Return to the Table of Contents

Review of the Critical Incident Response Plans of the United States Attorneys’ Offices

Report Number I-2004-001
December 2003


The Department of Justice (Department) has long recognized the need to respond quickly and appropriately to critical incidents, from natural disasters to terrorist attacks. Since 1988, the Department has implemented at least 11 initiatives aimed specifically at improving its capability in this important area. After-action reports on critical incidents in the 1990s (for example, Ruby Ridge and the Branch Davidian standoff in Waco, Texas) documented problems with the Federal Bureau of Investigation (FBI), other federal investigative agencies in the Department's responses, and United States Attorneys' Offices (USAOs) responses to critical incidents.

In 1996, the Attorney General addressed the USAOs' preparedness to respond to critical incidents by directing that the Department implement the Crisis Management Coordinator Program (CMC Program). To implement the CMC Program, each USAO was directed to designate a Crisis Management Coordinator (CMC), who was to develop a critical incident response plan (Plan) and make other preparations to ensure that the USAO was ready to respond to a critical incident. The Criminal Division's Counterterrorism Section (CTS)1 and the Executive Office for United States Attorneys (EOUSA) were assigned to administer and support the CMC Program, and to train the coordinators designated by the United States Attorneys.

After September 11, 2001, the Attorney General undertook an extensive reorganization of the Department to address the continuing threat of attacks by terrorist organizations, and created the USAOs' Anti-Terrorism Task Forces (ATTFs).2 The Department's Anti-Terrorism Plan clearly gave priority to the prevention of future terrorist attacks through expanded intelligence gathering and information sharing. However, the need to respond quickly and effectively to critical incidents continued to be highlighted by both the National Strategy for Homeland Security and the Department's Anti-Terrorism Plan.3 For USAOs, that response continues to depend, in large part, on the preparations and Plans developed under the CMC Program.

We conducted this review to determine whether the USAOs have acted to improve their ability to respond quickly and appropriately to critical incidents by developing comprehensive critical incident response plans, training staff to carry out the Plans, and exercising the Plans.4

Results in Brief

The primary finding of this review is that most USAOs have not effectively implemented the required CMC Program. In particular, the Plans developed by the USAOs are inadequate in scope and content to ensure a quick and appropriate response to a terrorist attack or other critical incident. In 1999, CTS identified for the USAOs 48 fundamental actions that should be taken when responding to a critical incident. The actions are organized into 10 separate categories that cover areas such as coordinating and conducting interviews, managing the overall crime scene, and deploying USAO resources to FBI's command post. For example, among the 48 actions are steps to ensure that responders:

Some of the 48 actions were included to avoid missteps identified in after-action reports on earlier critical incidents. For example, the need to establish a crime scene protocol and better preserve the crime scene were identified in the after-action report on the Oklahoma City bombing. The need to plan for overlapping relief shifts to avoid fatigue and the potential for poor decision-making that may result from fatigue was recommended in the Ruby Ridge after-action report. With the advent of the ATTF initiative in October 2001, the Department increased the level of communication and interaction between USAOs, FBI, and state and local officials, thus enhancing overall response capabilities. Nonetheless, developing Plans that address all 48 actions remained essential to ensure a comprehensive response to a critical incident.

However, the Plans developed by the USAOs failed overwhelmingly to include guidance to ensure that all 48 specific actions are accomplished. Only 12 of the 76 Plans we found on file at CTS and EOUSA addressed at least half of the 48 actions. Just 4 of the 76 Plans addressed them all. Eleven USAOs simply inserted their name into a five-page "model" plan issued by EOUSA as a format guide. Three of the Plans addressed none of the 48 actions because the USAOs had submitted documents other than critical incident response plans to meet their CMC Program requirements (for example, one USAO submitted the emergency evacuation plan for its building).

Moreover, we found that USAOs generally do not follow the standard crisis preparedness practice of conducting regular critical incident response exercises. While 20 of the 94 USAOs participated in at least one of 23 exercises sponsored by the FBI's Crisis Management Unit that were appropriate for USAO participation, and other USAOs participated in exercises sponsored by other federal, state, and local preparedness agencies, exercise participation was the exception rather than the rule. Conducting regular exercises, both within a USAO and with other agencies, to practice crisis response procedures is important to ensure a coordinated and competent response to an actual critical incident. However, in responding to a survey that we conducted during this review, over 60 percent of the 81 CMCs who replied indicated that their USAOs had conducted no exercises since 1996, and an additional 20 percent responded that they had conducted just one exercise during that time. Only 17 percent indicated that their offices had conducted more than one exercise since 1996.

