3-19. Commanders communicate the spirit and intent of AT doctrine throughout the chain of command or line of authority by establishing AT tasks and measures to develop and disseminate terrorist-related information necessary to protect the force. The tasks provide standards, policies, and procedures to reduce vulnerabilities from terrorist attacks.
3-20. Commanders, with the assistance of the AT officer, develop and maintain an AT appendix to operations order or implementation guidance found in an annex to inform their units how to defend against terrorist threats. The AT appendix usually pertains to battalion-size or great units and to operational deployments (50 or more personnel) through training, deployment, and redeployment. This appendix or standing operating procedure (SOP) should outline specific threat mitigation measures to establish a local baseline defensive posture and indications for the decision to elevate security postures, including the application of RAM. AT planning includes physical security measures, AT measures for HRP, operational contract support actions (see appendix D), measures for in-transit movements, construction and building consideration, critical asset security, and FPCON implementation and measures for incident response and incident management.
3-21. Units integrate AT thinking and planning into their battle rhythm through normal staff actions and functional cells, which coordinate and synchronize forces and activities by warfighting function. Staff sections manage information related to their individual fields of interest. They routinely analyze factors that include operations and collect, process, store, display, and disseminate information that flows
3-6 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
continuously into the headquarters. Staffs seek to identify problems affecting their fields of interest or the entire command.
3-22. Whereas functional cells are organized by warfighting functions, integrating cells coordinate and synchronize forces and warfighting functions within a specified planning horizon (long-, mid-, and short-term) and include the plans, future operations, and current operations integration cells. Units below the division level may not be resourced for three integration cells and may combine responsibilities into one integration cell or even create working groups to assist in focusing efforts pertaining to a particular mission or threat.
3-23. One way to focus AT efforts and planning is through the creation or inclusion of an AT working group (ATWG). Commanders and AT officers use the ATWG to oversee the implementation of the AT plan and tasks, develop and refine AT guidance, and address emergent or emergency AT issues. Within the unit ATWG, key personnel throughout the command staff and subordinate commanders use the working group format to assist in developing and refining terrorism TAs and to coordinate and disseminate threat warnings, reports, and summaries throughout the command. The ATWG and threat dissemination protocols are particularly effective for commanders whose responsibility extends to include forward operating bases (FOBs) or base clusters as a means to convene units from across multiple disciplines.
3-24. AT supports the protection warfighting function and the protection of combat power through the execution of three primary tactical tasks found in the Army universal task list—identify potential terrorist threats and other threat activities, reduce vulnerabilities to terrorist acts and attacks, and react to a terrorist incident (see FM 7-15). These primary tasks are supported by five AT tasks that commanders and AT officers should use to achieve objectives that deter terrorist incidents, employ countermeasures, mitigate effects, and conduct incident recovery (see figure 3-3).
gend: AT antiterrorism
Figure 3-3. Army tactical tasks and supporting AT tasks
3-25. Units enhance freedom of action by identifying and reducing friendly vulnerability to terrorist threats, acts, influence, or surprise. This includes measures to protect from surprise, observation, detection, interference, espionage, terrorism, and sabotage. Commanders and AT officers empower their own staffs and coordinate with multiple entities to identify terrorist risk to units operating within the United States, during in-transit movement to deployed locations, while conducting peace operations, and during multinational exercises in an HN.
18 February 2011 FM 3-37.2 3-7
Chapter 3
Antiterrorism Task 2. Collect, Analyze, and Disseminate Threat Information
3-26. The TA is used to identify the terrorist threats posed to Army assets and/or the threats that could be encountered in executing a mission and is inherent within the intelligence preparation of the battlefield or intelligence estimate process. The TA is a product developed from the threat analysis, which identifies and evaluates potential threats based on such factors as a threat’s intent, capabilities, intentions, past activities, and specific targeting information. This assessment represents a systematic approach to identifying potential threats before they materialize. However, this assessment might not adequately capture emerging threats, even in cases where the assessment is frequently updated.
3-27. Terrorist threat information can be obtained at all levels of the U.S. government and its allies. Through partnerships, commanders and staffs obtain terrorist-related and local threat information from local and state law enforcement intelligence and counterterrorist units. The intelligence collection and the all-source intelligence process serve as key contributors to the TA. The exploitation of terrorist-related information and intelligence can lead to and support the evaluation and analysis of terrorism activities, capabilities, and specific terrorist groups and cells. Units without an organic G-2/S-2 section could develop an internal threat working group to assist in analyzing threat-related information for the commander. The result of carefully assessed and fused intelligence data provides commanders and leaders with actionable intelligence to conduct offensive operations while leading the direction of AT and defensive operations to ensure mission success.
3-28. Threats include hazards with the potential to cause injury, illness, or death of personnel; damage to or loss of equipment or property; or mission degradation from hostile actions. Threats from hostile actions include a capability that terrorists or criminal elements have to inflict damage upon personnel, physical assets, or information. These threats may include IEDs, suicide bombings, information network attacks, mortars, asset theft, air attacks, and the employment of CBRN weapons.
3-29. Assessing the threat considers the risk or likelihood of an incident adversely impacting mission, capabilities, people, equipment, or property. What is the likelihood (probability) of a specific type of attack occurring, and what is the effect (severity) of the incident if it does occur? Threats and associated risks are assessed during mission analysis; course of action (COA) development, analysis, and rehearsal; and MDMP execution steps and must consider mission- and non-mission-related aspects that may have an impact. The result is an initial estimate of risk for each identified hazard, expressed in terms of low, moderate, high, or extremely high. These factors are indicated as—

Probability. Probability is the likelihood of an event, an estimate, based on information that is known and that others provide. The probability levels estimated for each hazard are based on the mission, COA, or frequency of a similar event. For the purpose of CRM, there are five levels of probability:

Frequent. Occurs very often, known to happen regularly. Examples are surveillance, criminal activities, cyber attacks, and small arms fire.

Likely. Occurs several times, a common occurrence. Examples are IEDs, hostages, ambushes, and bombings.

Occasional. Occurs sporadically, but is not uncommon. Examples are injury or death from attacks against aircraft, hijacking, or skyjacking.

Seldom. Remotely possible, could occur at some time. Examples are the releases of chemical or biological weapons.

Unlikely. Presumably, the action will not occur, but it is not impossible. Examples are the detonation of containerized ammunition during transport or the use of a dirty bomb.

Severity. Severity is expressed in terms of the degree to which an incident will impact combat power, mission capability, or readiness. The degree of severity estimated for each hazard is based on knowledge of the results of similar past events and is addressed in the following levels:
• Catastrophic. Complete mission failure or the loss of ability to accomplish a mission, death, or permanent total disability, loss of major or mission-critical systems or equipment, major property or facility damage, mission-critical security failure, or unacceptable collateral damage.
3-8 FM 3-37.2 18 February 2011
Foundations of Antiterrorism

Critical. Severely degraded mission capability or unit readiness, permanent partial disability or temporary total disability exceeding three months, extensive major damage to equipment or systems, significant damage to property or the environment, security failure, or significant collateral damage.

Marginal. Degraded mission capability or unit readiness; minor damage to equipment or systems, property, or the environment; lost days due to injury or illness not exceeding three months; or minor damage to property or the environment.

Negligible. Little or no adverse impact on mission capability, first aid or minor medical treatment, slight equipment or systems slight damage (remain fully functional or serviceable) or little or no property or environmental damage.
3-30. Threat analysis provides the staff with information upon which to base warnings. The intelligence officer works in conjunction with the operations officer, AT officer, and staff to provide the commander with a clear operating picture of the terrorism threat to their activity or operation. Commanders review the information and direct the following actions—

Ensure that AT and threat information is distributed up and down the chain of command and laterally, as appropriate.

Implement effective processes to integrate and fuse the sources of available threat information.

Prepare specific terrorism TAs to support operational planning and risk decisions for unique mission requirements or special events, including in-transit forces, training and exercises, operational deployments, and large public gatherings (conferences, foreign police academy graduations, Independence Day celebrations).

