The controversy surrounding the Dakota Access Pipeline (DAPL) project and recent environmental protests at worksites has led to international attention and a growing concern for critical infrastructure owners and operators. Protests, contentious gatherings and violent mobs near infrastructure projects can thrust organizations into an unwanted media frenzy and potentially put employee safety and security at risk. As the state of public discourse around political ideology remains a flashpoint for demonstrations and dissent, thinking through security plans and corporate response is needed prior to a crisis.

In North Dakota, local law enforcement made 761 arrests in the region between early August 2016 and late February 2017. In his request for federal funding to recoup the $38 million in law enforcement costs needed to deal with the infrastructure protests, Governor Doug Burgum stated, “The DAPL protest is the first time the state of North Dakota has experienced civil unrest of this magnitude.” He added that the protest, “was of such severity and magnitude that effective response is beyond the capabilities of the state and affected local governments.”

The First Amendment protects the right to free assembly and demonstration. Protests and marches, whether scheduled or spontaneous, are lawful first amendment activities. However, when these demonstrations escalate toward violence and cause damage to property, they pose a significant hazard to critical infrastructure. Whether critical infrastructure is the target of civil disturbance or an indirect victim, organizations must be prepared to mitigate risk.

Protests, demonstrations, riots and civil unrest can overwhelm an organization and its external partners. The potential for damage and significant impact to critical infrastructure is a legitimate threat that must be addressed through mitigation efforts, preparedness, effective response and proper recovery.



To distinguish between peaceful gatherings and activities that are detrimental to public safety, an enterprise should depend upon the lawfulness of the activity and defined terminology. The Federal Emergency Management Agency defines civil disturbance as “a civil unrest activity such as a demonstration, riot, or strike that disrupts a community and requires intervention to maintain public safety.” As a defined hazard, civil disturbance should be addressed in an all-hazards approach to emergency management.


Direct and Indirect Impacts

Critical infrastructure must be prepared not only for the civil disturbances directed at organizations (direct), but also for civil disturbances in the geographic region that have the potential to impact normal business operations (indirect). Direct impacts are not new to many segments of critical infrastructure, particularly the nuclear power protests of the 1970s–1980s, and the more recent domestic pipeline projects. These demonstrations are typically known to facilities in advance, so there is some time to prepare. Indirect impacts include situations where an entity is effected by civil disturbance directed at another organization, entity or social event (such as the police protests in Baltimore and Ferguson). While a sporting event may have nothing to do with a utility, a raucous celebration post-win and the potential for associated damage should be considered. Being an indirect target of these movements may create a complacent approach to an organization’s preparation for impacts.

Regardless of the direction of civil disturbance, organizations and their security managers must be prepared to manage such events. The recommended approach toward this hazard is to apply the four phases of Emergency Management: Mitigation, Preparedness, Response and Recovery.



Mitigation efforts are designed to reduce the impacts of a security event on human life and damage to company property. The measures listed here provide an organization with the ability to reduce impacts that may occur during civil unrest.

  • Threat Identification: Maintain active awareness of protests and movements in an organization’s area of responsibility. Social media contractors may be especially helpful in providing an early warning system by datamining social media posts associated with civil unrest to identify times and locations of planned events and associated actions that are identified.

  • Government/Law Enforcement Relationships: Government and local law enforcement (LLE) should have access and a detailed understanding of an organization’s facility. Introducing an organization’s key personnel to law enforcement is especially beneficial as it gives first responders a good idea what is critical or dangerous to the public. Law enforcement’s integration into existing plans should occur well in advance of events. Traffic considerations are especially important, as this aids in keeping key routes open and safe.

  • Signage: Delineate property lines to prevent confusion and provide clarity to both protestors and law enforcement at what point trespassing occurs.

  • Highly Visible Security: Visible security measures can deter aggressors. Perimeter-focused monitoring, placement of security personnel, and increased illumination can make people reconsider the difficulty of entering or damaging a facility.

  • Facility Hardening: Perimeter security such as walls, fences and restricted areas should be well defined and in proper working order. Additionally, standoff distance between demonstrators and company buildings and facilities should be created. Improvements to ground floor glass could mitigate building damage.

  • Mutual Aid Agreements: Damage to equipment and the inability to resupply can be addressed through the establishment of mutual aid agreements to provide assistance if local resources are not available.

  • Intelligence Sharing and Security Services: Security managers should establish intelligence sharing processes to receive, distribute and share intelligence on potential civil unrest activities. This information, along with law enforcement briefs and damage reports, should be used to update executives within the C-Suite.

  • Cost-Benefit Analysis: Selling the costs of protection is a challenge for both security managers and critical infrastructure executives. While many practitioners point to hazard mitigation as a $4:$1 ROI, security managers need to show their ability to protect not only assets but also a company’s reputation.



Preparation involves the shorter-term actions prior to civil unrest in case of direct impact.

  • Civil Unrest Procedures: Develop and implement security procedures focused primarily on response to civil unrest. These procedures should serve as an umbrella response for all processes related to a reaction to civil unrest. Many of the responses are like those that critical infrastructure may use during strikes and labor disputes. Security managers can implement programs that address and reduce costs of implementation due to the overlap.

  • Monitoring of Current Events with Attention to Political/Social Flashpoints: Security managers should not be surprised by political developments. Understanding current events, as well as anniversaries of events, is critical to preparedness.

  • Social Media Intelligence Platforms: Social media is the favored medium of movements to spread a message and communicate with followers. Monitoring these accounts can provide critical infrastructure with information regarding timing and intent of both direct and indirect protests. Organizations such as Geofeedia analyze social media posts and associate them with geographic locations to monitor protest activity. Law enforcement used the platform during the protests surrounding the death of Freddie Gray to map protest activities based on social media postings.

