FEMA IS-156: Building Design for Homeland Security for Continuity of Operations Course Summary

FEMA IS-156: Building Design for Homeland Security for Continuity of Operations Course Summary

Course: IS-156 – Building Design for Homeland Security
Lesson: 1 – Overview

Overview

Welcome to the IS-156 – Building Design for Homeland Security course. The purpose of FEMA 426 and this course is to provide guidance to the building sciences community working for public and private institutions, including Continuity of Operations (COOP) planners/managers, building officials, etc. It presents tools to help decision-makers assess the performance of their buildings against terrorist threats and to rank recommendations. It is up to the decision-makers to decide which types of threats they wish to protect against and to determine their level of risk against each threat. Those decision makers who consider their buildings to be at high risk can use this guidance as necessary.

The mitigation information in FEMA 426 and this course is not:

  • Mandatory
  • Applicable to all buildings
  • Applicable when it interferes with other hazards such as fire

 

When can Course Material be Applied?

Applications of IS-156 – Building Design for Homeland Security are applied when:

  1. Choosing a COOP site and constructing a COOP facility
  2. Providing direction to a consultant conducting a vulnerability assessment of a COOP site
  3. Effectively understanding recommendations and observations made in a vulnerability assessment

 

Screen Features

The screen features for this course include:

  • Course Menu – Select this button to access the menu listing all lessons of this course. You can select any of the lessons from this menu by simply clicking on the lesson title.
  • Glossary – Select this button to look up key definitions and acronyms related to this course.
  • Help – Select this button to review guidance and troubleshooting advice regarding navigating through the course.
  • Track your progress by looking at the Progress bar at the top right of each screen. To see a numeric display, roll your mouse over the Progress bar area.
  • Follow the bold green instructions that appear on each screen in order to proceed to the next screen or complete a Knowledge Review or Activity.
  • Back or Next – Select either of these buttons at the top and bottom of screens to move backward or forward in the lesson. Note: If the Next button is dimmed, you must complete an activity before you can proceed in the lesson.

 

Receiving Credit

To receive credit for this course, you must:

  • Complete all of the lessons. Most lessons will take between 30 to 40 minutes to complete. It is important to allow enough time to complete the course in its entirety.
    • Remember: YOU MUST COMPLETE THE ENTIRE COURSE TO RECEIVE CREDIT. If you have to leave the course, do not exit from the course or close your browser. If you exit from the course, you will need to start that lesson over again.
  • Pass the post-test. The last screen provides instructions on how to complete the final exam.

 

Course Goal

The goal of this course is to enhance your understanding of the measures and technology available to reduce risk from terrorist attacks.

The primary target audience for this course version is COOP planners, COOP managers, COOP engineers, and COOP assessors. The course will enhance your ability to assess a site for COOP requirements as well as natural and man-made hazards.

 

Course Objectives

Upon completion of this course, you will be able to:

  • Define the basic components of the assessment methodology
  • Define the resiliency concepts presented in the National Infrastructure Protection Plan (NIPP)
  • Perform an assessment for a building by identifying and prioritizing threats, consequences, and vulnerabilities, and calculating relative risk
  • Identify available mitigation measures applicable to the site and building envelope
  • Define the technology limitations and application details of mitigation measures for terrorist tactics and technological accidents
  • Identify applicable mitigation measures and prioritize them based upon the final assessment risk values
  • Appreciate that designing a building to mitigate terrorist attacks can create conflicts with other design requirements

 

Lesson Descriptions

Lesson 1 – Course Overview = Introduction and Course Overview using the Urban Case Study in the Student Activities. This lesson reviews the other blocks of instruction and the course materials.

Lesson 2 – Threat and Hazard Assessment = Examines the Threat/Hazard Assessment process and identifies the threats and hazards that could impact a building or site, describes how to assess these threats and hazards, and provides a numerical rating for the threat or hazard.

Lesson 3 – Consequence Assessment = Discusses how to identify consequences to asset events and cascading consequences, and how to assign a relative value to consequences.

Lesson 4 – Vulnerability Assessment = Covers Vulnerability Assessment, including what constitutes vulnerability and how to identify vulnerabilities using the Building Vulnerability Assessment Checklist in FEMA 426 (Table 1-22, pages 1-46 to 1-93).

Lesson 5 – Risk Assessment and Risk Management = Covers what constitutes risk and how to determine a numerical value for risk, and introduces the concept of the Design Basis Threat.

Lesson 6 – Explosive Blast = Lessons 6 and 7 will provide you with an understanding of some of the weapons commonly used by terrorists. Lesson 6 will cover explosive blast and Lesson 7 will cover chemical, biological, and radiological or CBR weapons.

Lesson 7 – Chemical, Biological, and Radiological (CBR) Measures = Lessons 6 and 7 will provide you with an understanding of some of the weapons commonly used by terrorists. Lesson 6 will cover explosive blast and Lesson 7 will cover chemical, biological, and radiological (CBR) weapons.

Lesson 8 – Site and Layout Design Guidance = Covers things you can do to mitigate terrorist attacks for the site, meaning from the property line up to the building.

Lesson 9 – Building Design Guidance = Explores mitigation options for the building envelope and systems within the building.

Lesson 10 – Electronic Security Systems = Introduces the basic concepts of integrated protective systems.

Note: The FEMA 452 Risk Assessment Database is an electronic way of managing the information you collect to assess risk, make observations, identify vulnerabilities and mitigation measures, track actions, and generate reports. The database presents an efficient way to manage the diverse information collected during a risk and vulnerability assessment. IS 395 is a course offered by FEMA to receive training on the risk assessment database.

 

Federal Continuity Directives (FCD) 1 and 2

FCD 1 and FCD 2 were approved by DHS and:

  • Replace Federal Presidential Circular-65 (2004)
  • Provide direction for the development of continuity plans and programs for the Federal Executive Branch
  • Provide guidance for Identifying Mission Essential Functions (MEFs) and Primary Mission Essential Functions (PMEFs)
  • Set criteria for what a “continuity facility” must provide
  • Establish minimum continuity communications requirements
  • Emphasize the management of vital records as an essential element of continuity planning
  • Work toward the goal of the continuation of National Essential Functions

 

Continuity Programs

Provide the foundation for:

  • Enduring Constitutional Government (NSPD-51/HSPD-20)
  • The Nation’s First Essential Function:”Ensure the continued functioning of our form of Government under the Constitution, including the functioning of the three separate branches of Government.”

 

FCD 1 and 2

Pillars

An organization’s continuity capability — its ability to perform its essential functions continuously — rests upon key components and pillars, which are in turn built on the foundation of continuity planning and program management.

Pillars 1 and 2: People – Leadership and Staff = Continuity of leadership is critical to ensure continuity of essential functions. Organizations must provide for a clear line of succession in the absence of existing leadership and the necessary delegations of authority to ensure that succeeding leadership has the legal authorities to carry out its duties.

Pillar 3: Facilities = Facilities are the locations where essential functions are performed by leadership and staff. Organizations should have adequate, separate locations to ensure execution of their functions. Physical dispersion should allow for easy transfer of function responsibility in the event of a problem in one location.

Pillar 4: Communications and Technology = The capability to communicate is critical to daily operations and absolutely essential in a crisis. The Nation’s domestic and international telecommunications resources, including commercial, private, and Government-owned services and facilities, are essential to support continuity plans and programs.

Other key continuity concepts include *geographic dispersion, **risk management, security, and ***readiness.

*Geographic dispersion of an organization’s normal daily operations can significantly enhance the organization’s resilience and reduce the risk of losing the capability to perform essential functions. Geographic dispersion of leadership, data storage, personnel, and other capabilities may be essential to the performance of essential functions following a catastrophic event and will enable operational continuity during an event that requires social distancing (e.g., pandemic influenza).

**Risk Management = Is the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Note: Effective risk management improves the quality of decision making. Risk management principles acknowledge that, while risk often cannot be eliminated, actions can usually be taken to control risk.

***Readiness = The ability of an organization to respond to an incident. While readiness is a function of planning and training, it is ultimately the responsibility of leadership to ensure that an organization — through normal procedures or with a continuity plan — can perform its essential functions before, during, and after an incident.

 

Continuity of Operations

Continuity of Operations is an operational requirement.

Continuity programs are a required and critical component of Government and critical infrastructure operations, and during emergencies and disasters, ensure that the Government at all levels can continue to operate and provide essential functions and services.

 

Knowledge Review

Which “pillar” is described as follows:

Where essential functions are performed by leadership and staff. Organizations should have adequate, space to ensure execution of their functions. Physical dispersion should allow for easy transfer of function responsibility in the event of a problem in one location.

  1. Pillar 1 – Leadership
  2. Pillar 2 – Staff
  3. Pillar 3 – Facilities
  4. Pillar 4 – Communications

Correct response = C

Correct response feedback: You got it! Pillar 3: Facilities is the correct response.

 

FCD 1

Risk Assessments on Continuity Facilities are mandated by FCD 1. This is one of the main purposes of this course.

“A risk-based framework must be applied across all national continuity efforts in order to identify and assess potential hazards (including their downstream effects), determine what levels of relative risk are acceptable, and prioritize and allocate resources among all national continuity partners, both public and private, to ensure national continuity under all manner of incident conditions.”

 

FCD 1

Continuity Facility Requirements – Appendix G

*Alternate facilities must provide:

  1. Sufficient space, equipment, and other resources to sustain the agency’s Mission Essential Functions (MEFs) and Primary Mission Essential Functions (PMEFs), as appropriate, and Emergency Relocation Group (ERG) and support staff.
  2. The capability to perform MEFs and PMEFs as soon as possible after an emergency or other continuity event with minimal disruption of operations and in all cases within 12 hours after an event, the ability to maintain this capability for up to 30 days after an event or until normal business activities can be resumed, and the capability to perform these MEFs under all threat conditions including the possible use of weapons of mass destruction (WMD). Some essential functions cannot be interrupted and alternate facilities must include support for these continuous operations.

*Alternate facilities, or alternate sites, are locations, other than the primary facility, used to carry out essential functions by relocating ERG members following activation of the continuity plan. These sites refer to not only other facilities and locations, but also work arrangements such as telework and mobile work concepts.

 

FCD 1

Continuity Facility Requirements – Appendix G (continued)

Alternate facilities must provide (continued):

  1. Reliable logistical support, services, and infrastructure systems.
  2. Consideration for the health, safety, and security of employees who have been relocated to those sites.
  3. Interoperable communications, including the means for secure communications.
  4. Computer equipment, software, and other automated data-processing equipment necessary to carry out MEFs and PMEFs.
  5. Capabilities to access and use vital records necessary to facilitate the performance of essential functions.

 

FCD 1

Continuity Facility Requirements – Appendix G (continued)

Facilities should be selected and constructed so that they are not uniquely susceptible to risks associated with such natural disasters as earthquakes, tornadoes, hurricanes, or floods.

Alternate facilities must have emergency/backup power capability, so that essential functions and operations can continue in the event the primary source of power is disrupted.

 

FCD 1

Continuity Security Requirements (Appendix G)

Alternate facilities must afford sufficient levels of physical and information security to protect against all threats as identified in the facility’s risk assessment and physical security surveys by the agency’s security office, the Federal Protective Service, or a qualified security contractor.

This includes sufficient personnel to provide perimeter, access, and internal security, as required by agency policy.

Technologies that control site access, conduct site surveillance, and provide early warning of unauthorized intrusion should also be considered as part of the alternate facility’s physical security program.

 

FCD 1 – Risk Assessment Requirement

Agencies will conduct an all-hazards risk assessment for all continuity facilities.

The assessment will include:

  • Identification of all hazards that may affect the facility
  • Vulnerability assessment that determines the effects of all hazards on the facility
  • A cost-benefit analysis of implementing risk mitigation, prevention, or control measures
  • A formal analysis by management of acceptable risk

 

Continuity Guidance Circular 1 and 2

These circulars are essentially non-Federal versions of FCD 1 and 2, applying to State and local Governments.

Circular 1, approved by the FEMA administrator, January 2009, provides guidance on:

  • Continuity program management for non-federal agencies
  • Elements and components of a viable continuity capability
  • Coordination of interdependencies
  • Continuity plan operational phases and implementation

Circular 2, approved by the FEMA administrator July 22, 2010 provides guidance on:

  • Identifying MEFs
  • Conducting a Business Process Analysis and a Business Impact Analysis

 

FEMA 426

Reference Manual

A reference manual to mitigate potential terrorist attacks against buildings. This is the primary reference for this course.

Throughout the course, slides will contain references to figures and page numbers, as appropriate, in this document.

There will be a comprehensive introduction to the document later in this lesson.

 

FEMA 426, Reference Manual

The contents of FEMA 426, Reference Manual include:

  • Chapter 1 Threat/Hazard, Consequence, Vulnerability, and Risk
  • Chapter 2 Site Design for Security
  • Chapter 3 Explosive and CBR Threats
  • Chapter 4 Protection of Buildings Against Blast Threat
  • Chapter 5 Protection of Buildings Against CBR Effects
  • Chapter 6 The Integrated Protective System (IPS)
  • Appendix A Building Vulnerability Assessment Checklist
  • Appendix B Acronyms
  • Appendix C General Glossary
  • Appendix D Chemical Warfare Agent and Selected Biological Agent Characteristics
  • Appendix E Bibliography

Note: FEMA 426 has an outside-in perspective in most chapters. Thus, whether walking around a building site performing a vulnerability assessment or performing concept design for a new building, there is a consistent approach that applies to either case. Note also that there is an extensive building security assessment checklist in the appendix to assist in the process for either an existing or a new building.

 

Chapter 1: Threat/Hazard, Consequence, Vulnerability, and Risk

Chapter 1 presents selected methodologies to integrate threat/hazard, consequence, and vulnerability assessment information using applications such as the FEMA HAZUS-MH Geographic Information System (GIS) application to overlay imagery and maps to show access points, blast stand-off, and other site and building information.

The chapter also presents a risk matrix for the preparation of risk assessments. The topic areas of Chapter 1 are:

  • Threat/Hazard Assessment
  • Consequence Assessment
  • Vulnerability Assessment
  • Risk Assessment
  • Building Vulnerability Assessment Checklist

Finally, Chapter 1 provides an assessment checklist that compiles many best practices (based upon current technologies and scientific research) to consider during the design of a new building or renovation of an existing building.

The assessment flow-chart illustrates the process you will follow in conducting the assessment.

This flowchart demonstrates the process of conducting both Cost and Benefit Analyses. The Cost Analysis flow has two possible routes that allow one to "Analyze how mitigation options affect asset criticality and ultimately risk," as the Cost Analysis starting-point box at the top right reads. From there, the chart flows counter-clockwise, either straight down to "Identify Mitigation Options," and then on to Decision (Risk Management),"; or else in a circle to the left, flowing through "Consequence Assessment, " "Vulnerability Assessment, " "Risk Assessment," "Identify Mitigation Options," and finally "Decision (Risk Management)." The Benefit Analysis also has different possible routes that allow one to "Analyze how mitigation options change vulnerability and ultimately risk," as the starting-point text box in the lower right of the flowchart reads. One route flows clockwise through"Vulnerability Assessent," "Risk Assessment," Identify Mitigation Options," and finally, "Decision (Risk Management)." Another route flows straight up to "Identify Mitigation Options" and then to "Decision (Risk Management)." The final route for a Benefit Analysis is to begin at the bottom left of the chart at "Threat/Hazard Assessment" and flow clockwise through "Vulnerability Assessment," "Risk Assessment," "Identify Mitigation Options," and ending with "Decision (Risk Management)."

Chapter 2: Site Design for Security

Site analysis drawing of a building.Chapter 2 discusses architectural and engineering design considerations (mitigation measures), starting at the perimeter of the property line, and includes the orientation of the building on the site. Therefore, this chapter covers issues outside the building envelope.

Chapter 2 also discusses the following site layout and design topics:

  • Layers of Defense
  • The Urban Site
  • General Site Security Tasks
  • Stand-Off Distance
  • Controlled Access Zones
  • Site Security Design Guidelines

 

Chapter 3: Explosive and CBR Threats

Chapter 3 examines risk of explosive and CBR attacks, and related risk considerations for the building — its envelope, systems, and interior layout.

The topic areas in Chapter 3 include:

  • Risk from attacks with explosives
  • Risk of CBR Attacks
  • Multi-Hazard Considerations

Building floor plan

Chapter 4: Protection of Buildings From Explosive Blast Threats

Chapter 4 provides a discussion of blast theory to understand the dynamics of the blast pressure wave, the response of building components, and a consistent approach to define levels of protection.

Some of the details you will address include:

  • Building Damage
  • Blast Effects and Predictions
  • Progressive Collapse

 

Chapter 5: Protection of Buildings Against CBR Effects

A map depicting the flow of a radiological release after 30 minutes. The legend displays the symbols for 'site of release', location of 'fire and police station(s)', and the location of a 'hospital'.Chapter 5 presents chemical, biological, and radiological measures that can be taken to mitigate vulnerabilities and reduce associated risks for these terrorist tactics.

The concepts you should be familiar with at the end of the instruction include:

  • Protection Strategies
  • Architectural Measures for Physical Security
  • Emergency Plans and Procedures
  • Filtering and Pressurization
  • Exhausting and Purging

 

Chapter 6: The Integrated Protective System (IPS)

Diagram depicting areas of building protection. The number 1, outer layer, depicts the first layer of defense. The number 2, middle layer, depicts the second layer of defense. The number 3, inner layer, depicts the third layer of defense.Chapter 6 presents security systems concepts and design guidance for integrating various security elements to create an effective IPS.

The concepts you should be familiar with at the end of the instruction include:

  • IPS Planning Process
  • IPS Design Guidance

 

FEMA 452

Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Threats Against Buildings

This is the “How-To” document that supplements FEMA 426 and expands the content of lessons 2, 3, 4, and 5.

It introduces the FEMA 452 Databases as the Risk Management tools to support the assessment and mitigation processes.

Similar to FEMA 426, the slides will contain reference to figure and page number taken from this document, as appropriate, as well as other publications.

 

Knowledge Review

Continuity facilities should be selected and constructed so that they are uniquely susceptible to risks associated with such natural disasters as earthquakes, tornadoes, hurricanes, or floods.

  1. True
  2. False

Correct response = B

Correct response feedback: Yes! The answer is false. Continuity facilities should be selected and constructed so that they are NOT uniquely susceptible to risks associated with such natural disasters as earthquakes, tornadoes, hurricanes, or floods.

 

FEMA 452

FEMA 452 is the “How-To”. This publication expands Chapter 1 of FEMA 426 going into greater detail in each step of the risk assessment process as indicated by Steps 1 through 4. Step 5 takes an overarching view of mitigation options, looking at cost, benefit, special considerations, and the like, rather than going into specific mitigation options as done in Chapters 2 through 5 of FEMA 426.

  1. Step 1: Threat Identification and Rating
  2. Step 2: Consequence Assessment
  3. Step 3: Vulnerability Assessment
  4. Step 4: Risk Assessment
  5. Step 5: Consider Mitigation Options

It introduces the FEMA 452 Databases as the Risk Management tools to support the assessment and mitigation processes.

Similar to FEMA 426, the slides will contain references to figure and page number taken from this document, as appropriate, as well as other publications.

 

FEMA 452

Risk Assessment-How-To

FEMA 452 is the “How-To”. This publication expands Chapter 1 of FEMA 426 going into greater detail in each step of the risk assessment process as indicated by Steps 1 through 4. Step 5 takes an overarching view of mitigation options, looking at cost, benefit, special considerations, and the like, rather than going into specific mitigation options as done in Chapters 2 through 5 of FEMA 426.

  1. Step 1: Threat Identification and Rating
  2. Step 2: Consequence Assessment
  3. Step 3: Vulnerability Assessment
  4. Step 4: Risk Assessment
  5. Step 5: Consider Mitigation Options

It introduces the FEMA 452 Databases as the Risk Management tools to support the assessment and mitigation processes.

Similar to FEMA 426, the slides will contain references to figure and page number taken from this document, as appropriate, as well as other publications.

 

FEMA 426, FEMA 455 Assessment Considerations

Risk Assessment-How-To (continued)

The manual also has five appendices to facilitate its use as a reference:

  1. Appendix A: Building Vulnerability Assessment Checklist
  2. Appendix B1: Risk Management Database v1.0: Assessor’s User Guide
  3. Appendix B2: Risk Management Database v1.0: Database Administrator’s User Guide
  4. Appendix B3: Risk Management Database v1.0: Manager’s User Guide
  5. Appendix C: Acronyms and Abbreviations

 

Knowledge Review

FEMA 426 and 452 are the two primary documents used to conduct a facility risk assessment.

  1. True
  2. False

Correct response = B

Correct response feedback: You got it! FEMA 426 provides the methodology to conduct facility risk assessment. FEMA 452 pertains to the Risk Assessment Database.

 

Risk Matrix

View Sample Risk MatrixThe purpose of a Risk Matrix (also called a threat matrix) is to collect the assessment team/owner ratings and determine the highest risks that should receive the greatest attention. By splitting up the process into three logical subsets, it is easier to determine what the greatest risks are. All ratings are on a scale of 1 – 10.

An example matrix from FEMA 426 for structural systems indicates the rating for each threat that was given the likelihood of attack upon the structural systems by the listed threat tactics: 3 – 4 – 3 – 2. This was determined from a number of factors to consider.

Infrastructure Cyber Attack Armed Attack (single gunman) Vehicle Bomb CBR Attack
Structural Systems 48 128 192 144
Threat Rating 3 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
Low Risk Medium Risk High Risk
Risk Factors Total 1-60 61-175 >176
Threat Rating x Consequence Rating x Vulnerability Rating

Threat: Intruder x Consequence: To You x Vulnerability: Open Door

FEMA 426, Adaptation of Table 4-7: Site Infrastructure Systems Pre-Assessment Screening Matrix, p. 1-29; FEMA 426, Table 4-8: Total Risk Color Code, P. 1-29

 

Risk Matrix (continued)

After you complete the threat rating you will determine the consequence rating. This number identifies the potential impact on your facility should the structural systems be damaged and/or fail. The consequence ratings listed are 8 – 8 – 8 – 8.

The vulnerability rating illustrates how successful that threat tactic could fare against the structural systems — if the potential threat element selected that tactic to use against that asset would the potential outcome be considered successful by the terrorist or damaging by the asset owner. The vulnerability ratings listed are 2 – 4 – 8 – 9.

You will do this process for each of the entries on your risk matrix throughout today as you learn more about Threats/Hazards, Consequence, and Vulnerabilities.

Infrastructure Cyber Attack Armed Attack (single gunman) Vehicle Bomb CBR Attack
Structural Systems 48 128 192 144
Threat Rating 3 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
Low Risk Medium Risk High Risk
Risk Factors Total 1-60 61-175 >176
Threat Rating x Consequence Rating x Vulnerability Rating

Threat: Intruder x Consequence: To You x Vulnerability: Open Door

FEMA 426, Adaptation of Table 4-7: Site Infrastructure Systems Pre-Assessment Screening Matrix, p. 1-29; FEMA 426, Table 4-8: Total Risk Color Code, P. 1-29

 

Risk Matrix (continued)

A simple calculation results in risk ratings from 1 to 1,000 in value. In this case the risk of a vehicle bomb being successfully used against the structural systems received the highest rating (in the red “high risk” zone). You will then compare the high risk ratings to determine the highest risks that you should mitigate.

Infrastructure Cyber Attack Armed Attack (single gunman) Vehicle Bomb CBR Attack
Structural Systems 48 128 192 144
Threat Rating 3 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
Low Risk Medium Risk High Risk
Risk Factors Total 1-60 61-175 >176
Threat Rating x Consequence Rating x Vulnerability Rating

Threat: Intruder x Consequence: To You x Vulnerability: Open Door

FEMA 426, Adaptation of Table 4-7: Site Infrastructure Systems Pre-Assessment Screening Matrix, p. 1-29; FEMA 426, Table 4-8: Total Risk Color Code, P. 1-29

 

RMS Publications – 2003 – Present

FEMA 426 is part of the Risk Management Series of publications that seek to reduce damage from natural and man-made hazards and threats. The Building and Infrastructure Protection Series of publications provides additional related information.

Note: The BIPS-06 is a series of publications and software tools developed by DHS Science & Technology Directorate (S&T) to provide guidance on risk assessment and mitigation against multi-hazard events.

 

Transition

Map of the COOP facilityIn this course, you will learn how to perform a multi-hazard risk assessment of a building and become familiar with the key concepts to protect buildings from man-made threats and hazards:

  • Design Basis Threat
  • Consequence Assessment
  • Level of Protection
  • Layers of Defense
  • Vulnerability Assessment
  • Risk Assessment
  • Mitigation

Using the approach and guidance provided in FEMA 426, the majority of building owners should be able to complete a risk assessment of their building in a few days and identify the primary vulnerabilities and mitigation options and make informed decisions on the ability of their buildings to survive, recover, and operate should an attack or event occur.

Keep in mind, the most commonly selected terrorist targets worldwide are commercial facilities.

 

Summary

In this lesson you learned:

  1. FEMA 426 and 452 are intended for building sciences professionals
  2. Man-made hazards risk assessments use a “Design Basis Threat” and “Levels of Protection” for man-made disaster loading upon buildings versus building codes which prescribe loadings for natural disasters
  3. FCD 1 mandates that assessments be done on all Continuity Facilities
  4. Site and building systems and infrastructure protection are provided by layers of defense
  5. There are multiple mitigation options and techniques to deter, detect, deny, and devalue
  6. Use cost-effective multi-hazard analysis and design

 

Summary (continued)

The objective of this course is to provide a comprehensive approach to reducing the physical damage to structural and non-structural components of buildings and related infrastructure.

Most importantly, the course provides participants with a solid foundation on the key concepts needed for designing mitigation measures:

  • Design Basis Threat (DBT)
  • Levels of Protection
  • Layers of Defense

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 2 – Threat and Hazard Assessment

Threat and Hazard Assessment Overview

The following topics will be covered in this lesson:

  1. The offices where threat and hazard information are available.
  2. The spectrum of event profiles for terrorism and technological hazards from FEMA 386-7.
  3. The FEMA 426 approach to determine threat rating.
  4. A rating scale and how to use it to determine a threat rating.

 

Lesson Objectives

At the completion of this lesson, students will be able to:

  1. Identify the threats and hazards that may impact a building or site
  2. Identify threats and hazards using the FEMA 426 methodology
  3. Identify a numerical rating for the threat or hazard and justify the basis for the rating
  4. Review a threat rating scale and determine the threat rating score for the given threats
  5. Define the Design Basis Threat, Levels of Protection, and Layers of Defense
  6. Use Federal, State, or local law enforcement to help determine threat ratings
  7. Complete the Critical Functions and Critical Infrastructure Matrices
  8. Establish the Design Basis Threat
  9. Select the Level of Protection
  10. Use Layers of Defense strategy to mitigate attack and develop mitigation options

 

Assessment Flow Chart

The chart below depicts the flow of an assessment. In this lesson we will focus on assessing threats and hazards.This flowchart demonstrates the process of conducting both Cost and Benefit Analyses. The Cost Analysis flow has two possible routes that allow one to "Analyze how mitigation options affect asset criticality and ultimately risk," as the Cost Analysis starting-point box at the top right reads. From there, the chart flows counter-clockwise, either straight down to "Identify Mitigation Options," and then on to Decision (Risk Management),"; or else in a circle to the left, flowing through "Consequence Assessment, " "Vulnerability Assessment, " "Risk Assessment," "Identify Mitigation Options," and finally "Decision (Risk Management)." The Benefit Analysis also has different possible routes that allow one to "Analyze how mitigation options change vulnerability and ultimately risk," as the starting-point text box in the lower right of the flowchart reads. One route flows clockwise through"Vulnerability Assessent," "Risk Assessment," Identify Mitigation Options," and finally, "Decision (Risk Management)." Another route flows straight up to "Identify Mitigation Options" and then to "Decision (Risk Management)." The final route for a Benefit Analysis is to begin at the bottom left of the chart at "Threat/Hazard Assessment" and flow clockwise through "Vulnerability Assessment," "Risk Assessment," "Identify Mitigation Options," and ending with "Decision (Risk Management)." "Threat/Hazard Assessment" is highlighted here because the lesson will focus on that element.

 

 

 

 

 

 

 

 

 

 

Nature of the Threat (1 of 4)

Comparison of Fatalities and Incidents by Region (2008)

With enhanced migration of terrorist groups from conflict-ridden countries, the formation of extensive international terrorist infrastructures, and the increased reach of terrorist groups, terrorism is a global concern.

Terrorism and physical attacks have continued to increase in the past decade. The geographical isolation of the United States is not a sufficient barrier to prevent an attack on U.S. cities and citizens. These data in this and the next two screens is from the National Counterterrorism Center’s (NCTC) 2008 Report on Terrorism (April 30, 2009) and is based upon open source information from the Worldwide Incidents Tracking System.

The information illustrates recent trends and demonstrates the far-reaching incidents and diverse natures and targets of recent terrorist attacks.

For example, the chart on this screen depicts the attacks and casualties by geographic location around the world. Keep in mind that resulting high-fatality attacks, although at 65 percent, often include collateral fatalities.

A bar chart depicting the comparison of fatalities by region from the 2008 Report on Terrorism. From left to right, Africa has had 2,987 dead and 718 attacks; East Asia and Pacific, 762 dead, 978 attacks; Europe and Eurasia, 292 dead, 774 attacks; Near East, 5,528 dead, 4,594 attacks; South Asia, 5,826 dead, 4,354 attacks; Western Hemisphere, 370 dead, 352 attacks. At the top is listed the total number of dead (15,765) and number of attacks (11,770) across all regions. Select this image to view a larger version.

Nature of the Threat (2 of 4)

Primary Methods Used in Attacks (2008)

According to the chart on this screen, most attacks were perpetrated by terrorists applying conventional fighting methods such as armed attacks, bombings, and kidnappings. Terrorists continue their practice of coordinated attacks, which include secondary attacks on first responders at attack sites, and they continue to reconfigure weapons and other materials to create improvised explosive devices.

NCTC protocols dictate that events identified as simultaneous and coordinated would be recorded as one attack, as would be secondary attacks that target first responders. Therefore, some double counting occurs when multiple methods are used.

Notice in the chart the emphasis is on armed attacks and bombings.

A pie chart depicting the primary methods used in attacks as of 2008. The largest section represents 5,993 Armed Attacks, followed clockwise and in descending order by: Bombing - 4,131; Kidnapping — 1,125; Arson/Firebombing — 535; Assault — 451; Suicide — 405; Unknown — 247; Other — 188. Beneath the chart is the total number of attacks (11,770), followed by the note that "Some double counting occurred when multiple methods were used."

Nature of the Threat (3 of 4)

All Attacks Involving Facilities by Category (2008)

This chart illustrates an ongoing commitment to attacking civilians and infrastructure.

Notice the majority of attacks were focused on “soft” targets such as vehicles, communities, and residences.

A pie chart depicting all of the attacks involving facilities by category as of 2008. The largest section is Vehicle — 2,661. This is followed, clockwise, by: Community — 1,132; Residence — 1,007; Public Place/Retail — 846; Checkpoint — 525; Energy Infrastructure — 339; Government — 332; Police — 279; Military — 231; School/Educational — 194; Transportation Infrastructure — 171; Unknown — 163; Bus — 134; Communications — 129; Other — 889. At bottom left is the following note: "7,469 Facilities Struck."

Nature of the Threat (4 of 4)

CBR Terrorist Incidents 2000-2007

Chemical, Biological, and Radiological (CBR) attacks have been used since ancient times and, in the past 20 years, over 50 attacks have occurred. They require the right weather, population, and dispersion to be effective.

Most recently CBR attacks have had limited effectiveness or have been conducted on a relatively small scale.

Note: Future attacks with weapons of mass destruction (WMD) could occur on a regional or global scale.

A timeline chart depicting CBR terrorist incidents. The chart begins with the year 2000 to the left and travels to 2007 to the far right, and marks incidents on the timeline. From left to right the incidents are: 2000 Canada Arsenic, 27 Injured; 2000 Uganda Poison, 200 Dead; 2001 U.S. Anthrax, 7 Dead, 22 injured; 2002 Zimbabwe Pesticides, 7 Dead, 47 injuries; 2003 Belgium Phenarsazine chloride, 20 Injured; 2003 Italy Ammonia, 50 Injured; 2004 U.S. Ricin; 2005 U.S. Anthrax; 2007 Iraq Chlorine, 41 Dead, 549 injured. To the right of this chart is a smaller table that includes the following information: In the 2000s, there were 61 Incidents, 267 Killed, 766 Injured. In the 1990s, there were 108 Incidents, 446 Killed, 7,151 Injured. In the 1980s, there were 33 Incidents, 25 Killed, 994 Injured. In the 1970s there were 28 Incidents, 10 Killed, 8 Injured. There is also a small photo to the left of terror incident victims being treated.

Knowledge Review

Which item is an example of a threat and/or hazard that could potentially impact a building or site?

  1. Bombing
  2. Armed attack
  3. Kidnapping
  4. All of the above

Correct response = D

Correct response feedback: You got it! Other threats and hazards may include arson/firebombing, assault, suicide, etc.

 

Threats and Hazards

Natural and Man-made

hazard is a source of potential danger or adverse condition.

There are two types of hazards:

  1. Natural Hazards
  2. Man-made Threats

 

Hazard (1 of 2)

Natural Hazards

Natural hazards are naturally occurring events such as floods, earthquakes, tornadoes, tsunamis, coastal storms, landslides, hurricanes, and wildfires.

natural event is a hazard when it has the potential to harm people or property (FEMA 386-2, Understanding Your Risks).

The risks of natural hazards may be increased or decreased as a result of human activity (such as building in a floodplain (bad) or hardening for hurricanes (good)).

 

Hazards (2 of 2)

Man-made Threats

Man-made threats are any indication, circumstance, or event with the potential to cause loss of, or damage to an asset. They can be technological accidents and terrorist attacks.

Technological accidents refers to incidents that can arise from human activities such as manufacturing, transportation, storage, and use of hazardous materials. For the sake of simplicity, it is assumed that technological emergencies are accidental and that their consequences are unintended.

Terrorism refers to the unlawful use of force and violence against persons or property to intimidate or coerce a Government, the civilian population, or any segment thereof, in furtherance of political or social objectives. (28 CFR, Section 0.85)

 

Threat Overview

Two-Step Process

A threat is any indication, circumstance, or event with the potential to cause loss of, or damage to an asset.

A two-step process is utilized to complete the threat assessment:

  1. Selection of the primary threats that may affect your building
  2. Determination of the threat rating

 

Threat Overview

Identify Each Threat/Hazard

Table 1-3 in FEMA 426 outlines the broad spectrum of terrorist threats and technological hazards. Some of these items include:

  • Improvised Explosive Device (Bomb)
  • Armed Attack
  • Chemical Agent
  • Biological Agent
  • Radiological Agent
  • Cyberterrorism

While we can think of terrorist tactics and technological hazards (such as hazmat releases), a runaway truck crashing into a power line, a storage tank, or a telephone pedestal can be equally detrimental. Similarly, surveillance of a company’s operations may divulge company trade secrets that are detrimental to the company’s economic bottom line or an industry in a country.