Integrate terrorism TAs into the CRM process and be a major source of analysis and justification for recommendations to raise or lower FPCON levels; implement RAM AT enhancements, including physical security program changes and program and budget requests; and conduct terrorism VAs.

Ensure that terrorism TAs are a part of the intelligence preparation of the battlefield, MDMP, and the leader’s reconnaissance in conjunction with deployments. Follow-on terrorism TAs are conducted for deployments as determined by the commander or directed by higher headquarters.
3-31. Threat analysis is the process of compiling and examining information to develop intelligence indicators of possible terrorist activities. DOD has identified factors in the collection and analysis of information from sources concerning terrorist threats. To assist in focusing the threat analysis, intelligence and CI officers develop essential elements of information to help identify likely targets by using the following considerations—

Organization, size, and composition of groups operating in the AOR.

Motivation (religious, political, ecological).

Long- and short-range goals.

Religious, political, and ethnic affiliations.

International and national support (moral, physical, financial).

Recruiting methods, locations, and targets (students).

Identity of group leaders, opportunists, and idealists.

Group intelligence capabilities and connections with other terrorist groups.

Sources of supply and support.

Important dates (religious holidays).

Planning ability.

Internal discipline.

Preferred tactics and operations.

Willingness to kill.

Willingness for self-sacrifice.
18 February 2011 FM 3-37.2 3-9
Chapter 3

Group skills (demonstrated or perceived) (sniping, demolition, masquerade, industrial sabotage, airplane or boat operations, tunneling, underwater, or electronic surveillance, poisons or contaminants).

Equipment and weapons (on hand and required).

Transportation (on hand and required).

Medical support availability.

Means and methods of C2.

Means and methods of communicating to the public.
Intelligence Support to Antiterrorism
3-32. Intelligence plays a crucial role in supporting AT efforts by assisting commanders and staffs in distinguishing preincident indicators to prevent attacks against U.S. and multinational forces. Intelligence facilitates a greater understanding of the operational environment, with emphasis on the populace, criminal activity, HN, and active terrorist organizations. Actionable intelligence provides a foundation that an AT program can build upon to assess and clearly identify the threat and develop measures to defend against and mitigate its risk to Army assets. Intelligence synchronization and fusion assist the commander, staff, and AT officer to better assess the terrorist threat, determine the appropriate protection conditions, mitigate the risk of terrorist actions, prepare combat patrols, and determine RAM. (See FM 2-0, FM 2-19.4, FM 2-22.2, FM 2-91.4, and FM 2-91.6.)
3-33. Future intelligence collection and analysis must provide improved indications and warnings of attack and increased specificity at the tactical level. Because the terrorist has the ability to choose where, when, and how he will attack, his actions will always be difficult to predict. He has the advantage of time—time to select his target and the choice of the exact time of attack. Terrorists will be prepared to sacrifice their lives to achieve their goals. Human intelligence and CI assume greater importance to the effort than technical sensors, although they will remain complementary disciplines and may not succeed in isolation from each other. The precise warning of terrorist attacks depends on intelligence to identify specific targets and the time and nature of the attack.
3-34. Terrorists also rely on an effective intelligence capability to carry out their attacks and have shown great patience in obtaining information before attacks. Continuous fixed, mobile, or progressive surveillance techniques of a specific target can go on for months so that the target’s daily routine and those areas that affect his daily life are completely understood. During these surveillance and planning phases, terrorists are most vulnerable to being caught or deterred from executing an attack.
3-35. Commanders ( through their AT officers, staffs, and working groups) develop a system to monitor, report, collect, analyze, and disseminate terrorist threat information. Intelligence supports the commander across full-spectrum operations and is one of the warfighting functions. The intelligence warfighting function not only includes assets within the military intelligence branch, but also includes the assets of branches that can collect information as a part of the intelligence, surveillance, and reconnaissance effort. Every Soldier, civilian, or contractor (as a part of a small unit, organization, or FOB) is a potential information collector and an essential component to help reach situational understanding (every Soldier is a sensor).
3-10 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
3-36. Each person develops a special level of awareness simply due to exposure to events occurring in the commander’s AOR and has the opportunity to collect information by observation and interaction with the population. This is especially true in AT efforts, in which the enemy is not as clearly defined and displayed as in previous operational assessments. This assessment and awareness result in a bottom-up flow of information, often straining the capabilities of smaller units and activities, therefore relying on solid analysis, synchronization, and fusion by their higher headquarters to provide direction in implementing FPCON measures and RAM responses. CI should be thoroughly integrated into the commander’s operational planning and preparation. The CI mission makes it an ever-present AT enabler through the routine execution of its functions. However, CI can tailor its functions to provide support to AT and protection-specific operations, including—

Screening locally employed persons working on outside the continental United States (OCONUS) military bases.

Tailoring security education and awareness briefings and programs.

Conducting travel and foreign contact briefings and debriefing programs.

Supporting TAs and VAs.

Providing foreign intelligence and security service and international terrorist organizations threat analysis and products.

Conducting CI investigations and collection that impact AT and protection.
3-37. Intelligence support to AT provides protection to the operational Army fighting capability so that it can be applied at the appropriate time and place. This includes the measures that the force takes to remain viable and functional by protecting itself from the effects of or recover from terrorist activities. To do this, intelligence disciplines monitor and report the activities, intentions, and capabilities of adversarial groups and determine their possible COAs. Detecting the adversary’s methods in today’s operational environments requires a higher level of situational understanding, informed by current and precise intelligence. The asymmetrical threat from terrorist activities drives the need for predictive intelligence based on the analysis of focused information from intelligence, law enforcement, and security activities that are fused to provide commanders and leaders with the knowledge to make the right decisions in protecting the force.
3-38. Reduce personnel vulnerability to terrorism by understanding the nature of terrorism, knowing current threats, identifying vulnerabilities to terrorist acts, and implementing protective measures against terrorist acts and attacks.
Antiterrorism Task 3. Assess and Reduce Critical Vulnerabilities
3-39. Commanders continuously assess AT capabilities. These assessments review the overall program; individual, physical, and procedural security measures; and unit predeployment preparation. Commanders and the AT officer analyze the TA and implement physical protection measures according to the terrorists’ known or potential capabilities.
Criticality Assessment
3-40. The criticality assessment evaluates and prioritizes assets and functions to identify which assets and missions are relatively more important and to protect them from attack. A critical asset is a facility, equipment, service, or resource considered essential to DOD operations in peace, crisis, and war and warranting measures and precautions to ensure its continued efficient operation; protection from disruption, degradation, or destruction; and timely restoration. For AT purposes, the criticality assessment should also include high-population facilities (recreational activities, theaters, or sports venues), which may not necessarily be mission-essential. Units conducting tactical operations should focus not only on assets that are most critical to the operation, but also on identifying the most critical aspect of the mission.
18 February 2011 FM 3-37.2 3-11
Chapter 3
3-41. Mission planning and the commander’s priorities and intent determine critical assets. Critical assets can be people, property, equipment, activities, operations, information, facilities, or materials. For example, important communications facilities, utilities, and criticality assessments provide information to prioritize resources while reducing the potential application of resources on lower-priority assets. Major weapons systems might be identified as critical to the execution of U.S. military war plans and, therefore, receive additional protection.
3-42. The criticality assessment identifies assets supporting Army missions, units, or activities deemed critical by military commanders or civilian agency managers. Leaders will conduct a criticality assessment to identify, classify, and prioritize mission-essential assets, facilities, resources, and personnel. Additionally, commanders will conduct a criticality assessment to identify, classify, and prioritize assets (high-population facilities, mass-gathering activities [recreational activities, theaters, sports venues] and other facilities, equipment, services, or resources deemed sufficiently important by the commander to warrant protective measures) to ensure continued efficient operation; protection from disruption, degradation, or destruction; and timely restoration. It addresses the impact of temporary or permanent loss of assets and examines costs of recovery and reconstitution, including time, expenditure, capability, and infrastructure support.
3-43. The staff at each command echelon determines and prioritizes critical assets. The staff gauges how quickly a lost capability can be replaced before giving an accurate status to the commander. The commander who is responsible for AT approves the prioritized list. The goals of a criticality assessment are to—

Identify the operating base or unit key assets and capabilities.

