April 26, 2019

Building Resilience

Terrorist attacks at large public gatherings and vehicular terrorism appear to be on the constant rise across the globe, as recently as November 2018 in Melbourne. Governments are subsequently being forced to rethink and reform their national security measures, and Australia is no exception. While the focus of how to more effectively manage and prevent large scale terrorist attacks is not a recent development, what is new is the private sector's role in preventing terrorist acts and in particular, their potential liability exposure if they fail to fulfil these duties.

Occupational Security: building national resilience

Australian security intelligence suggests that the vulnerability and resilience of a specific target are factors in terrorists' decision making process when deciding whether to proceed with an attack.[1] Therefore, effective deterrence is essential to preventing terrorist threats. This requires building and developing methods of resilience in order to minimise national vulnerability. Such an approach could help to avoid impacts of attacks or at least significantly minimise their consequences.

Occupational security law, the body of law concerned with regulating corporate activity and building national resilience, is still in its infancy in Australia. However, there is extensive overlap with security obligations as part of an integrated safety duty under the Model Work Health and Safety Act (Model WHS Act)[2], which has been adopted in the majority of Australian states and territories.[3] Indeed, the expansion of the primary duty of care has intertwined the relationship between safety and security duties, which requires a person conducting a business or undertaking (PCBU) to ensure, so far as is reasonably practicable, that other persons are not exposed to risk to their health and safety arising from work undertaken in the conduct of their business or undertaking.[4]

Following a number of terrorist attacks since the World Trade Centre bombing in 1993, integrated security obligations within safety duties have become more apparent, as set out in the table below.

Jurisdiction

Incident

Liability exposure

New York, United States

1993 World Trade Centre Bombing

The New York and New Jersey Port Authority were been found liable in negligence for neglecting to maintain adequate security practices.[5]

Oklahoma, United States

1995 Oklahoma City bombing

The United States Federal Government surrounded all federal buildings with permanent security traffic barriers to prevent similar attacks.

Since this attack, all new United States federal buildings must now be constructed with truck resistant barriers to minimise vulnerability of trucks being used as weapons.[6]

United States

11 September 2001 attacks

Boeing is facing legal proceedings on the basis of alleged design flaws in the cockpit which permitted the terrorists to access the cockpits.[7]

New York, United States

11 September 2001 attacks

A more stringent approach to building design standards has been adopted in the United States, which includes hardening the buildings to better withstand a terrorist attack.[8]

Mumbai, India

2008 Mumbai bombing

The design of a hotel cannot be said to be safe unless it incorporates security features aimed at minimising risks of a terrorist attack.[9]

As the type of terrorist attacks and our knowledge of these continue to evolve, security obligations are increasingly becoming captured by safety legislation.

Australia's Private Sector legal obligations

The private sector evidently has a significant role to play in building national resilience. Companies and businesses increasingly owe legal obligations to proactively identify potential terrorist risks and implement a security plan to mitigate these risks. For example, had cities erected the physical barriers and infrastructure in pedestrian heavy places prior to vehicle terrorist attacks (such as in Melbourne - November 2018, London - March 2017, Paris - August 2017, Nice - July 2016 etc.), the impact could have been drastically reduced.

The private sector (particularly business owners, operators and executives) therefore need be aware of their legal duties to take steps within their control to minimise the impact of a terrorist attack and of their potential exposure to liability if their business is the target of a terrorist attack.

Legislative requirements

The Model Work Health and Safety Regulations require that operators of major hazard facilities prepare a facility security plan which must address all major security hazards related to the facility. The Australian Government has also introduced occupational security frameworks, including a 'National Security Statement' and a 'Critical Infrastructure Resilience Strategy'.[10]

State jurisdictions (including Victoria, New South Wales and Western Australia) have additionally introduced legal obligations on certain private sector individuals, particularly on operators of 'critical infrastructure'[11] or 'major hazard facilities'[12]. In summary, the Victorian duty requires that the relevant individual protect infrastructure from terrorist threats and requires identification, evaluation, enhancing preparedness and ensuring ongoing communication and information exchange.[13]

In light of the private sector's increasingly onerous security obligations and liability exposure, it is recommended that businesses and companies adopt security risk assessments. Company and business executives need to proactively identify any potential risk of their business and implement a security risk management system that mitigates that risk.

Key takeaways include:

  • Deterrence is central to building national resilience and counter terrorism security;

  • Executives, owners and operators of businesses should be aware that their safety duties owed by businesses and companies incorporate security obligations;

  • Businesses and companies can fulfil their occupational security duties and limit their potential exposed liability through adopting, implementing and regularly auditing security risk assessments;

  • Terrorist attacks in which such security risk assessments were adopted provide evidence that the impacts were significantly reduced.


[1] Tooma, M, Safety, Security, Health and Environment Law, Federation Press 2011, p 50.

[2] Ibid.

[3] Ibid, p 51.

[4] Model Work Health and Safety Act, s 19.

[5] Re World Trade Centre Bombing Litigation, 776 NYS 2d 713 (Sup. Ct 2004), offd, 784 N.Y.S 2d 869 (App. Div. 2004).

[6] Tooma, M, Safety, Security, Health and Environment Law, Federation Press 2011, p 59.

[7] Re September 11 Litigation S DNY (No 21 MC 97).

[8] Tooma, M, Safety, Security, Health and Environment Law, Federation Press 2011, p 51.

[9] Ibid.

[10] See Australian Government, National Guidelines for Protecting Critical Infrastructure from Terrorism, February 2005. See also Australian Government (2010), Critical Infrastructure Resilience Strategy, Australian Government.

[11] See Terrorism (Community Protection) Act 2003 (Vic) ss 29-32 and Western Australian Government, Critical Infrastructure Protection Framework, April 2007.

[12] See draft Major Hazard Facilities Regulation 2007 (NSW).

[13] Terrorism (Community Protection) Act 2003 (Vic) ss 31(a) - (i).