 

Threat Overview

Adversary Tactic
Domestic/disgruntled Armed Attack – Small Arms
Terrorist – General Armed Attack – Auto weapons
Domestic/disgruntled, Terrorist Arson/Firebombing
Domestic/disgruntled 1 lb Mail Bomb
Domestic/disgruntled 5 lb Pipe Bomb
Terrorist – Al Qaeda 50 Suicide Bombers
Domestic/disgruntled 500 lb Truck Bomb
Terrorist – Al Qaeda 500 lb Truck Bomb
Terrorist – Al Qaeda 5,000 lb Truck Bomb
Terrorist – Al Qaeda 20,000 lb Truck Bomb
Criminal/Terrorist Cyber – outside – Damage
Criminal/Terrorist Cyber – outside – Theft
Domestic/disgruntled, Terrorist Natural Gas
Terrorist – Al Qaeda Chlorine
Terrorist – Al Qaeda Sarin

Identifying the Threat

Threat identification includes:

  • Identifying the adversary:
    • Specific terrorist group
    • Criminal activity
    • Unknown group
  • Identifying the adversary’s tactics:
    • Preferred tactic
    • Common tactic
  • Identifying the adversary’s activities:
    • Internationally active
    • Regionally active
    • Locally active

 

Threat Overview

Identifying Potential Targets

The objective in the initial step is to determine consequences caused by an event that impact the core functions of the asset that will enable it to continue to operate or provide services after an attack. This focuses the assessment team on the key areas of the building. Factors include:

Core Functions:

  • Primary services or outputs
  • Critical activities
  • Identify customers
  • Inputs from external organizations
  • Number of people affected

Critical Infrastructure:

  • Injuries or deaths related to lifelines
  • Effect on core functions
  • Availability of replacements/cost to replace
  • Critical support lifelines
  • Critical or sensitive information

 

Core Functions and Critical Infrastructure

Examples of core functions and critical infrastructure in a COOP facility would include:

Core Functions:

Administration – Personnel who perform the support functions for the building, such as receptionist, sales/scheduling and room setup, human relations, mailroom, purchasing, building maintenance personnel, and associated management personnel.

Engineering/IT technicians – Personnel who interface with clients to meet client needs for software/hardware requirements, troubleshoot system, or software problems, etc.

Loading dock/warehouse – Personnel who accept deliveries, move delivered items to where needed, place items in warehouse for future use with proper tagging and computer file entries to find when needed, etc.

Data center – Personnel who operate the data center on a day-to-day/shift basis.

Communications – Personnel who operate communications on a day-to-day/shift basis.

Security – Personnel who provide physical security for the building. Engineering/IT technicians handle information security. Administrative function handles personnel security in conjunction with human relations.

Housekeeping – Basically janitorial service for non-secure and secure portions of the building.

Critical Infrastructure:

Site – Land (inside and outside property line); structures and organizations nearby (up to 10 miles); other adjacent land uses nearby; the terrain (elevation differences inside and outside property line); parking (inside and outside property line); perimeter fencing (if any), flow of pedestrian and vehicle traffic to access the site and traverse the site to the building(s); barriers installed to control pedestrian and vehicle and to prevent high-speed approaches to building; distance between nearest parking spaces and building; and landscaping, street furniture, lighting, signage, and fire hydrants.

Architectural – Crime Prevention Through Environmental Design (CPTED); tenants and their location; walk paths to building;, building access/queuing; roof access; foyer, egress routes, and mailroom hardening; secure and non-secure way paths within building; critical functions and critical infrastructure locations and hardening; and visitors, loading docks, emergency egress paths, and mailrooms separation from critical functions and critical infrastructure.

Structural systems – Type of construction; how building loads are supported — load bearing walls, steel or reinforced concrete columns, etc.; progressive collapse susceptibility; reinforcement used in walls and columns; and hardening of loading docks and mailrooms.

Envelope systems – Is there hardening of building walls, windows (fenestration, glazing, glass), doors, and other openings in the building walls against the Design Basis Threat?

Utility systems – Either from the “drip-line” off the roof, the 3-foot point outside the building wall, or from the demark (point where the utility company’s responsibility ends and the building owner’s responsibility begins) usually at a meter, for example; covers the services for all utilities to the building — electric, gas, water, fuel oil, telephone, fire alarms, internet, etc.; separation between utilities, alternate sources or emergency backup, hardening of utilities — aboveground, underground, or direct buried.

Mechanical systems – From the utility demark into the building, this covers building systems for heating/ventilation/air conditioning; elevators; interfaces with fire dampers, fire walls, and fire doors; smoke control systems; building management systems that control mechanical systems.

Plumbing and gas systems – From the utility demark into the building, this covers building systems for water, sewer, and natural gas, but can include medical gases and industrial gases based upon the building use.

Electrical Systems – Electrical systems just outside the building that support the building — transformers and building lighting; then from the utility demark into the building — covers all electrical power for the building; access to and security of electrical rooms; uninterruptible power systems, and emergency power systems and the systems that are powered.

Fire alarm systems – Types of systems within building; alarm reporting; location, access to, and security for equipment; and separation from other critical infrastructure.

IT/comm systems – Types, locations, access to, and security of voice, data, internet, signal, and alarms (fire/security) within building; where these systems enter the building — separation from other systems; cabling within building; data backup procedures and/or data recovery/mirror site; mass notification capability; and capability of alternate control centers versus primary control center.

 

Knowledge Review

When designating or designing a Continuity of Operations (COOP) facility, man-made threats such as technological accidents and terrorism are the only hazards to consider.

  1. True
  2. False

Correct response = B

Correct response feedback: You got it! The answer is False. Natural hazards must also be taken into consideration when designating or designing a COOP facility.

 

Step 1: Selection of Primary Threats

To select the primary threats, the selected criteria outlined on this screen are designed to help you to rank potential threats from 1-10 (10 being the greater threat).

For the purpose of this course the selected threats are Cyber AttackArmed AttackVehicle Bomb, and CBR Attack.

Criteria
Score Existence of Adversary Use of Tactic Access to Materials Knowledge/ Expertise History of Threats Intentions Targeting
9-10 Significant operations conducted in the area Preferred tactic routinely used Readily available Basic knowledge/ open source. Advanced skills in implementing tactic Local incident, occurred recently, caused great damage; building functions and tenants were primary targets Stated objective to target specific building, function or tenant to inflict maximum amount of damage Specific credible information that building, function or tenant is being targeted
6-8 Confirmed local activity Past use of tactic, however not a preferred tactic Easy to produce or acquire with limited controls Bachelor’s degree or technical school/open scientific or technical literature. Proficient in use of tactic Regional/ State incident, occurred a few years ago, caused substantial damage; building functions and tenants were one of the primary targets Stated objective to target types of buildings, functions or tenants to damage or decrease operational capabilities Significant activity that indicates the potential for targeting of building, function or tenant
3-5 Speculated local activity Limited use or attempting to refine tactic Difficult to produce or acquire Advanced training/rare scientific or declassified literature. Moderate success at implementing the tactic National incident, occurred some time in the past, caused important damage; building functions and tenants were one of the primary targets Intentions to target similar buildings, functions or tenants. Target of opportunity Limited activity that indicates the potential for targeting of building, function or tenant
1-2 International activity but no known local activity Expressed interest in tactic Very difficult to produce or acquire Advanced degree or training/ classified information. Unsuccessful attempts to employ tactic or limited success International incident, occurred many years ago, caused localized damage; building functions and tenants were not the primary targets No specific intentions to target building, function or tenants No indications of active targeting
FEMA 452, Table 1-5: Nominal Example, p. 1-21

Existence of Adversary – Is there confirmed or speculated adversarial local activity at the site? Have there been significant adversarial operations conducted in the area? While international adversary activities are known, have they been expanded to local activity, and have these activities been confirmed?

Use of Tactic – What is the adversarial preferred tactic routinely used in relation to the site? If the preferred tactic is not easily accomplished, have they illustrated altered or refined tactics to better accomplish their target goals?

Access to Materials – The access to agent is the ease by which the source material can be acquired to carry out the attack. Consideration includes the local hazmat inventory, farm and mining supplies, major chemical or manufacturing plants, university and commercial laboratories, and transportation centers.

Knowledge/Expertise – The general level of skill and training that combines the ability to create the weapon (or weaponize an agent) and the technical knowledge of the systems to be attacked (HVAC, nuclear, etc.). Knowledge and expertise can be gained by surveillance, open source research, specialized training, or years of practice in industry.

History of Threats Against Buildings – What has the potential threat element done in the past and how many times? When was the most recent incident and where, and against what target? What tactics did they use?

Asset Visibility/Symbolic Intentions – The economic, cultural, and symbolic importance of the building to society that may be exploited by the terrorists seeking to cause monetary or political gain through their actions.

Asset Accessibility/Targeting – The ability of the terrorist to become well-positioned to carry out an attack at the critical location against the intended target. The critical location is a function of the site, the building layout, and the security measures in place.

 

Step 1: Selection of Primary Threats (continued)

From the Department of Defense (DoD) perspective, threat (potential threat elements, people with bad intentions) is based upon:

  1. Existence
  2. Capability [Access to Agent; Knowledge/Expertise]
  3. History [History of Threats Against Buildings]
  4. Intentions
  5. Targeting

All of the above concentrate on the existence and actions of the people who are considered the threat.

Comparison to the criteria in the previous screen is included in the brackets above or listed below:

  1. Asset Visibility/Symbolic – CONSEQUENCE. This may link with Intentions (written or spoken) and Targeting (actual surveillance of structure), but in and of itself is a measure of threat.
  2. Asset Accessibility – VULNERABILITY. This may link with Targeting (actual surveillance of structure), but in and of itself is identification of a weakness to an attack tactic and a measure of vulnerability.
  3. Site Population/Capacity: Same comment as for Asset Visibility/Symbolic above.
  4. Level of Defense: Same comment as for Asset Accessibility above.

 

Step 1: Selection of Primary Threats (continued)

This chart illustrates a nominal example of applying the threat scoring to bomb blasts and CBR (see fields in yellow). Scores are first estimated for each criterion (1-10) and are then added in the “Score” columns. The max score for each column is 70 (7 criteria times a max score of 10 per criteria). The rating is then subjectively determined. For example, a score of 34 out of 70 is slightly less than half. So, you may determine the rating to be 3-5. You need a multi-discipline group of people to determine the highest threats, e.g., engineers, information technologists (IT), etc.

Adversary Tactic Existence of Adversary Use of Tactic Access to Materials Knowledge/ Expertise History of Threats Intentions Targeting Score Rating
Domestic/ Disgruntled Armed Attack – Small Arms 2 8 9 7 6 2 2 36 6-8
Terrorist – General Armed Attack – Auto weapons 5 6 9 8 4 2 2 36 6-8
Domestic/ Disgruntled, Terrorist Arson/ Firebombing 5 4 9 9 4 2 2 35 3-5
Domestic/ Disgruntled 1 lb Mail Bomb 2 2 5 5 2 2 2 20 3-5
Domestic/ Disgruntled 5 lb Pipe Bomb 2 6 9 9 4 2 2 34 3-5
Terrorist – Al Qaeda 50 Suicide Bombers 5 9 9 9 3 9 4 48 6-8
Domestic/ Disgruntled 500 lb Car Bomb 3 5 5 5 4 3 2 27 3-5
Terrorist – Al Qaeda 500 lb Car Bomb 6 9 8 8 3 8 4 46 6-8
Terrorist – Al Qaeda 5,000 lb Truck Bomb 6 8 8 8 6 8 4 48 6-8
Terrorist – Al Qaeda 20,000 lb Truck Bomb 6 5 8 7 3 6 4 39 6-8
Criminal/ Terrorist Cyber- Outside Damage 9 9 9 7 9 8 9 60 9-10
Criminal/ Terrorist Cyber- Outside Theft 9 9 9 7 9 8 9 60 9-10
Domestic/ Disgruntled, Terrorist Natural Gas 5 5 9 9 4 3 2 37 6-8
Terrorist – Al Qaeda Chlorine 5 7 9 9 4 3 2 39 6-8
Terrorist – Al Qaeda Sarin 5 2 3 4 2 9 2 27 3-5

 

Step 2: Determine the Threat Rating

Threat Rating
Very High 10 Very High – The likelihood of a threat, weapon, and tactic being used against the site or building is imminent. Internal decision makers and/or external law enforcement and intelligence agencies determine the threat is credible.
High 8-9 High – The likelihood of a threat, weapon, and tactic being used against the site or building is expected. Internal decision makers and/or external law enforcement and intelligence agencies determine the threat is credible.
Medium High 7 Medium High – The likelihood of a threat, weapon, and tactic being used against the site or building is probable. Internal decision makers and/or external law enforcement and intelligence agencies determine the threat is credible.
FEMA 452, Table 1-6: Threat Rating, p. 1-24

Having selected the primary threats (Cyber Attack, Armed Attack, Vehicle Bomb, and CBR Attack) for the building, the next step is to determine how the threat will affect the functions and critical infrastructure. The threat rating is an integral part of the risk assessment and is used to determine, characterize, and quantify a loss caused by an aggressor using a weapon or agent and tactic against the target (asset). The threat rating deals with the likelihood or probability of the threat occurring.

This table provides a scale for selecting your threat rating. The scale is a combination of a seven-level linguistic scale and a 10-point numerical scale. The key elements of this scale are likelihood/credibility of a threat, potential weapons to be used during a terrorist attack, and information available to decision makers. This is a subjective analysis based on consensus opinion of the building stakeholders, threat specialists, and engineers. The primary objective is to look at the threat; the geographic distribution of functions and critical infrastructure; redundancy; and response and recovery to evaluate the impact on the organization should an attack occur.

Key elements:

  • Likelihood of a threat (credible, verified, exists, unlikely, unknown)
  • If the use of the weapon is considered imminent, expected, or probable

 

Step 2: Determine the Threat Rating (continued)

Threat Rating
Medium 5-6 Medium – The likelihood of a threat, weapon, and tactic being used against the site or building is possible. Internal decision makers and/or external law enforcement and intelligence agencies determine the threat is known, but is not verified.
Medium Low 4 Medium Low – The likelihood of a threat, weapon, and tactic being used in the region is probable. Internal decision makers and/or external law enforcement and intelligence agencies determine the threat is known, but is not likely.
Low 2-3 Low – The likelihood of a threat, weapon, and tactic being used in the region is possible. Internal decision makers and/or external law enforcement and intelligence agencies determine the threat exists, but is not likely.
Very Low 1 Very Low – The likelihood of a threat, weapon, and tactic being used in the region or against the site is very negligible. Internal decision makers and/or external law enforcement and intelligence agencies determine the threat is non-existent or extremely unlikely.
FEMA 452, Table 1-6: Threat Rating, p. 1-24

As explained on the previous screen, the threat rating includes the consequences of the threat occurrence.

  • The consequences may be a feature attractive to terrorists in their targeting philosophy.
  • Conversely, threat and overall risk may be low, but if consequences are extremely high, then actions have been taken even against low threats and low risk because the organization did not want to contend with the consequences.

Thus, consequences may overtake perceived threat, especially if the threat is low. Think of the Murrah Federal Building threat rating before and after the McVeigh bombing and flying large aircraft into buildings before and after 9/11/2001.Key elements:

  • Likelihood of a threat (credible, verified, exists, unlikely, unknown)
  • If the use of the weapon is considered imminent, expected, or probable

 

Critical Functions Example

After each threat/hazard has been identified, the threat rating for each threat/hazard must be determined. The threat rating is a subjective judgment of a terrorist threat based on existence, capability, history, intentions, and targeting.

It is a snapshot in time, and can be influenced by many factors, but the given threat value will typically be the same for each function (going down the columns). Organizations that are dispersed in a campus environment may have variations.

On a scale of 1 to 10, 1 is a very low probability and 10 is a very high probability of a terrorist attack.

Keep in mind, the threat rating can be different for a vehicle bomb against Administration (three shown) and a vehicle bomb against Engineering (six shown) because Administration is less likely to be targeted and also may have fewer people.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration
Threat Rating 8 5 3 2
Consequence Rating
Vulnerability Rating
Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Engineering
Threat Rating 8 8 6 2
Consequence Rating
Vulnerability Rating
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-29

 

Critical Infrastructure Example

The Critical Infrastructure matrix has a similar threat rating approach as previously seen in the Critical Function matrix.

Note that the threat ratings for the Site and Structural Systems are almost identical, only varying for Cyber Attack. A Cyber Attack could be higher than structural systems because of access control or CCTV surveillance equipment across the site. Whether or not connected to the Internet, there is a Cyber Threat if these systems are electronically connected or could be electronically connected in the future, giving them greater targeting value if internet connectivity were present. Structural systems generally are not connected to the internet and targeting is not expected of these systems. However, if there are active seismic dampers on the building that use electronic control, then the targeting value goes up as well as the threat. The seismic dampers could be part of a “smart building” system where the responsive dampers are adjusted for the accelerations imposed upon the structure, especially high-rises.

The other threat ratings for Site and Structural Systems are on the low side of the scale because the targeting value to the terrorist using that attack mode on that asset is relatively low.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Site
Threat Rating 4 4 3 2
Consequence Rating
Vulnerability Rating
Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Structural
Threat Rating 3 4 3 2
Consequence Rating
Vulnerability Rating
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-29

 

Knowledge Review

Scenario: According to information provided to you from local and national authorities it has been determined that the likelihood of an armed attack against your site or building is possible due to known, but not verified, extremist groups that may have moved into the area.

What numeric value would you provide for an armed attack threat?

  1. 2-3 (Low)
  2. 5-6 (Medium)
  3. 8-9 (High)

Correct response = B

Correct response feedback: Well done! A threat rating of 5-6, or medium, is described as the likelihood of a threat, weapon, and tactic being used against the site or building. Internal decision makers and/or external law enforcement and intelligence agencies determine that the threat is known, but is not verified. This matches up very closely to the scenario that was provided.

 

Threat Sources

A man-made threat/hazard analysis requires coordination with security and intelligence organizations that understand the locality, the region, and the Nation. These organizations include the police department (whose jurisdiction includes the building or site), the local State police office, the local office of the FBI, and CDC. In many areas of the country, there are threat-coordinating committees, including FBI Joint Terrorism Task Forces, which facilitate the sharing of information. Computer systems are also in place to disseminate intelligence information down to the lowest levels and up to the highest levels.

Other sources of potential threat information are available on the Internet, such as:

  • Southern Poverty Law Center tracks hate groups in the United States at its Web site:www.splcenter.org
  • IntelCenter tracks world terrorist groups and has statistics on many aspects of its operations at its Web site: www.intelcenter.com
  • Memorial Institute for Prevention of Terrorism is a terrorism prevention training center for police officers, investigators, intelligence analysts, and first responders offering the largest open source collection of documents on counterterrorism at its Web site: www.mipt.org

 

Threat Sources (continued)

What you need to:

  • Identify threat statements
  • Identify area threats
  • Identify facility-specific threats
  • Identify potential threat element attributes

Remember, seek information from local law enforcement, FBI, CDC, U.S. Department of Homeland Security, and Homeland Security Offices at the State level.

For technological hazards, it is also important to gather information from the local fire department and hazardous materials (hazmat) unit, Local Emergency Planning Committee (LEPC), and State Emergency Response Commission (SERC). LEPC and SERC are local and State organizations established under a U.S. Environmental Protection Agency (EPA) program. They identify critical facilities in vulnerable zones and generate emergency management plans. Additionally, most fire departments understand which industries in the local area handle the most combustible materials, and the hazmat unit understands who handles materials that could have a negative impact upon people and the environment. In many jurisdictions, the hazmat unit is part of the fire department.

 

Design Basis Threat

We first applied a systems engineering evaluation process to determine a building’s critical functions and critical infrastructure. Then we achieve an understanding of the aggressors’ likely weapons and attack delivery mode. The next step in the process of quantifying a building’s risk assessment is determining the “Design Basis Threat” – the minimum threat tactic that the designers and engineers use in designing a new structure or renovation. The final step in this threat process is the senior management selection of the “Level of Protection” which is also required by the designers and engineers as part of the building design or renovation.

After review of the preliminary information about the building functions, infrastructure, and threats, senior management should establish the “Design Basis Threat” and select the desired “Level of Protection.”

Note: Facility designers need to have the size and type of bomb, vehicle, gun, CBR, or other threat tactic, weapon, or tool identified in order to provide an appropriate level of protection.

 

Design Basis Threat (continued)

There are several methodologies and assessment techniques that can be used. Historically, the U.S. military methodology (with a focus on explosive effects, CBR, and personnel protection) has been used extensively for military installations and other national infrastructure assets.

The Department of State (DOS) adopted or co-developed many of the same blast and CBR design criteria as DoD and Interagency Security Committee (ISC).

 

Interagency Security Committee (ISC)

October 19, 1995, six months after the Oklahoma City bombing of the Alfred P. Murrah Federal Building, President Bill Clinton issued Executive Order 12977, creating the ISC to address continuing Government-wide security for Federal facilities. Prior to 1995, minimum physical security standards did not exist for nonmilitary federally owned or leased facilities.

The ISC’s mandate is to enhance the quality and effectiveness of physical security in, and the protection of, buildings and civilian Federal facilities in the United States. The ISC standards apply to all civilian federal facilities in the U.S.– whether Government-owned, -leased or -managed; to be constructed or modernized, or to be purchased

The ISC’s release of two new interim standards — the Physical Security Criteria for Federal Facilities and the Design-Basis Threat Report – represents extensive collaboration and cooperation among the 45 member agencies of the ISC across the Federal Government. The Physical Security Criteria for Federal Facilities is a culmination of 15 years of information-gathering and -sharing and lessons learned in the field of Federal facility security. The Design-Basis Threat Report introduces key new concepts and provides opportunity to customize countermeasures for facilities as needed.

 

Knowledge Review

When identifying potential threats, seek information from local law enforcement, FBI, CDC, U.S. Department of Homeland Security, and Homeland Security Offices at the State level.

  1. True
  2. False

Correct response = A

Correct response feedback: Excellent! The correct response is true.

 

Levels of Protection

Layers of Defense Elements

Layers of Defense elements, along with Levels of Protection, provide the strategy for developing mitigation options. Layers of Defense include the four Ds:

Deter – The process of making the target inaccessible or difficult to defeat with the weapon or tactic selected. It is usually accomplished at the site perimeter using highly visible electronic security systems, fencing, barriers, lighting and security personnel; and in the building by security access with locks and electronic monitoring devices.

Detect – The process of using intelligence sharing and security services response to monitor and identify the threat before it penetrates the site perimeter or building access points.

Deny – Usually done in conjunction with detect, the process of minimizing or delaying the degree of site or building infrastructure damage or loss of life or protecting assets by designing or using infrastructure and equipment designed to withstand blast and chemical, biological, or radiological effects.

Devalue – The process of making the site or building of little to no value or consequence, from the terrorists’ perspective, such that an attack on the facility would not yield their desired result.

This approach could be an important method to increase resiliency.

 

Levels of Protection

DoD Minimum Antiterrorism (AT) Standards for New Buildings

In contrast to the Interagency Security Committee (formerly headed by GSA, but now headed by DHS) security levels and criteria, the DoD correlates levels of protection with potential damage and expected injuries.

At the levels shown here, there is significant damage, injury, and an estimated number of dead.

Level of Protection Potential Structural Damage Potential Door and Glazing Hazards Potential Injury
Below AT Standards Severely damaged. Frame collapse/massive destruction. Little left standing. Doors and windows fail and result in lethal hazards. Majority of personnel suffer fatalities.
Very Low Heavily damaged – onset of structural collapse. Major deformation of primary and secondary structural members, but progressive collapse is unlikely. Collapse of non-structural elements. Glazing will break and is likely to be propelled into the building, resulting in serious glazing fragments will be reduced. Doors may be propelled into rooms, presenting serious hazards. Majority of personnel suffer serious injuries. There are likely to be a limited number (10 percent to 25 percent) of fatalities.
Low Damaged – unrepairable.
Major deformation of non-structural elements and secondary structural members, and minor deformation of primary structural members, but progressive collapse is unlikely.
Glazing will break, but fall within 1 meter of the wall or otherwise not present a significant fragment hazard. Doors may fail, but they will rebound out of their frames, presenting minimal hazards. Majority of personnel suffer significant injuries. There may be a few (<10 percent) fatalities.
Medium Damaged – repairable.
Major deformation of non-structural elements and secondary structural members and no permanent deformation in primary structural members.
Glazing will break, but will remain in window frame. Doors will stay in frames, but will not be reusable. Some minor injuries, but fatalities are unlikely.
High Superficially damaged.
No permanent deformation of primary and secondary structural members or non-structural elements.
Glazing will not break. Doors will be reusable. Only superficial injuries are likely.
FEMA 426, Table 4-1, p. 4-9

 

No building should fall under the Below AT Standards and Very Low levels of protection.

 

Knowledge Review

Which layer of defense refers to the process of making the site or building of little to no value or consequence, from the terrorists’ perspective, such that an attack on the facility would not yield their desired result?

  1. Deter
  2. Detect
  3. Deny
  4. Devalue

Correct response = D

Correct response feedback: Great job! Devalue is the correct layer of defense.

 

Knowledge Review

Which of the following is an example of a natural hazard?

  1. A hurricane causing widespread flooding and wind damage to a coastal area.
  2. A tornado causing downed power lines along several roads, restricting access.
  3. A militia blowing up a Government building.
  4. All of the above.
  5. A and B only.

Correct response = E

Correct response feedback: Yes! A and B are the correct responses.

 

Knowledge Review

During your building assessment, you learn that housekeeping is contracted and does not have an office or network connection. Keeping this in mind, what threat rating to cyber attack would be appropriate for housekeeping?

  1. 1 (Very Low)
  2. 2-3 (Low)
  3. 5-6 (Medium)
  4. 8-9 (High)

Correct response = A

Correct response feedback: Yes! A threat rating of 1 (Very Low) is most likely the best rating for housekeeping since it is contracted and does not have an office or network connection.

 

Knowledge Review

It is determined that CBR type hazards are in close proximity to the building you are assessing and an aggressor would have easy access to the materials. However, there are no specific indications of any planned CBR attacks. Keeping this in mind, what is your subjective threat rating for a potential CBR attack?

  1. 10 (Very High)
  2. 7 (Medium High)
  3. 4 (Low)
  4. 1 (Very Low)

Correct response = B

Correct response feedback: Yes! A threat rating of 7 (Medium High) is most likely the best rating for the potential of a CBR attack. CBR attacks are occurring more frequently worldwide and are being conducted by groups with associations to the local area.

 

Knowledge Review

Based on knowledge that there are no specific indications of any planned armed attacks on a site, but that they occur in the vicinity of the site, choose the answer best representing a subjective threat rating for armed attacks at the site.

  1. 1 (Very Low)
  2. 2-3 (Low)
  3. 5-6 (Medium)
  4. 8-9 (High)

Correct response = C

Correct response feedback: Yes! A threat rating of 5-6 (Medium) is most likely the best rating for the potential of an armed attack.

 

Knowledge Review

Before begin reviewing the content of this course, let’s see what you know about building security over the next several screens.

Examples of modes of major transportation in a surrounding area may include:

  • Interstate highway
  • Railway
  • Airport
  1. True
  2. False

Correct response: A

Correct response feedback: That’s right! Each item listed is an example of major transportation.

 

Knowledge Review

Which of the following is an example of a safety/emergency response asset?

  1. Wet pipe sprinkler system
  2. Hand-held dry chemical fire extinguisher
  3. Fire stations
  4. Hospital
  5. All of the above.

Correct response: E

Correct response feedback: That’s right! All of the items listed are correct. Always know the safety/emergency response assets that are available and identify their response times where applicable.

 

Knowledge Review

When determining building security, the only threats that you really need to focus on are man-made disasters. This may include terrorist collateral damage or criminal threat.

  1. True
  2. False

Correct response: B

Correct response feedback: That’s right! In addition to man-made disasters, you must also be aware of potential natural disasters. This may include flooding, tornadoes, etc. Be sure to also identify the prevalent weather/wind conditions.

 

Summary

Now that you have completed this lesson, you should be able to:

  1. Identify the threats and hazards that may impact a building or site
  2. Identify threats and hazards using the FEMA 426 methodology
  3. Identify a numerical rating for the threat or hazard and justify the basis for the rating
  4. Review a threat rating scale and determine the threat rating score for the given threats
  5. Define the Design Basis Threat, Levels of Protection, and Layers of Defense
  6. Use Federal, State, or local law enforcement to help determine threat ratings
  7. Complete the Critical Functions and Critical Infrastructure Matrices
  8. Establish the Design Basis Threat
  9. Select the Level of Protection
  10. Use Layers of Defense strategy to mitigate attack and develop mitigation options

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 3 – Consequence Assessment

Consequence Assessment Overview

This lesson will describe how to perform a consequence assessment (the second step in the assessment process), to identify consequences related to people, operations, systems, and the asset categorized as core functions and core infrastructure. Key to this process is interviewing stakeholders including owners, facility staff, and tenants.

 

Lesson Objectives

At the completion of this lesson, students will be able to:

  1. Identify the consequences resulting from a threat or hazard event
  2. Explain the components used to determine the rating of a consequence
  3. Determine the critical and cascading consequences of an event
  4. Provide a numerical rating for the consequence and justify the basis for the rating
  5. Determine how to differentiate building, system, NIPP Sector, Regional, and National consequences

 

Assessment Flow Chart

Reviewing the Assessment Flow Chart, the second step in the risk assessment process is to determine consequence rating.

Consequences are the results of a terrorist attack or other hazard event that reflect the level, duration, and nature of the loss resulting from the incident.

Flowchart demonstrating the process of conducting both Cost and Benefit Analyses. The Cost Analysis flow has two possible routes that allow one to "Analyze how mitigation options affect asset criticality and ultimately risk," as the Cost Analysis starting-point box at the top right reads. From there, the chart flows counter-clockwise, either straight down to "Identify Mitigation Options," and then on to Decision (Risk Management),"; or else in a circle to the left, flowing through "Consequence Assessment, " "Vulnerability Assessment, " "Risk Assessment," "Identify Mitigation Options," and finally "Decision (Risk Management)." The Benefit Analysis also has different possible routes that allow one to "Analyze how mitigation options change vulnerability and ultimately risk," as the starting-point text box in the lower right of the flowchart reads. One route flows clockwise through "Vulnerability Assessment," "Risk Assessment," Identify Mitigation Options," and finally, "Decision (Risk Management)." Another route flows straight up to "Identify Mitigation Options" and then to "Decision (Risk Management)." The final route for a Benefit Analysis is to begin at the bottom left of the chart at "Threat/Hazard Assessment" and flow clockwise through "Vulnerability Assessment," "Risk Assessment," "Identify Mitigation Options," and ending with "Decision (Risk Management)." Consequence Assessment highlighted.

 

 

 

 

 

 

 

 

 

 

Definition of Risk and Consequence

Risk can be defined as the potential for loss of or damage to an asset. It takes into account the threats or hazards that potentially impact the asset, consequences, and the vulnerability of the asset to the threat or hazard.

Ratings can be assigned to these three components of risk (Low, Medium, and High) to provide a risk rating.

In general terms, consequences can include the replacement time and cost for infrastructure and equipment. It can include lost profit to a business or lost capability to a mission that resulted in greater damage and loss to that asset and other assets.

Low Risk Medium Risk High Risk
Risk Factors Total 1-60 61-175 >176
Threat Rating x Consequence Rating x Vulnerability Rating
Infrastructure Function
Replacement/Repair People
Loss of Use
FEMA 426, Table 1-19: Total Risk Color Code, p. 1-38

 

Determination of Potential Consequences

Consequence rating is the degree of debilitating impact that would be caused by the incapacity or destruction of an asset (critical functions and infrastructure).

Consequences can be tangible impacts related to:

  • Buildings
  • Systems
  • NIPP-specific
  • Regional
  • National

Consequences can have intangible impacts on:

  • Processes
  • Company information
  • Reputation

 

National Infrastructure Protection Plan (NIPP)

NIPP’s overarching goal is to build a safer, more secure, and more resilient America by preventing, deterring, neutralizing, or mitigating the effects of deliberate efforts by terrorists to destroy, incapacitate, or exploit elements of our Nation’s critical infrastructure and key resources (CIKR). In addition, to strengthen national preparedness, timely response, and rapid recovery of CIKR in the event of an attack, natural disaster, or other emergency.

The 2009 NIPP:

  • Provides the unifying structure for the integration of a wide range of efforts for the enhanced protection and resiliency of the nation’s CIKR into a single national program
  • Integrates the concepts of resiliency and protection, and broadens the focus of NIPP-related programs and activities on all hazards
  • Meets Homeland Security Presidential Directive 7 (HSPD-7)

 

NIPP 18 CIKR Sectors

NIPP Meets Homeland Security Presidential Directive 7 (HSPD-7)

18 Supporting SSPs
Agriculture and Food Information Technology
Defense Industrial Base Postal and Shipping
Energy Transportation Systems
Healthcare and Public Health Government Facilities
National Monuments and Icons Dams
Banking and Finance Emergency Services
Water Nuclear Reactors, Materials, and Waste
Chemical Commercial Facilities
Critical Manufacturing Communications

NIPP establishes a national policy for Federal departments and agencies to identify and prioritize critical infrastructure and to protect them from terrorist attacks.

Within the CIKR protection mission area, national priorities must include:

  • Preventing catastrophic loss of life
  • Managing cascading, disruptive impacts on the U.S. and global economies across multiple threat scenarios

The NIPP has 18 supporting Sector-Specific Plans (SSPs), see table, coordinated by an integrated network of Federal departments and agencies, State and local Government agencies, private sector entities, and a growing number of regional consortia — all operating together within a largely voluntary CIKR protection framework.

 

Quantifying Consequence

Consequences are divided into four main categories:

  • Human Impacts — Effects on human life and physical well-being.
  • Economic Impacts — Direct and indirect effects on the economy.
  • Impacts on Public Confidence — Psychological impacts on public morale and confidence in regional, national, economic, and political institutions.
  • Impacts on Government Ability — Effect on the Government’s ability to maintain order, deliver minimum essential public services, ensure public health and safety, and carry out national security-related missions.

In addition, keep in mind:

  • Timing — Most buildings are occupied and operate on a fixed schedule which means that attacks at different times of day will have different consequences. Seasonal conditions determine heating and cooling systems that may affect toxic substance consequences.
  • Environment — Wind speed and direction, air temperature, humidity and other environmental conditions will affect duration and severity of toxic substance exposure, and may aggravate attack consequences.

 

Knowledge Review

Which item is an example of a potential consequence resulting from a threat or hazard event?

  1. Human Impacts
  2. Economic Impacts
  3. Impacts on Public Confidence
  4. Impacts on Government Ability
  5. All of the above

Correct response: E

Correct response feedback: You got it! All of the items are examples of potential consequences resulting from a threat or hazard event.

 

Consequence Rating

Each level describes the scope of potential fatalities and injuries and the degree of debilitating impact that would be caused by the damage to building assets. In order to put the consequences of an attack in proper perspective, grave consequences such as fatalities and injuries must be rated on the same scale with potential building damages and other property losses.