Determine whether critical functions or combat power can be duplicated with other elements of the command or an external resource under various attack scenarios.

Determine the time required to reconstitute key assets, infrastructure, and capabilities in the event of temporary or permanent loss.

Determine the priority response to personnel, key assets, functions, infrastructure, and information in the event of fire, multiple bombings, or other terrorist acts.
3-44. It may also be useful to link identified threat attack means to a specific time or location. For example, a terrorist group operating in proximity to an installation may typically target certain or specific areas (headquarters facilities, unit staging areas that contain a large number of people at certain times). Criticality will be assessed using the following criteria:




Mission functionality.


3-45. Initial protection planning requires various assessments to support protection prioritization—TA, VA, and criticality assessment. These assessments are used in planning to determine and differentiate those assets to protect, given no constraints (critical assets), from assets that U.S. forces can protect with available resources (defended assets). Commanders make decisions on acceptable risk and provide guidance to the staff to employ protection capabilities based on the critical-asset list and the defended-asset list. Forms of protection are used and employed during preparation and continue through execution to reduce friendly vulnerability.
3-46. Criticality decision support tools (mission, symbolism, history, accessibility, recognizability, population, and proximity [MSHARPP] and criticality, accessibility, recuperability, vulnerability, effect, and recognizability [CARVER]) may support protection planning by assisting the commander in implementing AT measures while conducting full spectrum operations. Staffs, ATWG, or selected individuals may find MSHARPP and CARVER assessment tools helpful. MSHARPP assesses potential
3-12 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
targets from the inside out, and CARVER assesses targets from the outside in. Appendix B discusses MSHARPP and CARVER in detail.
Vulnerability Assessment
3-47. A VA is a command or unit level evaluation to determine the potential weaknesses for personnel, an installation, a unit, an exercise, a residence, a facility, a network, an infrastructure, information, or another friendly capability to a particular terrorist threat. It identifies areas of improvement to prevent, defend against, mitigate, or deter threats. The analysis addresses the questions of who or what is vulnerable and how. This assessment determines the susceptibility of the commander’s assets to various attack scenarios identified during the TA. Multidisciplinary experts in such areas as terrorist tactics, structural engineering, physical security, and installation preparedness conduct these assessments.
3-48. The VA identifies physical characteristics or procedures that render critical assets, areas, or special events vulnerable to known or potential threats. Assessment teams should use their imagination to determine the number of possible ways that the target is vulnerable and not become fixed on one scenario or a specific set of assessment tools. The assessment provides a basis for developing controls to eliminate or mitigate vulnerabilities. Vulnerability is the component of risk over which the commander has the most control and greatest influence. Examples of VA are—

Predeployment site survey.

In-transit movement VA.

Special event VA.

Off-base asset VA.

War-gaming results during MDMP.

Personal-security VA performed by the criminal investigation division.
3-49. The AT officer and the protection cell or ATWG members serve as the assessment team in a collaborative effort. Teams should include representation from various specialties (operations, security, intelligence, CI, law enforcement, communications, safety, fire, engineers, medical services, CBRN planning and response).
3-50. A proper VA enables the commander to plan appropriate countermeasures to reduce the vulnerability and associated risk. The commander can change the mission profile or apply additional assets to reduce vulnerability. Tactical commanders seek to reduce their susceptibility to tactical surprise when looking at their unit’s vulnerability. Tactics of terrorist organizations seek to use the element of surprise to obtain a greater advantage over forces more powerful than they are. A commander’s ability to thwart potential terrorist actions will be greatly enhanced through COA development, red teaming, and identifying a force’s susceptibility to surprise. When assessing vulnerability to terrorism during full-spectrum operations, staffs assist the commander by providing answers to the following questions:

Who or what is vulnerable?

How or why is the unit vulnerable? To what is it vulnerable?

What is the threat or hazard? What specific capability of the threat or hazard causes the greatest risk?

When or where is the unit vulnerable? Is the unit vulnerable based on equipment, terrain, or events?

What is known about the mission?

Can the enemy predict the mission, specific route, or time of day for execution? Can the enemy expose gaps in the current security posture?

How much information could have been collected? Are movement routes anticipated?
3-51. Commanders and staffs assess the vulnerability of an asset based on its accessibility and recognizability. Staffs assess whether an asset is accessible and when a potential terrorist can reach the target with sufficient personnel and equipment to accomplish his mission. This analysis entails identifying and studying critical paths that the terrorist must take to achieve an objective and the unit’s means to impede terrorist tactics. A target’s recognizability is the degree to which it can be recognized by an
18 February 2011 FM 3-37.2 3-13
Chapter 3
operational element and/or intelligence collection and reconnaissance asset under varying conditions. Weather can influence a target’s recognizability, as can its size, complexity, and camouflaging. Through detailed surveillance, threats can distinguish a unit’s or person’s level of importance and choose to strike at those perceived to be most critical to their goals and objectives.
3-52. The end state of the VA is the identification of physical characteristics or procedures that render critical assets, areas, or special events vulnerable to a range of known or feasible terrorist capabilities. Determination of vulnerability is partly a function of the commander’s desired level of protection for the asset, area, or special event. Although performing an effective VA requires detailed analysis, the results quantifying and rating the effectiveness of protective measures are invaluable and provide a major tool for developing AT protective measures. The VA methodology should follow this sequence:

List assets and capabilities.

List the threats against those assets.

Determine common criteria for assessing vulnerabilities.

Train the assessment team in assessment methodology and intent.

Conducts assessment (assessment team).

Consolidate and evaluate the assets and capabilities and their vulnerability.
Antiterrorism Task 5. Maintain Defenses
3-53. Commanders use AT-specific security procedural and physical measures to protect personnel, information, and materiel from terrorist threats. Within the AT appendix, commanders outline specific threat mitigation measures as part of developing controls during the CRM process (see chapter 5) to establish a baseline defensive posture through the use of physical security and FPCON measures, including the application and planning of RAM. Individual Soldier awareness and training are key elements in successfully detecting and thwarting terrorist acts.
Force Protection Conditions
3-54. The DOD FPCON system is a progressive level of protective security measures implemented in response to terrorist threats. This system is the principal means for a commander to apply an operational decision on how to protect against terrorism, and it facilitates inter-Service coordination and support for AT activities. The unit AT appendix should contain detailed instructions on implementing security measures across FPCON levels. Each set of FPCON measures is the minimum that must be implemented when a particular baseline FPCON level is designated.
Note. The geographic combatant commands have tactical control (for force protection) authority and responsibility for DOD elements and personnel within their respective AOR. The geographic combatant command is responsible for establishing the baseline FPCON for the AOR and procedures to ensure that FPCON measures are uniformly disseminated and implemented.
3-55. Although not completely applicable in a combat zone, these measures can be used as a template in developing protection guidance. Well-designed AT measures facilitate the AT principles of assess, detect, defend, and warn. FPCON measures include provisions for reinforcing physical security; increasing security personnel and inspections of vehicles, hand-carried items, and packages; RAM; and other emergency measures. FPCON measures are designed to be scalable and proportional to changes in the local threat. The FPCON levels are normal, alpha, bravo, charlie, and delta. Further explanations of the FPCON levels can be found in AR 525-13 and FM 3-37.
Note. An AT appendix, with a complete listing of site-specific AT security measures linked to a FPCON, will be classified CONFIDENTIAL at a minimum. When separated from the AT appendix (and other classified sections), site-specific AT security measures and FPCONs can be handled as FOR OFFICIAL USE ONLY to allow widest possible dissemination.
3-14 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
Random Antiterrorism Measures
3-56. A key component of an active AT appendix is RAM, which provides the commander with a flexible means to increase security and minimize or prevent the establishment of predictable patterns of security. While specified measures must be tailored for each location and each FPCON, each commander has the flexibility to introduce physical security measures from higher FPCON levels and self-generated measures to enhance unit security. By implementing additional physical security measures or measures from higher FPCON, RAM conveys an image of increased vigilance and awareness to observers who are external to the military site. RAM, if properly implemented, presents to terrorist groups an ambiguous and confusing assessment of the military site security posture.
3-57. The unit AT appendix should contain detailed instructions on the implementation of RAM, which should be visible (to confuse surveillance attempts), be based on an irregular schedule, and involve tenant units and commands on a base, not just the security forces. RAM should also be conducted at all levels and include measures developed by the command or locally established to shape security to the location and situation. The impact of RAM on terrorists is difficult to measure, but such programs introduce uncertainty and unpredictability to planners and organizers of terrorist attacks. Examples of RAM are:

Moving Jersey barriers, vehicular barriers, Class IV objects, and materials to route traffic near and within the ECP.

