WE RECOVER FROM tragedy through courage and inspiration. Amid the horror of the Boston Marathon bombing, split-screened with explosions and shootouts, we saw astonishing images: volunteer doctors turning medical tents into MASH units, fans rushing to tend the wounded, a runner placing his medal around the neck of a crying entrant who had been stopped half a mile from the finish line.
This response is light-years beyond what many counterterrorism policy experts believed was likely just two years ago. In August 2011, The Mag visited the National Sports Safety and Security Conference and Exhibition in New Orleans to report on stadium security in advance of 9/11's 10th anniversary. Dozens of vendors were there hawking wares to hundreds of venues, consultants, teams and government officials. The products -- ranging from anthrax detectors to X-ray cabinets -- overwhelmingly emphasized protection. That trend toward trying to guarantee that another attack would never strike U.S. soil was alarming to those studying the field. "Most [buyers] are looking at technology, all this gee-whiz stuff," said Stacey Hall of the National Center for Spectator Sports Safety and Security (NCS4). "They need to be evaluating what will actually return them to normal if there is an incident."
It wasn't just the event managers struggling to find a solution. The federal government didn't establish comprehensive safety standards for public arenas but opted to certify devices and services as effective terror-fighting tools. The certifications helped protect manufacturers from terror-related lawsuits, and using certified products lessened a venue's liability too. What resulted was a new industry of showy crime-fighting technology. And eager buyers saw it as one more cost of doing business, like computer cables or bathroom partitions. Sports security, which The Mag called an "Industry of Fear" in 2011, grew into a $2 billion global business, even though most customers had little or no way of calculating the returns on their investments.
In fact, ever since 9/11, there have been gaping holes in the nation's defenses against catastrophes at sporting events, especially at softer open-air venues like marathons and underfunded targets such as college stadiums. During the Kansas State-Oklahoma football game on Oct. 1, 2005, Joel Hinrichs, an OU student, blew himself up (though only himself) less than 200 yards from a stadium with 84,501 fans. Five years later, that kind of bombing remained an underrecognized menace. Research by the NCS4 in 2010 revealed that 65 percent of colleges with FBS programs still required help to assess vulnerability to security threats, and 41 percent needed assistance to install emergency response plans for disasters. Further NCS4 studies showed that 62 percent of the personnel running security for FBS schools had no formal education or training in event security management. And 60 percent of colleges were outsourcing their game-day security work, and fewer than 30 percent were running background checks on full-time employees at their athletic facilities. Expensive protective measures and advanced technologies are of little preventive value if the people tasked with responding to a disaster are left untrained and unchecked.
The targeting of a marathon, with a 26.2-mile urban route, only emphasized that sports venues can never be 100 percent secure. As counterterrorism expert Arnold Bogis, formerly a fellow at Harvard's Belfer Center for Science and International Affairs, says: "You can try your damnedest, and Boston certainly did, but when hundreds of thousands of people are going in and out of a downtown area, you can't really control access to an event. And there's only so much you can do to prevent something bad from happening."
So some forward-thinking officials have begun applying lessons of natural cataclysms -- events that are impossible to prevent but whose damages can be mitigated -- to potential terror strikes. Emergency responders talk about the "disaster management cycle," in which the people in charge must try not only to prevent and prepare for a calamity but also to respond and recover once a horrible event occurs. Around the country, state and local agencies have made remarkable gains at the back end of that cycle. As fate would have it, perhaps no event was more prepared than the Boston Marathon. Since at least 2007, police and fire departments, emergency medical providers, local businesses and volunteer groups in Massachusetts have used the Marathon to test communication and coordination and develop responses to potential disasters, whether natural or man-made.
Meanwhile, state and local government representatives have met with the Boston Athletic Association (BAA) to coordinate strategies for years, sometimes at a Framingham, Mass., bunker built in 1963 to protect against nuclear attack. And they've incorporated an array of local tech resources to run the Marathon smoothly. In 2009 the city deployed a project called Athena, developed by Raytheon, the defense electronics giant based in Waltham, Mass., to integrate video, mapping and tracking software across police, fire and port security departments into one public-safety data bank during the Marathon. In 2012 the Marathon introduced the Next-Generation Incident Command System (NICS), a virtual whiteboard developed by the Lincoln Laboratory, a federally funded research center at MIT. The NICS plots runners' movements along the Marathon route in real time and shows the location of aid and water stations, as well as the cars that lead and trail the race. Any first responder can mark the map to report an incident, call for help or warn emergency vehicles about traffic.
None of this interagency harmony or high technology stopped the bombs on April 15. But they did help Boston react quickly and efficiently to the disaster. After the explosions, local police and BAA officials diverted runners to a different route, then to a community meeting area. They used social media to tell the competitors' families and friends to return to their homes and hotels and meet there. And they shepherded fans away from the site of the bombings. In short, they knew what to do. And they speedily cleared the way for the wounded to get treatment -- and for police to search for clues. "How quickly a sports scene has become a crime scene," Juliette Kayyem, lecturer at Harvard's Kennedy School of Government and former Massachusetts undersecretary for Homeland Security, tweeted from the finish line. "No runners. Just badges … Moving from response to investigation."
Within an hour, investigators were gathering evidence. Within three days, they knew enough to broadcast images of the Tsarnaev brothers, the alleged bombers. With so many victims, few want to hear that things could have gone worse. But of all the factors that can turn a gruesome local assault into an even larger catastrophe -- panic, inadequate medical care, ongoing multiple attacks -- none happened in Boston.
In the world of sports, fans had always merely been spectators to the war on terror, taxed at games by traffic barriers, endless lines, metal detectors, surveillance cameras and groping guards. Each measure leached away joy without quite making us feel safe. So the fan response at the Marathon was actually a watershed moment revealing how far we've come.
The seeds for change were planted three years ago, when Washington subtly empowered the people in its fight against terrorism. In July 2010, the Department of Homeland Security began its "If You See Something, Say Something" campaign, a simple but effective way of deputizing citizens. The Obama administration then took these ideas about response, recovery and public participation and formally incorporated them into U.S. antiterror policy. Presidential Policy Directive-8, which President Obama signed on March 30, 2011, calls for a system to "provide an all-of-nation approach for building and sustaining a cycle of preparedness activities over time."
And now we've been galvanized by the Boston Marathon, where the bombing was seemingly beyond the limits of prevention but the response was clearly a testament to planning. Consider: Fans helped each other to disperse efficiently from the Marathon. Spectators and local businesses contributed photos and video to help investigators zero in on suspects. Acquaintances recognized photos of the Tsarnaevs and notified the FBI. And after a gunfight and massive manhunt -- and after a regionwide lockdown was imposed and lifted -- it was David Henneberry, a boat owner in Watertown, who spotted Dzhokhar Tsarnaev and called the police.
Moving forward, better crowdsourcing will be key to improving security. In settings of dozens of thousands of people, like a dense city -- or a stadium -- gathering intelligence means tapping the crowd. "The best sense of security is the eyes and ears of the 25,000 people that are going to be participating or along the route," Oklahoma City Mayor Mick Cornett told Outside the Lines about his city's marathon, scheduled for April 28. "People are going to be very vigilant."
They better be. We all better be. If the sports world is ever going to protect its soft targets more comprehensively, it needs to include fans in preventing attacks it can stop. And responding to those it can't.