Note that while the losses associated with human assets will almost always be the primary criterion for assigning the consequences rating, other types of potential losses may raise or lower that rating.

FEMA 426 uses a combination of a seven-level linguistic scale and a 10-point numeric scale. At the high range of the scale we have:

Consequence Rating Key elements:

  • Loss of assets and/or people would have grave, serious, moderate, or negligible consequences or impact
Very High 10 Very High – Loss or damage of the building’s assets would have exceptionally grave consequences, such as extensive loss of life, widespread severe injuries, or total loss of primary services, core processes, and functions for a very long period of time. The consequences would have an exceptionally grave effect on public health and safety, economic, psychological, and governance impacts. The building owner has not taken steps to maintain continuity of operations and/or has taken action to ensure that key functions will not be significantly impacted by an event.
High 8-9 High – Loss or damage of the building’s assets would have grave consequences, such as loss of life, severe injuries, loss of primary services, or major loss of core processes and functions for a long period of time. The consequences would have a grave effect on public health and safety, economic, psychological, and governance impacts. The building owner has taken little or no steps to maintain continuity of operations and/or has taken little or no action to ensure that key functions will not be significantly impacted by an event.
FEMA 426, Adaptation of Table 1-1: Consequence Rating Scale, p. 1-13

 

 

 

 

 

 

 

 

 

Consequence Rating (continued)

At the middle range of the scale we have:

Consequence Rating Key elements:

  • Loss of assets and/or people would have grave, serious, moderate, or negligible consequences or impact
Medium High 7 Medium High – Loss or damage of the building’s assets would have serious consequences, such as serious injuries or impairment of core processes and functions for a long period of time. The consequences would have a serious effect on public health and safety, economic, psychological, and governance impacts. The building owner has taken minor steps to maintain continuity of operations and/or has taken minor action to ensure that key functions will not be significantly impacted by an event.
Medium 5-6 Medium – Loss or damage of the building’s assets would have serious consequences, such as serious injuries or impairment of core processes and functions for a long period of time. The consequences would have a serious effect on public health and safety, economic, psychological, and governance impacts. The building owner has taken minor steps to maintain continuity of operations and/or has taken minor action to ensure that key functions will not be significantly impacted by an event.
Medium Low 4 Medium Low – Loss or damage of the building’s assets would have moderate consequences, such as minor injuries or minor impairment of core functions and processes for a considerable period of time. The consequences would have a moderate effect on public health and safety, economic, psychological, and governance impacts. The building owner has taken moderate steps to maintain continuity of operations and/or has taken moderate action to ensure that key functions will not be significantly impacted by an event.
FEMA 426, Adaptation of Table 1-1: Consequence Rating Scale, p. 1-13

 

 

 

 

 

 

 

 

 

 

 

Consequence Rating (continued)

At the low end of the scale we have:

Consequence Rating Key elements:

  • Loss of assets and/or people would have grave, serious, moderate, or negligible consequences or impact
Low 2-3 Low – Loss or damage of the building’s assets would have minor consequences or impact, such as a slight impact on core functions and processes for a short period of time, if at all. The consequences would have a minor effect on public health and safety, economic, psychological, and governance impacts. The building owner has taken reasonable steps to maintain continuity of operations and/or has taken reasonable action to ensure that key functions will not be significantly impacted by an event.
Very Low 1 Very Low – Loss or damage of the building’s assets would have negligible consequences or impact. The consequences would have a negligible effect on public health and safety, economic, psychological, and governance impacts. The building owner has taken sufficient steps to maintain continuity of operations and/or has taken adequate action to ensure that key functions will not be significantly impacted by an event.
FEMA 426, Adaptation of Table 1-1: Consequence Rating Scale, p. 1-13

 

 

 

 

 

 

 

 

Consequence Nominal Example: Function

The consequences related to the key functions of the asset for this nominal example are listed and a consequence rating is entered into the site critical function matrix.

The key functions identified for this asset are listed below along with a consequence rating:

Function Cyber Attack Vehicle Bomb Suicide Bomber Chemical (Sarin) Biological (Ricin)
Administration 5 5 5 5 5
Engineering 8 8 8 8 8
Warehousing 3 3 3 3 3
Data Center 8 8 8 8 8
Food Service 2 2 2 2 2
Security 7 7 7 7 7
Housekeeping 2 2 2 2 2
Day Care 10 10 10 10 10
FEMA 426, Table 2-6A: Nominal Building Consequence Assessment, p. 1-25

 

 

 

 

 

 

 

 

 

Consequence Nominal Example: Infrastructure

The consequences related to the key infrastructure of the asset for this nominal example are listed and a consequence rating is entered into the site critical infrastructures matrix.

The key infrastructure identified for this asset are listed below along with a consequence rating:

Infrastructure Cyber Attack Vehicle Bomb Suicide Bomber Chemical (Sarin) Biological (Ricin)
Site 4 4 4 4 4
Architectural 5 5 5 5 5
Structural Systems 8 8 8 8 8
Envelope Systems 7 7 7 7 7
Utility Systems 7 7 7 7 7
Mechanical Systems 7 7 7 7 7
Plumbing and Gas Systems 5 5 5 5 5
Electrical Systems 7 7 7 7 7
Fire Alarm Systems 9 9 9 9 9
IT/Communications Systems 8 8 8 8 8
FEMA 426, Table 2-6B: Nominal Building Consequence Assessment, p. 1-25

 

 

 

 

 

 

 

 

 

 

 

Knowledge Review

Which component used to determine the consequence rating is described as:

Loss or damage of the building’s assets would have minor consequences or impact, such as a slight impact on core functions and processes for a short period of time, if at all. The consequences would have a minor effect on public health and safety, economic, psychological, and governance impacts. The building owner has taken reasonable steps to maintain continuity of operations and/or has taken reasonable action to ensure that key functions will not be significantly impacted by an event.

  1. Low
  2. Medium
  3. High

Correct response: A

Correct response feedback: Yes! The description presented refers to the “Low” component used to determine a consequence rating.

 

Critical Functions Example

In general, the consequence rating for a given function is the same for all threats and the matrix helps to identify the primary functions in a quantitative form. The functions matrix is people oriented and is subjective, but the completed matrix should provide a guide to vulnerabilities and risks. An organization with few administrative staff, but with a large engineering group, is used in this example.

Note the value is the same for all threat pairs. It does not matter how the asset is lost. The consequence rating reflects the impact to the people and organization should the asset be lost, damaged, or degraded.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration
Threat Rating 8 5 3 2
Consequence Rating 5 5 5 5
Vulnerability Rating
Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Engineering
Threat Rating 8 8 6 2
Consequence Rating 8 8 8 8
Vulnerability Rating
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Critical Functions Example (continued)

Notice the Consequence rating under the Administration and Engineering functions is highlighted. A medium value rating (5) is assigned to the Administration function consequence rating because it is a small part of the total organization, but important to the organization for continuity of business and profit. A high Consequence rating (8) was assigned for the Engineering Function as it accounts for over half of the organization and is considered the core of the business for the company.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration
Threat Rating 8 5 3 2
Consequence Rating 5 5 5 5
Vulnerability Rating
Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Engineering
Threat Rating 8 8 6 2
Consequence Rating 8 8 8 8
Vulnerability Rating
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Critical Infrastructure

The value is the same for all threat pairs to reflect the economic and organization impact losses that could occur over time should the critical infrastructure be lost, degraded, or damaged due to any threat tactic.

Note: The Consequence rating under the Site and Structural Systems is highlighted. A medium low Consequence rating (4) could be an initial value for a site infrastructure that has a well-defined and protected perimeter and economic replacement costs that are acceptable. A high Consequence rating (8) could be an initial value for a Structural System in a multi-story that is subject to progressive collapse and cannot be replaced.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Site
Threat Rating 4 4 3 2
Consequence Rating 4 4 4 4
Vulnerability Rating
Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Structural
Threat Rating 3 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating
FEMA 426, Adaptation of Table 1-21: Site Infrastructure Systems Pre-Assessment Screening Matrix, p. 1-39

 

Considerations

Estimating direct consequences of an attack is accomplished by:

  • Identifying potential targets
  • Identifying the effects of weapons on people and buildings
  • Identifying physical and environmental conditions at the target
  • Quantifying the potential losses to the building

Review the considerations for the following:

Consequence Rating Considerations:

What are the consequences of destruction, failure, or loss of function of the asset in terms of fatalities and/or injuries, property losses, and economic impacts?

  1. What are the building’s primary services or outputs?
  2. What critical activities take place at the building?
  3. Who are the building’s occupants and visitors?
  4. What inputs from external organizations are required for a building’s success?

Debilitating Impact:

What are the consequences of destruction, failure, or loss of function of the asset in terms of fatalities and/or injuries, property losses, and economic impacts?

  • Criticality to the overall function, organization, agency, company, or Government goals
  • Can primary services continue?
    • Identify how many people may be injured or killed
    • Identify what happens to occupants if a specific asset is lost or degraded
  • Determine if critical or sensitive information is stored or handled at the building
  • Identify any critical personnel who impact critical functions
  • Determine the relative value of assets

Resiliency:

  • Identify the locations of key equipment and the impact if it is lost during an event
  • Determine the locations of personnel work areas and systems
  • Determine if systems are redundant enabling continuous operations
  • Determine if backups exist for the building’s assets
  • Determine the availability of replacements
  • Determine the ease of replacement

Cascading Effects:

  • Interdependency – will loss of the asset have an effect upon other assets in the same or different Critical Infrastructure Sectors?
    • Communications and information technology (i.e., the flow of critical information)
    • Utilities (e.g., facility power, water, air conditioning, etc.)
    • Phones (that depend on network that depends on servers that depend on electricity)
  • Determine the impact on other organizations if the asset is lost or cannot function
    • Whom do you depend on?
    • Who depends on you?

 

Knowledge Review

Which of the categories listed pertains to interdependency, i.e., will loss of the asset have an effect upon other assets in the same or different Critical Infrastructure Sectors?

In addition, under this category you must determine the impact on other organizations if the asset is lost or can-not function.

  1. Consequence Rating
  2. Debilitating Impact
  3. Resiliency
  4. Cascading Effects

Correct response: D

Correct response feedback: Very good! The correct response is Cascading Effects.

 

Knowledge Review

When determining your consequence rating you must consider the consequences of destruction, failure, or loss of function of the asset in terms of fatalities and/or injuries, property losses, and economic impacts.

  1. True
  2. False

Correct response: A

Correct response feedback: Well done! The statement is true. In addition, when determining a consequence rating, ask yourself:

  • What are the building’s primary services or outputs?
  • What critical activities take place at the building?
  • Who are the building’s occupants and visitors?
  • What inputs from external organizations are required for a building’s success?

 

Knowledge Review

Considerations that should be made in determining the resiliency of an asset include which of the following?

  1. Locations of key equipment and personnel and impact if lost
  2. Whether backups exist for the building’s assets
  3. Potential casualties
  4. All of the above
  5. A and B only

Correct response: D

Correct response feedback: Yes! All of the items listed are correct.

 

Knowledge Review

To understand the concept of cascading effects of an attack on an asset, the asset’s interdependencies must be considered.

  1. True
  2. False

Correct response: A

Correct response feedback: Great job! The answer is True.”

 

Knowledge Review

When conducting a building assessment you must identify the components of the building’s critical utility infrastructure, such as:

  • Electrical systems (power to Computer Center)
  • Communications systems (data and voice between CI/BC and clients)
  • Gas supply (heat/humidity control to Computer Center)
  • Mechanical systems (cooling to Computer Center)
  • Water supply (cooling towers)
  • Emergency response systems (backup generator, alternate communications, etc.)
  1. True
  2. False

Correct response: A

Correct response feedback: That’s right! You must always identify the critical utility infrastructure to the building.

 

Knowledge Review

The components of a critical building infrastructure only include parking and entryways.

  1. True
  2. False

Correct response: B

Correct response feedback: That’s right! Additional components of critical building infrastructure also include exits, loading dock(s), etc.

 

Knowledge Review

It is important to know what personnel are key to the operation of the building.

  1. True
  2. False

Correct response: A

Correct response feedback: That’s right! The key personnel may include management, technical staff, facility staff, etc.

 

Summary

In this lesson you learned how to:

  1. Identify the consequences resulting from a threat or hazard event
  2. Explain the components used to determine the rating of a consequence
  3. Determine the critical and cascading consequences of an event
  4. Provide a numerical rating for the consequence and justify the basis for the rating
  5. Determine how to differentiate building, system, NIPP Sector, Regional, and National consequences

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 4 – Vulnerability Assessment

Vulnerability Assessment Overview

In this lesson we will review types of vulnerabilities, considerations to identifying vulnerabilities, and a vulnerability rating scale.

This lesson also introduces the FEMA 426 Building Vulnerability Assessment Checklist (Table 1-22, pages 1-46 to 1-93) to assist in identifying vulnerabilities. This checklist will see extensive use in Units IX, X, and XI (9, 10, and 11).

 

Lesson Objectives

At the completion of this lesson, students will be able to:

  1. Explain what constitutes a vulnerability
  2. Identify vulnerabilities using the Building Vulnerability Assessment Checklist
  3. Understand that an identified vulnerability may indicate that an asset is vulnerable to more than one threat or hazard and that mitigation measures may reduce vulnerability to one or more threats or hazards
  4. Provide a numerical rating for the vulnerability and justify the basis for the rating

 

Vulnerability

Defined

Vulnerability:

Any weakness that can be exploited by an aggressor or, in a non-terrorist-threat environment, make an asset susceptible to hazard damage.

Single point vulnerability:

A place where multiple systems come together and an incident at this location could cause multiple systems to be taken down or where there is no back-up systems available to restore the function.

 

Vulnerability Assessment

  • Identify site and building systems’ design issues
  • Evaluate design issues against type and level of threat
  • Determine level of protection sought for each mitigation measure against each threat

The goal is to see if existing conditions provide the level of protection desired. Then mitigation measures are sought to achieve the level of protection where it has not been achieved.

Vulnerability assessments occur at different levels or magnitude of scale, including:

  • State/Regional/Business Sector
  • Site/Building/Tenant or Occupant

 

Resiliency Considerations

Resiliency is a cross-cutting issue of the risk assessment process and is defined as the ability of the building to recover quickly after an attack.

The vulnerability assessment evaluates resiliency based on several factors, including:

  • Redundancies present
  • Impacts on key functions
  • Likelihood of operational loss

 

Assessment Flow Chart

Reviewing the Assessment Flow Chart, the vulnerability assessment is the next step in the risk assessment process.

In the prior steps, assets and their respective values were assigned, the threat was analyzed, a Design Basis Threat was established, and a Level of Protection was selected.

The next step is to conduct the vulnerability assessment, which is an in-depth analysis of the building functions, systems, and site characteristics to identify building weaknesses and lack of redundancy, and determine mitigations or corrective actions that can be designed or implemented to reduce the vulnerabilities.

Flowchart demonstrating the process of conducting both Cost and Benefit Analyses. The Cost Analysis flow has two possible routes that allow one to "Analyze how mitigation options affect asset criticality and ultimately risk," as the Cost Analysis starting-point box at the top right reads. From there, the chart flows counter-clockwise, either straight down to "Identify Mitigation Options," and then on to Decision (Risk Management),"; or else in a circle to the left, flowing through "Consequence Assessment, " "Vulnerability Assessment, " "Risk Assessment," "Identify Mitigation Options," and finally "Decision (Risk Management)." The Benefit Analysis also has different possible routes that allow one to "Analyze how mitigation options change vulnerability and ultimately risk," as the starting-point text box in the lower right of the flowchart reads. One route flows clockwise through "Vulnerability Assessment," "Risk Assessment," Identify Mitigation Options," and finally, "Decision (Risk Management)." Another route flows straight up to "Identify Mitigation Options" and then to "Decision (Risk Management)." The final route for a Benefit Analysis is to begin at the bottom left of the chart at "Threat/Hazard Assessment" and flow clockwise through "Vulnerability Assessment," "Risk Assessment," "Identify Mitigation Options," and ending with "Decision (Risk Management)." Vulnerability Assessment highlighted.

 

 

 

 

 

 

 

 

 

Identifying Vulnerabilities

Assessing a building’s vulnerabilities requires a multidisciplinary team. It should not be conducted solely by an engineer or by a security specialist. Only a balanced team can have an understanding of the identified aggressors or threat/hazards and how they can affect the building’s critical functions and infrastructure.

A multidisciplinary team should include:

  • Engineers
  • Architects
  • Security specialists
  • Subject matter experts
  • Outside experts if necessary

Tailor the team to the individual project. A building owner could use his handyman, the local sheriff, his workers, the local volunteer fire department, service representatives from the local utilities, etc., for an initial assessment. What cannot be answered by this initial team can then be taken to personnel at the next higher level(s) with more expertise and experience in the respective areas.

 

Knowledge Review

When assessing a building, which of the following should be part of the multidisciplinary team conducting the assessment?

  1. Engineers
  2. Architects
  3. Security specialists
  4. Subject matter experts
  5. All of the above
  6. A, C, and D only

Correct response: E

Correct response feedback: Great job! All of the items listed are correct.

Include outside experts if necessary.

 

FEMA’s 452 Risk Assessment Methodology (RAM)

RAM is broken down as follows:

  • Tier I
  • Tier II
  • Tier III

 

FEMA’s 452 Risk Assessment Methodology (RAM)

Tier I

Tier I – 70 percent typically conducted with two experienced assessment professionals and the building owner and key staff for two days.

Involves a “quick look” at the site perimeter, building, core functions, infrastructure, drawings and plans in order to identify primary vulnerabilities and protective options.

Sufficient for the majority of commercial buildings and other non-critical facilities and infrastructure.

 

FEMA’s 452 Risk Assessment Methodology (RAM)

Tier II

Tier II – 90 percent is a full on-site evaluation that requires significant key building staff participation and an in-depth review of building design documents, drawings and plans. Specifically, it requires three to five assessment specialists for three to five days.

Sufficient for most high-risk buildings such as iconic commercial buildings, Government facilities, schools, hospitals, and other high-value infrastructure assets.

 

FEMA’s 452 Risk Assessment Methodology (RAM)

Tier III

Tier III – Detailed evaluation of the building using blast and WMD models:

  • Determines response, survivability, recovery, and development of protective options
  • Involves engineering and scientific experts
  • Requires detailed information
  • Can take several days or weeks to complete modeling and analysis
  • Are used for high-value assets

Note: Tier III is typically performed for high value and critical infrastructure assets.

 

Vulnerability Assessment Preparation

After assembling a team, the assessment process starts with a detailed planning and information collection of the site. If possible, the information should be gathered in a geographic information systems (GIS) format.

Types of coordination with the building stakeholders include:

  • Site and building plans
  • Utilities
  • Emergency plans (shelter, evacuation)
  • Interview schedules (ensure the people who can answer the team assessment questions are available)
  • Escorts for building access

Note that no matter how much preparation is done prior to an assessment, the process on-site will reveal new information. Conversely, if preparation is not done, much can be missed because the “right” questions may not have been asked on-site.

COOP: The vulnerability assessment process also works well when evaluating an alternate facility. Many questions are consistent between the two processes, and the additional COOP questions expand the natural hazard assessment for the most part.

 

Assessment GIS Portfolio

A technique to organize required information is to develop an Assessment GIS Portfolio. The portfolio is designed to support vulnerability and risk assessments through identification of:

  • Critical infrastructure
  • Critical nodes within the surrounding area.
  • Nearby functions, including emergency response

The data sets are a combination of commercial and Government (FEMA – HAZUS-MH, US Geologic Survey, State and local data) imagery interpretation, as well as open source transportation, utility, flood plains, and political boundaries.

Portfolios are tailored to each individual site.

This screen displays a satellite image of the region with State boundaries delineated. This map provides a general overview for a user’s initial orientation to a site.

The next series of screens shows how GIS can be used in an outside-to-inside approach to support threat analysis and vulnerability assessments.

Additional Information:

For additional information on HAZUS-MH, go to www.HAZUS.org.

Another important resource out of the Geospatial One-Stop initiative is www.geodata.gov, a one-stop source of geospatial information from across the nation. Geospatial information allows decisions to be viewed in a community context (e.g., showing the geographic components of buildings, lifelines, hazards, etc.).

Google Earth is also a powerful tool for the novice to gather like information.

 

10-Mile Radius

Map displaying infrastructure and features within the "10 Mile Metro Center Radius" that could have an impact on the site. Features mapped include utilities (such as the Electrical Power Facility and Natural Gas Facility), major transportation networks (such as interstates, airports, and railroads), first responders (such as fire and police), and Government facilities. Also marked on the map are the towns other than the District of Columbia that are clustered within the radius: Rosslyn, Crystal City, Pentagon City, Virginia Square, Balston, Clarendon, and Court House. Map Legend shows a compass, bar scale, and a key of symbols at the bottom of the map.This map displays infrastructure and features within a 10-mile radius that could have an impact on the site. Features mapped include utilities, major transportation networks, first responders, and Government facilities.

 

 

 

 

 

Regional Transportation

Regional transportation map of Arlington County, Virginia displaying evacuation routes and single-point nodes such as bridges and tunnels. Map also shows Interstates, highways, the VA Railroad, the airport, and the Arlington Metro Center as well as the Metro Line routes. Map Legend displays a compass, bar scale, and a key of symbols at the bottom of the map.The regional transportation map can be used for planning evacuation routes and identifying single-point nodes such as bridges and tunnels.

 

 

 

 

 

 

 

Metro Center Imagery

This satellite-view map of Arlington County’s Metro Center can be used for an overview of the surrounding area and for determining if collateral damage is a significant risk. Lines mark the Arlington Metro Center, interstates, highways, and the VA Railroad. There is a compass, bar scale, and a key of symbols at the bottom of the map.Satellite imagery of the region surrounding a site provides users an additional perspective to go with the data sets information.

Commercial, industrial, and residential areas can easily be differentiated, as well as rural and urban areas.

This map can be used for an overview of the surrounding area and for determining if collateral damage is a significant risk.

 

Site Emergency Response

Map displaying first responder and hospital locations in the Arlington County area. Map can be used to estimate response times during an emergency. Some of the sites included are: Arlington Hospital, Arlington Fire Dept, Columbia Hospital for Women, Reagan Airport Fire Dept, US Park Police, etc. Map Legend shows a compass, bar scale, and a key of symbols at the bottom of the map.This map displays first responders and hospitals near a site and can be used to estimate response times during an emergency.

 

 

 

 

 

 

 

 

Knowledge Review

Which map can be used for planning evacuation routes and identifying single-point nodes such as bridges and tunnels?

  1. Site Emergency Response
  2. Regional Transportation
  3. 10-Mile Radius
  4. Metro Center Imagery
  5. All of the above

Correct response: B

Correct response feedback: Excellent! Regional Transportation is correct.

 

Site Public and Government Buildings

This map shows the location of Government and public buildings in the region, including Government facilities, schools, and churches. Government buildings potentially could be the target of terrorist operations. Therefore, the possibility of collateral damage should be considered for sites in close proximity. Additionally, some churches and schools may be designated community shelters and resources during emergencies.

Map of Arlington County, Virginia showing the location of Government and public buildings. Buildings labeled on the map are: YMCA, DMV, Columbia Pike Library, Gunston Community Center, Center for Urban Ecology, Whitehaven Plantation, Falls Church City Hall, Torpedo Factory, etc. Map Legend shows a compass, bar scale, and a key of symbols at the bottom of the map.

Site Hazmat

Arlington County, Virginia map displaying hazardous materials (hazmat) sites tracked by various EPA databases. Sites labeled: WMATA, Arlington Funeral Home, Fillmore Elementary School, Fillmore Gardens, C&P Telephone Co, Hurt Cleaners Inc, US Gen Services Admin-Natl Cap, Chatham Condos, etc. Map Legend shows a compass, bar scale, and a key of symbols at the bottom of the map.This map displays hazardous materials (hazmat) sites tracked by various EPA databases. They include large hazmat sites such as refineries and chemical plants, but also include smaller sites with small quantities of chemicals such as schools and dry cleaners. Some sites that contain very small amounts of hazmat are filtered out.

Prevailing wind direction from the National Oceanic and Atmospheric Administration (NOAA) Climatic Data Center is shown to help evaluate the vulnerabilities from surrounding hazards that can be used by a terrorist as a supplemental weapon.

Note: The Department of Homeland Security (DHS) promulgated the Chemical Facility Anti-Terrorism Standards (CFATS) on April 9, 2007. The information source HAZUS-MH for EPA sources of hazardous materials will likely be affected by CFATS and associated Chemical Terrorism Vulnerability Information (CVI).

 

Site Local Transportation Network

Arlington County, Virginia Local Transportation Network map showing transportation routes in the local area surrounding a site, including roads, railroads, airport, and Metro stations.The local transportation map provides greater resolution of transportation routes in the local area surrounding a site.

It can be used for planning evacuation routes and alternate routes during an emergency.

It also shows proximity to routes that do or could carry hazardous materials.

 

 

 

Site Principal Buildings by Use

Arlington County, Virginia Principal Buildings by Use map. Identifying structures such as Residential, Office, Government, Hotel, Retail, and Proposed. Map Legend shows a compass, bar scale, and a key of symbols at the bottom of the map.This map provides a quick overview of the primary use of principal buildings surrounding a site.

It is useful when conducting threat assessments to help identify potential surrounding terrorist targets and the likelihood of collateral damage.

 

 

 

 

 

Site Perimeter Imagery

Arlington County, Virginia Site Imagery map showing aerial view building site including site entry points , office property, office complex perimeter, and fencing. Map Legend shows a compass, bar scale, and a key of symbols at the bottom of the map.Site imagery gives a view of the site and allows assessors to analyze the layout of the site, including site entry points and building separation.

The imagery can also be integrated with building plans to provide important information for implementing mitigation measures and making other security decisions.

 

 

 

 

Site Truck Bomb

Arlington County, Virginia map displaying the potential blast effects range of a large truck bomb. The blast range is represented by three concentric rings. Within the innermost ring (100 ft.), structural collapse occurs. Within the next ring (500 ft), probable lethal injuries. Within the outer ring (1,000 ft), severe injuries from glass. Map Legend shows a compass, bar scale, and a key of symbols at the bottom of the map.This image displays the potential effects of a nominal truck bomb assuming a nominal building structure.

It is an estimation based on range-to-effects charts and is useful for analyzing vehicular flow and stand-off issues. The results of more accurate site-specific blast analysis can be used to replace the nominal estimations, especially for more accurate cost estimating of mitigation measures.

 

Site Car Bomb

Arlington County, Virginia map depicting potential blast effects associated with a 200lbs. car bomb against a building with nominal construction. Blast range is represented by three concentric rings. Within the innermost ring (20 ft.), structural collapse occurs. Within the next ring (100 ft), probable lethal injuries. Within the outer ring (150 ft), severe injuries from glass. Map Legend shows a compass, bar scale, and a key of symbols at the bottom of the map.This is an example of the potential blast effects associated with a nominal car bomb against a building with nominal construction.

Obviously, the effects of the car bomb are much less than those from a truck bomb.

 

 

 

 

 

 

Knowledge Review

Which map gives a view of the site and allows assessors to analyze the layout of the site, including site entry points and building separation?

  1. Site Perimeter Imagery
  2. Site Principal Buildings by Use
  3. Site Local Transportation Network
  4. Site Public and Government Buildings
  5. Both A and B

Correct response: A

Correct response feedback: Way to go! Site Perimeter Imagery is correct.

In addition, the imagery from this map can also be integrated with building plans to provide important information for implementing mitigation measures and making other security decisions.

 

Options to Reduce Vulnerability

After identifying and collecting information on the site, the multidisciplinary team follows the nine steps listed here:

1)Define Site Functions and 2) Identify Critical Systems = Interviews with Site Personnel; 3) Evaluate Facility System Interactions and 4) Determine Common System Vulnerabilities = Review Prints and Specs; Check with Systems Experts; 5) Physically Locate Components and Lines = On-Site Inspections; 6) Identify Critical Components and Nodes = Apply 'Vulnerability Checklist'; 7) Assess Critical Nodes vs. Threats = Threat Spectrum Evaluation; 8) Determine Survivability Enhancements = Survivability Options; 9) Document Entire Analysis Process = Records

This process is explained in more detail in FEMA 452. For this course, this is an overview of what a more detailed on-site assessment should accomplish.

 

Facility-System Interactions

Every building or facility can be attacked and damaged or destroyed as illustrated in the flow chart.

A terrorist selects the weapon and tactic that will destroy the building or infrastructure target.

At a site with multiple buildings, Tables 1-5 through 1-17 in FEMA 426 can be used to rank these buildings and thus to determine which buildings require more in-depth analysis.

Three level chart depicting Facility System Interactions. Top level, Damage Mechanisms, has box labeled Weapons and Attacks with arrow labeled Delivery flowing down to next level, Facility Systems. Facility Systems has three boxes: Protection Function (Structure; Security; Chemical, Biological, and Radiological), arrow labeled Penetration points to next box, Critical Components (Support Function; Operational Function; Personnel), arrow labeled System Defeat points to next box, Protection Function (Damage Control and Recovery, Interior and Exterior). Arrow labeled Critical Function Failure points down to next level, Functional Defeat and box labeled Damage Effects (Mission Defeat; Downtime; Percent Degradation).

 

 

 

 

 

 

 

 

 

 

Single Point Vulnerabilities (SPVs)

Chart labeled Common System Vulnerabilities with examples of concepts...1) No Redundancy; 2) Redundant Systems Feed Into Single Critical Node; 3) Critical Components of Redundant Systems Collocated; 4) Inadequate Capacity or Endurance in Post-Attack Environment.The function and infrastructure analysis will identify the geographic distribution within the building and interdependencies between critical assets. Ideally, the functions should have geographic dispersion as well as a recovery site or alternate work location. However, some critical building functions and infrastructure do not have a backup, or will be found collocated. This design creates what is called a Single-Point Vulnerability.

 

Identification and protection of these Single Point Vulnerabilities is a key
aspect of the assessment process.

 

Single Point Vulnerabilities (SPVs) (continued)

Chart labeled Common System Vulnerabilities with examples of concepts...1) No Redundancy; 2) Redundant Systems Feed Into Single Critical Node; 3) Critical Components of Redundant Systems Collocated; 4) Inadequate Capacity or Endurance in Post-Attack Environment.This chart provides examples of this concept:

  1. No Redundancy
  2. Redundant Systems Feed Into Single Critical Node
  3. Critical Components of Redundant Systems Collocated
  4. Inadequate Capacity or Endurance in Post-Attack Environment

Single Point Vulnerabilities are critical functions or systems that lack redundancy and, if damaged by an attack, would result in immediate organization disruption or loss of capability.

 

Functional Analysis SPVs

There are both Functional Analysis SPVs and Infrastructure SPVs.

Functional Analysis SPVs are depicted in this chart. The image to the right shows an example of a building that has numerous critical functions and infrastructure collocated, which creates an SPV.

Standard 11 The loading dock and warehouse provide single point of entry to the interior
Standards 13 and 17 The mailroom is located within the interior and not on exterior wall or separate HVAC
Standard 1 The telecom switch and computer data center are adjacent to the warehouse
Standard 1 The trash dumpster and emergency generator are located adjacent to the loading dock
FEMA 426, Figure 1-10: Non-Redundant Critical Functions Collocated Near Loading Dock, p. 1-41

 

Infrastructure SPVs

Typical Infrastructure SPVs are depicted here:

  • Air intakes at ground level
  • Ground level drive through drop-off atrium with no anti-vehicle barrier
  • Single primary electrical service
  • Single telecom switch room in parking garage

Many commercial buildings have collocated electrical, mechanical, and telecom rooms that share a common central distribution core or chase.

 

Knowledge Review

Identification and protection of SPVs is a key aspect of the assessment process.

  1. True
  2. False

Correct response: A

Correct response feedback: Well done! The answer is true.

 

Building Vulnerability Assessment Checklist

FEMA 426 provides the Building Vulnerability Assessment Checklist (Table 1-22, pages 1-46 to 1-93), which compiles many best practices based on technologies and scientific research to consider during the design of a new building or renovation of an existing building. It includes questions that determine if critical systems will continue to function during an emergency or threat event. In addition, the checklist is organized into 13 sections:

  • Each section should be assigned to a knowledgeable individual
  • Results of all sections should be integrated into a master vulnerability assessment
  • Compatible with CSI Master Format standard to facilitate cost estimates

This helps guide the multidisciplinary team through the vulnerability analysis. It allows a consistent security evaluation of designs at various levels, whether accomplished as owner/user or in-depth with technical experts.

The assessment checklist has been used by experienced engineers who were not experienced vulnerability assessors. These engineers commented that although the checklist seemed laborious at first, when they finished assessing multiple sites across the country they felt very confident that they had identified the vulnerabilities and had provided solid recommendations for mitigation measures. This checklist can also be found in FEMA 452: Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks, Appendix A.

Section Vulnerability Question Guidance Observations
    1          Site
1.1 What major structures surround the facility (site or building)?

What critical infrastructure, Government, military, or recreation facilities are in the local area that impact transportation, and collateral damage (attack at the facility impacting the other major structures or attack on the major structures impacting the facility)?

What are the adjacent land uses immediately outside the perimeter of this facility (site or building(s))?

Critical infrastructure to consider includes: 

Telecommunications infrastructure

Facilities for broadcast TV, cable TV; cellular networks; newspaper offices, production, and distribution; radio stations; satellite base stations; telephone trunking and switching stations, including critical cable routes and major rights of way

Electric power systems

Power plants, especially nuclear facilities; transmission and distribution system components; fuel distribution, delivery, and storage

Gas and oil facilities

Hazardous materials facilities, oil/gas pipelines, and storage facilities

 
FEMA 426, Table 1-22: Building Vulnerability Checklist

 

Building Vulnerability Assessment Checklist (continued)

The Construction Specification Institute (CSI) format has other advantages, particularly that designers and engineers can develop detailed specifications that communicate requirements to building contractors.

For COOP, the checklist questions have been cross-referenced in the Risk Management Database (Unit VI) to FCD 1 requirements with 10 questions identified as COOP-specific and covered separately.

Note: The Building Vulnerability Assessment Checklist is based on a checklist developed by the Department of Veterans Affairs (VA). The checklist can be used as a screening tool for preliminary design vulnerability assessment. In addition to examining design issues that affect vulnerability, the checklist includes questions that determine if critical systems continue to function in order to enhance deterrence, detection, denial, and damage limitation, and to ensure that emergency systems function during and after a threat or hazard situation.

 

Building Vulnerability Assessment Checklist (continued)

Each section of the checklist can be assigned to an engineer, architect, or subject matter expert who is knowledgeable and qualified to perform an assessment of the assigned area in order to perform a detailed assessment.

As stated before, an initial assessment can be performed by craftsmen and other knowledgeable people who may provide the decision maker all that is necessary or indicate more expertise is needed in specific areas.