Changing ECP security force shifts at random.

Changing the access time for ECPs.

Changing access procedures at random.

Changing vehicle and personnel inspection procedures randomly.

Observing surrounding areas with remote sensors at random times.

Changing the patterns and schedules of patrols in and around bases and protected locations.
High-Risk Personnel
3-58. As part of an expeditionary Army, maneuver commanders serve as extended symbols of U.S. military power, making them attractive and accessible terrorist targets while operating abroad. Under DOD and Army guidelines, some personnel are assessed to be at a greater risk than the general population by virtue of their rank, assignment, symbolic value, vulnerabilities, or location or be a specific threat that requires additional security to reduce or eliminate risks. These personnel may be formally designated HRP or high-risk billet.
3-59. The commander of a geographical area is responsible for the safety and security of dignitaries and HRP traveling through his area. Corps and division commanders conducting full spectrum operations, through combatant command authorization, may be designated HRP or high-risk billet, based on a threat in the area. Brigade and battalion commanders normally do not require the same level of protection as an HRP or high-risk bullet but may warrant a security detail taken from within the command or, at a minimum, a squad to enhance movement within the AO.
3-60. Principles of risk management should be employed in designating and HRPs and high-risk billets, approving protective support, and determining the number and type of assigned protective services detail personnel, whose support is maintained at the minimal level required and employed only as necessary and appropriate based on the threat. Status-of-forces agreements and memoranda of understanding between the
U.S. government and a foreign government may limit the use of supplemental security measures. These constraints should be carefully considered when conducting security surveys, developing plans, and implementing additional security measures to protect executives. Commanders can find specific information on protective services detail structure and utilization by reading AR 525-13, Department of Defense Instruction [DODI] O-2000.22, FM 3-19.12, and U.S. Army Forces Command [FORSCOM] Regulation 190-58). Technical assistance is also available from the supporting criminal investigation division unit.
18 February 2011 FM 3-37.2 3-15
Chapter 3
Physical Security
3-61. Physical security is concerned with physical measures designed to safeguard personnel; to prevent unauthorized access to equipment, installations, material, and documents; and to safeguard them against espionage, sabotage, damage, and theft (JP 6-0). In support of AT, physical security measures identify physical vulnerabilities to terrorist attacks on bases, personnel, and materiel and take actions to reduce or eliminate those vulnerabilities. Survivability operations and general engineering support may be required to emplace compensatory measures for identified vulnerabilities. The physical security system builds on the premise that baseline security and the preparedness posture are based on the local threat, site-specific vulnerabilities, identified critical assets, and available resources. The Army’s Physical Security Program supports AT through the coordinated efforts of policies, plans, and procedures specifically designed to achieve a strong physical security posture.
3-62. Less permanent bases (intermediate staging bases, lodgments, FOBs) benefit from physical security efforts through the application of active and passive security measures. The protection of these locations is enhanced by integrating existing security capabilities with physical barriers, facility hardening, and active delay and denial systems. As the base expands and improves to establish a more permanent presence, commanders can increase and adjust the physical security measures to meet the scale and complexity of the base. Commanders reduce the effects of threats by implementing physical security programs that form the basis of integrated defense plans, which build physical security into contingency, mobilization, AT, and wartime plans. The program goal is to safeguard personnel and protect property by preventing, detecting, and confronting unauthorized acts. (See ATTP 3-39.32.)
3-63. The physical security officer provides assistance to the AT officer and commander in the defensive planning, implementation, and control of AT operations. This officer provides expert advice and assistance in developing crime prevention and physical security plans and programs. These programs help identify, reduce, eliminate, or mitigate conditions favorable to criminal, terrorist, and insurgent activities. Commanders rely on the physical security officer to comprehensively evaluate units, facilities, and installations and to determine preparedness to deter, defend against, and recover from the full range of adversarial capabilities based on the TA, compliance with protection standards, and risk management. Physical security systems installed in and around installations, facilities, and units form the physical backbone of AT efforts. The facilities, equipment, and personnel that form the installation security force are critical resources that help defend against terrorist attacks.
Entry Control
3-64. Entry control ensures the proper level of access for Army personnel, visitors, contract personnel, and vehicle traffic. The objective of an ECP is to secure the base from unauthorized access and to intercept contraband (weapons, explosives, drugs, classified material) while maximizing vehicular traffic flow. The full containment and control of vehicles is required for ECP. The design of an ECP should ensure that vehicles are contained through an arrangement of passive and active vehicle barrier systems. The primary objective of the design is to prevent an unauthorized vehicle or pedestrian from entering the base (see ATTP 3-39.32). Entry control also serves as a means of shutting down the ability of personnel to exit as a means to contain and capture criminal or terrorist perpetrators.
3-65. ECPs have historically been primary attack points for vehicle bombs. These attacks have also been coupled with deliberate assaults to gain access for the assault force into the deployed operating base (DOB). Attacks may also include suicide bombers wearing IED vests. Entry control procedures are designed to identify and screen personnel, vehicles, and materials to ensure that only authorized personnel gain entry to the DOB. These procedures can also help detect contraband and mitigate the potential for sabotage, theft, trespass, terrorism, espionage, or other criminal activity. Entry control procedures are intended to accomplish the following objectives as part of the defense in depth for a DOB:

Permit personnel, vehicles, and delivered materials to move through the DOB without unduly interfering with day-to-day operations. Some interference will be necessary, depending on the security requirements.

Help maintain adequate security throughout the DOB, and protect critical assets.
3-16 FM 3-37.2 18 February 2011
Foundations of Antiterrorism

Contain and resolve actual and potential attacks, and apprehend perpetrators.

Delay attackers in reaching critical assets, and inhibit egress from the DOB so that security personnel can sound alarms and take immediate protective actions.
Information Protection
3-66. Information protection is active or passive measures that protect and defend friendly information and information systems to ensure timely, accurate, and relevant friendly information. It denies enemies, adversaries, and others the opportunity to exploit friendly information and information systems for their own purposes (FM 3-0). External and internal information perimeter protection prevents unknown or unauthorized users or data from entering a network. External efforts include communications security, router filtering, access control lists, and security guards (see FM 3-37).
3-67. Critical information is information that is vital to a mission: if an adversary obtains, correctly analyzes, and acts upon critical information, the compromise could prevent or seriously degrade mission success. Critical information can be classified or unclassified. Classified critical information requires OPSEC measures for additional protection because it can be revealed by unclassified indicators. The use of essential elements of friendly information protects critical information because it does not reveal sensitive or classified details. Instead of stating the details of critical information, the essential elements of friendly information are critical information converted into a question. The use of essential elements of friendly information is an effective way to ensure the widest dissemination of a units or organization’s critical information while protecting classified and sensitive information.
3-68. CI support to OPSEC entails identifying adversary intelligence, TTP, collection methods, analysis, and exploitation capabilities that target essential elements of friendly information, and developing countermeasures. CI investigations, CI source operations, debriefing of Army personnel, and screenings of local nationals and contract linguists can determine what essential elements of friendly information are being targeted by foreign intelligence and what adversary collection methods and capabilities are being used to collect essential elements of friendly information. Additionally, cyber CI elements can perform Internet open-source collection and DOD network and systems analysis to determine OPSEC vulnerabilities and provide support to the Army network TAs and VAs. The commander, Intelligence and Security Command, provides data on the foreign intelligence threat, terrorist threat, and CI support to OPSEC programs for Army units, Army Service component commands (ASCCs), direct reporting units, and above.
3-69. Units use the critical information list to create a consolidated list of the unit or organization’s critical information. The list will be classified if one of the items of critical information is classified. At a minimum, the critical information list will be sensitive information and must be protected. A method to ensure the widest dissemination of a unit is or organization’s critical information, while protecting it, is to convert it to essential elements of friendly information.
3-70. OPSEC applies to operations across the spectrum of conflict. Units conduct OPSEC to preserve essential secrecy. OPSEC is the process of identifying essential elements of friendly information and subsequently analyzing friendly actions attendant to military operations and other activities to—

Identify those actions that can be observed by adversary intelligence systems.

