnappings or assassinations. Even high-profile individuals who have constant security protection while traveling generally are more vulnerable at hotels than elsewhere. Though security teams can be deployed ahead of time to protect the sites that VIPs visit during the day, many times coverage is reduced when the VIP is considered "safe" in his or her hotel room. Moreover, in such a location, it might be possible for a guest to be kidnapped or killed without anyone noticing his or her absence for some period of time. The planning and creativity militant groups could employ in an attack against a VIP at a hotel should not be underestimated. Such threats can be identified and neutralized by the implementation of the proactive tools of protective intelligence, which allows a person to act instead of react to preserve his or her personal safety.
Attacks on VIPs at hotels should not be thought of as merely theoretical. In fact, hotels have been on jihadists' radar screens for nearly two decades, as evidenced by the New York City landmark bomb plot. After the first World Trade Center (WTC) bombing in 1993, authorities uncovered several plots that centered on attacks against VIPs at the U.N. Plaza Hotel and the Waldorf Astoria Hotel in New York City. Ramzi Yousef (the mastermind of the WTC bombing) and the local militant cell had conducted extensive surveillance of the hotels, both inside and out, and outlined several attack scenarios. It would be foolish to discount these plans today, as al Qaeda is known to return to past targets and scenarios. In the New York plots, operatives had devised the following scenarios:
- Using a stolen delivery van, an attack team would drive the wrong way down a one-way street near the Waldorf "well," where VIP motorcades arrived. As a diversionary tactic, a lone operative would toss a hand grenade from the church across the street. A four-man assault team (a tactic used in al Qaeda attacks in Saudi Arabia and elsewhere) would deploy from the rear of the van and attack the protection cars and then the VIP's limousine.
- Assailants wearing gas masks and armed with assault weapons, hand grenades and tear gas would infiltrate the hotel after midnight — when they knew protection levels were lower — and take the stairs to the VIP's floor, attacking the target in his room.
- Militants would steal hotel uniforms and infiltrate a banquet via the catering kitchen, which is always chaotic.
Follow-up analyses by counterterrorism authorities determined that these scenarios would have carried a 90 percent success rate, and the targeted VIP — along with multiple protection agents — would have been killed. In the aftermath of the New York City bomb plots, intelligence also indicated that elements associated with al Qaeda had planned to detonate car bombs at hotels where high-value targets were staying.
The first step for large hotel operators in dealing with this threat is to undertake a vulnerability assessment to identify properties that are most likely to be at risk. Such an assessment — based primarily on the geographic location of assets and an understanding of Islamist militants' goals, methodologies and areas of operations — will allow companies to focus their time and resources on the most vulnerable properties, while more generally ensuring that security measures do not overshoot or undershoot the threat level for a particular property. This allows for a better, more efficient use of resources. For high-threat properties, the next step is usually a physical security survey to identify specific weaknesses and vulnerabilities. In some cases, diagnostic protective surveillance can help to ensure that properties are not currently under hostile surveillance. Some kind of ongoing protective surveillance program is the best means of interdicting hostile actions. Because of the very large number of potential targets in most locations, the implementation of some very basic but visible measures might be sufficient to send an attacker on to the next possible target. These security enhancements include:
- A greater number and greater visibility of guards (including armed guards) inside and outside the building.
- Prominently placed security cameras around the perimeter and throughout the hotel. Even if the tapes are not monitored by guards trained in countersurveillance techniques, they can help to identify suspicious activity or deter hostile surveillance.
- Landscaping in front of and around the hotel that prevents vehicles from directly approaching the entrance or actually entering the building — for example, large cement flower pots that can stop vehicles, hills with rocks embedded in them and palm trees.
Other security measures might be appropriate in medium- and high-threat level locations:
- If possible, increase the standoff distance between the hotel and areas of vehicular traffic. Physical barricades are among the most effective deterrents to VBIEDs, as they help to keep drivers from crashing through the doors of a hotel and detonating explosives in high-traffic areas.
- In higher-threat level locations, use static surveillance around the hotel's perimeter. In areas of lesser threats, roving vehicles patrolling the perimeter at varying times might be sufficient to spot suspicious activity and to deter attackers.
The following measures are recommended for all areas:
- Protective window film: This should be used throughout the hotel. Because it reduces the amount of flying glass from explosions, it is one of the best and most cost-effective ways of minimizing casualties in the event of an attack.
- Protective surveillance: In all areas, hotel owners should consider hiring protective surveillance teams dedicated to this purpose. There are also some highly effective resources available that can be used to turn a hotel's video cameras into proactive tools rather than merely reactive resources.
- Employee education: At minimum, hotels should train employees, especially doormen and other ground-level employees, in basic protective surveillance techniques.
- Liaisons: Maintain a good working relationship with local police and other relevant authorities. Identifying hostile surveillance is useless unless a plan is in place to deal with it. Sound relationships with local police and other agencies — such as foreign embassies — can help facilitate information sharing that could uncover previously unknown threats. Though authorities might not be able to spare resources to monitor a hotel, in many places they will respond quickly to reports of suspected surveillance activity to confront suspicious people and possibly head off an operation.
- Background checks: The ability to share guest lists with local authorities for comparison with a militant watch list could help to determine if a registered guest is engaging in preoperational surveillance. Additionally, background checks should be conducted routinely on hotel employees in an attempt to weed out possible militants.