The checklist covers:

  • Site
  • Electrical Systems
  • Architectural
  • Fire Alarm Systems
  • Structural Systems
  • Communications and IT Systems
  • Building Envelope
  • Equipment Operations and Maintenance
  • Utility Systems
  • Security Systems
  • Mechanical Systems (HVAC and CBR)
  • Security Master Plan
  • Plumbing and Gas Systems
  • COOP Facility: Additional Concerns

 

Building Vulnerability Assessment Checklist (continued)

Each assessor should consider the questions and guidance provided to help identify vulnerabilities and document results in the observations column. Not all possible questions are in the checklist, but it provides a good basis to guide the assessment.

Vulnerability Question Guidance Observations
6 Mechanical Systems (HVAC and CBR)
6.1 Where are the air intakes and exhaust louvers for the building? (low, high, or midpoint of the building structure)
Are the intakes and exhausts accessible to the public?
Air intakes should be located on the roof or as high as possible. Otherwise secure within CPTED-compliant fencing or enclosure. The fencing or enclosure should have a sloped roof to prevent throwing anything into the enclosure near the intakes.
Ref: CDC/NIOSH Pub 2002-139
6.2 Is roof access limited to authorized personnel by means of locking mechanisms?
Is access to mechanical areas similarly controlled?
Roofs are like entrances to the building and are like mechanical rooms when HVAC is installed. Adjacent structures or landscaping should not allow access to the roof.
Ref: GSA PBS – P100, CDC/NIOSH Pub 2002-139, and LBNL Pub 51959
FEMA 426, Adapted from Table 1-22: Building Vulnerability Assessment Checklist, p. 1-46 to 1-92

 

Building Vulnerability Assessment Checklist (continued)

Notice that the checklist leads assessment team members to see the same critical functions or infrastructure from different perspectives.

For example, here a parking lot is analyzed by questions from both the site and building envelope sections. (Sections 1 and 4)

This cross-analysis is one of the strengths of the methodology.

1.15 Is there minimum setback distance between the building and parked cars?
4.1 What is the designed or estimated protection level of the exterior walls against the postulated explosive threat?
4.2 Is the window system design on the exterior façade balanced to mitigate the hazardous effects of flying glazing following an explosive event (glazing, frames, anchorage to supporting walls, etc.)?
FEMA 426, Adapted from Table 1-22: Building Vulnerability Assessment Checklist, p. 1-46 to 1-92

 

Knowledge Review

Which of the following is a TRUE statement about the Building Vulnerability Assessment Checklist?

  1. Each section should be assigned to a knowledgeable individual
  2. Results of all sections should be integrated into a master vulnerability assessment
  3. The Building Vulnerability Assessment Checklist is compatible with CSI Master Format standard to facilitate cost estimates
  4. All of the above
  5. A and C only

Correct response: D

Correct response feedback: Outstanding! All of the items listed are true statements about the Building Vulnerability Assessment Checklist.

 

Vulnerability Rating

The results of the 13 assessment sections should be integrated into a master vulnerability assessment in order to provide the basis for determining vulnerability rating numeric values.

In the rating scale of 1 to 10, a rating of 10 means one or more major weaknesses exist to make an asset extremely susceptible to an aggressor’s tactics.

Vulnerability Rating Key elements:

  • Number of weaknesses
  • Aggressor potential accessibility
  • Level of redundancies /physical protection
  • Time frame for building to become operational again
Very High 10 Very High – One or more major weaknesses have been identified that make the asset extremely susceptible to an aggressor or hazard. The building lacks redundancies/physical protection and will not be functional again after an attack.
High 8-9 High – One or more significant weaknesses have been identified that make the asset highly susceptible to an aggressor or hazard. The building has poor redundancies/physical protection and most parts of the building will not be operational until 1 year after an attack.
Medium High 7 Medium High – An important weakness has been identified that makes the asset very susceptible to an aggressor or hazard. The building has inadequate redundancies/physical protection and some critical functions will not be operational until 9 months after an attack.
FEMA 452, Table 3-4: Vulnerability Rating, p. 3-16

 

 

 

 

 

 

 

 

Vulnerability Rating (continued)

On the other end of the vulnerability rating scale is the rating of 1, which means very low and no weaknesses exist.

Vulnerability Rating Key elements:

  • Number of weaknesses
  • Aggressor potential accessibility
  • Level of redundancies /physical protection
  • Time frame for building to become operational again
Medium 5-6 Medium – A weakness has been identified that makes the asset fairly susceptible to an aggressor or hazard. The building has insufficient redundancies/physical protection and some critical functions will not be operational until 6 months after an attack.
Medium Low 4 Medium Low – A weakness has been identified that makes the asset somewhat susceptible to an aggressor or hazard. The building has incorporated a fair level of redundancies/physical protection and the building will be operational 3 months after an attack.
Low 2-3 Low – A minor weakness has been identified that slightly increases the susceptibility of the asset to an aggressor or hazard. The building has incorporated good redundancies/physical protection and will be operational a few weeks after an attack.
Very Low 1 Very Low – No weaknesses exist. The building has incorporated excellent redundancies/physical protection and will be operational immediately after an attack.
FEMA 452, Table 3-4: Vulnerability Rating, p. 3-16

 

 

 

 

 

 

 

 

 

Critical Functions Matrix Example

The Vulnerability Rating is entered into the same Critical Functions Matrix that we saw in Lessons 2 and 3.

The Vulnerability Ratings under the Administration Function and under the Engineering Function are highlighted.

Because vulnerability is a measure of the success and effects of employing a threat against an asset, the vulnerability varies based upon location, hardening, ability to use the tactic, redundancy, etc.

Medium high (7) and high (9) Vulnerability Ratings were assigned to the Administration Function threat pairs to illustrate an exposed function near exterior walls and entrances.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration
Threat Rating 5 5 2 2
Consequence Rating 5 5 5 5
Vulnerability Rating 7 7 9 9
Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Engineering
Threat Rating 8 5 6 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Critical Functions Matrix Example (continued)

A range of ratings was assigned for the Engineering Function threat pairs to illustrate a function that is typically in the interior core, but shares common HVAC systems and is likely within a blast damage zone based upon the potential weapon size.

The Vulnerability Rating is subjective, and the assessor has to take into account how well the asset is protected against that threat, if redundancy is in place, and the effect of the tactics and weapons against the asset as it currently exists.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration
Threat Rating 5 5 2 2
Consequence Rating 5 5 5 5
Vulnerability Rating 7 7 9 9
Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Engineering
Threat Rating 8 5 6 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Critical Infrastructure Matrix

The Vulnerability Rating is entered into the same Critical Infrastructure Matrix that we saw in Lessons 2 and 3.

The Vulnerability Ratings under the Site and Structural Systems are highlighted.

Note: It is easier to keep the threat in mind and move between assets to assess vulnerability than it is to keep the asset in mind and move between threats.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Site
Threat Rating 4 4 3 2
Consequence Rating 4 4 4 4
Vulnerability Rating 1 7 9 9
Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Structural
Threat Rating 3 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 1 1 8 1
FEMA 426, Adaptation of Table 1-21: Site Infrastructure Systems Pre-Assessment Screening Matrix, p. 1-39

Cyber Attack: Rating of 1 for both.

Site: Rating of 1, as no Internet-connected system is in place, such as a perimeter access control system or connection to other accessible media (phone lines).

Structural: Rating of 1, as there are no electronic systems at all, but it could have an active damping system for earthquakes or high winds that is accessible over the Internet, which would give it a rating higher than 1.

Armed Attack (single gunman) – Site: Rating of 7 as it is fairly open but with some obscuration, with many manned windows overlooking the parking lots, CCTV coverage, and roving patrols at variable times.

Structural: Rating of 1 as this tactic would have no impact upon the structural members.

Vehicle Bomb – Site: Rating of 9 as a vehicle bomb would cause extensive destruction to site and hinder operations for an extended time due to limited access and blowing debris damage to buildings.

Structural: Rating of 8 as building is a high-rise and not designed for progressive collapse, but stand-off provides some level of protection.

CBR Attack – Site: Rating of 8, because depending upon the agent used, access to site could be restricted for anytime from hours to years or until decontamination is complete, which would not be a speedy process.

Structural: Rating of 1 as agent would not restrict structural system in any fashion in performance of its engineered design.

 

Conclusion

Vulnerability is any weakness that can be exploited by an aggressor or, in a non-terrorist threat environment, make an asset susceptible to hazard damage.

A vulnerability assessment is a step-by-step analysis process that:

  • Is expertly performed by experienced personnel
  • Determines critical systems
  • Identifies vulnerabilities
  • Identifies lack of redundancy
  • Focuses survivability mitigation measures on critical areas
  • Is an essential component of Critical Infrastructure and Critical Function Matrices

 

Knowledge Review

The administration functions of a building are located near exterior walls and entrances. Approximate the vulnerability of this function to a vehicle bomb.

  1. 1 (Very Low)
  2. 2-3 (Low)
  3. 5-6 (Medium)
  4. 8-9 (High)

Correct response: D

Correct response feedback: Good job! Although the answers are subjective, a rating of 8-9 (High) is probably the best choice.

 

Knowledge Review

What is an approximate vulnerability to cyber attack for a site with no Internet connected system in place (i.e. a perimeter access control system)?

  1. 1 (Very Low)
  2. 2-3 (Low)
  3. 5-6 (Medium)
  4. 8-9 (High)

Correct response: A

Correct response feedback: Well done! Although the answer is subjective, a very low rating of 1 (Very Low) is probably the best choice.

 

Knowledge Review

Rate the vulnerability of the structural system to damage or adverse impact from a CBR attack.

  1. 1 (Very Low)
  2. 2-3 (Low)
  3. 5-6 (Medium)
  4. 8-9 (High)

Correct response: A

Correct response feedback: That’s right! Although the answer is subjective, a very low rating of 1 (Very Low) is probably the best choice.

 

Summary

Now that you have completed this lesson, you should be able to:

  1. Explain what constitutes a vulnerability
  2. Identify vulnerabilities using the Building Vulnerability Assessment Checklist
  3. Understand that an identified vulnerability may indicate that an asset is vulnerable to more than one threat or hazard and that mitigation measures may reduce vulnerability to one or more threats or hazards
  4. Provide a numerical rating for the vulnerability and justify the basis for the rating

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 5 – Risk Assessment and Risk Management

Risk Assessment and Risk Management Overview

This lesson will:

  • Provide a definition of risk and the various components to determine a risk rating
  • Review various approaches to determine risk
  • Review a rating scale
  • Demonstrate how to use the scale to determine a risk rating

 

Lesson Objectives

At the completion of this lesson, students will be able to:

  1. State what constitutes risk
  2. Provide a numerical rating for risk and justify the basis for the rating
  3. Evaluate risk using the Risk (Threat-Vulnerability) Matrix to capture assessment information
  4. Identify top risks for asset-threat/hazard pairs of interest that should receive measures to mitigate vulnerabilities and reduce risk

 

Risk Assessment

The initial step of a risk assessment is to define and understand a buildings core functions and processes and identify building infrastructure such as power, water, HVAC, IP connectivity, loading dock, etc.

 

Risk Management

Risk management is the deliberate process of understanding “risk” — the likelihood that a threat will harm an asset with some severity of consequences — and deciding on and implementing actions to reduce it. In addition, risk management incorporates an understanding of the vulnerability of assets to the consequences of threats and hazards.

The objective is to reduce the vulnerability of assets through mitigation actions. Reducing vulnerabilities is the most straightforward approach to reducing risk.

However, realize that risk reduction has two other components, albeit not applicable to building design:

  • Reduce consequence (devalue the asset)
  • Reduce threat (intelligence and law enforcement team to arrest terrorists before an attack can be carried out)

 

Assessment Flow Chart

Reviewing the Assessment Flow Chart, the determination of quantitative risk values is the next step in the risk assessment process.

Flowchart demonstrating the process of conducting both Cost and Benefit Analyses. The Cost Analysis flow has two possible routes that allow one to "Analyze how mitigation options affect asset criticality and ultimately risk," as the Cost Analysis starting-point box at the top right reads. From there, the chart flows counter-clockwise, either straight down to "Identify Mitigation Options," and then on to Decision (Risk Management),"; or else in a circle to the left, flowing through "Consequence Assessment, " "Vulnerability Assessment, " "Risk Assessment," "Identify Mitigation Options," and finally "Decision (Risk Management)." The Benefit Analysis also has different possible routes that allow one to "Analyze how mitigation options change vulnerability and ultimately risk," as the starting-point text box in the lower right of the flowchart reads. One route flows clockwise through "Vulnerability Assessment," "Risk Assessment," Identify Mitigation Options," and finally, "Decision (Risk Management)." Another route flows straight up to "Identify Mitigation Options" and then to "Decision (Risk Management)." The final route for a Benefit Analysis is to begin at the bottom left of the chart at "Threat/Hazard Assessment" and flow clockwise through "Vulnerability Assessment," "Risk Assessment," "Identify Mitigation Options," and ending with "Decision (Risk Management)." Risk Assessment highlighted.

 

 

 

 

 

 

 

 

 

 

Definition of Risk

Risk is a combination of:

  • The probability that an event will occur
  • The consequences of its occurrence

In other words, risk can be defined as the potential for a loss or damage to an asset. It takes into account consequences of the degradation or loss of an asset, the threats or hazards that potentially impact the asset, and the vulnerability of the asset to the threat or hazard.

Values can be assigned to these three components of risk to provide a risk rating.

Low Risk Medium Risk High Risk
Risk Factors Total 1-60 61-175 >176
Threat Rating x Consequence Rating x Vulnerability Rating
FEMA 426, Table 1-19: Total Risk Color Code, p. 1-38

Multiplying the values assigned to each of the three factors — threatconsequence, and vulnerability — provides quantification of total risk.

This quantification helps prioritize which protective measures should be adopted, given limited resources, to achieve a desired level of protection.

 

Quantifying Risk

The risk assessment process involves the following:

  • Determine threat rating
  • Determine consequence rating
  • Determine vulnerability rating
  • Determine relative risk for each threat against each asset

Select mitigation measures that have the greatest benefit while minimizing the cost of reducing risk.

 

Knowledge Review

Risk can be defined as the potential for a loss or damage to an asset. It takes into account consequences of the degradation or loss of an asset, the threats or hazards that potentially impact the asset, and the vulnerability of the asset to the threat or hazard.

  1. True
  2. False

Correct response: A

Correct response feedback: Very good! The statement is true.

 

An Approach to Quantifying Risk

The risk assessment analyzes the threat, consequence, and vulnerability to ascertain the level of riskfor each critical asset against each applicable threat.

An understanding of risk levels enables the owner of assets to prioritize and implement appropriate mitigation measures, paying particular attention to high consequence threats, to achieve the desired level of protection.

A simplified approach to quantifying risk is shown here. Ratings can be assigned to the threat or hazard, consequence, and vulnerability of the asset to the threats, and numerical scores can be determined that depict relative risk of these assets to man-made hazards. (FEMA 426 Chapter 1, FEMA 452 Steps 1, 2, 3, and 4.)

Very High 10
High 8-9
Medium High 7
Medium 5-6
Medium Low 4
Low 2-3
Very Low 1
Table 1-18: Risk Factors Definitions
Low Risk Medium Risk High Risk
Risk Factors Total 1-60 61-175 >176
FEMA 426, Table 1-19: Total Risk Color Code, p. 1-38
Risk = Threat Rating x Consequence Rating x Vulnerability Rating

 

Critical Functions Matrix

This analysis completes the Critical Functions and the Critical Infrastructure Matrices that we saw in Lessons 2, 3, and 4.

The risk formula is applied and the numeric values color-coded as discussed on the previous screen. The color code helps visualize the functions and infrastructure that are vulnerable and the scale helps to identify those areas for in-depth mitigation measures analysis.

The risk ratings under the Administration and Engineering Functions are highlighted. The numeric ratings result in Medium and High risk ratings for the Functions asset-threat/hazard pairs.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration 280 140 135 90
Threat Rating 8 4 3 2
Consequence Rating 5 5 5 5
Vulnerability Rating 7 7 9 9
Engineering 128 160 384 144
Threat Rating 8 5 6 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Critical Infrastructure Matrix

This analysis completes the Critical Functions and the Critical Infrastructure Matrices that we saw in Lessons 2, 3, and 4.

The risk formula is applied and the numeric values color-coded as discussed on the previous screen. The color code helps visualize the functions and infrastructure that are vulnerable and the scale helps to identify those areas for in-depth mitigation measures analysis.

The risk ratings under the Administration and Engineering Functions are highlighted. The numeric ratings result in Medium and High risk ratings for the Functions asset-threat/hazard pairs.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Site 48 80 108 72
Threat Rating 4 4 4 4
Consequence Rating 4 4 3 2
Vulnerability Rating 3 5 9 9
Structural Systems 48 128 192 144
Threat Rating 3 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Risk Assessment Results

The process is continued for all the asset-threat/hazard pairs of interest. This is a nominal example of a completed risk table.

The risk assessment results is a prioritized list of risks (i.e., asset – threat/hazard/consequence/vulnerability combinations) that can be used to select safeguards to reduce vulnerabilities (and risk) and to achieve a certain level of protection.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration 280 140 135 90
Threat Rating 8 4 3 2
Consequence Rating 5 5 5 5
Vulnerability Rating 7 7 9 9
Engineering 128 128 192 144
Threat Rating 8 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
Warehousing 96 36 81 54
Threat Rating 8 4 3 2
Consequence Rating 8 4 3 2
Vulnerability Rating 3 3 3 3
Data Center 360 128 216 144
Threat Rating 9 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 5 4 9 9
Food Service 2 32 48 36
Threat Rating 1 4 3 2
Consequence Rating 2 2 2 2
Vulnerability Rating 1 4 8 9
Security 280 140 168 126
Threat Rating 8 4 3 2
Consequence Rating 7 7 7 7
Vulnerability Rating 5 5 8 9
Housekeeping 16 64 48 36
Threat Rating 8 4 3 2
Consequence Rating 2 2 2 2
Vulnerability Rating 1 8 8 9
Day Care 54 324 243 162
Threat Rating 3 4 3 2
Consequence Rating 9 9 9 9
Vulnerability Rating 2 9 9 9
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Risk Assessment Results (continued)

As stated previously, this subjective process is best applied to small organizations with few decision makers/decision levels. This subjective risk assessment process will probably not result in hard numbers that can be compared across different assessment teams, but the relative ranking of the asset-threat/hazard pairs on each team will have great correlation if both teams have consistent perspectives. Thus, the highest and lowest identified risks may not have the same rating numbers, but the same asset-thread/hazard pairs by the two teams will be close to identical. Divergence will occur if one team is concentrating on terrorism and the other team is concentrating on continuity of business operations.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration 280 140 135 90
Threat Rating 8 4 3 2
Consequence Rating 5 5 5 5
Vulnerability Rating 7 7 9 9
Engineering 128 128 192 144
Threat Rating 8 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
Warehousing 96 36 81 54
Threat Rating 8 4 3 2
Consequence Rating 8 4 3 2
Vulnerability Rating 3 3 3 3
Data Center 360 128 216 144
Threat Rating 9 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 5 4 9 9
Food Service 2 32 48 36
Threat Rating 1 4 3 2
Consequence Rating 2 2 2 2
Vulnerability Rating 1 4 8 9
Security 280 140 168 126
Threat Rating 8 4 3 2
Consequence Rating 7 7 7 7
Vulnerability Rating 5 5 8 9
Housekeeping 16 64 48 36
Threat Rating 8 4 3 2
Consequence Rating 2 2 2 2
Vulnerability Rating 1 8 8 9
Day Care 54 324 243 162
Threat Rating 3 4 3 2
Consequence Rating 9 9 9 9
Vulnerability Rating 2 9 9 9
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Risk Assessment Results (continued)

Large organizations require a more objective approach in which the results of different assessment teams working independently can be compared by decision makers at many levels. These risk ratings will then be comparable across teams as to their numeric value, which is needed in a large organization.

In either case, the goal is to find where the application of limited resources will have the greatest benefit to reducing risk at the least cost.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Administration 280 140 135 90
Threat Rating 8 4 3 2
Consequence Rating 5 5 5 5
Vulnerability Rating 7 7 9 9
Engineering 128 128 192 144
Threat Rating 8 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 2 4 8 9
Warehousing 96 36 81 54
Threat Rating 8 4 3 2
Consequence Rating 8 4 3 2
Vulnerability Rating 3 3 3 3
Data Center 360 128 216 144
Threat Rating 9 4 3 2
Consequence Rating 8 8 8 8
Vulnerability Rating 5 4 9 9
Food Service 2 32 48 36
Threat Rating 1 4 3 2
Consequence Rating 2 2 2 2
Vulnerability Rating 1 4 8 9
Security 280 140 168 126
Threat Rating 8 4 3 2
Consequence Rating 7 7 7 7
Vulnerability Rating 5 5 8 9
Housekeeping 16 64 48 36
Threat Rating 8 4 3 2
Consequence Rating 2 2 2 2
Vulnerability Rating 1 8 8 9
Day Care 54 324 243 162
Threat Rating 3 4 3 2
Consequence Rating 9 9 9 9
Vulnerability Rating 2 9 9 9
FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38

 

Knowledge Review

Identify the top risks from this asset-threat/hazard pair that should receive measures to mitigate vulnerabilities and reduce risk.

Function Cyber Attack Armed Attack
(single gunman)
Vehicle Bomb CBR Attack
Housekeeping 12 64 32 36
Threat Rating 6 4 2 2
Consequence Rating 2 2 2 2
Vulnerability Rating 1 8 8 9
Day Care 36 486 324 162
Threat Rating 2 6 4 2
Consequence Rating 9 9 9 9
Vulnerability Rating 2 9 9 9
  1. Housekeeping – Armed Attack
  2. Day Care – Armed Attack
  3. Day Care – Vehicle Bomb
  4. Day Care – CBR Attack
  5. All of the above
  6. B and C only

Correct response: F

Correct response feedback: Great job! Items B and C are high risk because their totals are >176. Therefore, they are in greater need of mitigation. Although none of the responses are technically incorrect, it will be very difficult or impossible to mitigate all aspects of risk. It is best to focus on those with the highest totals.

 

Selecting Mitigation Measures

In every design and renovation project, the owner ultimately has three choices when addressing the risk posed by terrorism. He or she can:

  1. Do nothing and accept the risk (no cost)
  2. Perform a risk assessment and manage the risk by installing reasonable mitigation measures (some cost)
  3. Harden the building against all threats to achieve the least amount of risk (but at greatest cost)

 

Mitigation Measures

mitigation measure is an action, device, or system used to reduce risk by affecting a consequence, threat, or vulnerability.

Mitigation efforts can be conducted via:

  • Regulatory measures
  • Rehabilitation of existing structures
  • Protective and control structures

 

Mitigation Measures – Considerations

Mitigation measures can be evaluated against these parameters:
Political Support Technical Capacity
Community Acceptance Maintenance and Operations
Cost and Benefit Ease and Speed of Implementation
Financial Resources Timeframe and Urgency
Adversely Affected Population Short-Term and Long-Term Solutions
Adverse Effects on the Built Environment Estimated Cost
Environmental Impact

Higher risk hazards require mitigation measures to reduce risk. Mitigation measures are conceived by the design professional and are best incorporated into the building architecture, building systems, and operational parameters, with consideration for life-cycle costs.

There are many factors that impact what mitigation measures can be implemented at low, medium, and high levels of difficulty.

In some cases, mitigation measures to enhance security may be in conflict with other design intentions, building codes, planning board master plans, etc.

 

 

 

 

 

Achieving Building Security

The assessment process provides concepts for integrating land use planning, landscape architecture, site planning, and other strategies to mitigate the Design Basis Threats as identified in the risk assessment.

Integrating security measures into the design and/or maintenance of buildings presents the asset owner with multiple opportunities to achieve a balance among many objectives such as reducing risk, facilitating proper building function, giving attention to aesthetics and matching architecture, hardening physical structures beyond required building codes and standards, and maximizing use of non-structural systems.

The last point tries to illustrate that the balanced approach to building security tries not to place everything into hardening the structure to deny the consequences to the terrorist’s tactics. Thus, non-structural systems, especially in renovation projects, may provide a level of risk reduction comparable to structural hardening but can be implemented at a much reduced cost or at a more convenient time.

 

Cost-Benefit Analysis

Cost-benefit analysis involves comparing costs of a given protection solution to its perceived benefits. In many cases the cost is the initial cost of installation, although life-cycle costs or life-cycle analysis may be necessary in some situations. Some pertinent situations include:

  • If the benefits of all protection measures are similar, then the best solution is the least costly solution.
  • If the costs of all protection measures are similar, then the best solution is the one that provides the most benefits.
  • When costs and benefits vary, then a more in-depth cost-benefit comparison needs to be done. In some situations, the need for a more comprehensive life-cycle analysis is needed.

 

Life-Cycle Costs (LCC)

LCC requires cost analysis during the estimated life span of the protection solution. The main challenge is the accurate computation of difference costs, especially hidden or unexpected costs, during the life span of the asset. There are two limitations to LCC. It:

  • Considers only costs, and does not include benefit computations
  • Ignores the possibility that the life spans of the protection solutions can be different, although more rigorous LLC techniques can accommodate this difference

 

Process Review

  • Calculate the relative risk for each threat against each asset
  • Identify the high risk areas
  • Identify Mitigation Options to reduce the risk

To get the maximum benefit from limited resources, realize that certain mitigation measures can reduce risk for multiple, high-risk asset-threat/hazard pairs.

 

Knowledge Review

An LCC analysis is conducted for a building.

Based on the fact that it is an LCC analysis, which solution is most likely to be considered?

  1. Solution A – $6000.00 during the estimated life span of the protection solution
  2. Solution B – $11,000.00 during the estimated life span of the protection solution

Correct response: A

Correct response feedback: Yes! Solution A is correct because it costs the least during the life span of the protection. Remember, LCC considers only costs, and does include benefit computations.

 

Knowledge Review

How can mitigation measures be implemented?

  1. With regulatory measures
  2. By rehabilitation of existing structures
  3. Installation of protective and control structures
  4. All of the above

Correct response: A

Correct response feedback: Yes! All of the items are correct.

 

Knowledge Review

The goal of any effective building security measure should be to achieve security while balancing other objectives including facilitating proper building function, aesthetics and matching architecture, etc.

  1. True
  2. False

Correct response: A

Correct response feedback: Yes! The answer is True.

 

Summary

Now that you have completed this lesson, you should be able to:

  1. State what constitutes risk
  2. Provide a numerical rating for risk and justify the basis for the rating
  3. Evaluate risk using the Risk (Threat-Vulnerability) Matrix to capture assessment information
  4. Identify top risks for asset-threat/hazard pairs of interest that should receive measures to mitigate vulnerabilities and reduce risk

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 6 – Explosive Blast

Explosive Blast OverviewIn the previous lessons, we determined the various initial ratings during the assessment process.

In this lesson, we will examine how an explosive blast impacts buildings and people to better understand the design recommendations and mitigation options presented in later units.

This lesson will not turn you into a blast expert but it will give you basic tools to do a GO / NO GO initial screening to determine if everything is OK or additional blast analysis is needed.

Note: This lesson covers pages 4-1 to 4-20 in FEMA 426.

 

Lesson ObjectivesAt the completion of this lesson, students will be able to:

  1. Describe the basic physics involved during an explosive blast event, whether by terrorism or technological accident
  2. Describe the possible building damage and personnel injuries resulting from the blast effects upon a building
  3. Perform an initial prediction of blast loading and effects based upon incident pressure
  4. Predict loading, damage, and injury using range-to-effect chart and incident pressure chart

 

Blast Loading Factors

Explosive properties types – Is it a high explosive or low-order explosive?

Is it specifically designed for the purpose – military grade explosive (C4, landmine, etc.) — or a combination of generally available materials (ANFO, black powder)?

The energy output of explosives can be related by TNT (trinitrotoluene) equivalency. TNT equivalency is usually considered to be the relative pressure achieved by the explosive compared to what TNT can achieve. Aside from TNT equivalency, the larger the quantity of an explosive, the higher the pressures and the larger the impulse.

Note: Pressure TNT equivalency can generally range from 0.14 to 1.7. If the pressure TNT equivalency is above 1.0, this means the explosive achieves a higher pressure (pressure equivalency) than TNT.

Diagram depicting a hemispherical shock wave, ground shock, and stand-off and drag distances stemming from the center of an explosion. Photos of explosion.

Typical Incident Pressure Waveform

Understanding the pressure waveform provides better understanding of how the blast wave interacts with the building, providing a basic understanding of damage and protection.

The explosive detonation generates a bubble of air moving at supersonic speed from the bomb location. About one-third of the explosive material contributes to the detonation.

As the wave reaches a point in space, such as a person or building, the pressure goes rapidly from atmospheric to peak pressure in very little time. The pressure at this point decays rapidly as the supersonic bubble moves on, its pressure reducing exponentially as the surface area of the bubble increases, expending energy over an ever-increasing area. The pressure also drops off due to the completion of the chemical reaction of the explosive mixture (burning of the remaining two-thirds of the material). If the explosion occurs within a confined space, the gases generated by the burning of the explosive are contained and keep the pressure elevated over a longer period of time. [Indicate a longer tail off of the positive phase to illustrate the confined space variation.] Design is typically based on positive pressures.

The negative phase of the blast wave is the ambient air rushing in behind the blast wave to return to a stable pressure. Although the negative phase has much less energy than the positive phase, it can hit the structure at the most inopportune moment in its vibration, resulting in unexpected consequences — increased damage or having windows blow OUT of the building rather than into it.

 

Incident and Reflected Pressure

When the incident pressure wave impinges on a structure that is not parallel to the direction of the wave’s travel, it is reflected and reinforced. The reflected pressure is always greater than the incident pressure at the same distance from the explosion, and varies with the incident angle.

Additionally:

  • Blast energy is lost at a rate of volume increase in X, Y, and Z directions
  • Equivalent pressure occurs at Scaled Distance = Distance/(Net Explosive Weight, TNT equivalent) ⅓

Diagram showing the layers of Incident Pressure and Reflected Pressure (shaped like a dome) emanating from the explosion point. A building stands to the right of the incident site.

Reflected Pressure/Angle of Incidence

When the blast wave strikes an immovable surface, the wave reflects off the surface, resulting in an increase in pressure. This reflected pressure actually causes the damage to the building. A very high reflected pressure may punch a hole in a wall or cause a column to fail, while a low reflected pressure will try to push over the whole building.

The worst case is when the direction of travel for the blast wave is perpendicular to the surface of the structure and the incident pressure is very high. The Coefficient of Reflection can be greater than 12 for high incident pressures.

By keeping the incident pressure low (by limiting the size of the explosive, maintaining a large distance between the explosive and the building, or both), the reflected pressure can be kept low. Keeping the Coefficient of Reflection below 2.5 by keeping the peak incident pressure below 5 psi (pounds per square inch) is a desirable goal.

Chart graphically represents the Reflected Pressure versus Angle of Incidence in degrees. Vertical axis labeled Cr = Pr/Pi with a 5 part/2.5 incremented scale from 0 to 12.5. The horizontal axis is labeled Angle of Incidence, Degrees and the scale extends in 4 parts in 30 degree increments from 0 to 90. There are four lines on the graph. From highest initial Cr to lowest: at 5,000 psi; 500 psi; 100 psi; and 0.2 psi. There is also a key: 0° = Perpendicular to surface; 90° = Parallel to surface; Cr = Coefficient of reflection.

Typical Blast Impulse Waveform

Another consideration is the impulse of the blast wave, which is the integration of the peak incident pressure (both positive phase and negative phase) at the point in question over time.

A general rule of thumb:

  • Brittle materials (like glass) respond to peak incident pressure and are less affected by impulse. Thus a high order explosive with high incident pressure will easily damage glass.
  • Ductile materials (like most building structures), on the other hand, respond more to impulse (the total push) rather than peak incident pressure (the maximum hit). Thus, a low order explosive with a large impulse that pushes for a longer time will cause more damage to buildings.

Note: There is also a TNT equivalency based upon impulse that ranges from 0.5 to 1.8. If the impulse TNT equivalency is above 1.0, then the explosive has a longer push (impulse equivalency) than TNT.

Chart representation of the Typical Incident Pressure Waveform and the Impulse Waveform. The vertical axis shows the atmospheric pressure, from negative up to positive, and the horizontal axis reveals the time elapsed, from arrival of the blast to its dissipation. A dotted line shows the path of the Pressure Waveform across time, beginning with the initial spike of Peak Incident Pressure during the Positive Pressure Phase then dropping into the Negative Pressure Phase before becoming neutral again. The Impulse Waveform is represented by a solid line, and occurs entirely in the Positive Pressure phase. It peaks right after the Pressure Wave form does, and just as the Pressure Waveform is about to reach its lowest point.

Blast Loading Factors

  • Stand-off distance: The larger the distance between the explosive and the structure, the lower the incident pressure and the lower the resultant reflected pressure
  • Reflections: Consider the ground as a reflection surface – the closer the explosive is to the ground, the smaller the addition of incident pressure, and the farther away it is, the greater the addition of incident pressure is
  • Reflection angle: The reflection angle at which the blast wave strikes the structure affects the value of reflected pressure
  • Worst case scenario: Identify the worst case scenario by finding the shortest possible stand-off distance and considering the angle of reflection

 

Knowledge Review

Brittle materials like glass are affected by:

  1. Impulse (the total push)
  2. Peak incident pressure (the maximum hit)
  3. Both A and B

Correct response: B

Correct response feedback: Yes! Brittle materials like glass respond to peak incident pressure and are less affected by impulse. Thus a high order explosive with high incident pressure will easily damage glass.

Ductile materials (like most building structures), on the other hand, respond more to impulse (the total push) rather than peak incident pressure (the maximum hit). Thus, a low order explosive with a large impulse that pushes for a longer time will cause more damage to buildings.

 

Blast Compared to Natural Hazards

Higher Incident Pressure and Relatively Low Impulse

There are a number of similarities between blast loading and building response in comparison to building response from earthquake, flood, or wind loading, but there are also significant differences.

  • Blast loads are high amplitude, low duration (milliseconds) events that create an air pressure wave that acts over the entire building envelope. They have relatively low impulse whether high or low order compared to natural hazards.
  • Earthquake loads are usually low amplitude, high energy, long duration (seconds) events that are transferred through the foundation.
  • Flood loading has high energy, relatively high amplitude, and very long duration loading (minutes) that impacts everything in its path with increased reflected pressures and extensive damage. The higher the velocity of the flood waters coupled with the increased mass of water results in extensive damage.
  • High winds are dynamic and typically affect the envelope, but are of low amplitude compared to blast. However, they push for a very long time (in the range of seconds or longer) and thus have very large impulse. For example, a 200 mph hurricane generates only 0.8 psi, but with very large impulse. (Note: Wind gusts are rated for a three-second duration minimum, but sustained winds can push for minutes.)