Determine indicators that hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries.

Select and execute measures that eliminate or reduce, to an acceptable level, the vulnerabilities of friendly actions to adversary exploitation (see FM 3-13).
3-71. OPSEC denies terrorists information about potential targets. Terrorists select targets that offer the most opportunity for success. Information passed unknowingly by military personnel is used by terrorists in their planning efforts. OPSEC reduces the availability of this information. OPSEC procedures—

Protect itineraries, travel plans, and personnel rosters.

Eliminate established patterns.

Protect building and base plans, billeting assignments, and very important person guest lists.
18 February 2011 FM 3-37.2 3-17
Chapter 3

Ensure that classified or sensitive information is discussed only on cryptographically secured telephone or radio circuits approved by the National Security Agency; for example, automatic secure voice communications systems.

Protect personal or family information from strangers.

Coordinate physical security measures to protect personnel and prevent unauthorized access to facilities, materiel, and documents.
3-72. The technology also serves as a potential information source for the enemy and terrorists. Soldiers deployed on military operations have included information about living situations, weaknesses in protection, and ongoing and future operations in e-mails, blogs, and photographs and on social sites for those with Internet access. Attacks from terrorists are not limited to - weapons and bombs, but can also be linked to Internet hacking. Commanders should ensure that Soldiers and units understand the potential harm that comes from releasing too much specific information about current operations across unsecure means. The patience that terrorists exhibit during their planning cycle displays their seriousness in gathering weeks, if not months, of unsecured Internet chatter that can be used later to attack friendly forces operating outside and inside the wire.
Israeli Forces Cancel Offensive Operations
In March 2010, information pertaining to an upcoming raid was posted by an Israeli Defense Force member on a social networking site just a day before the offensive operations into Palestinian territory. Soldiers assigned to the unit saw the information and reported it to their superiors. Details posted about the operation included unit information, the exact time of the operation, and the location. Commanders felt that the information could jeopardize mission success and place Israeli Defense Force personnel in danger.
3-73. Implement measures to treat casualties, minimize property damage, restore operations, and expedite the criminal investigation and collection of lessons learned from a terrorist incident. (See FM 19-10.) Commanders ultimately negate the ability of terrorist actions to have a strategic effect on current operations by how well they respond to a terrorist act, preserve combat power and HN infrastructure, and continue to progress toward mission success without drastic impacts on unit capabilities.
Antiterrorism Task 7. Conduct Terrorist Threat/Incident Response Planning
3-74. Commanders develop terrorist threat/incident response plans that prescribe appropriate actions for reporting terrorist threat information, responding to threats or actual attacks, and reporting terrorist incidents. Units that are charged with the security and defense of a FOB use the AT officer and ATWG to develop procedures for an attack warning system that becomes integrated into base procedures. Commanders outline base responsibilities and enhance defensive measures by exercising the attack warning system and conducting drills on emergency evacuations, movements to safe havens, and shelters in place. Finally commanders and their AT officers coordinate with friendly units, the HN, the supporting contracting organization, and selected contract service company managers (first responders, the company providing firefighter services to the base) to plan for terrorism consequence management, CBRN and public health emergency preparedness, and emergency response measures to respond to a terrorist attack. These measures focus on mitigating vulnerabilities of personnel (including DOD civilians), facilities, and material to terrorist use of CBRN weapons.
3-75. Incident management is a comprehensive approach to preventing, preparing for, responding to, and recovering from terrorist attacks, major disasters, and other emergencies. Incident management includes measures and activities performed at the local, state, and national levels and includes crisis and consequence management activities (JP 3-28). Incident management also acts as a deterrent to terrorist
3-18 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
attacks by mitigating potential effects of an attack. Plans for incident management preparedness and incident response measures and plans for continuing essential military operations are important to an effective AT program.
Incident Management
3-76. Incident response measures to a terrorist attack include procedures to provide C2, communication, and intelligence to the first responders charged with the task of determining the full nature and scope of the incident, containing damage, and countering the terrorists who may still be present. The term first responders refers to military, HN, or contracted personnel, including police, fire, and emergency personnel. The objective of terrorist incident response measures is to limit the effects and the number of casualties resulting from a terrorist attack. Incident management includes crisis and consequence management activities. The definitions of crisis and consequence management are—

Consequence management. Consequence management is actions taken to maintain or restore essential services and manage and mitigate problems resulting from disasters or catastrophes, including natural, man-made, or terrorist incidents (JP 3-28).

Crisis management. Crisis management is measures to identify, acquire, and plan the use of resources needed to anticipate, prevent, and/or resolve a threat or an act of terrorism. This is predominantly a law enforcement response, normally executed under federal law (JP 3-28).
Note. Consequence management, particularly in response to a CBRN attack, is laid out in great detail in FM 3-11.21.
3-77. The Army continues to support efforts to provide consequence management capabilities worldwide through domestic consequence management, DOD-led consequence management and, in support of allies, foreign consequence management. The primary objective of AT incident response management is to mitigate the number and severity of casualties resulting from a terrorist attack. Well-developed response measures can save lives, preserve health and safety, protect property, and secure and eliminate the hazard. A slow or uncoordinated response may result in further damage to the base or critical facility, resulting in the terrorist identification of unit vulnerability.
Note. The National Incident Management System is a comprehensive and consistent national approach to incident management that applies at jurisdictional levels and across functional disciplines that enable government, private-sector, and nongovernment organizations to work together during domestic incidents. Commanders adopt this method to assist in potential civil support operations in defense of the homeland and meet the requirements outlined in Homeland Security Presidential Directive 5.
Incident Management Plan
3-78. A commander’s responsibility and authority to enforce security measures and to protect persons and property are important during conflict. The focus of incident management is on the organic assets of a unit or base and the ability to cope with the situation using organic assets until outside assistance arrives. The terrorist incident response measures should include procedures for determining the nature and scope of incident response; procedures for coordinating security, fire, and medical first responders; and steps to reconstitute the base’s ability to perform mission-essential functions. To be effective, incident response measures must be fully coordinated, exercised, and evaluated. Attacks employing CBRNE weapons may produce mass casualties or widespread destruction, which can quickly overwhelm organic resources. Command considerations for incident management include—

Knowing the response route.

Approaching uphill and upwind if possible.

Avoiding choke points.

Designating rally points.
18 February 2011 FM 3-37.2 3-19
Chapter 3

Identifying safe staging locations for incoming units.

Ensuring the use of personal protective equipment and personnel accountability.

Continually assessing security.

Evaluating the need for specialized units (explosive ordnance disposal).

Treating every incident as a crime scene by creating a buffer zone around the site, recording movements in and out of the site, and treating everything at the site as evidence.

Knowing the mass-casualty and first-responder requirements.
3-79. The AT appendix should prepare for the most probable or likely threats as identified through the TA and maximize the use of existing plans and SOPs that can be referenced in the AT appendix. Establishing a mechanism to respond to a terrorist incident is an essential element of AT. Within the boards, bureaus, centers, cells, and working groups Army construct, the ATWG—comprising the AT officer, key unit staff (S-2, operations and training officer [S-3], civil affairs officer [S-5]), selected contracted first responders, supporting contracting office personnel, and personnel who make up the base defense operations center (BDOC)—acts as the principal planning agency. One effective method for determining which areas should plan and execute the response is to use the weapon of mass destruction response functions as a foundation for terrorist attack planning.
3-80. Response members should be predesignated, train together, and be prepared to perform individual and collective crisis management missions under the control of the incident commander or the designated representative. Tenant commanders may also serve or have staff representation in this organization. The most common participants in the crisis management organization are as follows:

Medical team. This team is capable of triage, patient decontamination, and backup responder decontamination as necessary.

