Skip to main content
Volume 1: Security for the Arena
Volume 1: Security for the Arena (large format)

CTSAs and the Arena

The Arena had been given advice by CTSAs, employed by GMP, for a number of years before the bombing. At the time of the bombing, the CTSA advising SMG in relation to the Arena was Ken Upham. I consider below whether specific advice should have been provided to the Arena by Ken Upham as to the risks to customers of an attack at egress into the City Room from the Arena. I also consider the related issue of the extent to which SMG was entitled to rely on any assurances provided by Ken Upham as to the level of protection already in place at the Arena.

Ken Upham was employed by GMP as a civilian CTSA. There are about 200 CTSAs working for regional police forces across the country. BTP employ a small number in addition.237

The contact between Ken Upham and SMG began in 2014.238 It centred around a tool prepared by NaCTSO and used by CTSAs called the Protective Security Improvement Activity (PSIA).239 This was an Excel document which was completed by the site and the CTSA.240 It takes a site through six common attack methodologies which included both vehicle-borne IEDs and a PBIED and awarded a score depending on protective security measures which were in place to protect the site against these attack methodologies.241

Depending on the answers, points would be awarded which would be totalled to provide an overall score.242 Relying on the scores, an ‘Action Plan’ would be devised which would provide the site with ways in which it could improve its scores.243 The CTSA visited on a quarterly basis.244 The PSIA would be completed every six months.

There are a number of issues with this system. First and foremost, as I have already said, it is entirely voluntary.245 The services of a CTSA are offered to a site but it is up to the site whether they engage with the CTSAs and, if they choose not to, there is no express obligation on them to get similar advice elsewhere.246 For those who do engage, there is no express obligation on them to carry out the recommendations suggested in the Action Plan.247 One of the difficulties for CTSAs early on was that they were suggesting improvements which have been described as ‘gold standard’ which had a very low take up.248 As a result, in 2014 it became policy to advise clients that if they did not want to adopt the gold standard solution then they should do something which was less expensive on the basis that “something was better than nothing”.249 DAC D’Orsi explained that the reason for this was a change in the nature of terrorist attacks which she said had become less sophisticated so that relatively straightforward and cheap measures could be adopted which would improve security.250 It may be that with the benefit of hindsight “something was better than nothing” was an unfortunate choice of phrase.251 Whatever one’s view of this, it had nothing to do with the events at the Arena on 22nd May 2017.

SMG did engage with the CTSA scheme and did make improvements in accordance with the Action Plan. It was unfortunate that SMG was not provided with a copy of any of the PSIAs or the Action Plans, except the first ones.252 SMG should have been supplied with copies of all of them.253 What was also required was a clear understanding by SMG that the CTSA was not providing an audit of security.254 It was not a CTSA’s role to tell a venue that they had complied with their responsibilities and that their security procedures were satisfactory.

Although Ken Upham did not give evidence because of ill health, the Inquiry received three statements from him.255 I have had firmly in mind that I have not heard from Ken Upham from the witness box, but I have no alternative but to resolve any relevant factual dispute on the basis of the evidence before me. While I have taken fully into account his statements, there is always a risk that evidence given in person will have more impact. I have borne this in mind and have done my best to make allowance for it.

Ken Upham made clear in those statements that he did not consider that it was part of his role to consider the security in the City Room as a whole. He concentrated his attention on the entry through the doors from the City Room into the Arena bowl itself. He also categorically denied having advised the Arena that it was doing all that it could or that he was happy with the security procedures in place at the Arena on both event days and non-event days.256 I accept Miriam Stone’s evidence that Ken Upham did indicate to her that the PSIA figures were good and SMG should continue with what they were doing.257 This was not an appropriate view to express. It could have given Miriam Stone a false level of reassurance. However, even in these circumstances, there were clear limits to any reassurance, as I shall go on to explain.