 

Blast Compared to Natural Hazards (continued)

Explosives: Low to High

Explosives are identified as follows:

  • Low explosive (or combustion explosive) – Sustained combustion, usually of gases or fine dust — natural gas, gasoline, flour, coal dust.
  • Medium explosive (or low-order velocity explosive) – Deflagration (subsonic [slower than speed of sound] combustion propagating through the explosive material by hot burning material heating next layer of cold material and igniting it) — contained black powder, smokeless powder, propellants, pyrotechnics.Low and medium explosives have burning velocities of less than 3,300 feet per second and generate a subsonic explosion without an overpressure wave. Note that the speed of sound at 77°F is 1,137.3 feet per second.
  • High explosive (or high-order velocity explosive) – Detonation (supersonic [faster than the speed of sound] combustion in which a shock wave compresses the material, thus increasing the temperature to the point of ignition — C-4, TNT, ANFO (ammonium nitrate – fuel oil).High explosives burn at speeds above 3,300 feet per second and generate a supersonic explosion with a blast wave. C4 burn rate — 26,000 feet per second; ANFO burn rate — 8,000 feet per second.

 

Blast Compared to Natural Hazards (continued)

Explosive blast tends to cause localized damage compared to other hazards that may destroy the whole building.

  • The first building surface struck will get the greatest pressures, and expect it to receive the greatest damage. The blast may break a building component by punching through it (window or wall) or shearing it (column).
  • The other side of the building, due to its greater distance from the explosion, will see lower pressures, unless there are nearby buildings that will reflect the blast wave back to the building in question.
  • Reflections can increase damage to the building, but are hard to quantify.
  • Greater mass has usually been the design of choice to protect against explosive blast. The inertia of the mass slows the structural reactions to the point that the impulse is over before the building tends to move.
  • Conversely, additional mass is usually undesirable during an earthquake due to the long duration, low frequency forces that can get the mass moving. Earthquake design usually concentrates on lighter structures with great ductility and additional reinforcement at weak points.

Note: Options for mitigating many explosive blast vulnerabilities for seismic and hurricane retrofit include moment connections, elimination of progressive collapse, laminated glass, and strengthened architectural elements.

 

Knowledge Review

There are no real differences between blast loading and building response in comparison to building response from earthquake, flood, or wind loading. Meaning, you would prepare/mitigate for blasts exactly the same way you would for natural hazards.

  1. True
  2. False

Correct response: B

Correct response feedback: Great job! There are a number of similarities between blast loading and building response in comparison to building response from earthquake, flood, or wind loading, but there are also significant differences.

 

Factors Contributing to Building Damage

As in standard building design, this manual uses approaches with safety factors inlcuding:

  • The amount of explosive usually expressed as TNT equivalent weight
  • The stand-off distance between the explosive and the building or person
  • Assumptions about building characteristics – the exterior envelope construction (walls and windows) and the framing or load-bearing system used
  • The building characteristics that provide insight into weaknesses and allow general predictions about how the building will respond

 

Types of Building Damage

Types of building damage may include:

  • Direct air blast:
    • Component failure
    • Additional damage after breaching
  • Collapse:
    • Localized
    • Progressive

 

Types of Building Damage

Direct Air Blast

Direct air blast, especially from close-in explosions, results in component failure of walls, windows, columns, and beams/girders.

The pressures experienced by the building can far exceed the building’s original design and can occur in directions that were not part of the original design.

Once the exterior envelope is breached, the blast wave causes additional structural and non-structural damage inside the building.

 

Types of Building Damage

Collapse

Collapse, which is covered in more detail in Chapter 3 of FEMA 426, is a primary cause of death and injury in an explosive blast.

Localized collapse may have a load-bearing wall, or portion thereof, on one side of the building fall to the ground, or a single column fail with the surrounding floors falling with it.

Progressive collapse is more disastrous as a single component failure, like a wall or column, results in the failure of more walls and columns so that more of the building falls to the ground than the area initially affected.

 

Blast Pressure Effects

The air blast strikes the exterior wall, and the weakest component will fail first — usually the windows, which saves the walls and columns but causes much non-structural damage inside the building.

Unreinforced masonry walls can be weaker than windows, especially if they are non-load bearing. If the explosive is close enough, the walls can breach, and one or more columns can fail in addition to the windows.

Based upon the reflection angle, one can expect the lowest or lower floors (1 to 3) to receive the greatest damage.

If the blast wave strikes the whole surface of the exposed side simultaneously, this is called a laminar situation, and breaching (puncture) of walls and failure of columns is less likely. This is what is sought by achieving a large stand-off distance.

Diagram depicting how a blast wave hits the side of a building. Blast wave breaks windows; exterior walls blown in; columns may be damaged.

Blast Pressure Effects (continued)

Once the blast wave enters the building, it is trapped and more air enters the building, further increasing the pressure. Structural components like flooring and shear walls now are moving in directions for which they were not designed.

Floor failure can result in three effects:

  1. Concrete chunks raining down, causing injury and possibly death
  2. Whole floor gives way and pancakes downward with obviously more serious consequences
  3. If flat slab construction is present (thickened floors act as beams in the framing system), the floors can disconnect from the columns, resulting in floor AND column failure

Diagram depicting how a blast wave affects building. Blast wave enters and forces floors upward, depicted by arrows pointing up.

Blast Pressure Effects (continued)

The blast wave continues to engulf the building. Any building component that traps the blast wave, like an overhanging roof, can expect increased damage, based upon how it is constructed and attached.

The roof and sides parallel to the blast wave movement will see incident pressure only, which should result in little or no damage.

Once the blast wave has passed the building, the far side (opposite the side first experiencing the blast wave) will see increased pressure as a slight vacuum forms and the ambient air rushes back in to achieve equilibrium. Reflections of the blast wave off other buildings behind this one can also increase the pressure impinging the far side.

Diagram depicting how a blast wave surrounds the building. There is downward pressure on the roof and inward pressure on all sides depicted by a set arrows pointing down on top of the building and arrows point left on the right side of the building.

Common Blast Injuries and Causes

Injuries and casualties occur in three ways during explosive blast by:

  • Overpressure:
    • Eardrum rupture
    • Lung collapse/failure
  • Blast wave:
    • Blunt trauma
    • Lacerations
    • Impalement

 

Common Blast Injuries and Causes

Overpressure

Overpressure causes eardrum rupture first, which is normally not lethal.

It can also overdrive the lungs, causing injury or death. The relationship between pressure and impulse is very evident in lung response. An incident pressure of 102 psi for three milliseconds is the threshold of lethality as is an incident pressure of 23 psi for 18.5 milliseconds.

 

Common Blast Injuries and Causes

Blast Wave

Blunt trauma, lacerations, and impalement injuries occur when the blast wave picks up the person and throws them against a surface or object (translation), or glass and wall fragments cause lacerations or blunt trauma on impact. In relative distance terms, death by translation occurs at a greater distance for the same bomb size than death by lung overpressure.

 

Common Blast Injuries and Causes (continued)

Fragmentation from any source can result in blunt trauma, impact, and penetration, or laceration injuries. These fragments can come from around the bomb or from parts of the vehicle and can be picked up either intact or damaged by the blast wave as it travels along.

Building component failure also causes material fragments with sufficient velocity to injure or kill.

Note: Upward of 80 percent of all injuries from explosive blast can be attributed to lacerations caused by broken glass. The most effective way to reduce injuries during explosive blast is to harden the glass and window frame system and/or reduce the amount of glass.

 

Murrah Federal Building

The Murrah Federal Building is typical of many commercial properties in the current inventory. The bomb was designed as a shape charge and detonated in the drop-off area, destroying two primary columns and causing the spandrel beam to rotate. The floors above failed in progressive collapse and the blast wave penetrated deeply into the interior.

 

Murrah Federal Building (continued)

Diagram of interior of the Murrah Building. Icons of people representing injuries including: Died; Admitted to Hospital; Treated and Released; Not Injured; Treated by Private Physician.The majority of deaths were caused by the collapsing structure.

 

 

 

 

 

 

 

 

 

 

 

Levels of Protection

The Department of Defense (DoD) and the General Services Administration (GSA)/Interagency Security Committee (ISC) call out similar levels of protection that relate building damage and potential injury. This screen and the next summarize these perspectives in regard to the conventional construction found in most buildings.

CONVENTIONAL CONSTRUCTION INCIDENT OVERPRESSURE
Level of Protection Potential Structural Damage Potential Door and Glazing Hazards Potential Injury
Below AT standards Severe damage. Progressive collapse likely. Space in and around damaged area will be unusable. Doors and windows will fail catastrophically and result in lethal hazards. (High hazard rating) GSA 5 Majority of personnel in collapse region suffer fatalities. Potential fatalities outside collapsed area likely.
Very Low
psi = 3.5
Heavy damage – Onset of structural collapse, but progressive collapse is unlikely. Space in and around damaged area will be unusable. Glazing will fracture, come out of the frame, and is likely to be propelled into the building, with the potential to cause serious injuries. (Low hazard rating) GSA 4 Doors may be propelled into rooms, presenting serious hazards. Majority of personnel in damaged area suffer serious injuries with a potential for fatalities. Personnel in areas outside damaged area will experience minor to moderate injuries.
FEMA 426, Adapted from Table 4-1: DoD Minimum Antiterrorism Standards
for New Buildings, p. 4-9

 

Levels of Protection (continued)

When greater protection resulting in less damage and injury is desired, the pressures must be kept low for conventional construction.

Alternately, the building must be hardened to achieve these lower levels of damage and resultant injury. This is especially necessary when the incident pressure is higher due to the Design Basis Threat explosive quantity being at a closer stand-off distance than conventional construction can handle.

CONVENTIONAL CONSTRUCTION INCIDENT OVERPRESSURE
Level of Protection Potential Structural Damage Potential Door and Glazing Hazards Potential Injury
Very Low
psi = 2.3
Moderate damage – Building damage will not be economically repairable. Progressive collapse will not occur. Space in and around damaged area will be unusable. Glazing will fracture, potentially come out of frame, but at a reduced velocity, does not present significant injury hazard. (Very low hazard rating) GSA 3a Doors may fail, but will rebound out of frames, presenting minimal hazards. Majority of personnel in damaged area suffer minor to moderate injuries with potential for a few serious injuries, but fatalities unlikely. Personnel in areas outside damaged areas will potentially experience minor to moderate injuries.
Medium
psi = 1.8
Minor damage – Building damage will be economically repairable. Space in and around damaged area can be used and will be fully functional after cleanup and repairs. Glazing will fracture, remain in the frame and results in a minimal hazard consisting of glass dust and slivers. (Minimal hazard rating) GSA 2 Doors will stay in frames, but will not be reusable. Personnel in damaged area potentially suffer minor to moderate injuries, but fatalities are unlikely. Personnel in areas outside damaged areas will potentially experience superficial injuries.
High
psi = 1.1
Minimal damage. No permanent deformations. The facility will be immediately operable. Glazing will not break. (No hazard rating) GSA1 Doors will be reusable. Only superficial injuries are likely.
FEMA 426, Adapted from Table 4-1: DoD Minimum Antiterrorism Standards
for New Buildings, p. 4-9

 

Knowledge Review

What is the potential injury impact for a very low level of protection?

  1. Majority of personnel in collapse region suffer fatalities. Potential fatalities outside collapsed area likely.
  2. Majority of personnel in damaged area suffer serious injuries with a potential for fatalities. Personnel in areas outside damaged area will experience minor to moderate injuries.
  3. Majority of personnel in damaged area suffer minor to moderate injuries with potential for a few serious injuries, but fatalities unlikely.
  4. Personnel in damaged area potentially suffer minor to moderate injuries, but fatalities are unlikely.

Correct response: C

Correct response feedback: Well done! Minor to moderate injuries with potential for a few serious injuries, but fatalities unlikely is the correct response.

In addition, Personnel in areas outside damaged areas will potentially experience minor to moderate injuries.

 

Nominal Range-to-Effect Chart

The Nominal Range-to-Effect Chart is a handy way to represent the stand-off distance at which a given bomb size produces a given effect.

If you are below the curve for the given effect, that effect has the potential to occur. The further below the curve, the more likely it will happen and the greater the expected damage.

Conversely, an intersection point between range or stand-off distance and weapon yield or bomb size in TNT equivalent weight that is above the curve for the given effect indicates that there is a good chance that that effect will not occur. However, many variables can alter these curves, such as reflections, resulting in damage at a point above the curve.

Nominal Range-to-Effect Chart, with the vertical axis labeled Minimum Stand-off (ft), extending from 10 to 10,000, and the bottom horizontal axis labeled Weapon Yield (lbs-TNT), extending from 10 to 100,000. The top horizontal axis shows the corresponding vehicle for the explosion: Luggage, Automobiles, Vans, and Trucks. The lines graphed on the chart are as follows: Solid (top middled of image) = Glass - Minor Cuts; Dashes (top middle of image) = Glass - Sever Wounds; Dots (middle of image) = Glass with Fragment Retention Film - Severe Wounds; Solid (middle of image) = Threshold Injuries - Open or Buildings; Dashes (middle of image) = Potentially Lethal Injuries; Dots (bottom middle of image) = Threshold, Concrete Columns Fall; Wide Baar = Wall Fragment Injuries or Injuries to Personnel in Open.

Nominal Range-to-Effect Chart (continued)

The chart concentrates on the two prominent concerns during explosive blast — glass injury and progressive building collapse. In most, but not all, cases, the glass is the weakest component of the building envelope. Conversely, the columns, whether concrete or steel, are usually the strongest components of the building envelope. (A workable rule of thumb is that steel columns require about twice the stand-off distance compared to concrete columns for the same weapon yield.)

Note: The desirable location on the Nominal Range-to-Effect Chart is the upper left, where the security measures will only allow small weapon yields and stand-off is great (above the uppermost curve, indicating that even if the bomb goes off, the stand-off reduces the blast loading to the point that little damage occurs).

Nominal Range-to-Effect Chart, with the vertical axis labeled Minimum Stand-off (ft), extending from 10 to 10,000, and the bottom horizontal axis labeled Weapon Yield (lbs-TNT), extending from 10 to 100,000. The top horizontal axis shows the corresponding vehicle for the explosion: Luggage, Automobiles, Vans, and Trucks. The lines graphed on the chart are as follows: Solid (top middled of image) = Glass - Minor Cuts; Dashes (top middle of image) = Glass - Sever Wounds; Dots (middle of image) = Glass with Fragment Retention Film - Severe Wounds; Solid (middle of image) = Threshold Injuries - Open or Buildings; Dashes (middle of image) = Potentially Lethal Injuries; Dots (bottom middle of image) = Threshold, Concrete Columns Fall; Wide Baar = Wall Fragment Injuries or Injuries to Personnel in Open.

Nominal Range-to-Effect Chart (continued)

Take a look at the Nominal Range-to-Effect Chart.

What stand-off distance for a 300-pound (TNT-equivalent) bomb is needed to just exceed the threshold of concrete column failure?

Answer – According to the Nominal Range-to-Effect Chart, the stand-off distance for a 300-pound (TNT-equivalent) bomb that is needed to just exceed the threshold of concrete column failure is approximately 25 feet.

Nominal Range-to-Effect Chart, with the vertical axis labeled Minimum Stand-off (ft), extending from 10 to 10,000, and the bottom horizontal axis labeled Weapon Yield (lbs-TNT), extending from 10 to 100,000. The top horizontal axis shows the corresponding vehicle for the explosion: Luggage, Automobiles, Vans, and Trucks. The lines graphed on the chart are as follows: Solid (top middled of image) = Glass - Minor Cuts; Dashes (top middle of image) = Glass - Sever Wounds; Dots (middle of image) = Glass with Fragment Retention Film - Severe Wounds; Solid (middle of image) = Threshold Injuries - Open or Buildings; Dashes (middle of image) = Potentially Lethal Injuries; Dots (bottom middle of image) = Threshold, Concrete Columns Fall; Wide Baar = Wall Fragment Injuries or Injuries to Personnel in Open. At the bottom left there are two arrows, one pointing up to a second arrow that is pointing left, labeled 25 feet, representing the stand-off distance needed for a 300-pound (TNT-equivalent) bomb to just exceed the threshold of concrete column failure.

Comparison of Stand-off

The Murrah Federal Building and Khobar Towers vividly illustrate the response of a building to a blast event. The Murrah Federal Building had less than 20 feet of stand-off and was not designed to prevent progressive collapse. Khobar Towers was designed using British code to prevent progressive collapse and had approximately 80 feet of stand-off distance. Notice the size of the weapons. The Murrah Federal Building was unsalvageable and demolished, while Khobar Towers only lost the front façade and was restored and placed back into service.

The Murrah Federal Building was unsalvageable and demolished, while Khobar Towers only lost the front façade and was restored and placed back into service.

Murrah Federal Building
Murrah Federal Building after it was destroyed by a vehicle bomb.

  • YIELD (≈TNT Equiv.) = 4,000 lb.
  • Reflected PRESSURE = 9,600 psi.
  • Stand-off = 15 feet
  • 166 killed
Khobar Towers
Khobar Towers after it was damaged by a vehicle bomb.

  • YIELD (≈TNT Equiv.) = 20,000 lb.
  • Reflected PRESSURE = 800 psi.
  • Stand-off = 80 feet
  • 19 killed

 

Vulnerability Radii

Graphically portraying the information from the Nominal Range-to-Effect Chart can be done in two ways. As shown in this screen, vulnerability radii indicate how far a given type of damage will extend from a bomb location for a given weapon yield. This is for the characteristics of the building of interest for which the blast analysis was performed.

  • The rings indicate where that level of damage starts, and whatever is inside the ring will experience that damage.
  • The expected damage increases as you move from the ring to the explosion.
  • Hardening and other mitigation measures can be compared using this representation (for example, existing glass, glass with fragment-retention film installed, or upgraded glass).

This representation works well when showing the effects of different bomb locations and the extent of the building affected by that bomb.

Map depicting the blast analysis of a truck bomb. Three expanding rings surround blast area approximately 1,000 feet in diameter. Inner Ring = Structural Damage; Middle Ring = Probably Lethal Injuries; Outer Ring = Sever Injuries from Glass.

Iso-Damage Contours

Alternately, the nominal range-to-effect information can be graphically represented as iso-damage contours. For a given weapon yield against a building of known construction, the contour indicates how far the bomb or vehicle must be kept away to prevent the damage indicated in this screen.

The intent here is to focus on the required stand-off distance to prevent or reduce the weapon effect portrayed by the contour. Thus, to prevent structural collapse, vehicle parking should be eliminated or tightly restricted inside the black contour. Likewise, to prevent lethal glass injury, the vehicle parking should be outside the red contour.

Map depicting Iso-Damage Contours. Three expanding rings surround building. Inner Ring = Stand-off required to prevent collapse; Middle Ring = Stand-off required to prevent lethal wall damage; Outer Ring = Stand-off required to prevent lethal glass injury.

Cost Versus Stand-off

Graph depicting Incremental Cost of Protection (vertical axis) versus the Stand-off, in feet (horizontal axis). Seven lines are graphed for: Total Protection Cost (hardening + land + perimeter); Cost of hardening; Frame; Windows and walls; Progressive collapse; Other, mailroom, loading dock, lobby; Cost of land + perimeter protection. A second horizontal axis below the graph shows that Risk is inversely related to Stand-off, increasing from right to left.Total Protection Cost (solid purple curve on map):

As in any design for new construction or renovation, there are trade-offs that must be considered. Although increasing the distance between the closest approaches of a vehicle bomb to the building is highly desirable, it is not without a cost.

The increased distance means more land is needed, which may require considerable time and expense to acquire. The increased land also means a larger perimeter boundary that then requires more perimeter fencing, landscaping, vehicle barriers, lighting, closed-circuit television, etc. Thus, while the increased stand-off allows a less expensive building to be constructed, there are other costs that must be considered in the overall project.

Cost of Hardening (solid orange curve on map):

Where stand-off distance cannot be increased, building hardening is usually necessary to achieve the same level of protection against the Design Basis Threat weapon yield. As the stand-off distance decreases, the cost of hardening significantly increases because the building must now withstand damage that it would not experience at higher stand-off.

This screen indicates that window and wall hardening costs are constant until the stand-off distance is significant. I would disagree, except that this graph does follow GSA criteria, and windows and walls must meet a set standard no matter what the stand-off. However, to meet a desired Level of Protection for a given Design Basis Threat, it is more likely that the window and wall curve hardening would look more like the frame hardening curve, at least below the stand-off limit.

This cost of hardening is especially true for frame hardening (building structure) to prevent progressive collapse. Note that progressive collapse costs are constant across all stand-off distances as these costs are threat INDEPENDENT, but frame hardening costs significantly increase as stand-off distance decreases.

Finally the cost of hardening mailroom, loading dock, lobby, and other is consistent no matter what the stand-off as these would be based primarily on an internal Design Basis Threat explosion. External explosions would be covered by the curves above for the building envelope.

 

Blast Load Predictions

The first step in designing a building for explosive blast is to understand the pressures and impulses the building may experience during the potential blast event.

  • If reflections are a concern, then high-level software, such as Computational Fluid Dynamics (CFD), may be in order.
  • Defense Threat Reduction Agency software (not CFD) – Vulnerability Assessment and Protection Option (VAPO) can handle reflections, but modeling takes much longer than simpler models and reflection analysis takes hours of computation time on a laptop.
  • As a first effort, simpler software, such as ATBLAST and CONWEP, can give a prediction of incident blast loading values and a prediction for reflected pressure and impulse using simplifying assumptions.

Pressure versus distance (Figure 4-10 in FEMA 426, page 4-17) is another method for predicting the incident pressure as shown in the next screen.

 

Blast Load Predictions

Pressure versus Distance

This chart breaks the blast load estimate into the essential elements of weapon yield or explosive weight in TNT equivalent on the x-axis and stand-off distance on the y-axis to give an incident pressure value that a building can experience.

Note that the x-axis is logarithmic and the y-axis is linear. If both axes were logarithmic as used on the range-to-effect chart presented earlier, the curves of this chart would be straight lines. In other words, on a log-log scale of explosive weight and stand-off distance, a straight line indicates a pressure relationship (not impulse).

Note: Just like the Range-to-Effect Chart, this graph is provided to allow an initial screening of a facility to determine if explosive blast is a problem and whether or not additional analysis is required.

What stand-off distance is required for a 300-pound bomb to keep the incident pressure at 1.0 psi or lower?

Answer – According to the chart, the stand-off distance required to keep the incident pressure at 1.0 psi or lower for a 300-pound bomb is approximately 250 feet.

 

Blast Load Predictions

Blast Damage Estimates

Whereas normal design usually uses constant loading and linear response, blast loading is very dynamic, as you have seen, and damage of building components enters its nonlinear material range prior to failure.

SDOF (Single Degree of Freedom) software allows initial simplified dynamic analysis.

Conversely, higher level modeling may result in reduced construction costs due to a better understanding of how the building components will respond during a blast for the given site, layout, and building design parameters selected. This is balanced by the additional cost of the higher level modeling.

 

Blast Load Predictions

Blast Damage Estimates (continued)

On this screen, you see damage approximations for different types of damage and a range of incident pressures at which this damage is expected to occur.

Keep in mind that, logically, higher pressure results in greater damage, and the range of incident pressure indicates the construction variation that may be found.

Note: A quick screening of the previous incident pressure chart allows an assessor or manager to have an initial understanding of the vulnerability of a facility to explosive blast.

Damage Incident Pressure (psi)
Typical window glass breakage (1) 0.15 – 0.22
Minor damage to some buildings (1) 0.5 – 1.1
Panels of sheet metal buckled (1) 1.1 – 1.8
Failure of unreinforced concrete blocks walls (1) 1.8 – 2.9
Collapse of wood frame buildings (2) Over 5.0
Serious damage to steel framed buildings (1) 4 – 7
Severe damage to reinforced concrete structures (1) 6 – 9
Probable total destruction of most buildings (1) 10 – 12
From Explosive Shocks in Air, Kinney & Graham, 1985;
Facility Damage and Personal Injury From Explosive Blast,
Montgomery & Ward, 1993; and
The Effects of Nuclear Weapons, 3rd Edition,
Glasstone & Dolan, 1977
Level of Protection Incident Pressure (psi)
High 1.2
Medium 1.9
Low 2.3
Very Low 3.5
Below AT Standards >3.5

 

Manchester Bombing Video

General points about the video (explosion is heard at 1 minute and 16 seconds):

  • The truck was parked at about 9:20am, and the bomb exploded just under two hours later. The blast was audible over 8 miles away.
  • The Irish Republican Army gave advance notification at about 1 hour prior to detonation to newspapers, radio stations, and at least one hospital.
  • The police began clearing the street 40 minutes before the blast, but people still walk past the suspected truck at 17 minutes prior to the explosion.
  • British Telecom has a special terrorist pager that identifies location and time in order to notify building occupants of the situation and direct evacuation routes.
  • This is the High Street of Manchester — the center of the city’s business district at 10 am on a Saturday morning just before Father’s Day.
  • Note that the High Street of many British cities are well-covered by CCTV.
  • The double line on the street by the curb means no parking, thus making the truck suspicious, as nothing was being off-loaded or on-loaded.
  • A robot was sent in to identify the bomb and possibly disarm it, but without success.
  • Bomb goes off with a great noise, then the explosion is shown in slow motion – note the 1/3 of the explosive providing the supersonic shock wave followed by the 2/3 of the explosive adding to the blast wave but also supporting the fireball through the conflagration (burning).
  • Note the amount of debris, that NO buildings collapsed, that SOME walls remained intact, that ALMOST ALL glass was shattered, with damage being reduced the further the building was from the bomb.
  • Note that the postal box that looks like a single heavy bollard survived the blast and has a commemorative plaque installed.
  • Prior to the bombing, the Manchester High Street was quickly going down-hill, but after the bombing there was a big influx of investment, and after four years of reconstruction the High Street is now among the best in Great Britain.
  • The bomb was reported to be 3,300 pounds but not stated as either actual weight or TNT equivalent. The bomb smashed almost every window in a half-mile radius.
  • A third-party source states that it was an ammonium nitrate-sugar bomb that the IRA is very adept at making and has a weight of 3,000 pounds actual with a TNT equivalency about equal to 1.0.
  • Even with the advance notification, Manchester’s ambulance services counted 206 injured people (NO DEATHS). Most injuries were sustained from falling glass and building debris. In the immediately ensuing chaos, ambulances and private cars were used to shuttle victims to local and regional hospitals.
  • The majority (129, 62 percent) of victims sustained minor injuries from flying glass. A significant number of victims (36, 18 percent) presented with emotional distress or medical problems. A wide age range of victims was involved. Few victims (19, 9 percent) required admission to hospital. There were no deaths and no victims sustained major trauma.

 

Knowledge Review

The requirements in this unit’s activity are intended to provide a check on learning about explosive blast.

 

Knowledge Review 1

Which of the following is characterized by an almost instantaneous rise from atmospheric pressure to peak overpressure?

  1. Incident pressure
  2. Reflective pressure

Correct response: A

Correct response feedback: You got it! The answer is incident pressure.

Remember, pressure is reflective when it impinges on a structure that is not parallel to the direction of the wave’s travel. The pressure wave is reflected and reinforced.

 

Knowledge Review 2

Refer to this chart to answer the following question:

What is the minimum stand-off distance from explosion of a 100-pound (TNT equiv.) bomb that should ensure that severe wounds from glass (without fragment retention film) will not occur?

  1. 50 feet
  2. 120 feet
  3. 200 feet
  4. 270 feet

Correct response: D

Correct response feedback: Excellent! The minimum stand-off distance should be 270 feet.

 

Knowledge Review 2a

Refer to this chart to answer the following question:

What damage will be sustained at 400 feet from a 5,000-pound (TNT equiv.) explosion?

    1. Wall fragment injuries or injuries to personnel in the open and all curves above that point
    2. Glass injuries ranging from minor cuts to severe wounds, with or without fragment retention film
    3. Potential lethal injuries

All of the above

  1. A and B only

Correct response: E

Correct response feedback: Well done! A and B are correct.

 

Knowledge Review 3

Refer to this chart to answer the following question:

What is the minimum stand-off required to limit the incident pressure to under 0.5 psi for a 100-pound (TNT equiv.) bomb?

  1. Approximately 225 feet
  2. Approximately 275 feet
  3. Approximately 325 feet
  4. Approximately 375 feet

Correct response: C

Correct response feedback: Alright! The minimum stand-off required is approximately 325 feet.

 

Knowledge Review 3a

Refer to this chart to answer the following question:

An approximate 0.75 psi incident pressure would be expected at 500 feet from a 500-pound (TNT equiv.) bomb. The approximate damage would be minor damage to some buildings or severe wounds from broken glass.

  1. True
  2. False

Correct response: A

Correct response feedback: Very good! The answer is true.

 

Summary

Now that you have completed this lesson, you should be able to:

  1. Describe the basic physics involved during an explosive blast event, whether by terrorism or technological accident
  2. Describe the possible building damage and personnel injuries resulting from the blast effects upon a building
  3. Perform an initial prediction of blast loading and effects based upon incident pressure
  4. Predict loading, damage, and injury using range-to-effect chart and incident pressure chart

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 7 – CBR Measures

CBR Measures OverviewIn this lesson, CBR protective measures and actions to safeguard the functioning of a COOP site from CBR threats are presented. This lesson is based largely on CDC/NIOSH and DoD guidance.

 

Lesson ObjectivesAt the completion of this lesson, students will be able to:

  1. State the impact of CBR threats on the COOP site
  2. Identify the general forms of CBR threats
  3. Identify the methods of CBR detection
  4. Identify four possible protective actions
  5. Describe the techniques of decontamination

 

CBR Terrorist Incidents 2000-2007

In the past 30 years, over 230 CBR attacks have occurred.

On left — timeline illustration: CBR Terrorist Incidents 2000-2007; Top right — chart shows totals of Incidents, Killed, and Injured. 2000s - Incidents 61, Killed 267, and Injured 766; 1990s - Incidents 108, Killed 446, and Injured 7151; 1980s - Incidents 33, Killed 25, and Injured 994; 1970s - Incidents 28, Killed 10, and Injured 8; Bottom right - image: shows Injured people being helped during an incident.2007 Iraq, chlorine 41 dead, 549 injured – Multiple chlorine attacks in Iraq. Suicide bombers detonated trucks loaded with explosives and chlorine gas at checkpoints in Anbar Province, Iraq.

2005 U.S., anthrax – In related incidents, trace amounts of anthrax were discovered at a mail facility at the Pentagon in Arlington, Va. No casualties or property damage resulted from this incident, although 100 individuals, mainly Government contractors, were given antibiotics as a precautionary measure after biological hazard sensors were set off at approximately 10:30 am local time. No group claimed responsibility for this incident.

2004 U.S., ricin – The office of Senate Majority Leader Bill Frist in Washington, D.C., received an envelope filled with ricin from an unknown individual. No injuries were reported in the incident.

2003 Belgium, phenarsazine chloride; 20 injured – 20 people became ill at the U.S. Embassy in Brussels, Belgium, after handling letters that contained phenarsazine chloride and hydrazine.

2003 Italy, ammonia; 50 injured – 50 people were hurt when ammonia was reportedly injected into bottle drinks in Italy.

2002 Zimbabwe, pesticides; 7 dead, 47 injured – 7 individuals from Johanne Marange Apolistic Church members were killed when they drank tea spiked with pesticides in Nyazura, Zimbabwe. In addition, 47 other people became ill in the attack.

2001 U.S., anthrax; 7 dead, 22 injured – In one of several anthrax-related incidents, the office of Sen. Tom Daschle was the target of an anthrax attack in which 28 people were exposed. The letter containing anthrax was postmarked in Trenton, N.J., on October 9 and was opened on October 15. Two Washington-area postal workers later died on October 21 and October 23 from anthrax that appeared to be connected to the Daschle letter. Dr. Bruce E. Ivins, a scientist at Fort Detrick, Md. was suspected by the FBI for this crime in mid-2008; however, he committed suicide and the case never went to trial.

2000 Canada, arsenic; 27 injured – 27 students at Laval University in Quebec City were injured from drinking coffee tainted with an arsenic.

2000 Uganda, poison; 200 dead – Followers of the Movement for the Restoration of the Ten Commandments of God were killed when they drank tea tainted with an unknown chemical. The attack killed 200 followers in the Kasese District of Uganda.

 

Why Would Terrorists Use CBR?

CBR is used because:

  • Is available and relatively easy to manufacture
  • Can be used in small amounts in an enclosed space
  • Spreads easily over large areas
  • Has the potential for mass casualties
  • Has a strong psychological impact
  • Overwhelms resources:
    • Hospitals
    • Emergency response
    • Transportation
  • Difficult to recognize (contagious or spread by victims)

Example of a CBR incident – 1995 Tokyo Sarin Attack:

  • 13 dead
  • 700 sarin casualties
  • >1000 symptomatic
  • >6000 people sought medical care
  • Tokyo General Hospital treated more than 2,500

 

CBR Sources

There are many potential sources of chemical and biological agents, including:

  • Laboratories
  • Commercial facilities
  • Home production (via Internet)
  • Industrial facilities
  • Foreign military sources
  • Medical/university research facilities
  • Nuclear facilities

The next series of screens will examine in more detail the properties of chemical and biological agents, with implications for building design.

 

Foreign Military CBR Capabilities

About 25 countries, according to various U.S. Government sources, are suspected of having CBR weapons programs or stockpiles.

No nation publicly acknowledges either an offensive biological weapons (BW) program or stockpile. China, Cuba, Egypt, Iran, Israel, North Korea, Russia, Syria, and Taiwan are suspected to have a BW program in some capacity.

Five states are considered nuclear weapon states: China, France, Russia, the United Kingdom, and the United States. Four states — India, Israel, Pakistan, and North Korea — have nuclear weapons. Four states are known to sponsor terrorism: Cuba, Iran, Sudan, and Syria.

According to the CIA, about one dozen terrorist groups have sought CW, BW, and nuclear material or expressed interest in them; several countries with CW and BW capabilities have sponsored terrorists.

Note: In the table below, NWS refers to declared nuclear weapons state.

  Nuclear Weapons Biological Weapons Chemical Weapons
China NWS Likely Suspected
Egypt Ended R&D Likely
France NWS Ended Ended
India Stockpile N/A Has Had
Iran Seeking Likely Has Had
Iraq Ended Ended Ended
Israel Stockpile R&D Likely
North Korea Probable Stockpile Likely Known
Pakistan Stockpile N/A Likely
Russia NWS Suspected Known
Sudan N/A N/A Suspected
Syria N/A Seeking Known
United Kingdom NWS Ended Ended
From “CRS Report for Congress. Nuclear, Biological and Chemical Weapons and Missiles: Status and Trends”, Kerr 2008

 

 

 

 

 

 

 

 

 

 

 

CBR Impact on COOP Sites

Elementary School — Nominal Example of a chemical dispersion analysis model that demonstrates the potential impact on a community and the difficulty in directly targeting a CBR weapon.CBR agents can be dispersed over a wide area. Depending on the location of the agent release, both the main site and the COOP site could be impacted by a CBR hazard. Careful consideration must be given to ensure that the COOP site is non-contaminated prior to deciding to move to the COOP site.

If the main site is contaminated, then all personnel and equipment transitioned to the COOP site must be decontaminated. Depending on the scope of the CBR contamination, primary travel routes to the site may be contaminated and unavailable.

Most COOP sites are selected and utilized based on a minimum requirements standard. Frequently, personal space is limited for employees. This close proximity increases the effects of CBR contamination or spread of naturally occurring disease. Care must be given to ensure that personal health is maintained.