The USAOs' failure to effectively implement the CMC Program was not corrected because CTS and EOUSA did not administer and support the Program. The CMCs received only limited training, consisting primarily of two national conferences held in 1997 and 1999. CTS provided no further training from 1999 until March 2003, when it sponsored a 2-hour videoconference. CTS and EOUSA also provided only minimal guidance to the CMCs, and did not keep the guidance up to date as changes in departmental and national policy occurred. CTS and EOUSA further failed to track the receipt of the Plans and to properly maintain them on file.

CTS has maintained a significant training effort in support of the ATTFs, but we found that training provided for ATTFs generally focused on preventing terrorist attacks, rather than on how to respond to attacks that occur. Our interviews with CMCs, including 10 who were also ATTF Coordinators, confirmed that the training provided to date, including the ATTF training, did not meet most of the specific needs of the CMCs.

When we questioned the lack of CMC-specific training over the previous four years, CTS told us that national CMC training had been planned for Fall 2001 or Spring 2002. This training was initially deferred after the events of September 11, 2001, to accommodate other training requirements mandated by the Attorney General. The training was then deferred further because many of those who would have been the trainers or trainees were involved in the nationwide investigation of the terrorist attacks. CTS told us that additional preparedness and response training for CMCs is now scheduled for March 2004.

Although most USAOs submitted their Plans to CTS and EOUSA as required, CTS's review was not thorough.5 Beginning in early to mid-2000, four CTS attorneys reviewed the Plans on file in order to draft a model plan. Each of the attorneys reviewed approximately 10 plans in conjunction with their work on drafting the model plan. Approximately 5 to 10 plans were identified as having "best practices" or provisions worthy of inclusion in a revised model plan that would address content, not just format. However, CTS never provided feedback to each USAO on its individual plan and, as a result, USAOs continued to rely on Plans that substantially failed to address the fundamental actions for responding effectively to a critical incident. A revised model plan was issued in May 2003 and in August 2003 USAOs reported that they were in the process of revising their Plans.

We also found that the description of CMC Program implementation included in the Department's Annual Performance Reports was overstated. In its FY 2000 Performance Plan, as a part of the strategic objective to "Improve Response Capabilities to Terrorists' Acts," the Department set a goal of having Plans in place at 90 of the 94 USAOs by the end of FY 2002.6 In FY 2001, based on an e-mail survey conducted by EOUSA, the Department reported that 88 USAOs had completed their Plans. In addition, several Performance Reports also contained a narrative detailing the performance of the program.7 The narrative provided specific information indicating that: 1) all 88 Plans had been submitted by the USAOs and evaluated by CTS; 2) the Plans met the criteria for a complete Plan and provided a framework for responding to terrorist attacks and other critical incidents, including a crosswalk to FBI and other response plans; and 3) the Department was providing continuing support to the CMC Program.

Our review found that information to be inaccurate. Not all of the Plans were actually submitted; the vast majority of Plans were not comprehensive in their guidance, did not provide a framework for the USAOs' response and did not contain a crosswalk to the FBI's or other response plans; and CTS and EOUSA had not adequately supported the CMC Program. Moreover, our discussions with CTS officials found that their own reviews had identified the shortcoming of the Plans. Nonetheless, in FY 2001 the Department declared the performance measure "met," and eliminated the performance measure from future Annual Performance Reports.8

While the first priority of the Department is the prevention of terrorism, a commensurate need exists to respond effectively to critical incidents that are not prevented. As stated in the Department's FY 2003 and FY 2004 Performance Plans, "to effectively address international and domestic terrorism, [the Department] must concentrate on both prevention and response."9 Despite the enormous efforts undertaken by federal, state, and local law enforcement agencies - including the work of the ATTFs to disrupt terrorist organizations and prevent terrorist attacks - Attorney General John Ashcroft recently reiterated that the United States continues to face a "very real potential" of another terrorist attack.10 The failure of the USAOs, CTS, and EOUSA to fully implement the CMC Program leaves the Department less prepared than it could be - and should be - to respond to critical incidents.