Firefighters. The senior firefighter normally becomes the on-scene commander upon arriving at the incident. This team establishes staging areas and can call backup forces for hazmat conditions or assistance in controlling a fire.

Law enforcement. This team is responsible for securing the crime scene, providing responder security, and controlling ingress and egress at the incident site.

Search and rescue teams. These teams usually work in pairs and are responsible for casualty extraction. If available, a structural engineer on the team can conduct safety and damage assessment.

Explosive ordnance disposal. The explosive ordnance disposal team is responsible for detecting, identifying, and rendering-safe suspected munitions and looking for secondary devices.
Tenant Unit Responsibility
3-81. Tenant unit commanders must actively participate in the preparation of base security and defense plans even if they do not fall under the direct command of the base commander. Tenant units provide security for their own forces and high-value assets, provide individuals to perform perimeter and gate security, and are often assigned battle positions according to base security plans. These forces, when provided, will be under the tactical control of the base commander for the purpose of base defense. Key concerns of tenant involvement, because of lessons learned from operations in Iraq and Afghanistan) are training, rehearsals, coordination, and competing requirements between the security mission and other operational tasks.
Initial Response
3-82. Response is a short-lived, confused, creative, fast-paced flow of events after an attack or a life-threatening, damage-causing event. It is paramount that immediate action be taken to save lives, prevent suffering, and protect friendly forces, facilities, equipment, and supplies from further harm. This response requires that critical actions take place immediately after an incident to minimize the impact on friendly force operations and expedite the recovery of the operating base to full operational capability. A typical base response team should be task-organized to respond to incidents, regardless of threat, tactic, or event.
3-20 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
This requires establishing an on-scene commander who coordinates activities at an incident site through an incident command system (a systemic procedure whereby operating base staffs are organized to respond to an incident). The operating base should have the capability to perform the following standard actions:

Establish C2 at the incident site, and secure the area.

Perform a tactical appraisal of the situation.

Prepare a damage and casualty assessment.

Take immediate actions to save lives, prevent suffering, and reduce or mitigate great property damage.

Determine a priority of response effort and subsequent order for follow-on response forces, equipment, and supplies.

Establish staging locations where forces and equipment can be located to support an incident.

Establish mass-casualty care and evacuation centers.
3-83. A terrorist incident begins with the detection of an unlawful act of violence or the threat of violence. Detection may result from routine surveillance performed by unit patrols, base defense guard or security force, or through a facility intrusion detection system. Once a terrorist act is detected, first responding security forces must perform an initial assessment. The initial response force is identified in the unit or base AT appendix with on-scene command relationships and a clearly established chain of command. When responding to requests for support from the HN, the initial response force acts in a supporting role. However, the commander does not relinquish command responsibility and authority.
3-84. First and follow-on responders must use caution when entering the attack site. Terrorist and criminal tactics have revealed the planning and detonation of secondary devices or direct fire engagements primarily focused on killing first and follow-on responders. One of the first tasks should be to establish security of the incident location to protect the initial responders and to control access and preserve evidence. Responders should use the same skills that they would use to target the location of primary IEDs, devices, or snipers. Be aware of commonly used concealment items and the number of abandoned vehicles, carts, or trailers in the area of the attack. Response forces may be under constant observation so responders must maintain a heightened level of security when exposed.
3-85. Once the initial response force has responded to the incident and determined the circumstances, the base commander should activate required forces and begin notification procedures for military, contractor, and HN authorities. The initial response force should immediately identify and report the nature of the situation, isolate the incident, and contain the situation until relieved by the reaction force commander. Initial response force actions are critical, and units must have trained personnel who are aware of the threat and are capable of reacting promptly, 24 hours a day.
3-86. Responses will vary according to the incident. For example, if terrorists escape before additional forces arrive, the initial response force should provide medical aid, seal off the crime scene, and secure other potential targets in case the initial attack was a diversionary tactic. If the event is a hostage or barricade situation, the initial response force should seal off and isolate the incident scene to ensure that no one enters or leaves the area. The initial response force must also be prepared to locate witnesses, direct them to a safe location for debriefing, and interface with local law enforcement or emergency service personnel, HN police, and military forces responding to the incident according to the existing status of forces agreement.
Note. CBRNE incidents or threats of terrorist CBRNE attacks may overwhelm a unit or operating base’s minimum capability to adequately detect, assess, and mitigate the effects. Commanders and AT officers must adequately coordinate and prepare for such an incident. (See FM 3-11.21.)
Base Defense Operations Center
3-87. A BDOC is a C2 facility that is established by the base commander as the focal point for protection, security, and defense within the base boundary. Through the BDOC, the base commander plans, directs,
18 February 2011 FM 3-37.2 3-21
Chapter 3
integrates, coordinates, and controls base security efforts and coordinates and integrates area security operations with the base cluster operations center (if established) or other designated higher-level staff. If units occupying the FOB are organic to the commanding headquarters, then a BDOC may not be necessary and base defense requirements would be managed through the unit’s operations section. BDOCs become important when a headquarters is given command of a FOB but the units that occupy or are assigned to the base defense are not organic. BDOCs serve as a permanent part of base defense for as long as the FOB remains in the area or the requirement for an additional mission command element is proven from recent experiences.
3-88. The nature of a BDOC depends on the combination of forces involved and may include other U.S. Service or agencies multinational, a HN agencies’ personnel, depending on the combination of forces located at each particular base. Such entities should be part of the BDOC when elements of their armed forces, police, or paramilitary forces are directly involved in the overall base defense effort or when they are a major tenant organization on the base. The center normally consists of the following primary sections:




3-89. Tenant units, program managers for contractors deploying with the force, or security forces will often be operating with incompatible communications equipment. The base commander and subordinate commanders who are responsible for planning and executing base defense operations must ensure that specific base, base cluster, and line-of-communication security measures are planned for and tested to ensure compatibility. An uninterrupted communications network with backups is essential for the BDOC to maintain situational awareness and take the appropriate actions. Everyone must be able to talk to the BDOC without causing chaos. A standard reporting procedure and infrastructure allow for timely and accurate reporting.
3-22 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
Forward Operating Base Marez Suicide Attack, Mosul, Iraq
A terrorist incident on 21 December 2004 in Iraq shows a FOB’s initial response. A suicide bomber, wearing an explosive vest and the uniform of the Iraqi security force, entered a dining tent at FOB Marez and killed 14 Soldiers, 4 American contractors, and 4 Iraqis and wounded 72 others. Soldiers inside the tent turned their lunch tables upside down, placed the wounded on them and then carried them outside. The BDOC took immediate action; medics were onscene instantly and removed the rest of the wounded. Triage occurred, and those seriously wounded were medically evacuated to Ramstein Air Base in Germany for treatment at Landstuhl Regional Medical Center. The mass casualty response, planned by the FOB’s medical officer and rehearsed before the incident, was well executed and, most likely, prevented more deaths from injuries. The attack was attributed to a member of Ansar al-Sunna, a 24-year-old man from Mosul, who worked at the base for two months and had provided information about the base to the group. Security at U.S. bases is ordinarily extremely tight. Local Iraqi workers are typically searched before entering the base and are monitored on the base. The only Iraqi nationals usually allowed in dining mess halls are Iraqi soldiers. This suggests that base facilities have been infiltrated by adversaries who are collecting and providing information on base vulnerabilities. Further, this attack was carried out in daylight against the largest facility on the base, exactly when the largest number of Soldiers would be present. This combination of evidence indicates
a good probability that the attack was well planned and professionally executed.
Additional Response Considerations
3-90. Although the primary goal is to end a terrorist incident without injury, another goal is to prosecute terrorists. Witness testimony, photographic evidence, and other evidence are important in achieving a successful prosecution. Maintaining the continuous chain-of-custody of evidence obtained during an incident requires documenting the location, control, and possession of the evidence from the time custody is established until the time evidence is presented in court. Failure to maintain the chain of custody or contamination of the scene can result in exclusion of the evidence. Consult law enforcement or staff judge advocates on proper procedures unless doing so would harm military operations. The types of evidence for which the chain of custody must be established include—

Photographs taken during the incident.