 

CBR Characteristics and Behavior

CBR contamination can cover large areas and affect both the main site and the COOP site.

These are the general characteristics of CBR agents and hazards:

  • CBR agents can be employed using multiple mechanisms to include: bomblets, aircraft spray, ground spray and clandestine dispersal
  • CBR agents can be employed in solid (dust), liquid, gas, or aerosol sprays
  • CBR agents are heavily affected by weather conditions:
    • Winds can carry CBR agents for considerable distances. Winds can also shift unexpectedly and change the size and shape of the impacted area.
    • Rain can dilute many chemical agents or relocate chemical agents based on drainage. Excessive rain can drown biological agents. Rain can also transfer radioactive materials.
    • Sunlight can accelerate the rate that chemical agents decompose or increase their evaporation rate. Exposure to direct sunlight for prolonged periods destroys many biological agents; however, the impact on spores varies.

 

CBR Characteristics and Behavior (continued)

General characteristics of CBR agents and hazards (continued):

  • CBR agents tend to collect in low-lying areas. Liquids will generally pool to the lowest area and any water runoff will relocate the agents. Heavier-than-air gasses will collect in low-lying areas and affect the lower parts of buildings.
  • The route of exposure directly impacts the rate of action and in some cases the severity of CBR agents. Breathing in CBR agents provides a rapid exposure to the respiratory and circulatory systems. CBR agents can enter the body through exposed skin, but this process is slower and can be further slowed by removing the agent.
  • Some CBR agents may have a distinct odor that allows sensory detection and can even be extremely discomforting at low concentrations. Some chemicals are specifically designed to be undetectable by the senses. Unless the dispersal is detected, biological agents can be extremely difficult to detect. A nuclear detonation, however, would be easily recognizable.

 

Knowledge Review

Once it is determined that there has been a CBR attack in the general vicinity of where your main site resides, you should:

  1. Immediately transfer operations to the COOP site.
  2. Depending on the location of the agent release, take careful consideration to ensure that the COOP site is non-contaminated prior to deciding to move to the COOP site.
  3. Even if the main site is contaminated, move to the COOP site and then focus on decontaminating all personnel.

Correct response: B

Correct response feedback: Well done! CBR agents can be dispersed over a wide area. Depending on the location of the agent release, both the main site and the COOP site could be impacted by a CBR hazard. Careful consideration must be given to ensure that the COOP site is non-contaminated prior to deciding to move to the COOP site.

 

Chemical Warfare Agents

Transition to Chemical Hazards

  • Image on the left shows training with personal protective equipment (PPE) and chemical detectors (APD200)
  • Top image on the right shows a black and white image of a historic Chlorine release during World War I, near the city of Ypres, France, on April 22, 1915
  • Middle image on the right shows a black and white image that depicts the U.S. Army cavalry personnel, who recognized the need to protect their horses from CW effects
  • Bottom image on the right shows U.S. military equipment generating a smoke cloud that demonstrates the properties of a CBR agent deployment

Four images, image on the left shows training with PPE and chemical detectors (APD200); in addition, there are three arrows pointing from this image to the three images on the right, top image on right shows an image of a historic Chlorine release during World War I, near the city of Ypres, France on 22 April 1915, middle image on right shows an image that depicts the US Army cavalry personnel who recognized the need to protect their horses from CW effects, bottom image on the right shows U.S. military equipment generating a smoke cloud that demonstrates the properties of a CBR agent deployment.

Classes of Chemicals

Chemical agents can be classified into three general groups:

  • Chemical Warfare Agents – Chemicals designed and weaponized for uses that have little or no other purpose beyond their intended use as weapons of mass destruction on the battlefield (nerve agents such as VX and sarin or blister agents such as mustard and lewisite, for example).
  • Industrial Chemicals – Chemicals utilized predominately in the industrial setting for manufacture of useful products that by their nature can cause significant human injury. These chemicals are transported and stored in significant quantities throughout the world. The petroleum and plastics industries commonly have large quantities of industrial chemicals. Location-dependent, these can pose a major risk to facilities that are in close proximity.
  • Common Chemicals – Common chemicals consist of materials that are frequently used for legitimate purposes by consumers. While their impacts are generally much milder than chemical weapons, common chemicals or mixtures can pose a significant hazard.

Many chemicals (such as chlorine, ammonia, phosgene, pesticides, and cleaners) can fall into more than one category depending on their actual usage. Chlorine, for example, can be used as a choking agent, in the production of plastics, or as a disinfectant in pools.

Note: Different agencies have a tendency to create their own groupings.

Three images, left to right: an industrial chemical facility with a list below of Industrial Chemicals (Acids and Bases; Petroleum Distillates; Organics and Plastics), a circle with the following words inside: Chlorine, Ammonia, Phosgene, Pesticides, Cleaners and a list above of Chemical Warfare (Agents; Nerve Agents, VX, Sarin; Blister Agents), Iraqi R-400 chemical bombs with a list below of Common Chemicals (Pesticides; Cleaners; Petroleum Products).

Physical Properties for Select Chemicals

While the properties depicted in this chart are common, they can be altered and are not absolute.

  • Parathion – A pesticide that is commonly used for industrial, commercial, and consumer use. Parathion can be obtained at many local markets in diluted states that can still cause nerve-agent symptoms in sufficient quantities.
  • Phosgene – An industrial chemical commonly used in the petroleum industry that has been used as a choking agent.

Vapors are generally respiratory hazards, and protection can be achieved with effective respiratory personal protective equipment (PPE; i.e., self-contained breathing apparatus (SCBA)). Blister and nerve agents can be absorbed through the skin in vapor form.

Liquids generally present a contact hazard for exposed skin. Contact with concentrated material may cause immediate effects. Some liquids present an inhalation hazard due to evaporation/off-gassing.

Note: In the table below, CWA refers to chemical warfare agents.

  Uses Color Odor Form
VX Nerve CWA None None Liquid
Sarin CWA Amber Fruity Liquid/Vapor
Mustard CWA Dark Garlic Liquid/Vapor
Parathion Common Yellow Garlic Liquid
Hydrogen Cyanide Industrial None Bitter almonds Vapor
Phosgene Industrial None New-mown Hay Vapor
Chlorine Multi-use Green Bleach Liquid/Vapor

 

 

 

 

 

 

 

Chemical Effects

This chart lists information on the effects of selected chemicals.

  • Chlorine is a very common chemical that can cause injuries in sufficient concentrations. While chlorine can cause injuries, it pales in comparison to chemicals that have been designed for military purposes.
  • VX nerve can produce death in one to two minutes upon contact.

Keep in mind, there is an extreme lethality of chemical weapons when they are employed on an unprepared and ill-equipped population in comparison to other common chemicals.

  Impacts Rate of Action Lethal Effects*
VX Nerve Nervous System Instant 1-2 Minutes
Sarin Nervous System Instant 1-2 Minutes
Mustard Blisters Slow – Delayed 4-12 Hours
Parathion Nervous System Rapid Minutes – Hours
Hydrogen Cyanide Respiratory Rapid Minutes
Phosgene Lung Damage Slow Minutes – 3 Hours
Chlorine Respiratory System Slow > 12 Hours

 

 

 

 

 

 

 

* Assumes lethal dose without treatment.

 

Chemical Effects (continued)

This chart shows a graphical comparison of the approximate lethality of some chemical agents. They are based relative to chlorine (CL or Cl) in terms of respiratory toxicity. If we use chlorine as a baseline (1.0 on the graph):

  • Phosgene (CG) is about six times more toxic
  • Hydrogen Cyanide (AC) is about seven times more toxic
  • Parathion, an insecticide ingredient, is about 12 times more toxic
  • Mustard (H) is about 13 times more toxic
  • Sarin (GB) is about 200 times more toxic
  • VX (nerve agent) is about 600 times more toxic

For skin toxicity, less than a pinhead of mustard agent is required to achieve a small blister. Less than a pinhead of VX can be lethal.

See Appendix C of FEMA 426 for more information.

A graphical comparison of the approximate lethality of some chemical agents including: VX, Sarin, Mustard, Parathion, Hydrogen Cyanide, Phosgene, and Chlorine. Chlorine is the baseline in terms of respiratory toxicity: .06 ppm = Detect Odor; 50 ppm = Long Exposure Lethal; 1000 ppm = Short Exposure Lethal.

How Much Sarin Does it Take?

Structure Lethal Amount
Domed Stadium 107 kg (26 gals)
Movie Theater 1.2 kg (5 cups)
Auditorium 52 g (1/4 cup)
Conference Room (50-100 seating) 33 g (1 shot glass)
LD50 amounts for 1 minute exposure to Sarin aerosol

Sarin is among the most lethal of chemical agents. It is both odorless and colorless in pure form.

The numbers in this table are the lethal doses 50 (LD50) amounts for one minute of exposure to sarin aerosolized liquid. This means that, in a one-minute period, it would take approximately 26 gallons of sarin to kill 50 percent of the people in a domed stadium, 5 cups of sarin to kill 50 percent of the people in a movie theater, only about ¼ cup of sarin to kill 50 percent of the people in an auditorium, and the equivalent of a shot glass to kill 50 percent of the people in a 50 to 100 person conference room.

While the amounts are extremely small quantities, it is important to note that while the amounts are accurate, it is very difficult to adequately disperse the agent. Outside of a test environment, it would take significantly larger quantities to achieve the same results.

 

Chemical Agents Key Points

Chemical agents are super toxic. These agents were deliberately developed to cause injury or death to individuals.

Relative toxicity: industrial chemicals < mustard < nerve. In terms of relative toxicity, the same amount of an industrial chemical is less toxic than a blister agent, and both are less toxic than a nerve agent.

These agents are either a liquid or a vapor in their normal State.

Inhalation hazard is of greatest concern. Nerve and blister agents pose both a skin and inhalation hazard. The inhalation hazard is of greater concern since vapors enter the respiratory system faster to cause lethal effects.

 

Biological Warfare Agents

Biological agents are naturally occurring diseases and are endemic through various parts of the world. Even anthrax occurs naturally within the US. However, while naturally occurring, potential biological agents are selected from the most dangerous strains and potentially can be altered to be even more dangerous.

Chemical and biological agents differ for each of the following:

Delayed Effects:

The biggest difference is time. Unlike chemical agents, most of which have an immediate effect, most biological agents have a delayed effect ranging from several hours to days, and in some cases, weeks. In the event of a biological incident, there may be no casualties and nothing significant initially.

Toxicity:

By weight, biological agents are generally more toxic than chemical agents. For example, ricin is six to nine times more toxic than sarin, and botulinum, another toxin, is 15,000 to 30,000 times more toxic than sarin.

Human Detection:

Biological agents are undetectable by the human senses.

 

Classes of Biological Agents

Both bacteria and viruses are living organisms and, as such, require an environment in which to live and reproduce.

They can enter the body through inhalation or ingestion, through a break in the skin, or through other body openings or orifices.

Once the organisms invade the body, they begin to grow and reproduce. They can also produce toxins that may poison the body.

Toxins are poisonous substances produced as a byproduct of pathogens or plants and even some animals.

Biological agents are significant because of their potential impact. One letter shut down the Senate building for nine months and incurred millions of dollars in decontamination costs.

Note: As we look at biological agents, you will see some similarities with what we discussed earlier with chemical agents, but you will also note some significant differences. Selected bacterial, viral, and toxin agents, their characteristics, and treatment are of particular concern when preparing for biological terrorism.

 

Select Biological Agents

Anthrax and plague are two examples of diseases caused by bacteria. This chart highlights the important characteristics of each, including:

  • Type of agent
  • Whether they are contagious
  • If treatment is available

A basic understanding of these agents will be valuable in developing an appropriate and effective protective action strategy for your facility.

Note: Influenza is intended to be a recognizable disease that the class can relate to. Mortality rates for 1918 Spanish influenza were estimated at around 3 percent globally, but could have been much higher locally.

Type Contagious Treatment
Anthrax Bacteria No Antibiotics, Vaccine
Plague Bacteria Highly Antibiotics, limited vaccine
Tularemia Bacteria Low Antibiotics, IND vaccine
Smallpox Virus Yes Supportive care
Ebola Virus Yes Supportive care. IND
Botulinum Toxin No Anti-Toxin, Respirator
Ricin Toxin No Supportive Care
Influenza Virus Yes Anti-virals, Supportive Care

 

 

 

 

 

 

 

Select Biological Agents (continued)

Anthrax and plague are two examples of diseases caused by bacteria. This chart highlights the important characteristics of each, including:

  • Infective dose
  • Incubation period
  • Lethality

Anthrax is near 100 percent lethal if treatment is not started prior to the onset of advanced symptoms. The damaged to the internal organs caused by advanced symptoms cannot be repaired. However, if anthrax is identified and treatment begins in the earliest phases, anthrax is rarely fatal.

Influenza is provided as a common reference. Seasonal influenza typically has a mortality rate of less than one percent of those infected. Depending upon the strain, availability of medical care, and local conditions, the lethality can increase. Globally, the 1918 Spanish Influenza had an estimated lethality of two to three percent. Scientists have not reached an agreement on this number.

Infective Dose Incubation Lethality
Anthrax 8000 spores 1-6 Days Near 100% w/advanced symptoms
Plague 100-500 org 2-10 Days 60-100% untreated
Tularemia 10-50 org Low 30-60% untreated
Smallpox 10-100 org 7-17 days 66-95%, historically
Ebola 1-10 org 4-21 days 50-90%
Botulinum .0001 mg/kg 12-36 hrs 60% without respiratory care
Ricin 3-5 mg/kg 18-24 hrs Near 100%
Influenza 1-100 org 18-72 hrs Around 0.1%
Org = Organisms or number of living cells

 

 

 

 

 

 

 

 

Biological Agents Key Points

  • Onset of symptoms
  • Potentially contagious
  • Signs and symptoms
  • Protection
  • Treatment

The recent SARS and avian flu outbreaks demonstrate the relative ease by which naturally occurring diseases can quickly mutate and spread across the globe. The flu strain that caused the Flu Pandemic of 1918 is still an active strain.

Note: A very low dose of a biological agent can cause infection and spread disease, thus detection requires high sensitivity. But because there are many biologicals in the environment, detection requires selectivity, and since biological agents are very complex molecules, they are difficult to identify/detect.

 

Biological Agents Key Points

Onset of Symptoms

Most biological agents have an incubation period. Delayed effects will make identifying a biological attack more difficult.

 

Biological Agents Key Points

Potentially Contagious

Only a few biological agents are contagious: plague, smallpox, and viral hemorrhagic fevers (VHF), such as Ebola.

 

Biological Agents Key Points

Signs and Symptoms

Signs and symptoms of many biological attacks initially manifest themselves as flulike; therefore, it may be difficult to identify that an attack has occurred.

 

Biological Agents Key Points

Protection

Standard precautions will be adequate protection against most biological agents.

 

Biological Agents Key Points

Treatment

Some biological agents can be treated with antibiotics, vaccines, and antitoxins; for agents for which there are none of the aforementioned treatments, supportive care should be administered, such as treating the symptoms.

 

Nuclear/Radiological Materials

Of the three types of threats (chemical, biological, or nuclear/radiological), a nuclear weapon explosion is considered the least likely for terrorist use; however, the potential exists for it to happen and even more potential exists for the use of radiological materials.

Possible scenarios:

  • Detonation of an improvised nuclear device (IND)
  • Terrorist attack on a nuclear plant
  • Use of a radiological dispersal device (RDD), or “dirty” bomb — the simple act of spreading the materials

Four images, image on the left is a nuclear response team; in addition, there are three arrows pointing from this image to the three images on the right, top image on right, labeled "Nuclear Device", is a ground burst nuclear detonation (Operation Teapot, shot MET, 22kt 11:15 15 April 1955 (PST) Nevada Test Site), middle image on right, labeled "Nuclear Plant", Three Mile Island nuclear power plant, bottom image on the right, labeled "Radiological Dispersal Device", is an improvised explosive device that could be used to spread radioactive material.

Nuclear/Radiological Materials (continued)

Ionizing radiation is either particle radiation or electromagnetic radiation in which an individual particle/photon carries enough energy to ionize an atom or molecule by completely removing an electron from its orbit. If the individual particles do not carry this amount of energy, it is essentially impossible for even a large flood of particles to cause ionization. These ionizations, if enough occur, can be very destructive to living tissue and can cause DNA damage and mutations. Ionizing radiation is most damaging to cells that frequently divide.

For our purposes, ionizing radiation includes:

  • Alpha particles
  • Beta particles
  • Gamma rays
  • Neutrons

Note: There are also non-ionizing types of radiation: fluorescent lights, lasers, and microwaves. In these examples, the radiation can cause burns, but it does not cause molecular change or ionization.

 

Nuclear/Radiological Materials (continued)

Again, for the purposes of this course, we are primarily concerned with the hazard, the detection of the hazard, and protective actions that we can take.

Ionizing radiation is what causes injury or death, and is also a characteristic by which nuclear materials can be measured and identified.

Note: In its simplest definition, radiation can be defined as either electromagnetic or particulate emissions of energy from the disintegration of the nucleus of an atom. This energy, when impacting on or passing through material, including humans, can cause some form of reaction.

Radioactive material: Any material that is giving off some form of ionizing radiation.

 

Knowledge Review

Which type of chemical is classified as:

Chemicals designed and weaponized for uses that have little or no other purpose beyond their intended use as weapons of mass destruction on the battlefield.

  1. Chemical agents
  2. Industrial chemicals
  3. Chemical warfare agents

Correct response: C

Correct response feedback: Excellent! Examples of chemical warfare agents include nerve agents such as VX and sarin and blister agents such as mustard and lewisite.

 

Protection from Radiation Exposure

The radiation exposure received will depend on the type and strength of the radiation source. This exposure can be reduced by effective use of:

  • Time – The radiation dose is reduced in proportion to reduction in exposure time.
  • Distance – Critical for reducing radiation exposure dose. Although alpha particles only travel a little over an inch in air, and beta particles will travel only a few yards in air, gamma rays can travel extensive distances.
  • Shielding – Can also be blocked or reduced by various materials. Alpha radiation is stopped by a sheet of paper, beta radiation is stopped by aluminum foil or clothing, gamma rays are only reduced by dense materials such as lead or earth, and neutrons are slowed or stopped by hydrogenous materials, such as wax or water.

Note: Shielding for neutron-induced radiation is best accomplished with low-density material such as water or plastic. Do not shield neutron-producing sources with lead or dense materials, as the neutrons will react with the material to produce gamma rays. Use wax, water, or plastic instead. While neutron-induced radiation is difficult to shield, it typically only occurs with a strong source of radiation such as in a reactor or directly around ground zero for a nuclear detonation.

Three sectioned areas depicting images that describe how radiation exposure can be reduced by time, distance, and shielding. Top left section titled "Time" and a stop watch. Bottom section titled "Distance" and a miles scale with markings 0, 0.1, 0.2, 0.4, 0.6, 0.8, and 1. Space between 0 and 0.1, 0.2 and 0.4, 0.6 and 0.8 are filled in. Top right section titled "Shielding" shows a dotted line labeled "Alpha" pointing to a sheet of paper labeled "paper", a dotted line labeled "Beta" pointing to an open book labeled "book", a dotted line labeled "Gamma" pointing to a block of lead labeled "lead".

Common Radiation Exposures

Average annual exposure .36 cGy per year ChronicArrow pointing left.
Chest x-ray .01 to .03 cGy
Flight 0.0005 cGy every hour
Smoking 1.5 packs per day 16 cGy per year
Mild radiation sickness* 200 cGy AcuteArrow pointing left.
Lethal dose* 450 cGy

* single acute exposure

Source: CDC http://www.bt.cdc.gov/radiation/measurement.asp

The human body can tolerate significant amounts of radiation over a long period of time. Radiation becomes increasingly dangerous as the level of radiation and duration of exposure increase. This chart reflects naturally occurring radiation doses (and doses received during normal activities) to provide a point of reference and for comparison. The threshold for any real consequences begins around 200 centigray (cGy)

The average annual radiation exposure has been calculated as:

  • Naturally occurring – .295 cGy
  • Medical – .052 cGy
  • Consumer products – .010 cGy
  • Other – .003 cGy
  • Total – .36 cGy

The radiation dose absorbed by a person (that is, the amount of energy deposited in human tissue by radiation) is measured using the SI unit gray (Gy).

 

Common Radiation Exposures (continued)

cGy = CentiGray
Centi- = 10-2 or “one hundredth of”
cGy = röntgen (roentgen) equivalent in man Pronounced “rho ” ent – gen- with a long “o” and the two “e” are shortcGy is the radiation dose absorbed by a person (that is, the amount of energy deposited in human tissue by radiation) and is measured using the SI unit gray (Gy).RBE = Relative Biological Equivalent

RAD is the unit of absorbed dose equal to 100 ergs per gram or 0.01 joule per kg. (Energy and mass, but not biological damage)

Mild radiation sickness (i.e., nausea, vomiting, and diarrhea) may onset after receiving a whole body dose of approximately 200,000 millirem (mrem) in a short amount of time (generally less than 24 hours). The lethal dose (LD), known as the LD50/60, is a single, acute, whole body exposure of around 450 cGy. The LD50/60 is defined when 50 percent of all people present at an incident receive 450 cGy and die after 60 days after receiving no medical treatment.

  • Dose in rem = RBE x dose in rad
  • RBE = 1 for gamma radiation and beta radiation above 30,000 electron volts
  • RBE = 0.7 for photons above 4 million electron volts (minimum found)
  • RBE = 20 for heavy ions (maximum found)

The source of radioactivity in smoking is lead 210 (beta radiation) and polonium 210 (alpha radiation), which comes as radon 222 gas from the soil and is absorbed by the tobacco plant’s leaves. While the tobacco plant takes up little radioactivity from the soil directly (like it draws other nutrients), it turns out that “developed” countries usually fertilize their tobacco fields with chemically manufactured fertilizer high in phosphate content to make the tobacco more “flavorful” than if nitrogen-based fertilizer is used as in poorer countries. The phosphate portion of this fertilizer is made from a rock mineral, apatite, which is ground to powder, dissolved in acid, and further processed. Apatite rock contains radium 226 (the precursor of radon 222).

 

CBR Protection Strategies

Once the presence of an airborne hazard is detected, there are various possible protective actions for a building and its occupants. In increasing order of complexity and cost, these actions are:

  • Detection
  • Evacuation/sheltering in place
  • PPE
  • Filtration
  • Decontamination

To ensure the protective actions are effective you must have:

  • A protective action plan specific to each building
  • Training and familiarization for occupants

Protective actions are discussed in more detail in the following lessons.

 

CBR Detection

Two images, top to bottom: a person wearing PPE while using a CBR detector - Source: BAE Systems, a CBR detector - Source: Bruker DaltronicsThe underlying theme of this lesson is that effective protection against potential releases of CBR is a function of:

  1. Effective and timely detection of the agent(s)
  2. A public that is knowledgeable of the most appropriate protective actions to take in the event of a CBR release

The discussion on CBR detection includes:

  • CBR detection technology currently available
  • Indications of CBR contamination
  • Mass spectrometry (can positively identify a chemical agent at very low concentrations)
  • Strategies for protecting people from airborne hazards, most of which require a means of detection (determining that a hazard exists)
  • While not recommended or preferred, a CBR incident can be detected by the onset of a significant number of patients exhibiting similar symptoms at the same time
  • Chemical detection technology has improved vastly since Operation Desert Storm (when many military detection systems experienced high false-alarm rates). Current chemical detectors work in about 10 seconds
  • Biological detection technology has not matured as fast and generally require trained specialists to administer; biological signatures can take 30 minutes to detect. Biological detection requires sensitivity (very low effective dose must be detected), selectivity (there are many biologicals in the environment, thus must discern the contagious/deadly ones), and identification of very complex molecules (the complexity makes them difficult to identify)

A variety of radiological detectors have been developed for the nuclear industry and are commercially available.

Sources of useful technical information:

  • Responders Knowledge Base (RKB) – http://www.rkb.us
  • NBC Products and Services Handbook contains a catalog of CBR detection equipment
  • Guide for the Selection of Chemical Agent and Toxic Industrial Material Detection Equipment for Emergency First Responders, published by the National Institute of Justice (NIJ) (Guide 100-00, Vols 1 & 2), June 2000
  • An Introduction to Biological Agent Detection Equipment for Emergency First Responders, published by the NIJ (Guide 101-00): December 2001

 

Chemical Detection Equipment

Four images, clockwise: CHEMPRO 100i - Source: Environics USA, HAPSITE Smart Chemical Identification System - Source: INFICON, HazMat Simultest Kit - Source: Draeger Safety, Inc., Sabre 4000 - Source: SMITHS DETECTION.Chemical detection equipment has had many recent advances with the explosion of technology. In years past, chemical detection was accomplished by using reliable litmus or reaction tests. While reliable, this kind of testing took time, required a pool of consumable testing supplies, and only detected a limited amount of agents.

There are a variety of sensors that can be used to detect chemical hazards at single points, cover large areas, or provide stand-off detection.

Recent advances have resulted in handheld scanners that can detect a variety of chemicals within seconds. Modern sensors utilize a wide range of technologies such as ion-mobility spectrometry, mass spectrometry, photo ionization, and mass spectrometry.

In addition to handheld sensors, mobile laboratories are available that provide reliable and accurate analysis of chemical hazards in the field. Testing laboratories have been condensed in size from a large room of equipment to a single unit that takes up about as much space as a microwave, providing an invaluable resource to first responders.

These sensors are no longer limited to single agents or chemical weapons, which increases the overall value of the equipment. A building manager can purchase one sensor that is primarily used to detect a chlorine release from the adjacent factory and at the same time monitor for multiple industrial hazards and chemical agents. Instead of purchasing a “special” detector for one hazard that is only used if a terrorist attack occurs, sensors can now provide day-to-day benefits.

Portal sensors as larger sensors that are designed to screen people or equipment as they pass through a certain point, typically an entryway.

Sources of useful technical information:

  • HAPSITE – a field portable gas chromatograph/mass spectrometer (GC/MS) designed for on-scene detection, identification and quantitation of toxic industrial chemicals (TICs) and chemical warfare agents (CWAs) at parts per trillion (ppt) levels during field operation
  • CHEMPRO 100 – utilizes Ion Mobility Spectrometry (IMS) Technology. has expanded ChemPro100 capabilities by implementing four new chemical sensors in addition to existing IMS and two semiconductor sensors. These new sensors increase the number of detectable chemicals, improve detection sensitivity and decrease the possibility of false alarms. Can be integrated with a biological and radiological sensor
  • SABRE 4000 – utilizes Ion Mobility Spectrometry (IMS) Technology. The Sabre 4000 can detect and identify over 40 threat substances in approximately 15 seconds. With a cold time start of 10 minutes and weighing approximately 7 Ibs. including the 4-hr.battery
  • HAZMAT Simultest Kit – Kit has three different 5-tube Simultest Sets that can simultaneously test for gases and vapors common to hazardous materials incidents. Each test takes less than one minute to complete and requires no warm-up or calibration

 

Radiological Detection

Four images, clockwise: Isotopic Identifier - Source: Ludium Measurements Inc., PD-3i-s - Source: SAIC, RADTriage - Source: Crowe and Company, LLC, EMERKIT3 Emergency Response Kit - Source: Thermo Electron Corporation.A variety of radiological detectors have been developed for the nuclear industry and are commercially available.

There are three main types of Radiation Detection equipment:

  • Survey meters – Used to detect and measure the presence of radiation. Survey meters are commonly used to monitor personnel and equipment for radiation to determine if decontamination is needed or to survey an area to detect the presence of radiation. Survey meters can also be used while moving to ensure that personnel are not moving into a more dangerous area.
  • Radionuclide identifiers – Used to determine the radioactive isotope that is emitting radiation. Medical treatment and decontamination effects can be guided by a good understanding of the radiation source. If a particular isotope has a short half-life or bonds with a specific material, decontamination efforts can be adjusted. In medicine, certain isotopes collect in certain body parts, which can be treated by specific medicines. For example, iodide-131 collects in the thyroid and can be treated with potassium iodide, which prevents iodide uptake in the thyroid.
  • Dosimeters – Used to detect the dose rate (amount of radiation exposure over a period of time) and the total dose (cumulative amount a radiation exposure) of radiation exposure. Dosimeters can be used by individuals to track the amount of radiation that they are exposed to and take protective actions such as limiting stay time, moving to a different area, or adding shielding for protection. Dosimeters are an important guide to treatment of radiation injuries. Based on the exact level of radiation exposure, medical treatments can be adjusted to provide better care, as specific supportive medications are needed for certain levels of exposure.

Sources of useful technical information:

  • EMERKIT3 Made by Thermo Electron Corporation. Multi-probes for alpha/beta/gamma radiation measurements for dose and contamination
  • Isotopic identifier made by Ludlum Measurements Inc. The portable model 700-series radiation surveillance and measurement system quickly locates abnormal levels of radioactivity and accurately identifies the isotopes present
  • Electronic dosimeter PD-3i-s made by SAIC. Self-reading electronic radiation dosimeter that offers personal dose and dose rate
  • RADTriage dosimeter Made by JP Laboratories, Inc. Self-indicating (color developing) Instant Radiation Alert, no power source, disposable radiation dosimeter for monitoring high doses (roughly 2-1,000 rads) of ionizing radiation. Approximately the size and thickness of a credit card, When exposed to radiation the sensing strip instantly develops a permanent/irreversible color change which is cumulative and proportional to dose. It provides the wearer and medical personnel instantaneous and accurate information on radiation exposure to assess the health risks to the victim and to guide treatment

 

Biological Detection

Four images, clockwise: Small Area Sampling Kit - Source: QuickSilver Analytics, Inc., BioHawk - Source: Research International, Inc., Fast Real-Time PCR System - Source: Applied Biosystems, Immunoassay - Source: Alexeter Technologies, LLC.Biological agents are extremely lethal in very small quantities. Because the agents are very small and there may not be large quantities of the agent, detection can become difficult. Additionally, biological agents are derived from naturally occurring diseases, increasing the possibility of nuisance alarms.

There are many reliable and accurate tools available to detect biological agents. The difficulty in detection is that a sample must be collected to be analyzed. If a large enough sample cannot be collected, detection cannot occur, even though the equipment functions perfectly. In a laboratory setting where time is not critical, samples are cultured and grown until a large enough sample is available for testing.

Rapid detection is essential to responding to a biological attack. Outside of the laboratory sensors must be able to quickly identify an agent. Biological detectors require a sample of the agent, and as the sensors become more advanced, the sample size required is becoming smaller. Technologies are driving toward having a continuous sampling capability, and while the sensors are always “on,” it may take them several minutes to collect a sample for testing. The sample collection is constant but the testing is at certain time intervals.

In the absence of real-time detectors, samples can still be collected for laboratory analysis.

Sources of useful technical information:

  • Fast Real-Time PCR System made by Applied Biosystems. This is a real-time quantitative PCR system that combines 96- and 384-well plate compatibility and the low density array with fully automated robotic loading.
    Note: polymerase chain reaction (PCR) – method of testing that replicates compares strands of DNA
  • Immunoassay made by Alexeter Technologies, LLC. uses the reaction of an antibody or antibodies to its antigen by placing a sample on a test strips: anthrax, ricin, botulinum toxin, SEB, plague, tularemia, brucella and orthopox. Sensitivity is very high for all test strips
  • BioHawk made by Research International, Inc. Automatically samples air, prepares a sample and conducts immunoassays. System can be set to perform tests on a regulated interval and can conduct tests for 8 agents simultaneously
  • Small Area Sampling Kit Made by QuickSilver Analytics, Inc. Kit with materials for collecting powder samples

Integrated Detection

Two images, top to bottom: cheMSense 600 Building Monitor - Source: Griffin Analytical Technologies, CHEMPRO FX - Source: Environics.With advances in computer technology, sensors are becoming available that can continually monitor for CBR agents. Sensors are available that can reliably detect chemical and radiological hazards, and, in some cases, biological hazards all from the same sensor package. Integrated sensors can be connected to existing systems such as security systems or building management systems and function as another tool that gathers data. By integrating these types of sensors, systems can be programmed to secure doors to prevent the spread of contamination and shut down air handling equipment, automatically increasing the level of protection to a building.

While it is possible to use these sensors throughout an entire building, the cost would be extremely high. Many applications would concentrate sensors in the areas most likely to detect a CBR agent. Prime areas to place sensors would be at entry control points, locations where there are large gatherings, and mailrooms or shipping and receiving. Common places that are good locations for gatherings are in break rooms, patient holding areas, customer lounges or waiting areas. Sensors could be placed on each floor if additional protection were desired.

Sources of useful technical information:

  • cheMSense 600 Building Monitor made by Griffin Analytical Technologies provides 24/7 continuous indoor air monitoring and detection for building and facilities protection. It rapidly detects chemical contaminants in vapor, with response times from seconds to less than one minute. Direct Sampling Mass Spectrometry
  • CHEMPRO FX made by Environics. Continuous operation detects both chemical warfare agents (CWAs) and toxic industrial compounds (TICs) in harsh conditions and various applications. A radiological and a biological module can be added to detect across the CBR spectrum

 

Knowledge Review

The effective protection against potential releases of CBR is a function of:

  1. Effective and timely detection of the agent(s)
  2. A public that is knowledgeable of the most appropriate protective actions to take in the event of a CBR release
  1. True
  2. False

Correct response: A

Correct response feedback: You got it! The answer is true.

 

Evacuation to COOP site

Two images, top to bottom: a map that displays a radius, circled, to determine minimum evacuation distance, traffic congestion on left side of highway. Photo: Patsy Lynch/FEMA.Evacuation is the most common protective action taken when an airborne hazard, such as smoke or an unusual odor, is perceived in a building.

  • There must be some detection method or knowledgeable personnel in place to make the determination of what to do — evacuate or some other action. These may be trained first responders, but even their response time can be too long depending on the situation. A comprehensive understanding of the threat is necessary before making the decision to transition to the COOP site.
  • After understanding the threat, the decision must be made to evacuate to the COOP site. Additionally, you must also determine if there is a safe route to transition to your COOP site. The contamination cloud could also be affecting the COOP site or could be blocking the primary routes to it.
  • Depending on the extent of the CBR threat, there may be a need to decontaminate personnel and equipment. Decontamination could occur at the main site, in route, or before entering the COOP site. The exact nature of the CBR threat would dictate when decontamination would need to occur.
  • Once a CBR threat has been established, it is important to ensure that monitoring is occurring, particularly while moving between sites, to ensure that essential assets are not subjected to the CBR threats.

The COOP plan should list each contingency and the decision process.

 

Sheltering in Place

During a CBR threat, it may not be possible to transition to your COOP site, or if the COOP site is the target, it might not be possible to evacuate. During these times it may be necessary to shelter in place. Typically, sheltering in place involves stopping all air movement to prevent the introduction of the CBR threat. If a COOP site is required to operate in a contaminated environment special precautions must be taken to ensure that the COOP site can continue to function.

The amount of protection varies with:

Building’s air exchange rate – The tighter the building (i.e., the lower the air exchange rate), the greater the protection it provides.