In March 2003, CTS recommended that the CMC Program be incorporated into the ATTF/ATAC initiative. The recommendation was approved October 17, 2003. Although placed under the ATACs, the CMCs "will remain responsible for the creation, implementation, maintenance and exercise of their district's crisis response plan…."11 However, the ATACs are only responsible for responding in the event of terrorist attacks, not other critical incidents. It is not clear whether the ATACs' responsibilities will be expanded to include non-terrorist critical incidents, or whether the CMCs are still responsible for responding to non-terrorist critical incidents separately. Therefore, it is unclear how the realignment of the CMCs may affect the USAOs' ability to respond to critical incidents, especially those that are not terrorist-related. As this review showed, the need to prepare for all critical incidents has not been met. Therefore, we provide ten recommendations to improve the preparedness of the USAOs to respond to critical incidents.

We recommend that the Deputy Attorney General:

  1. Ensure that performance measures are developed to assess the readiness of USAOs to respond to critical incidents.

We recommend that all United States Attorneys:

  1. Revise the critical incident response plans to address the action items identified by CTS, and regularly update the plans to reflect changes in law, departmental policy, or local procedures.

  2. Conduct and participate in periodic exercises to test the critical incident response plans and practice responding to critical incidents.

  3. Establish workload-reporting procedures that capture the time dedicated to critical incident response planning duties.

We recommend that the Assistant Attorney General, Criminal Division:

  1. Provide updated training and guidance to USAOs on how to prepare effective and comprehensive critical incident response plans. The guidance should reflect changes in legislation, policy, and critical incident response practice that have taken place since September 11, 2001.

  2. Review all USAOs' Plans, including revisions, to ensure that the Plans cover all critical areas; provide individualized feedback to USAOs; and periodically report to the Deputy Attorney General on the status of the USAOs' Plans.

  3. Provide USAOs with training and guidance on how to develop and conduct appropriate critical incident response exercises, either independently or in conjunction with the FBI or other offices.

  4. In conjunction with EOUSA, complete the development of a website containing information on critical incident response, including lessons learned, exercise scenarios, and best practices.

We recommend that the Director, EOUSA:

  1. Establish a system for accurately tracking and reporting the status of USAO submissions and updates to critical incident response plans.

  2. With advice from CTS, revise the operations review process to include a full evaluation of the preparedness of USAOs to respond to critical incidents.


  1. Prior to December 1, 2002, CTS was part of the Terrorism and Violent Crime Section.

  2. The ATTFs are now called Anti-Terrorism Advisory Councils (ATACs).

  3. Memorandum from the Attorney General to the U.S. Attorneys, "Anti-Terrorism Plan," September 17, 2001; National Strategy for Homeland Security, Office of Homeland Security, July 16, 2002.

  4. The performance of the USAOs' ATTF/ATACs is the subject of a separate Office of Inspector General review.

  5. After the completion of our fieldwork, CTS provided the inspection team with the name of a former staff attorney who said he reviewed all of the Plans that were submitted as of the end of September 1999. When interviewed, he told us that he did not recall the exact number of Plans reviewed nor did he write up individual Plan reviews, but his overall assessment was that the Plans were not detailed and were generally of poor quality. He also told us that he informed the Deputy Chief, CTS, of his findings, but CTS took no action.

  6. Department of Justice, FY 2000 Performance Report & FY 2001 Performance Plan, April 2001, page 29.

  7. Department of Justice, FY 2001 Summary Performance Report, February 2000; Department of Justice, Department of Justice, FY 2000 Performance Report & FY 2001 Performance Plan, April 2001; Department of Justice, FY 2002 Performance Report/FY 2003 Revised Final, /FY 2004 Performance Plan, February 2003.

  8. Department of Justice, FY 2001 Summary Performance Report, page 223, Appendix A - Discontinued Measures Performance Report.

  9. Department of Justice, FY 2002 Performance Report/FY 2003 Revised Final Performance Plan/FY 2004 Performance Plan, page 1.

  10. Attorney General John Ashcroft, Fox News Sunday, August 3, 2003.

  11. Memorandum from Guy Lewis, Director, EOUSA, to All United States Attorneys, "Merger and Realignment of Crisis Management Coordinators Program Under Anti-Terrorism Advisory Council," October17, 2003.