Physical evidence, including items used by the terrorists. The AT appendix must include planning for contaminated-evidence preservation and collection, storage, and chain of custody procedures.

Tape recordings of conversations between terrorists and hostage negotiators.

Demand notes or other messages recorded by written, audio, or video means prepared by the terrorists.

Sample collection, including samples collected at the scene during initial and follow-on response.
3-91. Apprehended military personnel are handled according to the Uniform Code of Military Justice, DOD and Service regulations, and applicable installation SOPs. In foreign incidents, civilian detainees may be processed according to the status of forces agreement, diplomatic note, or other agreements with that particular country. Unless exigent circumstances dictate otherwise, the staff judge advocate should be consulted before releasing an individual to HN authorities. The United States does not normally render its own nationals to the custody of a third party, including an HN. When this does occur, it is only in very limited circumstances and under the direction of the executive office. In coordination with the staff judge advocate, an AAR should be prepared within seven working days after termination of the event.
18 February 2011 FM 3-37.2 3-23
Chapter 3
3-92. Each Service and command has a reporting procedure that requires a timely report of the incident to higher military authorities. The crisis management plan should dictate required reports and timelines for notification. This should include staff journals and other documentation, including detailed information concerning the disposition of evidence and captured individuals. The staff judge advocate and law enforcement personnel should ensure that reports are submitted to higher headquarters in sufficient detail to meet prosecution requirements.
3-93. Information from the command concerning positive, negative, and neutral factors that contributed to the incident and its resolution should be analyzed to determine elements of base or unit plans that should be changed. Contracted or HN officials involved in the activity should also be engaged to determine their perspective. Once compiled, AARs or lessons learned should be shared with other units and defense components.
Activities in Incident Management
3-94. Employing IW tactics, the terrorist’s greatest weapon is his ability to influence operations and public opinion through aggressive domination of the media information cycle. The rapid release of information as press releases, audio/video, or printed products tied to an event (spectacular IEDs, suicide bombing, civilian casualties, attacks on U.S. forces) seizes the information initiative. Information is always secondary to the timing. The burden to disprove the “facts” of a terrorist’s information product rests with the target of the attack. In the deployed joint operations area, units face an adaptive and technologically savvy enemy who recognizes that the global information network is his most effective tool for attacking what he perceives to be the center of gravity—public opinion, domestic and international. These types of information warfare have aided in increasing the flow of money and aid from around the globe, influenced civilian opinion of U.S. forces in occupied areas, and had an effect on public opinion within the United States.
3-95. The release of timely information following a terrorist attack is critical to getting ahead of the media information cycle and terrorist attempts to influence public opinion. In a deployed environment, planning for such events requires a coordinated influence line of effort among planners, psychological operations elements, and public affairs officers. Public affairs offices can provide quick statements from a commander concerning a terrorist incident to seize the media initiative. Psychological operations can provide products, (flyers, radio and television spots, coordinated HN civilian key leader engagements) that highlight factual details surrounding a controversial incident or event to prevent distortion by the terrorists. Timing of post-event public affairs releases and psychological operations products is critical, as they are far less effective if not placed on the street within minutes or a few hours after an event.
3-96. Terrorist groups often disseminate crude (but effective) flyers very quickly after a terrorist attack, sometimes within minutes or hours if the products are prepared ahead of time. They flood the streets with these flyers to stir emotions among the populace. Following an incident in which local noncombatants are killed or wounded by multinational forces or terrorists, local media will often play and replay the images on television. A common terrorist tactic is to record an attack and then provide the video to the local news media afterwards. Frequently, civilian deaths are attributed to multinational or U.S. forces even when the terrorists were responsible for putting the civilians at risk or killing them. This endless-loop video technique is extremely effective in stirring strong emotions among people who otherwise would be indifferent. If multinational forces move too slowly and take too long to investigate and vet messages before engaging the media, the impressions of the event as portrayed by local media are already fixed in the minds of the target audience.
3-97. Army Public Affairs plays a leading role as the voice of the commander and has the mission to provide factual and timely information to the media without violating OPSEC. Psychological operations (as a core information operations element) are the primary means for the commander to communicate with the civilian populace in their own language. Public affairs, psychological operations, Soldier, and leader engagements should operate in concert with strategic communications guidance to achieve a proactive, integrated, counteradversary information message that is released to the broadest audience possible.
3-24 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
3-98. Public affairs, psychological operations, and information operation planners should have readily available contingency messages that are approved by the commander and well coordinated with operational staff elements (S-2, S-3, S-5, AT officer) in consequence management planning. The successful massing of information effects requires the commander to articulate his intent clearly for the integration of available elements of operations in the information domain. These messages need to be incorporated into consequence management exercises with scenario-driven battle drills to solidify their use and validity in reducing terrorist information activities. Public affairs officers actively involved in shaping consequence management message releases must ensure that they maintain an open dialogue with liaisons or points of contacts with units throughout the AO to acquire specific details about an event or incident when they are not in the immediate vicinity of an attack.
3-99. By analyzing audiences within the AO, public affairs is able to generate a plan to ensure that the message is broadcasted or distributed to the fullest capacity using the media means accessible to the civilian populace. Public affairs officers establish good working relationships with HN news media representatives in their AO to serve as critical contributors to the media management mission. Units should have a local contract media coordinator who provides understanding and insight into the local culture and media practices and provides translation and interpretation when needed. Deploying units should anticipate the need to interview and establish a contract with qualified local media personnel upon deployment. Having local media personnel onboard leads to successful engagement with HN media.
3-100. In the event of an attack, public affairs offices execute planned response statements with incorporated facts known at the time. The public affairs representatives should be located in the BDOC to keep abreast of incident activities. During the incident the public affairs officer should prepare media releases and conduct briefings at the media center, located away from the BDOC, , based on information that is received. The public affairs officer ensures that the information released is screened to maintain OPSEC. Media representatives should be given access to releasable information and to the scene as early as possible, with reasonable conditions and restrictions commensurate to the risk and gravity of the event. Media can assist in disseminating information about the incident to inform and mitigate additional harm. If in-person site visits are not possible, initiate action to push DOD imagery of the incident site to the media for immediate release.
3-101. Follow-on press releases, psychological operations products, and commander’s interviews can be used as part of consequence management battle drills to emphasize the facts of the event and discredit terrorist disinformation. The incorporation of sterilized and approved photographic and video images and interviews with local and multinational force witnesses by public affairs and HN media sources aid in solidifying the multinational force statements while discrediting terrorist claims and denouncing or condemning their attack. By continually reducing terrorist claims and exploits through quick, consistent, and factual reporting, multinational forces effectively take the information offensive approach to the postattack phase and can be more effective at defeating terrorist support in the AO.
3-102. The advantages of having local or HN media cover noteworthy events and lead when publishing postattack messages are numerous. HN media can—

Place an HN face on published works.

Capture the ground truth in nearly real time.

Counter antigovernment or anti-multi-national force information.

Eliminate the language barrier when conducting interviews with other local nationals or witnesses to the event.

Gain credibility and acceptance among the local population.
3-103. U.S. and multinational forces may never have enough initiative to overcome terrorists publishing information on what is a terrorist attack. Through informing, influencing, planning, and coordinating a consequence management response, the multinational force can inform the HN media about events that will likely impact and shape the information environment, influence cooperation of the civilian population, and reduce the terrorists’ ability to successfully shape the local population’s perceptions of an incident.