  • Sealing dampers on air intakes;
  • Previously sealed all identifiable air leakage in building envelope (smoke test or infrared survey on very hot or very cold day); and
  • This presupposes that all HVAC and other mechanical means that move air, including bathroom exhausts and elevators, are shut down and cannot draw outside air into the building.

Level of exposure – Protection varies with agent concentration and time, diminishing as the time of exposure increases or as concentration of agent increases. Thus a high-concentration plume passing quickly over a building would indicate sheltering in place to be the best option.

Duration of exposure – How long occupants remain in the building after the hazardous cloud has passed also affects the level of protection. However, after the high-concentration plume passes, there will be some in-leakage of agent that does occur. The longer one stays in the building, the higher the exposure.

Natural Filtering – Some filtering occurs when the agent is deposited in the building shell or on interior surfaces as air passes into and out of the building.

 

Sheltering in Place Steps

The following are steps to take when sheltering in place:

  • Develop and exercise plans – There must be two separate plans: one for the main site and one for the COOP site, detailing the requirements at each site. An effective plan is essential to any emergency response action. Building occupants need to know and understand what they will be asked to do. Personnel who have specific tasks, such as shutting off the air-handling equipment, will also need to have a thorough understanding of their duties.
  • Select and designate safe rooms – Safe rooms must be identified prior to any incident occurring. Personnel seeking shelter need to have a solid understanding of where they should go. Some rooms within a building may not offer suitable protection, such as rooms that cannot be sealed because of porous entryways or false ceilings.
  • Rapid notification system – Implement/install a system for making a mass notification to advise occupants on what actions to take.
  • Apply permanent sealing – Apply permanent sealing to areas that can be sealed in advance. Ensure that places like windows frames, door jambs, ventilation units, light fixtures, and conduits are sealed and airtight. Do not seal doors in advance, but make preparation to seal doors once occupants have entered.
  • Develop single-switch air-handler shutoff – Identify all air-handling equipment and install a single-switch shutoff system. In computerized buildings, this can be accomplished through computer programming.
  • Prepare for rapid sealing of access points – Have all essential supplies to seal access points such as tape, plastic, or foam.
  • Install recirculation filters – The level of carbon dioxide in the air will increase based on the number of people, size of the room, and the breathing rate of the occupants. In a panicked State, occupants are likely to have a faster breathing rate.
  • Carbon dioxide absorbers – Remove carbon dioxide from the air.

 

Air Movement

While sheltering in place, it is essential to stop air circulation in rooms with unfiltered air sources. The movement of air will bring in contaminants from outside the building or contaminated areas. Some of the types of equipment that move air are:

  • HVAC systems
  • Computer room AC unit (CRAC)
  • Elevators
  • Open flames
  • Ventilation fans in restrooms

The duties of shutting off air-handling equipment must be assigned to some staff to ensure that this is accomplished.

Note: COOP personnel are likely not familiar with building systems.

 

Sheltering in Place Concerns

The following are concerns associated with sheltering in place:

  • Breathable air – The amount of breathable air inside a shelter is a concern for its occupants. Carbon dioxide and/or other sensors could be utilized to monitor the condition of the air.
  • When is it safe to exit? – Once the threat passes or dissipates, it is safe to leave the shelter. In order to determine if the threat has passed, active communication must be maintained with emergency management or other officials to determine when it is safe to leave the shelter.
  • When is it not safe to remain? – Eventually, the levels of contaminate will accumulate in the building depending on the air tightness of the building. As the contaminate levels build, the risk of remaining in the building will be higher than the risk of evacuating. Consideration must be given to how to leave the building and if PPE is needed. Detection equipment could be used to monitor the air quality within the shelter.
  • Sheltering is not mandatory – Prior to sealing the access points, individual occupants must be given the opportunity to choose to shelter or evacuate the building. An individual cannot be required to shelter in place. However, once the shelter door has been sealed, opening it presents a greater hazard to the other occupants. As a result, once an individual decides to shelter in place, the individual must remain for the duration.

The additional occupancy of a COOP site could decrease the amount of breathable air.

In most cases, air conditioners and combustion heaters cannot be operated while sheltering in place because operating them increases the outdoor-indoor exchange of air.

Sheltering in place is, therefore, suitable only for exposures of short duration, roughly two hours or less, depending on conditions.

Because the building slowly releases contaminants that have entered, at some point during cloud passage the concentration inside exceeds the concentration outside. Maximum protection is attained by increasing the air exchange rate after cloud passage or by exiting the building into clean air. The tighter the building, the greater the effect of this natural filtering.

FEMA 453 covers square footage required per person for various short – and long – term situations for people of various capabilities.

 

PPE

PPE can be used to extend the amount of time a contaminated area can be occupied or to provide enough time to safely evacuate the main site or the COOP site.

  • A wide range of individual protection equipment is available, including respirators, protective hoods, protective suits, CBR detectors, decontamination equipment, etc.
  • If masks have been issued, ensure that training is conducted on how to put on and wear the masks.
  • No selection of PPE is effective against every possible threat. Selection must be tied to specific threat/hazard characteristics.
  • Universal hoods designed for short duration escape wear only protect against chemical agents by using both HEPA and carbon filters.
    • Carbon filters are designed to filter a broad range of toxic chemicals, but not all chemicals.
    • The EVAC-U8 hood was recalled in April 2006 due to a problem with removing carbon monoxide, which was a stated claim, applicable to its use as a fire escape hood, but it is NOT a CBR hood.

Three images, left to right: boy wearing PPE - SOURCE: Bardas Child Protective Wrap (Israel), several people wearing breathing masks - SOURCE: Mine Safety Appliances Company (USA), EVAC-U8 hood - SOURCE: Brookdale International Systems Inc. (Canada).

PPE Considerations for COOP

PPE can be used as a means to provide limited protection from hazards.

Only effective if properly worn when needed. PPE does not work if it is stored under your desk and you are in the bathroom when the hazard presents.

  • Many types are agent/hazard specific
    • CBR masks
    • Smoke only
    • Use for specific chemicals
    • Oxygen bottles/tanks
  • Require maintenance and training
    • Many filters have a set shelf-life and will expire
    • Certain types of rubber will degrade over time if not properly maintained
  • Medical restrictions
    • Tight fitting respirators require medical clearance
    • Prescription eye-glasses
  • Special populations
    • Small faces
    • Long hair
    • Claustrophobia
  • Purpose of PPE
    • Escape – used for a limited duration 15-30 minutes only to escape the hazard area
    • Continued Operation – COOP facilities may need PPE that allows them to work continuously for extended periods of time with the hazard

 

Air Filtration and Pressurization

Two basic methods of applying air filtration to a building are external filtration and internal filtration. External filtration involves filtering and/or cleaning of the air drawn from the outside, while internal filtration involves filtering and/or cleaning of the air drawn from inside the building. Both methods require HVAC modifications that can be costly.

Among the various protective measures for buildings, high efficiency air filtration/cleaning provides the highest level of protection against an outdoor release of hazardous materials.

Information on this and subsequent screens will help you understand CBR issues and how to mitigate vulnerabilities in HVAC systems. The intent of this level of HVAC systems is to provide safe ventilation for continued operations in a COOP site.

Note: Applying external filtration to a building requires modification to the building’s heating, ventilation, and air conditioning (HVAC) system and electrical system. These changes are necessary to ensure that, when the protective system is in operation, all outside air enters the building through filters. The air exchange that normally occurs due to wind pressure, chimney effect, and operation of fans must be reduced to zero.

Four images, clockwise: commercial air filtration unit, bag filter, HEPA filter, commercial air filtration unit - Source: Trion Incorporated.

Various Filter Types

A wide variety of filters are available to meet many specialized needs:

  • HEPA (high efficiency particulate air) filters – High-performance filters that are typically rated as 99.97 percent effective in removing dust and particulate matter greater than 0.3 micron in size
  • Carbon filters – Sorbent filters (gas-phase) that remove gas and vapors using the thousands of bonding sites on the huge surface area of activated carbon
  • Pleated panel filters – Particulate air filters consisting of fibrous materials that capture aerosols

Three images, left to right: pleated panel filters labeled "Pleated Panel Filters" - SOURCE: American Filter, HEPA filters labeled "HEPA Filters" - SOURCE: Flanders Corporation, carbon filters labeled "Carbon Filters" - SOURCE: Flanders Corporation.

Air Contaminant Sizes

This chart illustrates the particle size for a number of the CBR agents of concern. Viruses are the smallest and most difficult to protect against.

In FEMA 426, Table 5-1, page 5-12, lists the new ASHRAE 52.2 Standards for particulate filter ratings to remove a given particle size. In most cases, new generation Minimum Efficiency Reporting Value (MERV)-11 to MERV-13 (removal down to 0.3 to 1 micron) filters can be used in commercial buildings and effectively remove most particulates of CBR concern.

Note: See CDC/NIOSH Guidance for Filtration and Air-Cleaning Systems to Protect Building Environments from Airborne Chemical, Biological, or Radiological Attacks. Publication No. 2003-136, April 2003 for good explanations of these two types of filtration.

Diagram illustrates the particle size for a number of the CBR agents (Molecules, Smog, Fumes, Tobacco Smoke, Viruses, Dusts, Spores, Bacteria, Human Hair, and Pollen). Particle size is measured in micrometers, ranging 0.0001 (example: Molecules) to 100 (example: Human Hair). Chart sorts by the method of detection each requires, from "SEM" to OPT. MICROSCOPE", to "EYE".

Mechanical Filtration

HEPA filters are typically rated as 99.97 percent effective in removing dust and particulate matter greater than 0.3 micron in size.

A typical HEPA performance curve is depicted on this screen. The dip between 0.1 and 0.3 micron represents the most penetrating particle size. Many bacteria and viruses fall into this size range. Fortunately, microbes in this range are also vulnerable to ultraviolet radiation. For this reason, many facilities couple particulate air filters with ultraviolet germicidal irradiation (UVGI). UVGI will be discussed on slide VIII-C-55.

Note: For planning purposes, MERV ratings are assumed to be reliable to only the minimum value if there is an efficiency range for a filter rating. For example, a MERV-11 has an efficiency rating of 65 to 80 percent for particles in the size range of 1-3 microns. This means that the minimum reliable efficiency is at least 65percent, but may not be the full 80 percent.

Image shows a chart depicting particle size. Image shows particulate filtration level, MERV number, particle size range, and typical applications.
Particulate Filtration Level MERV Particle size 3 to 10 um Particle size 1 to 3 um Particle size 0.3 to 1 um Typical applications
HVAC Filters 1 < 20% Residential, light, pollen, dust mites
HVAC Filters 2 < 20% Residential, light, pollen, dust mites
HVAC Filters 3 < 20% Residential, light, pollen, dust mites
HVAC Filters 4 < 20% Residential, light, pollen, dust mites
HVAC Filters 5 20-35% Industrial, dust, molds, spores
HVAC Filters 6 35-50% Industrial, dust, molds, spores
HVAC Filters 7 50-70% Industrial, dust, molds, spores
HVAC Filters 8 > 70% Industrial, dust, molds, spores
HVAC Filters 9 > 85% < 50% Industrial, Legionella, dust
HVAC Filters 10 > 85% 50-65% Industrial, Legionella, dust
HVAC Filters 11 > 85% 65-80% Industrial, Legionella, dust
HVAC Filters 12 > 90% > 80% Industrial, Legionella, dust
HVAC Filters 13 > 90% > 90% < 75% Hospitals, Smoke removal, bacteria
Medium Efficiency Filters 14 > 90% > 90% 75-85% Hospitals, Smoke removal, bacteria
Medium Efficiency Filters 15 > 90% > 90% 85-95% Hospitals, Smoke removal, bacteria
Medium Efficiency Filters 16 > 95% > 95% > 95% Hospitals, Smoke removal, bacteria
HEPA and ULPA Filters 17 ≥ 99.97% Clean rooms, Surgery, biodefense, viruses
HEPA and ULPA Filters 18 ≥ 99.99% Clean rooms, Surgery, biodefense, viruses
HEPA and ULPA Filters 19 ≥ 99.999% Clean rooms, Surgery, biodefense, viruses
HEPA and ULPA Filters 20 ≥ 99.9999% Clean rooms, Surgery, biodefense, viruses

 

Chemical Adsorbtion

If a COOP site must be protected from a gas threat and still provide ventilation through the HVAC system, a chemical adsorber may be required. A filter bed containing activated, impregnated carbon granules is the standard medium for high-efficiency filtration of toxic chemical vapors and gases. Activated carbon removes molecules from an air stream by adsorption, trapping molecules in the pores of the carbon. This process works best against large molecules — that is, chemicals of low vapor pressure. Because of its extensive microporosity and wide range of pore sizes, activated carbon is a highly effective sorbent for removing a broad range of chemical vapors.

The service life of a high-efficiency gas adsorber containing impregnated carbon varies with the environment in which it is used. Hot, humid environments produce a shorter chemisorption life than cool, dry environments.

Filtering chemicals of higher vapor pressure requires chemisorption, the more complex process. Chlorine, hydrogen cyanide, and phosgene are three gases that are filtered by chemisorption.

The filter unit must have both a HEPA filter and a high-efficiency gas adsorber in series.

Three images, top: wide and close-up view radial-flow adsorber labeled "Radial-flow adsorber", bottom left: wide and close-up view v-bed adsorber labeled "V-bed adsorber", bottom right: wide and close-up view pleated adsorber labeled "Pleated adsorber"

 

 

 

 

 

 

 

 

 

 

 

Chemical Adsorbtion (continued)

The adsorber must:

  • Contain carbon impregnated ASZM-TEDA or the equivalent. Carbon mesh size should be between 20×50 and 8×16
  • Have efficiency of at least 99.999 percent for physically adsorbed chemical agents and 99.9 percent for chemisorbed agents
  • Have a total capacity of 300,000 milligram (mg)-minutes per cubic meter for physically adsorbed chemical agents
  • Have a bypass at the seals between the adsorber and its housing that does not exceed 0.1 percent

In addition, for installation of the filter unit outside the protected space, the fan must be upstream of the filters (blow-through configuration). For installation inside with a duct from the wall to the filter unit, the fan must be downstream of the filters (draw-through configuration).

If a flexible duct is used outside the shelter to convey air from the filter unit to the safe room, it must be made of a material resistant to the permeation of toxic chemicals.

If chemical manufacturing and storage facilities in the community present a special risk for release of toxic materials, special sorbents or sorbent layers may be required. In some cases, the chemicals produced/stored may not be filterable with a broad-spectrum impregnated carbon. For example, a nearby ammonia plant requires a special adsorber for protection against ammonia.

Three images, top: wide and close-up view radial-flow adsorber labeled "Radial-flow adsorber", bottom left: wide and close-up view v-bed adsorber labeled "V-bed adsorber", bottom right: wide and close-up view pleated adsorber labeled "Pleated adsorber"

 

 

 

 

 

 

 

 

 

 

 

Ultraviolet Germicidal Irradiation (UVGI)

COOP sites can be particularly susceptible to the spread of illness due to the close proximity of personnel. It is essential to reduce the amount of pathogens in the air to ensure that the COOP site can continue to operate.

A design utilizing a combination of filtration and UVGI can be very effective against biological agents.

  • Smaller microbes are difficult to filter out, but tend to be more susceptible to UVGI
  • Larger microbes, such as spores, which are more resistant to UVGI, tend to be easier to filter out

Filter elements are placed in sequence with a large particle filter, HEPA, and then a UVGI to remove all large particles first.

The cost of UVGI has dramatically decreased to the point where these systems are commonly used in restaurants and HVAC ducts to reduce airborne biological contaminants.

Two images, left to right: UVGI machine (close-up view), UVGI machine.

 

 

 

 

 

 

 

 

 

 

 

Ultraviolet Germicidal Irradiation (UVGI) (continued)

UVGI has long been used in laboratories and health care facilities. Ultraviolet radiation in the range of 2,250-3,020 Angstroms is lethal to microorganisms. All viruses and almost all bacteria (excluding spores) are vulnerable to moderate levels of UVGI exposure. Spores, which are larger and more resistant to UVGI than most bacteria, can be effectively removed through high efficiency air filtration.

Consequently, most UGVI systems are installed in conjunction with high efficiency filtration systems.

A UVGI system is being tested under the sponsorship of the Defense Advanced Research Projects Agency (DARPA). For additional information consult: http://www.novatroninc.com/technology/.

Two images, left to right: UVGI machine (close-up view), UVGI machine.

 

 

 

 

 

 

 

 

URV and UVGI Information

The first table below displays UVGI Rating Value (URV) for air disinfections systems that parallel the ASHRAE 52.2-1999 method for testing and rating filters known as MERV (minimum efficiency reporting value). The proposed URV rating system consists of 20 separate levels of average UVGI intensity.

The second table below displays simulation results for air intake release. Various simulations were run and indicate the removal rates for three design basis pathogens for MERV 11 filters, URV 11 UVGI systems, and both working together. Note the almost 100 percent casualties if the agent is released into the air intake over an eight-hour period without any protective systems installed, and that about 1 percent casualties occur with MERV 11 and URV 11 systems working together for the same release.

URV Average Intensities and Doses URV = UVGI Rating Value

UVGI = Ultraviolet
Germicidal Irradiation

URV (UVGI Rating Value) Average Intensity µW/cm2 Dose at (time) = 0.5 sec µW/s/cm2 TB (Tuberculosis) Kill Rate %
9 250 125 23.4
10 500 250 41.3
11 1000 500 65.5
12 1500 750 79.8
13 2000 1000 88.1
14 3000 1500 95.9
Simulation Response for Air Intake Release
Predicted Performance Anthrax Smallpox TB Bacilli
URV 11 – UVGI Removal Rate % 8.0 53.4 65.6
MERV 11 Filter Removal Rate % 56.7 32.3 14.1
Combined Removal Rate % 60.2 68.5 70.4
Baseline Casualties (release over 8 hour period) % 99.0 99.0 99.0
Casualties with Filters and UVGI % 1.0 1.0 1.5
From “Immune Building Systems Technology”, Kowalski 2003

 

Economic Issues to Consider

In developing, implementing, and sustaining a program to reduce vulnerability to terrorist threats, there are economic issues to consider, including three categories of costs:

  • Initial costs – installing at the COOP site
    • Filters, housing, blowers
    • Factors include flow rate, contaminant concentration
  • Operating costs – is the COOP site in use?
    • Maintenance, replacement filters, utilities, waste disposal
  • Replacement costs
    • Filter life (factors include continued concentration and particle size distribution, flow rates, etc.)

These need to be factored into protection strategies.

Note: If the COOP site is used daily, then the cost to operate and maintain a specialized HVAC system can be extreme.

 

Access to Outdoor Intakes

Several physical security measures can be applied to reduce the potential for hazardous materials entering a building through the HVAC system.

One of the most important steps in protecting a building’s indoor environment is the security of the outdoor air intakes. Outdoor air enters the building through these intakes and is distributed throughout the building by the HVAC system.

If relocation of outdoor air intakes is not feasible, intake extensions can be constructed without creating adverse effects on HVAC performance. This is a good idea for other reasons, such as keeping grass clippings, lawnmower fumes, and/or traffic fumes from being pulled into the building because of a low intake.

More than anything else, building owners and managers should ensure that any actions they take do not have a detrimental effect on the building systems (HVAC, fire protection, life safety, etc.) or the building occupants under normal building operation.

Note: The goal of this protective measure is to minimize public accessibility. In general, this means the higher the extensions, the better — as long as other design constraints (excessive pressure loss, dynamic and static loads on structure) are appropriately considered.

Diagram illustrates five examples of outdoor building air intakes, left to right: labeled "Vulnerable" shows an arrow representing air coming into the building at ground level directly to the inside air handling unit, labeled "Better" shows an arrow representing air coming in mid-level of building through an angled intake extension leading down to the inside air handling unit, labeled "Best" shows an arrow representing air coming into the building at the highest level of the building leading down to the inside air handling unit, two three quarter view examples of how a vulnerable air intake can be enclosed labeled "Enclosing a Vulnerable Outdoor Air Intake." with arrows pointing to building with mid-level flat enclosed outdoor air intake enclosure and man standing outside of building, building with an enclosed intake extension going up to the highest part of building and man standing outside of building.

Infiltration and Bypass

Additional methods of protection against CBR incidents include:

  • Infiltration – Building managers should not expect filtration alone to protect a building from outdoor releases, particularly for systems in which no make up air or inadequate overpressure is present. Filtration, in combination with other steps, such as building pressurization and tightening the building envelope, should be considered to increase the likelihood that the air entering the building actually passes through the filtration and air-cleaning systems.
  • Bypass – Filter bypass is a common problem found in many HVAC filtration systems. It occurs when air, rather than moving through the filter, goes around it, decreasing collection efficiency and defeating the intended purpose of the filtration system. Filter bypass is often caused by poorly fitting filters, poor sealing of filters in their framing systems, missing filter panels, or leaks and openings in the air-handling unit downstream of the filter bank and upstream of the blower. Simply improving filter efficiency without addressing filter bypass provides little, if any, improvement to system efficiency. As a mechanical system loads with particulates over time, its collection efficiency increases, but so does the pressure drop.

Look at the image on this screen. This is a good example of what looks like poor maintenance that is creating a critical system flaw that will affect HVAC system performance in handling CBR situations. A filter is only good if ALL the air flows through it.

Note: Building envelopes in residential and commercial buildings are, in general, quite leaky, and significant quantities of air can infiltrate the building envelope with minimal filtration. Field studies have shown that, unless specific measures are taken to reduce infiltration, as much air may enter a building through infiltration as through the mechanical ventilation system.

 

Knowledge Review

Which of the following is an example of a potential protective measure that may be used during a CBR incident?

  1. Ensure personnel use PPE
  2. Shelter in place
  3. Evacuate to COOP site
  4. Stop air circulation in rooms with unfiltered air sources
  5. All of the above
  6. A, B, and D only

Correct response: F

Correct response feedback: Yes! A, B, and D are correct. Evacuating the COOP site should not be done unless the danger has passed in a CBR incident.

 

Decontamination

Decontamination is the deliberate removal, reduction and neutralization of a hazardous substance. Following a CBR event it some level of decontamination will be necessary. It is imperative that everyone who is exposed be decontaminated for medical treatment. Buildings can incorporate decontamination efforts into the design of their building.

Types of decontamination relevant to COOP Sites:

  • Area decontamination – Pre-event planning should designate potential areas that would need to be decontaminated. Such areas would consist of locations that require frequent access such as communications or utilities or approaches. Unless there is a strong need to remain at the building, most building would not consider area decontamination.
  • Personnel decontamination – Personnel decontamination consists of removing all contamination from potentially affected individuals. This process involves clothing removal, showering, and in some cases, the use of neutralizing agents.A full description of the procedures involved after an attack and the requirements for the staging area are provided in FEMA 453, Safe Rooms and Shelters, Protecting People against Terrorist Attacks, Sections 1-9 and 1-10.
  • Entry or exit decontamination – This type of decontamination would only be used at a building that is required to operate despite contamination. The personnel involved in this would wear PPE that is designed for long-term use. If the attack is external, decontamination is conducted to keep as much contamination out as possible. If the release was inside the building, decontamination is conducted to keep contamination from spreading.

 

Decontamination Layouts

Emergency operations need to be designed to allow law, fire, and medical vehicles and personnel access for mass decontamination operations.

The Contamination Control Area is located on the boundary of the Cold Zone and Warm Zone and used by the rescue and decontamination personnel to enter and exit the Warm Zone. There are several processing stations, a resupply and refurbishment area, and a contaminated waste storage area. Runoff from decontamination operations must be controlled or contained to prevent further site contamination.

Casualty Collection Point is a critical element to save lives.

EDCS Decontamination Area Setup consisting of two fire trucks side-by-side with ladders extending between each truck to create a victim undress, shower area, redress and exit flow. Second chart showing an example decon setup establishing a hot, warm, and cold zone for victim decon. Includes patient staging area, casualty collection point, safe refuge area, zoned points for response personnel, entry and exit points for victims and rescue personnel, and medical transport station.

FEMA 453, Figure 1-15, p. 1-57, and Figure 1-13, p. 1-52

 

Decontamination Layouts (continued)

The Patient Staging Area (PSA) is located in the Cold Zone and is the transfer point for victims that have been stabilized for transport to higher care medical facilities or for fatalities to be transported to morgue facilities. The PSA area must be large enough to accommodate helicopter operations and a large number of ambulances.

The Casualty Collection Point is located in the Warm Zone and will typically have three processing stations:

  • Station 1 – Litter decontamination and non-ambulatory delayed treatment patients
  • Station 2 – Litter decontamination and immediate treatment patients
  • Station 3 – Ambulatory decontamination, minimal treatment patients, and ambulatory delayed treatment patients

Mass casualty decontamination occurs in the Warm Zone. The Safe Refuge Area is located in the Warm Zone and is used to assemble individuals who were witnesses to the incident and to separate contaminated from non-contaminated persons.

EDCS Decontamination Area Setup consisting of two fire trucks side-by-side with ladders extending between each truck to create a victim undress, shower area, redress and exit flow. Second chart showing an example decon setup establishing a hot, warm, and cold zone for victim decon. Includes patient staging area, casualty collection point, safe refuge area, zoned points for response personnel, entry and exit points for victims and rescue personnel, and medical transport station.

FEMA 453, Figure 1-15, p. 1-57, and Figure 1-13, p. 1-52

 

Decontamination Considerations

San Antonio, TX, August 29, 2008 -- A joint Operations briefing takes place in the Alamo Command Center in San Antonio. FEMA is working with State, local and other Federal agencies in a joint operation in preparation for Hurricane Gustav's land fall. Photo by Patsy Lynch/FEMADecontaminate only what’s necessary:

  • People
  • Critical supplies
  • Things that will not be destroyed by decontamination

Decontaminate as soon as possible:

  • The longer contamination is in contact, the more likely it is to be absorbed into the person or the material

Limit the spread on contamination:

  • Conduct decontamination as close to the source as possible

Establish a fixed decontamination site as part of the building:

  • Fixed decontamination sites can be very effective, however they are costly
  • COOP facility – May need a decontamination site to safeguard personnel who are required to work
  • Critical missions – Some critical missions would require personnel to operate in a “dirty” environment where decontamination would be essential to limit the spread of contamination

Questions to ask yourself:

If the main site is contaminated, how do you ensure that personnel and equipment to be relocated to the COOP facility are “clean”?

Are they decontaminated at the main site, en route to, or prior to entry into the COOP facility?

Things to Do

Facilities managers should have a current emergency plan that addresses CBR attacks, know their building HVAC system vulnerabilities, and conduct periodic walk-through inspections of the systems for evidence of irregularities or tampering.

Individuals developing emergency plans and procedures should recognize that there are fundamental differences among various CBR agents.

Three images, left image: small aircraft labeled "We believe that al-Qa'ida has explored the possibility of using agricultural aircraft for large-area dissemination of biological warfare agents such as anthrax", top right image: training video labeled "Training videos found in Afghanistan show al-Qa'ida's tests of easily produced chemical agents based on cyanide.", bottom right image: chemical diagram labeled "Documents found in Afghanistan highlight al-Qa'ida's interest in the production of more effective chemical agents such as mustard, sarin, and VX.", Source: Images from CIA publications: https://www.cia.gov/library/.

Comparison of ASHRAE Standards 52.1 and 52.2

The following table provides a comparison of American Society of Heating, Refrigeration, and Air-Conditioning Engineer (ASHRAE) standards 52.1 and 52.2.

Review the chart carefully as you will use it to answer review questions on the next several screens.

Table 5-1: Comparison of ASHRAE Standards 52.1 and 52.2


ASHRAE 52.2 ASHRAE 52.1
MERV Particle Size Range
3 to 10 μm
Particle Size Range
1 to 3 μm
Particle Size Range
0.3 to 1 μm
Test
Arrestance
Test
Dust Spot
Particle Size Range, μm Applications
1 < 20% < 65% < 20% > 10 Residential, light, pollen, dust mites
2 < 20% 65 – 70% < 20% > 10 Residential, light, pollen, dust mites
3 < 20% 70 – 75% < 20% > 10 Residential, light, pollen, dust mites
4 < 20% > 75% < 20% > 10 Residential, light, pollen, dust mites
5 20 – 35% 80 – 85% < 20% 3.0 – 10 Industrial, dust, molds, spores
6 35 – 50% > 90% < 20% 3.0 – 10 Industrial, dust, molds, spores
7 50 – 70% > 90% 20 – 25% 3.0 – 10 Industrial, dust, molds, spores
8 > 70% > 95% 25 – 30% 3.0 – 10 Industrial, dust, molds, spores
9 > 85% < 50% > 95% 40 – 45% 1.0 – 3.0 Industrial, legionella, dust
10 > 85% 50 – 65% > 95% 50 – 55% 1.0 – 3.0 Industrial, legionella, dust
11 > 85% 65 – 80% > 98% 60 – 65% 1.0 – 3.0 Industrial, legionella, dust
12 > 90% > 80% > 98% 70 – 75% 1.0 – 3.0 Industrial, legionella, dust
13 > 90% > 90% < 75% > 98% 80 – 90% 0.3 – 1.0 Hospitals, smoke removal, bacteriological and radiological
14 > 90% > 90% 75 – 85% > 98% 90 – 95% 0.3 – 1.0 Hospitals, smoke removal, bacteriological and radiological
15 > 90% > 90% 85 – 95% > 98% ⁓ 95% 0.3 – 1.0 Hospitals, smoke removal, bacteriological and radiological
16 > 95% > 95% > 95% > 98% > 95% 0.3 – 1.0 Hospitals, smoke removal, bacteriological and radiological
17 ≥ 99.97% < 0.3 Clean rooms, surgery, chem-bio, viruses
18 ≥ 99.99% < 0.3 Clean rooms, surgery, chem-bio, viruses
19 ≥ 99.999% < 0.3 Clean rooms, surgery, chem-bio, viruses
20 ≥ 99.9999% < 0.3 Clean rooms, surgery, chem-bio, viruses
Note: This table is adapted from American Society of Heating, Refrigeration, and Air-conditioning Engineers (ASHRAE) Standard 52.2: Method of Testing General Ventilation Air-cleaning Devices for Removal Efficiency by Particle Size, Atlanta, GA., 1999 and Spengler, J.D., Samet, J.M., and McCarthy, J.F., Indoor air quality Handbook, New York, NY: McGraw-Hill, 2000.

 

Knowledge Review

Refer to Table 5-1, from page 5-12 of FEMA 426, to complete the following knowledge review question.

Identify the type of filtration necessary to provide at least 90 percent efficiency to protect against the design based threat for chemical hazards?

  1. A minimum MERV 13
  2. A minimum MERV 12
  3. A minimum MERV 8
  4. A minimum MERV 5

Correct response: A

Correct response feedback: Yes! A minimum of a MERV 13 is correct. Secondary charcoal filters (chemisorbption) should be in place as well.

 

Knowledge Review

Refer to Table 5-1, from page 5-12 of FEMA 426, to complete the following knowledge review question.

Identify the type of filtration necessary to provide at least 90 percent efficiency to protect against the design based threat for biological hazards with a 1.0 to 3.0 particle size?

  1. A minimum MERV 3
  2. A minimum MERV 8
  3. A minimum MERV 12
  4. None of the items listed above are sufficient.

Correct response: C

Correct response feedback: Yes! A minimum of a MERV 12 is correct.

 

Knowledge Review

Refer to Table 5-1, from page 5-12 of FEMA 426, to complete the following knowledge review question.

Identify the type of filtration necessary to provide at least 95 percent efficiency to protect against the design based threat for radiological hazards?

  1. A minimum MERV 8
  2. A minimum MERV 10
  3. A minimum MERV 13
  4. A minimum MERV 16

Correct response: D

Correct response feedback: Yes! A minimum of a MERV 16 with UVGI is correct.

 

Summary

Now that you have completed this lesson, you should be able to:

  1. State the impact of CBR threats on the COOP site
  2. Identify the general forms of CBR threats
  3. Identify the methods of CBR detection
  4. Identify four possible protective actions
  5. Describe the techniques of decontamination

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 8 – Site and Layout Design Guidance

Site and Layout Design Guidance Overview

In this lesson, we will examine Site and Layout Design Guidance. In particular, we will examine site level considerations and concepts for integrating land use planning, landscape, architecture, site planning, and other strategies to mitigate the Design Basis Threats.

You will gain an understanding of the myriad of options available to enhance site design, taking into account many environmental challenges.

 

Lesson ObjectivesAt the completion of this lesson, students will be able to:

  1. Identify site planning concerns that can create, reduce, or eliminate vulnerabilities and understand the concept of “layers of defense”
  2. Recognize protective issues for suburban site planning
  3. Determine the pros and cons of barrier mitigation measures that increase stand-off or promote the need for hardening of buildings at risk
  4. State the benefits that can be derived from appropriate security design
  5. State the benefits of adopting a creative process to face current design challenges
  6. State the benefits of including aesthetic elements compatible with security and architecture characteristics of buildings and their surrounding environment
  7. Identify mitigation measures needed to reduce vulnerabilities

 

Layers of Defense

Diagram of a building's layers of defense. Defense layers depicted as numbered arrows. The outer layer is the first (1); the middle layer is the second (2); the center is the third layer (3). The diagram also illustrates the locations of the Entry Control Point; the Required Stand-off distance; the Perimeter Fence; and the Barrier.
FEMA 452, Figure 2-2: Layers of Defense, p. 2-3

Multiple layers of defense provide multiple opportunities to deter and detect potential threat elements.

There is no limit to the layers applied around an asset; however, three layers are generally used, which can include:

  • Deter
  • Detect
  • Engage
  • Assess
  • Delay
  • Respond

 

 

 

 

 

 

Layers of Defense (continued)

The layers of defense is a traditional approach in security engineering and uses concentric circles extending out from an area or site to the building or asset that requires protection. The image on this screen shows the layers of defense, which are described as follows:

  • First layer of defense
  • Second layer of defense
  • Third layer of defense

 

Layers of Defense

First Layer of Defense

This involves understanding the characteristics of the surrounding area, including construction type, occupancies, and the nature and intensity of adjacent activities. It is specifically concerned with buildings, installations, and infrastructure outside the site perimeter. For urban areas, it also includes the curb lane and surrounding streets.

The building owner has little or no control outside of working with the city or municipality. The first layer of defense should be designed to prevent large bombs or weapons from entering the site and to control access of personnel.

 

Layers of Defense

Second Layer of Defense

This refers to the space that exists between the site perimeter and the assets requiring protection. It involves the placement of buildings and forms in a particular site and understanding which natural or physical resources can provide protection.

The building owner has control of this layer. The second layer controls stand-off from the building, which provides protection from weapons that may slip through the first layer of defense.

 

Layers of Defense

Third Layer of Defense

This deals with the protection of the asset itself. It proposes to harden the structures and systems, incorporate effective HVAC systems and surveillance equipment, and wisely design and locate utilities and mechanical systems.

The building owner has control of this layer. Its main mitigation measures are hardening against blast and security sensors/CCTV as final access control.

 

Layers of Defense (continued)

There are many mitigation techniques available that can be used at one or more layers of defense. This lesson concentrates on site and layout design, thus it looks primarily at the first and second layers of defense.