  • Assessment Updates: Expedited validations of hazard vulnerability analysis, mitigation efforts, and business impact analysis should focus on the specifics of civil unrest activities. A gap analysis on the impact versus the mitigation efforts should identify the need for further action.

  • Supplemental Security: Following an updated hazard vulnerability and business impact analysis, security managers should consider integrating third-party security into existing security plans. Immediately following Hurricane Katrina, Bell-South had to seek out private sector security assistance when local and federal law enforcement became overwhelmed.

  • Public Affairs: Scripted messages to inform the public of the status and/or potential negative impacts a civil disturbance may have should be prepared well in advance.

  • Traffic Control: Traffic control protocols should be in place to deal with large crowds and immobilized vehicles. Vehicle and foot traffic ingress and egress should be limited.

  • Employee Response: Commentary by employees, particularly on social media, can create immediate and unwanted impacts on an organization. Employees should be briefed to refrain from and/or constrain any public complaints they may have on the effects of civil unrest on their lives.

  • Maintenance and Vandalism Protocols: Damage to the facility and surrounding areas may occur from a range of minor damage to more significant impact. Facilities maintenance and emergency procurement should be part of any civil disturbance security program and should be ready to respond to property damage.

  • Drills and Exercises: Particularly with LLE, the best preparation is often rehearsal. Invite LLE to survey the facility and consider allowing them to drill their responses in it, as well.



A timely, safe and effective response to civil disturbance can have a lasting influence on a company. Implementation of the mitigation and preparedness efforts will also require immediate actions to adjust to a chaotic situation.

  • Enhanced Monitoring of Crowds: Adjustments to video surveillance and illumination should be implemented to maintain awareness of large crowd activities and escalation into illegal activities. Particularly, the documentation of property damage may effect insurance claims and the ability of the justice system to seek additional penalties.

  • Traffic Control: Implement and adjust preexisting access control protocols to regulate traffic. Routes of ingress and egress should be limited only to areas with sufficient illumination and a physical security presence.

  • Reputational Risk Refresher: Employees are representations of their organizations; this includes both actions and words. Social media posts of disgruntled employees either sympathizing with or criticizing those involved in civil disturbance may create an additional negative impact in an already sensitive situation.

  • Vendor Involvement: Vendors provide critical stopgaps when needed. Guard services, social media monitors and crisis messaging advisors are just a few examples of third-party resources that may be necessary when a civil disturbance creates a significant impact.

  • Employee Discretion: Employee safety may be a concern during their commute to/from the facility. Guidance on discrete wearing of uniforms, visible identification, and updates on unsafe trafficable areas should be communicated to employees.

  • Measured Response: A spontaneous emotional outpouring can trigger a civil disturbance, and the ebb and flow of emotion can often direct the tone of demonstrations. As emotions calm, security managers should begin their transition to the recovery phase.



After the immediate danger of civil disturbance has ended, critical infrastructure should begin the transition to recovery activities. In this phase, critical infrastructure will work to resume normal business operations, assess and repair damage, and work toward recovery to an improved posture through diligence.

  • Security Debrief: Interviews and written reports by security personnel should be conducted as soon as possible to collect first-hand evidence and use the details of the event response to prepare an after-action report.

  • Evidence Preservation: All evidence, particularly video surveillance, should be cataloged and provided to law enforcement and regulatory agencies.

  • Waste Removal: Timely and safe removal of waste will be required in the instances of vandalism, property damage, and protester campsites. Security should be provided for crews conducting cleanup of the affected areas to ensure safety and prevent the potential reoccurrence of violence.

  • Damage Assessments: A thorough accounting of damage to the facility should be completed as quickly as possible. This assessment should include not only the financial impact but also account for operational capacity.

  • Transition to Mitigation: Taking the lessons learned from the civil disturbance, critical infrastructure should begin its transition to the mitigation phase to use what has been gained to improve the security posture for future events.


Legislative Changes and Impact

While the right of free assembly continues to be a cornerstone of American democracy, the challenges civil disturbance pose to the security of critical infrastructure have not gone unnoticed by state governments. Legislation is currently under consideration that would outlaw trespassing on sites that contain critical infrastructure and potentially assign steep fines for trespass and property damage. Currently, there are efforts in 13 states to impose limitations and associated penalties for protests on private property that contain or would impact critical infrastructure.

In Oklahoma’s House Bill 1123, the most notable of these legislative changes includes the following penalties:

  • Willful trespass fine of $1,000 or imprisonment for up to six months.

  • Willful damage, destroy, vandalize, deface, or tamper with equipment to fine of $100,000 or imprisonment for up to 10 years.

  • Up to $1 million in fines if an organization is found to be a conspirator with persons who willfully damage critical infrastructure.

While proponents of these legislative trends point to the necessity of protection for critical infrastructure, others see it as an effort to limit legitimate free speech demonstrations. While heavy First Amendment debate continues over this and other legislative efforts, security managers should consider this legislative trend when designing their programs. Here are just some of the measures to consider during planning:

  • Crowd monitoring and documentation of behavior.

  • Clear delineation of property lines and signage of critical infrastructure.

  • Readily accessible and item accurate asset valuation records.

  • Established procedures for evidence handling and preservation.

Civil disturbance is and will continue be a hazard critical infrastructure owners must be prepared to mitigate. By applying a phased approach of mitigation, preparation, response, and recovery, organizations can improve their ability to deal with a civil disturbance in a responsible fashion.