​

Day one of the Democratic National Convention (DNC) in Denver was drawing to a close on Monday, August 25, 2008. The work day had ended for many downtown. A warm summer evening was slowly taking over the hot, dry day, and the Denver Police Department had just issued the command for a group of several hundred masked “black bloc” demonstrators to disperse at the city’s Civic Center Park. Ignoring these orders, the group diverted around the police force, heading for the 16th Street Mall, Denver’s busiest pedestrian strip. That could have created havoc; instead, police were ready and had them cordoned off at 15th Street and Court Street. The surrounding buildings had already locked down as police had alerted them to the evolving security situation.

As the tension between demonstrators and police rose, 911 dispatchers began receiving calls of rioting and looting nearly 10 blocks away in lower downtown. Should the police break away and respond? “We had our troops committed. The department was committed to resolving this other situation,” says Lt. Rob Rock of the Denver Police Department, who recalls watching the situation unfold at 15th and Court via the city’s emergency operations center (EOC).

Instead of sending police officers to investigate the reports from lower downtown, Rock called out to the private sector, since nearly every building downtown has security and most security companies had additional forces for that week.

Joseph P. Gargan, CPP, CFE, vice president of safety and security for Advantage Security Inc., received Rock’s call and passed on the report to private security officers at buildings in lower downtown. “We checked them out and found that they were all false calls,” he says.

The calls were a diversion. “That’s a standard tactic,” Rock says. “They want to draw resources to something that isn’t an emergency so that they can continue to do whatever it is they were going to do. And it didn’t work because of our cooperative efforts with private security.”

Police moved in and arrested more than 100 demonstrators. It was the first and only mass arrest during the week of the DNC, and it was made possible by an unprecedented partnership between the city’s public and private sectors, one that scarcely existed just a year before.

Forming a Partnership

The Denver Public-Private Partnership (DP3) had its first formal meeting in August 2007, after the city was selected to host the next year’s DNC. This gave the police and the private sector 12 months to coordinate efforts and prepare for the upcoming federally designated National Security Event.

DP3 was first conceived two years earlier when Denver Police Chief Gerald Whitman and Gargan considered establishing the city’s own version of New York City’s Area Police Private Security Liaison program. But IT connectivity problems between the Denver city officials’ communications systems and the private sector’s systems initially stalled the effort.

In 2007, ignoring the communication problems bogging down the program, Gargan and Rock co-hosted DP3’s first meeting. The event was attended by 75 people, many of whom were meeting their public or private sector counterparts for the first time. Not only did the Denver Police Department’s Intelligence and Operations Planning Unit attend, but so did the FBI-led regional Joint Terrorism Task Force; the Colorado Information Analysis Center (CIAC), which is the state’s intelligence fusion center; and Team Rubicon, the Colorado State Patrol’s critical infrastructure unit.

Private sector attendees included both contract and proprietary security managers, ASIS members, and Building Owners and Managers Association (BOMA) International members. The group then began to meet every month—and grow.

As discussions progressed, DP3 realized it needed to focus on two elements before the DNC: better communications between the public and private sectors and more training.

Communications

How was DP3 to establish relevant and timely communications between the EOC and private security during the DNC? The initial plan relied on text and e-mail messaging. Lists were made and test alerts were sent. However, the plan faced some major hurdles. One was that membership and e-mail addresses changed frequently, making it difficult for the city’s police department to keep distribution lists current. Another problem was that these types of communication were only one-way. How was the private sector to communicate back? Finally, many participants’ spam filters discarded e-mails before they even reached their inboxes.

A new approach was needed so that sensitive information gathered by law enforcement could be vetted by a public-safety official and distributed in a timely manner to private-sector security, with the ability for recipients to communicate information back up the pipeline as well.

The solution came from another public-private effort, the Colorado Emergency Preparedness Partnership (CEPP), a statewide group established in Spring 2008, with assistance from Business Executives for National Security (BENS) and seeded with funding from local philanthropic organizations.

In terms of preparing the community for disaster, CEPP had recognized that there was a huge gap between what businesses would do and what the public-safety sector would do. “[W]ith the Democratic National Convention coming to Denver, we had an urgent mission ahead of us to fill that gap,” says Sue Mencer, comanaging director of the CEPP.

A first step toward closing that gap was taken in May 2008 when BOMA hosted a DNC tabletop exercise where 250 attendees discussed how they would handle a worst-case scenario. They went through what might happen if unruly crowds became violent and destructive. During an open forum afterward, the dominant question from the audience was: “How are we going to communicate with each other if something does go horribly wrong?”