3-104. The deployed AT program is reinforced by AT tasks that support the execution of three tactical tasks discussed above (see figure 3-3, page 3-7). By establishing an AT program, increasing AT awareness, developing civil-military partnerships, and exercising AT plans and responses commanders enhance their units ability to defeat terrorist activities.
Antiterrorism Task 1. Establish an Antiterrorism Program
3-105. The AT program within a unit is a commander’s program that is designed to protect personnel, infrastructure, and information. To accomplish these goals, commanders must plan, integrate, and apply all in-place programs (combating terrorism, physical security, security operations, and personnel protective services) and support this effort through the extensive use of available intelligence and CI services. Commanders communicate their intent on managing the terrorist threat to their subordinates, enhancing decentralized execution and adaptability to changing tactics at lower levels.
3-106. AT planning is conducted and documented in the form of an annex, to operation order or plan, or SOP for units (battalion or higher) while conducting training and operational deployments (50 or more personnel), training exercises (50 or more personnel), and special events (Iraqi police academy graduation, opening of a new HN government facility). Commanders and staffs coordinate their efforts with the appropriate HN authority and U.S. country teams. AT annexes should be flexible for use by a unit or base and can be adapted for any environment (in-transit, base, offense, or defense operations) and are coordinated through the appropriate geographic combatant command and U.S. embassy or consulate.
3-107. The purpose is to help the AT officer structure an AT appendix in a comprehensive and organized manner. The format is usually patterned after the standard five-paragraph military operations order (situation, mission, execution, sustainment, and C2) that can be issued as a standalone document or in support of a larger operations order. This format enables the synchronization of existing programs (physical security, AT, OPSEC, information security, HRP protection). AT considerations should be integrated into plans and separate annexes. Collaborative staff interaction is a crucial element in developing a realistic executable plan that provides amplified instructions as required. AT planning documentation should address—

The application of AT measures.

Terrorist threats and other threat activities.

Measures to reduce vulnerabilities to terrorist acts and attacks.

AT physical security measures.

AT measures for critical asset security.

ECP procedures.

FPCON implementation measures, including site-specific AT measures.

On-site security elements.

Operations and information security.

AT measures for HRP, when appropriate.

Reaction to terrorist incidents.

CBRNE plans and measures to deal with toxic industrial hazards.

BDOC operations.

Alert notification procedures.

Incident response management procedures.

AT construction and building considerations.

AT measures for logistics and other contracting.

AT measures for in-transit movements, when appropriate.
3-26 FM 3-37.2 18 February 2011
Foundations of Antiterrorism
Antiterrorism Task 4. Increase Antiterrorism Awareness
3-108. Situational awareness is the immediate knowledge of the conditions of the operation, constrained geographically and in time (FM 3-0). Situational awareness emphasizes that Soldiers know what is happening around them. The knowledge and perceptions occur in the Soldier’s mind; situational awareness is an ability to maintain a constant vigil over important information, understand the relationship among the various pieces of information monitored, and project this understanding into the near future to make critical decisions.
3-109. For this reason, AT awareness serves as a key component of a unit’s ability to assess, detect, warn and defend against terrorist actions. To help combat complacency, commanders emphasize AT awareness by ensuring that personnel within their command are aware of the significance of the terrorist threat, reemphasize unit and personal protection measures, report suspicious activities, and review assessed vulnerabilities and RAM. By emphasizing and teaching Soldiers to recognize potential or actual threats early, they can take measures to avoid or counter threats before they occur.
3-110. AT awareness serves more as an attitude or mind-set than a hard skill. When an attack occurs, persons with a complacent or apathetic mind-set are taken completely by surprise, unable to respond due to freezing up from shock and denial as their minds try to assess the situation. The opposite is also true: Soldiers cannot be expected to operate in a state of heightened awareness for extended periods. The constant stream of adrenalin and stress leads to mental and physical fatigue and impairs the body’s natural fight or flight response. AT awareness supports the Soldier’s ability to remain at a balanced level of awareness. The knowledge, exposure, and experience a Soldier gets from training, information, lessons learned, exercises, and rehearsals causes the Soldier to function without added stress associated with maintaining this level of personal security posture indefinitely.
3-111. AT awareness influences a Soldier’s ability to conduct surveillance detection and recognize information that could thwart a future attack or enhance other intelligence collection efforts. Paying close attention to simple details (time, environment, distance, and demeanor) can uncover a possible terrorist if that person is sloppy in his surveillance techniques. How much time a person spends in an area could give him away. The location or environment and the distance at which someone stays are also important. If someone is consistently spotted parked down the street at odd hours of the night, for instance, that might be reason to think the person is conducting surveillance. How a person acts, or his demeanor, can also give someone away. A frequently nervous individual could inadvertently show concern over getting caught. Demeanor can also account for indicators when dealing with suicide bombers (unseasonably warm clothing, odd bulges under clothing, mumbling, fidgeting, an obvious avoidance of security personnel).
3-112. To fill in the information gap and lessen the degree of uncertainty, terrorist information must flow from top to bottom and from bottom to top. Information collected by subordinate elements (patrols, ECPs, others in contact with locals) needs to be reported in a timely manner to the unit S-2. The information contained in patrol reports and debriefs can provide important details on the terrorist threat and will assist the staff and AT officer in developing a more detailed and realistic threat model for the commander. As discussed earlier in this manual, potential threat may involve terrorists, criminal organizations, or actors with unknown intentions. As part of an AT program, the staff works closely with psychological operations personnel to look at groups, cells, and individual elements. They collaborate and evaluate propaganda, graffiti, and gang symbols to determine likely propaganda or communications by threats operating in the area.
Antiterrorism Task 6. Establish Civil-Military Partnerships
3-113. Commanders will coordinate with defense attaches, regional service officers, and local civilian communities to establish relationships to formulate partnerships to combat and defend against terrorism. The formation of effective civil-military teams creates complementary capabilities that mitigate the inherent weaknesses of the U.S. Army and HN civilian agencies who are living and operating in the AO. Partnerships include the sharing of resources and information to enhance the safety of the Soldiers operating in the area and the local populace who become part of the commander’s responsibility. The daily interaction between U.S. forces and the myriad of civilians and civil organizations in the supported
18 February 2011 FM 3-37.2 3-27
Chapter 3
commander’s AO can develop useful civil information, which can be fused or processed to increase situational awareness, situational understanding, or situational dominance.
3-114. Civil-military partnerships also exist to enhance a commander’s capabilities in response to terrorist attacks. Assistance from HN assets can provide resources in the way of CBRNE response, security, construction, and mass casualty assistance to reduce the effects of terrorist attacks and assist in recovery efforts. Partnerships with local media help to broadcast the commander’s message to the population, reducing the impact of terrorist misinformation. Military partnerships with HN media resources are crucial for disseminating psychological operations products that encourage postincident civilian cooperation and reporting to prevent or mitigate terrorist incidents.
Antiterrorism Task 8. Conduct Exercises and Evaluate/Assess the Plan
3-115. Exercises test and validate policies, plans, and operating procedures; test the effectiveness of response capabilities; and increase the confidence and skill levels of personnel. Because current and future deployments will consist of joint, multinational, and HN partners, it is important that agencies exercise together. These exercises enhance coordination among varying partners whether it is on a base or on patrol and help them work together. They also allow personnel to become familiar with other procedures and identify those areas needing further coordination. In the absence of actual operations, exercises are an important indicator of the preparedness of a unit or multinational force to deal with a variety of terrorist incidents.
3-116. Commanders institute exercise and training programs that develop, refine, and test the command’s AT response procedures to terrorist threats or incidents and ensure that AT is an integral part of the unit’s protection posture. Soldiers train to perform tasks while operating alone or in groups. Soldiers and leaders develop the ability to exercise mature judgment and initiative under stress. The Army requires agile and adaptive leaders who are able to handle the challenges of a terrorist threat that is present throughout the full spectrum of operations. Change and adaptation to an asymmetrical threat must be recognized, communicated, and implemented far more quickly than in the past. Solutions discovered in exercises or in real situations must be disseminated throughout the force and then adapted quickly and innovatively as the terrorists adapt to counter the newfound advantages.
3-117. Experiences from Iraq and Afghanistan demonstrated that Soldiers who are trained exclusively for offense and defense operations were not as capable of adapting to the requirements for stability operations or facing the challenges associated with dealing with an asymmetric threat. Commanders must find a balanced approach to the types of training essential to full spectrum operations, understanding that the terrorist threat is present throughout the spectrum of conflict. Incorporating AT training and awareness prepares Soldiers to operate more efficiently in any environment.