Ken Upham was reliant on the information provided to him being correct.258 He did not check it. It was not his job to do so259 nor did SMG have any reason to think he had done so. So, for example, if he had asked whether the CCTV provided good coverage, which he might have done, he would very likely have been told by Miriam Stone that it did, as she was not aware of the Blind Spot.260 Further, his focus was on the Arena rather than the areas outside, such as the City Room.261

While an overall score might have been high, it did not mean that there were no significant improvements required in certain areas. In the case of CCTV, it was given a score of “3” out of 3262 which suggests that all that could be done, had been done. Given the failings I have identified in SMG’s approach to CCTV monitoring in Part 6, any indication that SMG’s CCTV system had no room for improvement was misplaced, inappropriate and risked essential remedial steps being overlooked, as in fact they were.

Some of the information on the PSIA form was incorrect, for example in relation to searching.263 Ken Upham accepted this.264 The form was completed on the basis that there was more searching than there was.265 The most significant gap in the advice given by Ken Upham, which is relevant to the Attack, is that Ken Upham did not concern himself with advising what security measures were required to protect against an attack by a PBIED in the City Room, particularly during egress or ingress. This was when customers coming to or leaving an event would be there in considerable numbers, making it an attractive crowded space for an attack.266 There was nothing about that on the PSIA form to bring that particular area at those particular times into focus.267

Ken Upham considered the security measures in the City Room only in so far as you could enter the Arena from there.268 He considered what protections were in place at the entrance to prevent a PBIED being taken into the Arena itself.269 He did not consider what, if anything, could be done to prevent a PBIED being exploded in the City Room. Elizabeth Forster, Ken Upham’s line manager, confirmed that the CTSA was concerned with safety in the Arena itself.270 As such, Ken Upham’s approach was consistent with what his line manager expected him to do. CTSAs considered protections outside the Arena, such as against a vehicle-borne IED, from the perspective of preventing such threats getting into the Arena. The focus was on the safety of the public inside the Arena itself, not on what might happen to them outside.

DAC D’Orsi says that it should have been obvious to everyone that the City Room could be a target for attack at times when it was crowded.271 It is therefore unfortunate that Ken Upham did not regard it as part of his brief to consider it. However, Miriam Stone knew that the PSIA scoring system was primarily aimed at protecting the public inside the Arena.272

While the NaCTSO advice was adequate, it did not contain specific written advice dealing with risks at times of egress from events.273 The NaCTSO Project Argus training, launched in Spring 2016, included a scenario dealing with the effects of an attack as people are leaving an event.274 It was concerned with a how to deal with an attack if it happened rather than precautions to prevent an attack taking place. DAC D’Orsi took the view that it would be inappropriate to deal specifically in written advice with risks at times of egress as that might lead to less weight being attached to risks at other times.275 While that may generally be true, it makes it more important for CTSAs to consider particularly vulnerable points for each venue. Given the measures which existed to prevent a person gaining access to the Arena itself, the most vulnerable time for the Arena was on egress. At this time there would be the largest numbers of people in the City Room.

The security of the City Room, because of its complexity, may have been beyond the expertise or experience of some CTSAs.276 Ken Upham could have advised SMG to obtain assistance from external security experts. There was nothing to prevent him doing so, except for the practice of CTSAs not to do it.277 Where this situation arises in the future, it would seem sensible for a CTSA to give advice that external security experts should be retained. I shall consider this further when I deal with recommendations associated with a Protect Duty in Part 8.

It would also have been of assistance if Ken Upham had monitored an event, to see how the security operation worked in practice. This would have enabled him to check the accuracy of the information contained on the PSIA form.278 He would then have appreciated, for example, that the information relating to what searches were carried out on the form was inaccurate.

If he had attended an event, he might have become aware of the shortcomings in the CCTV coverage and the failure to carry out proper patrols. It was not the practice of CTSAs to attend events at the time279 and I make no criticism of Ken Upham for not having done so. There was a lack of capacity within the CTSA system for such visits to form part of their duties.280