Taking the guesswork out of crisis management27th April 2021
The FBI won plaudits for its swift capture of the “Seaside Bomber”, but it taught the agent in charge of the manhunt how to respond better in future.
The Federal Bureau of Investigation’s (FBI) Newark Field Office is widely regarded inside the FBI for having the best plans to manage a crisis. But that was the result of two years’ hard work, ripping up their plans and starting again having learned the lessons from their pursuit and capture of the “Seaside/Chelsea Bomber”.
In September 2016, two homemade bombs exploded in New Jersey and New York. The first targeted a charity run in aid of the US Marine Corps, while the second exploded at night in Manhattan’s bustling Chelsea district. Another device was found in Chelsea hours later; the next day, a backpack containing a further six bombs was found in New Jersey. The attacks triggered a huge manhunt, which resulted in Ahmad Khan Rahami being arrested following a running gun battle with police.
The episode – from the first bomb exploding to Rahami’s capture – lasted less than 72 hours. Thankfully nobody died, despite 31 people being injured in the Chelsea blast and two New Jersey Police Officers being shot. The FBI team in charge of the investigation won widespread praise for their handling of the crisis, but Joe Denahan, FBI Assistant Special Agent in Charge of Counterterrorism and Crisis Response for the New Jersey Field Office wasn’t entirely pleased. The attack had, he thought, highlighted weaknesses in his team’s crisis-management plan, and he was determined that the same mistakes wouldn’t happen again.
Denahan was watching his kid’s football match when he got the phone call telling him of the terrorist attack. He immediately set about putting together a 200-strong FBI task force, but he was slowed down by a continual stream of incoming calls and messages, while also searching for key agents’ email addresses. Not drafting instructions beforehand on how to kick off their response to the crisis was “clearly a leadership failure on my part”, he admitted.
The 30-minute delay in sending the all-important email was “essentially the catalyst for burning down our entire crisis management programme and recreating it from the ground up,” he told a recent Hiscox Crisis Management webinar. “I saw a lot of areas that needed improvement”. Without question, this event was the single biggest terrorism attack in the state’s history and managing such a dynamic situation in multiple states including an active manhunt was a challenge the office had not faced before.
Learning the lessons of a crisis
Denahan saw several problems that he wanted to address. “Frankly, we moved too slow. We [couldn’t] move as fast as the crisis.” Also, “we had not done a good enough job in training subordinate leaders and frontline employees to step up and do the jobs of those who might have the corporate knowledge but might not be in the building at that time.”
The Bureau’s size also worked against it during the crisis. “That is an organisational weakness that works against us when we manage critical incidents.”
We wanted to take all the guesswork out of what we were doing.
So, Denahan set about making sure his team would react quicker to the next crisis. “We wanted to take all the guesswork out of what we were doing.” For him, that meant knowing what to do before a crisis occurs.
“Ninety percent of crisis management work is pre-incident,” he stated. You need to predict what are the most likely problems, understand what resources are needed to tackle those and continually rehearse what to do. “Pre-made decisions are the key to [getting] faster” in dealing with emergencies, Denahan said, because they reduce “mental drag time”.
He created a crisis-management checklist like those that airline pilots reach for in an emergency. Denahan boiled a 400-page crisis management plan down to one page of clear instructions on precisely what to do if disaster strikes. “If we don’t respond smartly to a critical incident people can lose their lives,” Denahan said. “We can always discard our checklist if it’s not useful but we can’t create it from nothing under pressure.”
Ninety percent of crisis management work is pre-incident.
He also trained staff to “develop a comfort level with chaos”. They would regularly discuss how to respond to a variety of potential emergencies, including second-guessing how they would handle a crisis chosen at random from a pretzel jar kept on Denahan’s desk. The aim was, he said, to train them to think ahead, so they would be better prepared for what may happen.
Experience no substitute for expertise
Denahan’s determination to learn the lessons from the Chelsea Bomber attacks shows how good organisations react to a crisis. Reflecting on the past year, companies that were well-prepared for the pandemic fared much better than their rivals in the Covid-19 crisis, said Charles Hecker, a Partner at Control Risks. “They were ready for this and knew what to do from day one,” he said.
Those are the companies who will catch the imminent Covid-19 recovery wave. They have the tools needed to navigate the lifecycle of a crisis – called the “Three Rs” readiness, response and recovery. “The most successful companies are those that have one eye on crisis management and one eye on strategic opportunity,’ said Hecker.
The most successful companies are those that have one eye on crisis management and one eye on strategic opportunity.
But there’s also help at hand, said Gareth Bateman, product Head of Hiscox’s Security Incident Response (SIR). “It can be difficult for corporates to act quickly to respond to a crisis. SIR takes that problem away, by giving enterprise risk management professionals a 24/7 hotline to call should anything go wrong.”
In spite of all his experience, Denahan readily admitted he doesn’t have all the answers. “I don’t pretend to know everything. So, I consult subject-matter experts all of the time.” He concluded: “I don’t think [that] makes you weak – it’s experience talking.”