In the audience, Robert Edson, Mission-Mode Solutions’ vice president for the western United States, grew frustrated with the lack of systemized communication between the public and private sectors. Audience members asked where they would receive real-time information during the convention. “The best advice anyone could give anyone in the room was to watch the news,” Edson says. “That was really an unacceptable answer to me.”

Edson’s Cottage Grove, Minnesota-based company provides customizable Web-based information sharing and crisis-management tools. MissionMode can set up its page-based forums—or situation rooms, as it calls them—almost instantly, and offer password-protected access to approved users. Information updates are posted by users with administrative access, and alerts are sent out by whatever medium the administrator or recipient chooses: SMS text messages, e-mail, fax, or automated voice call. Administrators can require receipt confirmation on messages, and perhaps most important, users can send text or data—such as photographs—back to administrators for posting to the entire group.

After the BOMA exercise, Edson met with Pam Pfeifer, then executive director of CEPP. MissionMode set up a portal through which CEPP could make information available to participants.

“We went out and began securing, through the CEPP, membership and involvement for communications,” Edson explains. He was surprised to see not just an interest from the private sector, but public entities were also subscribing to the system for key, up-to-date information. Officials from Douglas County Sheriff’s Department, Arapahoe County Sheriff’s Department, and Centennial Airport were quick to join. According to Edson, more than 90 different organizations joined, representing more than 200 individual members.

The result was the Business Emergency Operations Center (BEOC), a secure, virtual, invitation-based online forum where subscribers could receive instant alerts from the EOC as well as respond with valuable feedback to the EOC and to other participants.

The inner-core of the DNC’s information-sharing apparatus was a highly secure law-enforcement-only forum where local, state, and federal officials shared sensitive intelligence. When their intelligence had to get to the private business and security sector, a public-safety officer communicated this intelligence to the CEPP operator in the EOC. That information was then disseminated to the business/security forums within BEOC.

The CEPP then monitored feedback from business and private security regarding the intelligence sent down as well as regarding any new intelligence businesses might have gathered that could be given to law enforcement. All agencies operating within the EOC had access to the BEOC.

How effective was this BEOC during the convention? “The first notifications came in from our private sector,” Edson says. “Private security partners had come across a stash of what they believed to be cached protestor weapons.”

Rock recalls receiving information about the caches in alleys, often marked with distinctive graffiti close by. “Everywhere we would find stashes of rocks or bottles or urine and feces in bottles and bags. That’s when the information went out: ‘Start looking for these types of markings.’” Private security began photographing the markings and posting them on the BEOC so other organizations could become more familiar with what to look for.

Pam Sillars, also co-managing director of the CEPP confirms: “We sent out the notice to the business partners, and they were able to go around and identify where [the caches] were, and they took them away. So, when the demonstrators were ready to go pick up their little projects there, they were gone.”

During the melee Monday night, police used the BEOC to ask all the buildings downtown to go into lockdown mode. “We asked that all private security bring their people in and secure their buildings until we [could] get this situation resolved,” Rock says.

Edson was stationed in the EOC at the time. “We sent out an alert to all members of the BEOC: ‘We have a large group of protesters moving in your area. You need to lock down your buildings immediately as requested by the Denver Police Department.’”

The effect of the lockdown was immediate: the protesters had no buildings to duck into and hide from police. As the protesters realized they were being cordoned off, the phony 911 calls began in an attempt to divert police.

DP3 was able to overcome its public-private sector communication hurdles by latching on to what had already been designed for CEPP by MissionMode. The result was a resounding success during the DNC. The BEOC is still activated from time to time—during wildfires, in relation to the swine flu outbreak, and during major civic events like Taste of Denver. The program enjoys a large membership of business and security partners in the Denver metro area.

Training

During the year from DP3’s inception until the DNC, the Denver Police and the U.S. Department of Homeland Security (DHS) coordinated various training opportunities for private-sector security managers. One course was a five-hour awareness class called “Incident Response to Terrorist Bombing” that was taught by the Denver Police bomb squad with teaching materials provided by New Mexico Tech’s DHS First-Responder Training program. Offered in January 2008, the course was designed to demonstrate how explosives can be concealed, what components all explosives must have, and how to respond after discovering such devices.

Rock describes the focus of the class: “We want people to know what they’re looking at. If they see something that looks like an explosive device, [we want them to know] what to do about it. What information can they tell us so we can have a quicker response with the appropriate people?”

