DeWayne Craddock, 40, shot and killed 11 people before he was killed by police. It is not clear how police eventually entered the building to engage the shooter, or how long that took. As time passes, the lessons learned from the Virginia Beach shooting continue to pile up. As security practitioners in one form or another, we can learn from the analysis and implications of these issues and reduce the likelihood of recurrence through self-assessment and the identification and elimination of similar vulnerabilities at our work sites.
Lesson 1 – Office Key Cards Delayed Virginia Beach Police from Stopping Shooter Sooner
Virginia Beach Police rescue efforts were reportedly delayed because they lacked key cards to access the building, the Associated Press reported. Police were heard over the radio during the May 31 shooting begging for electronic key cards and debating various methods for opening the doors as gunfire erupted from inside the city offices, according to the report. The shooting lasted 36 minutes before police were able to stop Craddock, according to Virginia Beach Police Chief James Cervera. This is more than four times longer than the typical active shooter event according to DHS statistics. A similar situation occurred during the Navy Yard shooting in Washington, D.C., in September 2013. Officers only entered the building after finding the entrance key card on a deceased security guard.
This is likely the easiest of the three issues to resolve depending on where an organization is located and the size of the police department. The first option would be for organizations to provide credentials or keys directly to local law enforcement to maintain in patrol cars. This option may be easier and less expensive than the alternative below, but there will have to be regular auditing to ensure accountability of credentials, no different than what would be expected for any other credentials or keys you might issue to contractors.
The second option that has some cost and requires a bit more coordination is to install or upgrade an existing Knox Box. Traditionally, Knox Boxes are used to securely hold credentials and/or keys to enable the fire department to access the facility in the event of a fire. We have never seen a case where the police department has been given a key to the fire department’s box. However, the image on the right represents an alternative model available which accommodates another lock that can be used by the police department to enter a facility and avoid a situation where the police are standing at a locked door trying to figure out how to enter and engage a shooter. Seconds count here.
|Typical Fire Department Knox Box||Fire and Police Department Knox Box|
Lesson 2 – There are many barriers for employees to report workplace violence concerns associated with a co-worker
It will not likely be revealed in the City’s final report summarizing the police investigation whether one of the shooters co-workers had reported their concerns to anyone at the workplace. According to the family attorney of one of the victims, she had talked with her husband the night before the shooting about explicit concerns she had about the shooter. Was anyone in a responsible position at work informed about these concerns? It may never be known, and if not, this wouldn’t be the first time. Many employees are reluctant to report concerns of workplace violence for a variety of reasons, which should openly be discussed in workplace violence training to overcome natural tendencies. Imagine you were a co-worker of the Virginia Beach shooter, had concerns and remained silent.
Lesson 3 – Missed Warning Signs
A firm was hired by the city to conduct what appeared to be a parallel inquiry alongside the police department’s investigation. Some of their findings included:
- The shooter felt that he had been treated unfairly by his employer and thought he deserved a salary increase. Grievance is a common factor in many insider threat attacks.
- In June 2017, the shooter emailed his managers and a human resource liaison stating he felt “confused and isolated.”
- The shooter was paranoid and believed others were out to get him.
- He grew increasingly isolated after he and his wife divorced in 2017.
- His work performance dipped to the point that he had many mistakes and was put on a plan to improve.
In 2005, the shooter “surprised a burglar in his home” and bought his first handgun four months later, police said. In the years leading up to the shooting he stockpiled several more weapons, a silencer and ordered body armor, though it had not arrived by May 31.
It would be very easy to look back and be critical, but that serves no benefit. What we can do going forward is look at behavioral predictability in a different way. Keep teaching your employees to be good human sensors and to recognize and note behavioral red flags (or start if you are not yet doing so). Many people demonstrate red flag behaviors; that alone does not mean someone will act out violently. However, when an employee who demonstrates red flag behavior begins to display outward changes to their baseline behaviors, the alarms need to sound in co-workers that have been trained to report concerns. Change in baseline behavior is the second trip wire that, when recognized, can initiate an intervention to prevent tragedy.
Sadly, the first two conditions often exist, go unrecognized or reported, and it is the life changing event that is the straw that can break the camel’s back. When that life changing event is a termination and the organization is not prepared for the worst, you can have outcomes like you had in Aurora, Ill., where the shooter was summoned to a meeting room and told he was fired. He responded with a pistol, opening fire on the executives in the room, and then took his anger to the plant floor where dozens of his coworkers were still on the lines. The shooter was a convicted felon on a violent crime who reportedly had served 2.5 years in prison. After the incident, the governor of Illinois told constituents, “There is no way to prepare.” We respectfully disagree. There are many things that can be done to reduce the risk of workplace violence through training, policy and procedures, and with respect to stressful events like a termination. Actions can be taken before, during and after a hostile termination. In addition to educating employees to detect baseline red flag behaviors and changes in their co-workers, organizations have to make a commitment to identify the risk of workplace violence, acknowledge that it can happen here, and put in place the appropriate mitigation strategies recommended by the security and human resource professionals which clearly state the fundamental building blocks of an effective program.