Course instructors passed around examples of dummy bombs stuffed in paper bags and briefcases to demonstrate how they could have been rigged. The course ended with a test and certifications from New Mexico Tech.

In early June 2008, the DHS Office for Bombing Prevention, under sponsorship from Armor Group International Training Inc. and CIAC, offered a 40-hour course called “Surveillance Detection Training for Critical Infrastructure Key Resource Operators and Security Staff.”

The weeklong class of about 30 local business security managers devoted the first four hours of the day to teaching attendees the fundamentals of facility rings of security, facility vulnerability analysis, determining hostile surveillance points, and determining surveillance detection points. The course also emphasized that each property is unique with regard to surveillance.

The afternoons were spent at a local shopping center, where students were first asked to walk the perimeter of the mall and conduct vulnerability assessments. Were “secure” doors really not secure? Was anyone questioned by mall security or concerned citizens noticing the unusual behavior?

Eventually, students were to determine hostile detection points. Where could one sit in a car and watch delivery activity? Which bench would be most beneficial for watching ingress/egress and counting unsuspecting shoppers? Then students also compiled surveillance detection points around the mall. How could someone watch another person who was watching others?

During the final day of the course, students spent five hours at the mall searching for hostile surveillance personnel DHS had planted. Students did not know how many suspicious individuals there were or what they looked like.

Was the young man sitting with his back to the fountain really working on the crossword puzzle in the paper, or was he surveying loading dock check-in procedures on the south end of the complex? Students were asked to detect and report all suspicious activity to an off-site command center, helmed by other students.

In the end, during debriefing, students determined there were 12 hostile surveillance individuals. In actuality, there were only three from DHS. However, those three were included in the 12, so the drill was determined to be a success. Some students jokingly wondered if a call should be placed to the mall security about the other nine exhibiting strange behavior and not part of the exercise.

“This type of information was ideal because we had already been receiving reports of suspicious things that were occurring: people taking pictures of buildings and of things that most tourists wouldn’t take pictures of,” Rock says.

Upon completion of the course, security managers who had attended were encouraged to teach the surveillance detection fundamentals to their security staffs.

Conclusion and Challenges

Rock has suggestions for municipalities that want to establish a partnership like DP3. The first step is to proactively reach out and invite all the relevant players to meetings. The police department should also provide relevant training and good information that people are interested in receiving, he says. And he emphasizes the importance of a system of exchanging key information in a timely manner.

Gargan says the transfer of information between the two sectors was a great challenge for the partnership. He says there’s a balance between keeping law-enforcement-sensitive information classified and keeping the public informed. “Breaking down that barrier was pretty tough. Just breaking down ‘old school’ law-enforcement ideas was pretty tough,” he says.

Still, the goals are achievable, as DP3 proved. Within a relatively short time, Denver’s public-private partnership was able to overcome a major communication hurdle between the public and private sectors through the arrangement established by the CEPP and MissionMode. The partnership also reached out to DHS to provide relevant training to private-sector security officers, with no cost to the participants.

That’s not to say that there aren’t ongoing challenges for DP3. Attendance at the monthly meetings dropped significantly after the DNC and is back to 2007 levels. Any public entity wanting to create a similar program needs to be patient during slow times. “The most challenging aspect is just getting people involved when there’s not a major situation that’s going down,” says Rock. People just “want these systems to run in the background” until they’re needed, he notes.

When the Colorado Rockies found themselves in the 2007 World Series and Denver learned that it would host as many as four of the games, a DP3 meeting was held on only two hours’ notice. There was a strong turnout of about 70 people, showing that businesses appreciated the partnership when they saw the need.

Gargan explains: “We were briefed by Denver Police as to what can happen, being it was the World Series, and of the possibilities of what happens in many cities around the country now when a team wins…people get a little wild…and what we had to be prepared for in the buildings.”

Rock was pleased with how the DNC event turned out, as were most in the private sector. The only property damage sustained was a bit of graffiti. It wasn’t the smashed windows, upturned cars, or major tear gas deployment that some had feared. It wasn’t anywhere near “what could have been” during the BOMA’s worst-case scenario drill. Some of the credit for that outcome goes to the DP3.

Edson leans back in his chair, looking out the conference room window over north Denver and sums up the point of a public-private partnership program: “You don’t want the head of an organization, a large employer in the area, sitting down across the table with the emergency manager for their city for the first time and handing business cards to one another after there’s a smoking crater in the ground…. They need to be part of the process all the way through.”

Brian M. Van Hise was security manager of Denver’s Seventeenth Street Plaza for Advantage Security, Inc., during the DNC.