The table below shows general mitigation considerations for the urban environment and this presentation will follow the flow of these measures from left to right, starting with Survey Surroundings on the left and ending with CBR Issues on the right.

The flow also follows the general assessment approach of looking from outside to inside and going from general information to specific information.

A Layers of Defense checklist that indicates which elements must be taken into consideration or included in each layer. The possible elements are: Survey Surroundings, Layout / Site Considerations, Yards and Plazas, Stand-Off / Controlled Access, Gatehouses / Screening, Perimeter Security Design, Barriers, Sidewalks and Curbs, Parking, Loading Dock / Service Areas, Security Lighting, Signage, Site Utilities, and CBR Issues.

Knowledge Review

Which layer of defense for COOP sites is described as:

The building envelope that also deters and detects. If an incident occurs, this layer is the only one that provides any level of protection during the tactic and weapon release.

  1. First layer of defense for COOP sites
  2. Second layer of defense for COOP sites
  3. Third layer of defense for COOP sites

Correct response: C

Correct response feedback: Well done! The third layer of defense is correct.

It is important to remember that the nature of any threat is always changing. Consideration should be given to accommodating enhanced protection measures in response to future threats that may emerge. Asset protection must be balanced with other design objectives, such as the efficient use of land and resources, and must also take into account existing physical, programmatic, and fiscal constraints.

 

First Layer of Defense

Survey Surroundings – Data Collection

In an urban environment, this action literally considers what may be a threat or vulnerability in all directions.

Understanding the surroundings includes a 360° assessment of any structures above and under the building and site of interest as to their impact on design or assessment.

  • Overhead:
    • What can fall on the building?
  • Underneath:
    • Subways
    • Roadway tunnels
    • Utilities
  • Potential vantage points for looking into the building
  • Where are different access points to the building?

 

First Layer of Defense

Survey Surroundings – Data Collection (continued)

GIS can be used to determine:

  • Approaches to site/building:
    • Personnel
    • Vehicles
    • Flight paths
    • Railways
  • Potential collateral damage near facility
  • Buildings and infrastructure of concern nearby
  • Important geographic and topographic elements

A 5-mile perspective around the COOP building or site of interest is also needed to understand interaction of the building’s critical functions and critical infrastructure against utilities, response capability, and other support provided in the local community. Included should be potential targets in the area to determine the potential for collateral damage and choke points that may restrict response or evacuation capability.

GIS applications are excellent resources that enable designers and building owners to analyze various demographic, hazardous areas, transportation networks, underground utilities and structures, etc., in order to identify potential threats, hazards, and vulnerabilities. These applications may depict a truer picture of the surrounding situation, allowing decision makers to take proactive measures to mitigate potential vulnerabilities.

 

All Layers of Defense

Layout/Site Considerations

The following considerations can have an impact in the site layout design:

  • Building placement
  • Dispersion of facilities
  • Building orientation
  • Site lines and view relationships
  • Landscaping – plant selection and design

The fundamental objective of site planning is to establish the placement of buildings, parking areas, and other necessary structures in such a way as to provide a setting that is functionally effective as well as aesthetically pleasing. The need for security adds another dimension to the range of issues that must be considered.

For security, the building placement must balance the possibilities for stand-off distances; relationship to adjacent streets and buildings; and utilities siting, driveways, and surface parking areas, as well as access to parking garages and loading areas.

 

Overhead map of a facility depicting good site design.All Layers of Defense

Layout/Site Considerations

Placement and Orientation

Orientation is the building’s spatial relationship to the site, its orientation relative to the sun, and its vertical or horizontal aspect relative to the ground.

Good site design, orientation, and building placement have a significant impact on making the building visible or hidden to aggressors. Good designs should allow for enhanced surveillance opportunities of approaches and parking.

The proximity of a vulnerable façade to a parking area, street, adjacent site, or other area that is accessible to vehicles and/or difficult to observe can greatly contribute to its vulnerability. Especially toward blast effects.

 

All Layers of Defense

Layout/Site Considerations

Clustered Versus Dispersed Facilities

Depending on the site characteristics, the occupancy requirements, and other factors, buildings may be clustered tightly in one area, or dispersed across the site. Both patterns have compelling strengths and weaknesses.

Concentrating people, property, and operations in one place creates a target-rich environment, and the mere proximity of any one building to any other may increase the risk of collateral impacts. Additionally, the potential exists for the establishment of more single-point vulnerabilities in a clustered design than would exist in a more dispersed pattern. However, grouping-high risk activities, concentrations of personnel, and critical functions into a cluster can help maximize stand-off from the perimeter and create a “defensible space.”

Side-by-side site plan examples of Clustered and Dispersed facilities.

FEMA 426, Figure 2-2: Clustered versus Dispersed Site Layouts, p. 2-8

 

Two illustrations showing how trees and obstruction screens block sight lines into a site.
FEMA 426, Figure 2-2: Clustered versus Dispersed Site Layouts, p. 2-8

First Layer of Defense

Layout/Site Considerations

Siting and View Relationships

  • Operational security is not a traditional element of landscape/urban design, but managing the threat of hostile surveillance is a significant consideration in protecting people, property, and operations.
  • Landscape elements can provide visual screening that protects sensitive operations, gathering areas, and other activities from surveillance without creating concealment for covert activity.
  • Topography, relative elevation, walls, fences, and vegetation are design elements that can open and close views.

Countersurveillance is another aspect of line of sight. It involves of finding places where terrorists can survey (easily see without being obvious) your facility and its operations/procedures and watch those locations for potential threats.

When designing a site, it is a design goal to NOT create a location with a line of sight that can be used for surveillance.

 

All Layers of Defense

Layout/Site Considerations

Landscaping – Plant Selection and Design

The following are some considerations for the use of planting for security:

  • Maintenance – When a living landscape is installed with a security function, it needs to be well-maintained to support its continued health and effectiveness
  • Aesthetics – Planting can be effectively used to soften and enhance the sometimes stark appearance of security elements
  • Perimeter barriers – Planting can be used as a perimeter barrier in the form of thorny hedges and dense hedge rows
  • Site lines/hiding sites – Choice of plant material with the ultimate size and maintenance requirements in mind must ensure that plants do not ultimately block important sight lines or create hiding places
  • Underground utilities – Conflicts may occur between planting areas and underground utilities. Below-ground conditions should be accurately identified before landscape design is commenced

 

Knowledge Review

The fundamental objective of site planning is to establish the placement of buildings, parking areas, and other necessary structures in such a way as to provide a setting that is functionally effective as well as aesthetically pleasing.

  1. True
  2. False

Correct response: A

Correct response feedback: Yes! The answer is true. Remember, the need for security adds another dimension to the range of issues that must be considered.

 

All Layers of Defense

Overhead diagram of building site showing stand-off distance of 60' on the West side, 25' on the North side, and 20' on the East side.
FEMA 426, Figure 2-8: Stand-off Distance
Injury and/or Damage
Stand-off (Feet)
500-lb. Bomb
Stand-off (Feet)
5000-lb. Bomb
Threshold of failure, concrete columns 30 60
Potentially lethal injuries 150 350
Injuries from wall fragments or to people in open 150-250 350-500
Severe glass wounds (glass with applied film) 250 650
Severe glass wounds (unprotected glass) 500 1000+
Minor cuts 800 1000+
FEMA 430, Table 2-5: Injury or Damage Related to Stand-Off

Stand-off Distance and Effects of Blast

Increasing the stand-off distance from the detonation to the structure will reduce the intensity of the blast loading, which in turn decreases the cost for protective design. Although the optimum stand-off distance is a function of the weight of the explosive threat and the cost of real estate, the selection of stand-off distance is often limited by site conditions.

A major benefit of the increased stand-off distance is the reduction in hazard to the occupants, shown in this table.

Keep in mind constraints or opportunities provided by the site. For stand-off distances for a typical COOP site, where the building face may be around 10 to 20 feet from the curb, an acceptable minimum distance may be completely unachievable. In this case the identified threat must be addressed by measures such as perimeter barriers, structural hardening, building envelope enhancement, location of valuable functions within or away from the building, operational procedures such as increased surveillance, or acceptance of some higher degree of risk. Some combination of these measures will probably apply.

 

Overhead diagram of building site showing stand-off distance of 60' on the West side, 25' on the North side, and 20' on the East side.
FEMA 426, Figure 2-8: Stand-off Distance

All Layers of Defense

Determination of Stand-off Distances

Determination of the minimum stand-off is specific for each building or other asset. It is based on:

  • Prediction of the explosive weight of the weapon (Design Basis Threat provided by the threat assessment)
  • Required level of protection: This may be specified in the case of a Federal or other Government building, but for a privately owned building it is a determination of the acceptable risk made during the risk assessment process
  • Evaluation of the type of building construction, including the building structure and the nature of the building envelope

 

Diagram of the outside of a facility with the following locations identified: Top left - Stand-Off; Top Right - Entry Control Point. Second down from the right - Concrete Planters; Third down from the right - Install Barriers Along Perimeter; Fourth down from the right - Exclusive Stand-Off Zone; Fifth down from the right - Fence.
FEMA 426, Figure 2-10, page 2-26: Exclusive zone

All Layers of Defense

Controlled Access Zones

The controlled access zone is one of the key elements when determining an effective placement of a building. Designers may determine if the building to be designed or protected will require an exclusive or non-exclusive access zone.

An exclusive zone is defined as the area surrounding a single building or building complex that is in the exclusive control of the owners or occupants: Anyone entering an exclusive zone must have a purpose related to the building.

non-exclusive zone may be either a public right-of-way, such as plazas, sidewalks, and streets surrounding a downtown building, or an area related to several buildings, such as an industrial park with open access.

 

All Layers of Defense

View from roof of high-risk building showing a potential high speed approach route to the building, especially after all traffic has passed. Bottom image shows building in the background has a wall and parked cars protecting it from a high speed approach, but the entrance to the building on the left is only protected by the turn required at the bottom of the ramp or not protected at all if traveling the taxi route from behind the building on the right.Vehicle Approach Speed/Traffic Calming

Access Points

Controlling the angle of approach and the length of straight-aways is important to provide protection to high-risk buildings.

Traffic calming strategies seek to use design measures to cue drivers as to the acceptable speed for an area. They can control the angle of approach:

  • Turns
  • Curves

Or slowdown approach:

  • Chicanes
  • Speed bumps/tables
  • Pavement treatments

In conjunction with traffic calming considerations, appropriate barriers to block moving vehicle attacks should be considered at high-risk buildings.

Vehicle Approach Speed Analysis

The threat of vehicular attack can be reduced significantly by controlling vehicular speed and removing the opportunity for direct collision with the building. If the vehicle is forced to slow down and impact a barrier at a shallow angle, the impact forces are reduced.

 

All Layers of Defense

Controlled Access Zone/Entry Control and Vehicle Access

Diagram of Controlled Access Zone/Entry Control and Vehicle Access points along route to building.
FEMA 426, Figure 2-15: Typical Entry Control Point Layout

The objective of the access point is to prevent unauthorized access, while at the same time controlling the rate of entry for vehicles and pedestrians. An access point is a designated area for authorized building users: employees, visitors, and service providers. Access points along the defended perimeter:

  1. Reject vehicles before final barrier
  2. Inspection area blast effects:
    • Pressure
    • Fragments
  3. Provide reaction time to activate barriers

It is advisable to design circulation to separate different types of traffic and provide separate routes for staff, for visitors, and for deliveries. With the separation of vehicle types, security can more easily address differing needs for screening, observation, and potential threat mitigation.

 

All Layers of Defense

Diagram showing the arrangement of the Gatehouse and the retractable and fixed bollards that contribute to Security Screening of a building.Gatehouses and Security Screening

Entry control facility considerations include:

  • Gatehouses
  • Inspection considerations
  • Final denial barrier
  • Sally ports (double row of barriers)

 

 

FEMA 430, Figure 5-8: Features of a typical vehicular entry control post

 

 

All Layers of Defense

Controlled Access Zone

Gatehouses

Gatehouses and screening require manned access control and inspection considerations. Design of the entry control point must accomplish many security-related functions and should consider:

  • Gatehouses should be hardened as determined by the expected blast load and should provide protection from the elements.
  • If ID checking is also required between the traffic lanes, some measure of protection against hostile activity should be provided for the security guard.
  • Gatehouses, lobbies, and guard posts should be provided with clear views of approaching traffic, both pedestrian and vehicular.
  • Queuing space for pedestrian visitors to gather as they wait to enter a building is necessary; this may be provided in a screening pavilion for visitors beyond the building entry, which may be at a distance from the main facilities.
  • Active vehicle crash barriers are necessary to deny entry and to give entry control personnel adequate time to respond to unauthorized activities. The response time is defined as the time required for complete activation of the active vehicle barrier once a threat (vehicle circumventing access control) is detected. The response time includes the time for security personnel to react to a threat and initiate the activation of the barrier system, and the time for the selected barrier to fully deploy and close the roadway.

Some inspection considerations:

  • Pullover lanes at site entry gates should be provided for an initial vehicle check prior to allowing access to a site.
  • Inspection areas should be large enough to accommodate a minimum of one vehicle and a pullout lane.

 

All Layers of Defense

Controlled Access Zone

Final Denial Barriers

For high-security buildings, a final denial barrier after initial screening is necessary to stop unauthorized vehicles from entering the site.

A properly designed final denial barrier will safely stop individuals who have made an honest mistake, but provide a properly designed barrier to stop those with hostile intentions.

 

All Layers of Defense

Perimeter Security Design

A perimeter security design involves two main elements:

  • Perimeter barrier that prevents unauthorized vehicles and pedestrians from entering the site
  • Access control points at which vehicles and pedestrians can be screened and, if necessary, inspected before they pass through the barrier

Issues to be considered in the design of a barrier system:

  • The design should be based directly on the Design Basis Threat assessed for the project, as well as available countermeasures and their ability to mitigate risk.
  • The barrier layout at sidewalks should be such that a constant clear path of 8 feet or 50 percent of the sidewalk, whichever is e greater, should be maintained.
  • Any security (or other) object placed on the curb should be at least 2 feet from the curb line to allow for door opening and to facilitate passenger vehicle pick-up and drop-offs, if this can be done anywhere along the curb. However, the most effective placement is at a maximum of 2 feet: This allows the barrier to engage the engine block and mass of an approaching vehicle before the tires have impacted the curb and begun to launch it over the barrier.
  • Monotonous repetition of a single element should be avoided.
  • Use a palette of elements, such as varied bollard types, engineered sculptured forms, hardened street furniture, low walls, and judicious landscaping.

 

All Layers of Defense

Retractable bollards and examples of how they stop vehicles.Determination of Barrier Performance Requirements

The security design criteria required for a barrier are largely determined by key information obtained in the following steps in the risk assessment process:

  1. Threat analysis should provide the following Design Basis Threat:
    • Vehicle size, weight, speed
    • Bomb size (weapon yield in pounds of TNT equivalent) and worst-case stand-off distance
  2. Vulnerability analysis provides:
    • Building envelope and structural information that contribute to the determination of the appropriate stand-off distance and that enable possible tradeoff between alternative building characteristics and stand-off distances to be evaluated and budgeted
    • Information on available stand-off distances
    • Information on the possible reduction of vehicle speed through the existing or modified characteristics of approach roads using various traffic calming techniques
    • Limitations imposed by underground utilities
    • Information on the types of soil, which affect barrier standards
  3. The risk assessment provides:
    • Information to assist the property owner in determining the acceptable risk and the desired level of protection.

These photos show retractable bollards stopping a substantial truck with very little penetration.

An active barrier can be activated in seconds (one to three) and should be either always up (sally port concept) or deployed upon identification that the gate is being crashed (taking into consideration response time, maximum vehicle speed, and activation speed).

Pop-up barriers can create serious damage to vehicles, especially if deployed when a vehicle is above the barrier. Consider manual activation to avoid unnecessary damage (i.e., avoid magnetic vehicle loops to redeploy barriers that may catch tailgating vehicles).

 

Knowledge Review

A perimeter security design involves which of the following?

  1. Perimeter barrier that prevents unauthorized vehicles and pedestrians from entering the site
  2. Access control points at which vehicles and pedestrians can be screened and, if necessary, inspected before they pass through the barrier
  3. Monotonous repetition of a single element
  4. A and B only
  5. B and C only

Correct response: D

Correct response feedback: Great job! A perimeter security design involves the two main elements identified in responses A and B.

 

All Layers of Defense

Test Vehicle/ Minimum Mass lb (kg) Nominal Min.Test Vehicle Velocity mph (km/h) Kinetic Energy ft-kips (KJ) Condition Designation
Small Passenger Car
( C ) 2,430 (1,100)
40 (65) 131 (179) C-40
Small Passenger Car
( C ) 2,430 (1,100)
50 (80) 205 (271) C-50
Small Passenger Car
( C ) 2,430 (1,100)
60 (100) 295 (424) C-60
Pickup Truck
(P) 5,070 (2,300)
40 (65) 273 (375) PU- 40
Pickup Truck
(P) 5,070 (2,300)
50 (80) 426 (528) PU-50
Pickup Truck
(P) 5,070 (2,300)
60 (100) 613 (887) PU-60
Medium-Duty Truck
(M) 15,000 (6,810)
30 (50) 451 (656) M-30
Medium-Duty Truck
(M) 15,000 (6,810)
40 (65) 802 (1,110) M-40
Medium-Duty Truck
(M) 15,000 (6,810)
50 (80) 1,250 (1,680) M-50
Heavy Goods Vehicle (H) plus
15,000 (6,810)
30 (50) 11,950 (2,850) H-30
Heavy Goods Vehicle (H) plus
15,000 (6,810)
40 (65) 3,470 (4,810) H-40
Heavy Goods Vehicle (H) plus
15,000 (6,810)
50 (80) 5, 430 (7,820) H-50
Designation Dynamic Penetration Rating
P1 less or equal to 3.3 feet (1 meters)
P2 3.31 to 23.0 feet (1.01 to 7 meters)
P3 23.1 to 98.4 feet (7.01 to 30 meters)
P4 98 feet or greater (30 meters)

Barrier and Bollards – Department of State Barrier Ratings

Beginning February 1, 2009, the Department of State (DoS) decided to evaluate only new anti-ram barriers tested under ASTM F2656-07 Standard Test Method for Vehicle Crash Testing of Perimeter Barriers for the selection and approval for use at DoS facilities. The only barriers considered would be those with an ASTM F2656-07 rating of M30 P1, M40 P1and M50 P1. The chosen impact point must be agreed to by DoS. This ASTM standard provides a range of vehicle impact conditions, designations, and penetration performance levels that will allow an agency or owner to select passive perimeter barriers and active entry point barriers appropriate for use at facilities with a defined moving vehicle threat.

Crash testing can convincingly demonstrate the performance of a specific barrier, but it may not address site-specific important subgrade conditions and does not provide the flexibility required to engineer the foundations and barriers for adverse subgrade conditions.

The crash testing standard in common use was developed by DoS. To obtain DoS certification, the vehicle barrier must be tested by an independent crash test facility to meet DoS standards. The test specifies perpendicular barrier impact by a 15,000-lb. (6810 kg.) diesel truck. Initially, the DoS standard provided for three levels of intrusion, but in February 2003, the standard was revised, calling for the highest test level — that which allows less than 36 inches (0.9m) penetration distance.

 

All Layers of Defense

Vehicle Weight (lbs.) Vehicle Speed (mph) Distance Past Barrier (ft)
15,000 30 <=3(L3)/20(L2)/50(L1)
15,000 40 <=3(L3)/20(L2)/50(L1)
15,000 50 <=3(L3)/20(L2)/50(L1)
10,000 50 0 to 50
10,000 15 50 to 100

Barrier and Bollards – Department of Defense Barrier Ratings (continued)

The Department of Defense (DoD) barrier ratings use the old DoS criterion that allows the front of the vehicle to penetrate a given distance past the barrier. This would be more suitable in a suburban environment where there is greater distance between the barrier and the nearest building than in the urban environment.

Note: The DoD periodically issues lists of manufacturers and model numbers certified in meeting-prescribed testing criteria (August 2003).

 

First and Second Layers of Defense

Two examples of barriers. Top example is an active (operable) barrier and bottom example shows a passive (fixed) barrier.Barrier Types

There are two basic categories of barriers:

  • Passive (fixed)
  • Active (operable)

 

 

 

 

 

 

 

 

First and Second Layers of Defense

Passive Barriers

Passive barriers are fixed in place, do not allow for vehicle entry, and are used to provide perimeter protection away from vehicle access points. Examples of passive barriers include:

  • Walls
  • Berms
  • Engineered planters
  • Fixed bollards
  • Heavy objects
  • Reinforced street furniture
  • Fixtures
  • Trees and water obstacles
  • Jersey barriers in fixed and anchored installations
  • Fences

 

All Layers of Defense

Diagram from the NCPC Streetscape Catalogue depicting various types of defense barriers shown in scale each other and to people.Passive Barriers – Street Furniture

Streetscape can be used to increase security. It can include hardened versions of parking meters, street lights, benches, planters, and trash receptacles that act as barriers to moving vehicles.

Design of streetscape should take into consideration:

  • Scale – appropriate to primary users, less inviting to users with malicious intent
  • Scope – adequate for pedestrian circulation and normal use

 

 

 

All Layers of Defense

Passive Barriers – Barriers and Bollards

This chart shows the sizing requirements for the level of protection sought. The bigger the vehicle and the higher its speed, the stronger the barrier must be as shown by this chart.

The greater the barrier mass and reinforcement and the deeper it is connected to the earth, the higher its rating.

A diagram depicting the effectiveness of a barrier. Note that since speed is squared (K.E. = ½ * mass * speed * speed), controlling speed is a primary concern.

From US Army Field Manual 5-114, Engineer Operations Short of War, 1992

 

All Layers of Defense

A collage of images displaying the placement of Jersey barriers.Passive Barriers – Jersey Barrier

Jersey barriers are the least desirable of barrier types because they:

  • Are difficult to place and move
  • Have no vehicle-stopping capability unless tied to pavement with at least four pieces of #4 (1/2-inch diameter) rebar into pavement about 18 inches deep and/or tied together with steel cable (3/4 to 1-inch)
  • Can cause sidewalk failure due to concentrated load and the fact that sidewalk may be hollow underneath for storage or utilities
  • Add to fragmentation (barrier shatters) if a vehicle bomb explodes next to barrier
  • Impede access to pedestrians and first responders:
    • Utilities (if placed on top of manholes)
    • Emergency access (fire trucks, ambulance, police)
    • ADA (Americans With Disabilities Act) access – crosswalks and ramps

Note: Jersey barriers with 4,000 psi (compressive strength) concrete readily fragment when a vehicle bomb nearby explodes, resulting in an incident pressure exceeding 4,000 psi.

 

All Layers of Defense

Passive Barriers – Architectural

When placed, make sure bollards accomplish their barrier function with an appropriate distance of not more than 4 feet between them.

Placed in long unbroken rows, they present a monotonous appearance and may appear as a wall from some angles.

Pay attention to how bollards or fences:

  • Turn the corner
  • Intersect with driveways and gates
  • Cross pedestrian paths and handicapped ramps

In a COOP environment, bollards and barriers are ideally the All Layers of Defense to obtain the most stand-off possible.

 

Knowledge Review

Which of the following is the least desirable type of passive barrier, in terms of its vehicle stopping ability, aesthetics, affect on pedestrian access, and performance in blast loading?

  1. Berms
  2. Fixed bollards
  3. Reinforced street furniture
  4. Jersey barriers
  5. Trees and water obstacles

Correct response: D

Correct response feedback: Terrific! The correct response is jersey barriers.

 

First and Secord Layers of Defense

Active Barriers

Active barriers are used at vehicular access control points within a perimeter barrier system, or at the entry to specific buildings within a site, such as a parking structure or a parking garage within an occupied building, to provide a barrier for vehicle screening or inspection; they can be operated to allow vehicle passage. Examples of active barriers include:

  • Rotating drum systems
  • Rising-wedge barricades
  • Retractable bollards
  • Crash beams
  • Crash gates
  • Surface-mounted wedges and plates

Active devices must be used in conjunction with signage, light signals, gatehouses, and security personnel.

 

All Layers of Defense

Active Barriers – Barriers and Bollards

As with passive barriers, active barriers also have different levels of kinetic energy stopping power, based upon mass and connection to the earth, as shown in the table below.

A diagram depicting the effectiveness of an active barrier.

From US Army Field Manual 5-114, Engineer Operations Short of War, 1992
Source: Delta Scientific Corporation

 

 

All Layers of Defense

Two views of sidewalks and curbs along city streets.Sidewalks and Curbs

Sidewalks serve as the common space for pedestrian interaction, movements, and activity. Sidewalks should be open and accessible to pedestrians to the greatest extent possible, and security elements should not interfere with circulation, particularly in crowded locations.

With exterior walls on the property line, the stand-off distance is the width of the sidewalk in many cases.

Low curbs are not a deterrent in keeping vehicles away from buildings, as shown in the bottom image on this screen.

With little stand-off, increased building security and hardening will be expensive.

 

All Layers of Defense

Top example shows bollards that are spaced so far apart that they cannot keep most vehicles out, so a single planter was placed to fill a gap. The bottom example shows pedestrian traffic being controlled into a closed service street.Sidewalks and Curbs (continued)

Look at the images on this screen for additional examples of interruptions in sidewalks and closure of streets.

The top image shows bollards that are spaced so far apart that they cannot keep most vehicles out, so a single planter was placed to fill a gap. Also in the top photo, note the restriction to pedestrian traffic caused by the jersey barrier, which would have been equally effective if placed directly behind the bollards or angled with the planter to open up the sidewalk.

The bottom image shows pedestrian traffic being controlled into a closed service street.

 

All Layers of Defense

Hand drawn diagram showing curb at 8-12 inches in height along with real world example of stand-off distance using Jersey barriers.Sidewalks and Curbs (continued)

Curbside parking should not be removed unless additional stand-off distance is absolutely necessary for high-risk buildings. Prohibiting on-street parking or closing lanes should only be used as a temporary measure during times of increased alert.

High curbs and other measures may be installed to keep vehicles from departing the roadway in an effort to avoid other security counter-measures.

 

All Layers of Defense

Diagram showing the 10 security zones around a Facility or Asset marked with icons. Legend: Leaky Coaxial Cable Sensor (dotted line), Pan-Tilt-Zoom Camera (shaded dot inside circle), Fixed Camera (camera outline), Microwave Sensor (half circles), Infrared Beam Sensor (triangle), Vehicle Contraband Detection Sensor (cones).Site Security Design Guidelines

The collaborative, multidisciplinary approach in defining a security philosophy can represent permanence and encourage citizen participation.

Increased setbacks can become active public spaces, physical restraints can serve as seating areas or landscape features, and new amenities can both increase the safety of Federal employees and integrate our public buildings into their neighborhoods.

Site security design is important, particularly for:

FEMA 426, Fig 6.9, page 6-28
  • Parking
  • Loading docks and service areas
  • Security lighting
  • Signage
  • Site utilities
  • CBR issues

 

All Layers of Defense

Site Security Design Guidelines

Parking

Parking at the building, at an adjacent building, or in a nearby parking garage have limited stand-off distance in the urban environment.

Hardening considerations come into play for each situation, whether it is the building face, adding bollards to maintain stand-off, or taking access control and column hardening actions in an urban parking garage.

There are three primary types of parking facilities, all of which present security trade-offs:

  1. Surface lots can be designed to keep vehicles away from buildings, but they consume large amounts of land and, if constructed of impervious materials, can contribute greatly to storm water runoff volume. They can also be hazardous for pedestrians if dedicated pedestrian pathways are not provided.
  2. In contrast, non-street parking is often convenient for users and a source of revenue for local Governments, but this type of parking may provide little or no setback.
  3. Finally, garage structures provide revenue and can be convenient for users, but they may require structural measures to ensure blast resistance as well as crime prevention measures to prevent street crime.

 

All Layers of Defense

Site Security Design Guidelines

Parking (continued)

When designing parking, the following should be taken into consideration:

  • Maintain stand-off distance from building
  • Restrict parking from the interior of a group of buildings and away from any restricted area
  • Avoid having parking near, within, or underneath buildings; consider hardening against
  • Locate parking within view of occupied buildings
  • If possible, design the parking lot with one-way circulation that restricts straight-on high-speed approaches to buildings
  • Provide signage to clearly mark separate entrances for different parking lots
  • Keep parking areas well lit; use emergency communications and/or CCTV

 

All Layers of Defense

Site Security Design Guidelines

Delivery/Loading Docks

Considerations in the design of loading docks and service areas include:

  • Since larger vehicles can carry larger weapons, the goal is to screen the vehicles away from the urban area and escort them from the screening to the building.
  • Schedule deliveries to avoid queuing. In conjunction with local authorities and building tenants, consider shifting deliveries to time of day when building is not occupied. For example, deliveries are done from 19:00 to 05:00 when the building occupancy is occupied from 06:00 to 18:00.
  • Use barriers and gatehouses for access control to allow final approach of vehicles to the loading dock.
  • Significant structural damage to the walls and ceiling of the loading dock may be acceptable; however, the areas adjacent to the loading dock should not experience severe structural damage or collapse.

 

Knowledge Review

What is the security trade-off for garage structures?

  1. May require structural measures to ensure blast resistance as well as crime prevention measures to prevent street crime
  2. May provide little or no setback
  3. If constructed of impervious materials, can contribute greatly to storm water runoff volume

Correct response: A

Correct response feedback: You got it! The correct response is A.

 

All Layers of Defense

Site Security Design Guidelines

Security Lighting

Security lighting should be provided for overall site and building illumination to allow security personnel to maintain visual assessment during darkness. Lighting is desirable around areas such as entrances, loading docks, parking, etc. At entry points, a recommended minimum surface lighting average of 4 horizontal foot candles will help ensure adequate lighting.

Security lighting has different purposes — to blind, to allow vehicle inspection, to identify credentials, to support CCTV capabilities, etc. Thus, security lighting must be coordinated for all purposes.

 

All Layers of Defense

Site Security Design Guidelines

Security Lighting (continued)

Types of lighting include:

  • Lighting zones:
    • Concentrate light – Site lighting can be separated into zones in order to concentrate light where it is needed most.
    • Prioritize – Prioritizing will allow for the most efficient use of lighting while keeping within a reasonable budget.
  • Scalable:
    • Provide different levels of lighting – It is also important to consider operational factors when designing an appropriate lighting situation.
  • Operational issues:
    • Costs – Estimate and evaluate the lifecycle costs for energy and maintenance.
    • Sustainability – Evaluate the impact on project sustainability.

In addition, site lighting can be helpful as a response to different levels of alert, by designing it to be increased in times of high security alert. Provision of additional light is a common technique to discourage unwanted activities on sites and within buildings and to enhance desirable activities.

 

All Layers of Defense

Site Security Design Guidelines

Signage

Building owners should determine how visible the project should be and the corresponding implications for site signage. For some projects, a degree of anonymity may be part of the security strategy. Signage considerations:

  • Unless required, signs should not identify sensitive areas.
  • Minimize signs identifying critical utility complexes, such as power plants and water treatment plants.
  • Warning signs should be posted at all entrances to limited, controlled, and exclusion areas.
  • The wording on the signs should denote warning of a restricted area.
  • Signs should be posted at intervals of no more than 100 feet or at entrance points only.
  • Signage may be mounted on other elements, such as walls, to reduce the number of posts along the street or perimeter.
  • Signposts may be hardened and included as part of the perimeter barrier.
  • The lighting of signage may also enhance nighttime safety to those who come to the site during evening or early morning hours.
  • Warning signs must use language commonly spoken.

 

All Layers of Defense

Collage of images showing an antenna system for Emergency Operations Center accessible from the ground, an open gate allowing access to critical cooling unit for computer center, an exposed generator and natural gas regulators, and exposed air conditioning systems.Site Security Design Guidelines

Site Utilities

Utility considerations:

  • Concealed or underground utilities are easier to protect than exposed or aboveground constructions. Fortunately, in the urban environment utilities are primarily underground.
  • Access to utilities should be protected or secure, allowing only authorized personnel access to perform maintenance and repair.
  • The location and accessibility of site utilities directly impacts the vulnerability of systems to disruption and failure.
  • Incoming utility systems should have two entry points to the building for redundancy as required by criticality.
  • Looped versus radial distribution of utilities to the building allows for higher system reliability and faster repair by avoiding utility loss by a single incident.
  • If possible, surveillance of critical utility points should be conducted.

 

All Layers of Defense

A CBR incident; wide landscape with heavy smoke emanating from a central locationSite Security Design Guidelines

CBR Issues

A major concern is the vulnerability of buildings to CBR threats.

The following information presented is limited to those aspects of protection against CBR threats that concern site design and building placement. Further detail is provided in Lesson 10.

The main site and layout protective measures against CBR are:

  • Avoid low-lying sites
  • Evacuation areas
  • Areas designated for decontamination, entry, and exit
  • Location of air intakes – relative to ground level and prevailing winds
  • Placement and orientation of a new building should take into account prevailing winds, although the actual wind direction and speed at the time of an outdoor release will directly affect the building
  • The surrounding terrain may result in channeling a CBR release toward the site and building

Image information: About 11:15 am Central Daylight Time on October 27, 2004, an 8-inch-diameter pipeline owned by Magellan Midstream Partners, L.P., (Magellan) and operated by Enterprise Products Operating L.P. (Enterprise) ruptured near Kingman, Kan., and released approximately 4,858 barrels (204,000 gallons) of anhydrous ammonia. Nobody was killed or injured due to the release. The anhydrous ammonia leaked into a creek and killed more than 25,000 fish, including some from threatened species. The cost of the accident was $680,715, including $459,415 for environmental remediation.

 

Knowledge Review

In terms of CBR, buildings should be sited in low-lying sites.

  1. True
  2. False

Correct response: B

Correct response feedback: Excellent! The answer is false. Heavier-than-air contaminants will have greater impacts upon low-lying areas, because the agent hugs the ground as it disperses. Thus, since most terrorist CBR agents are heavier than air, avoiding low-lying sites and raising air intakes is the most beneficial action to take.

 

Best Practices

To summarize:

  • A broad spectrum of mitigation actions can be taken – with a wide range of cost, protection provided, and level of effort required by the asset owner
  • The nominal ranking of mitigation measures on page 2-30 (FEMA 430) provides a framework for the identification of short-term and long-term measures that can be taken

Note: Page 2-30 of FEMA 430 provides a comprehensive list of security/protection measures that can be taken — increasing in protection, cost, and level of effort – that complements this graphic on Site Mitigation Measures.

Sketch of a facility. Arrows point to different locations on the site and mitigation actions that can be taken there, including: Eliminate potential hiding places near facility, provide an unobstructed view around facility; Locate facility away from natural or man-made vantage points; Secure access to power/heat plants, gas mains, water supplies, and electrical service; Eliminate lines of approach perpendicular to the building; Minimize vehicle access points; Illuminate building exteriors or sites where exposed assets are located; Locate parking to obtain stand-off from facility; Minimize exterior signage or other indications of asset locations; Locate trash bins as far from facility as possible; Eliminate parking beneath facilities.

Reference FEMA 426, Figure 2-16, Site Mitigation Options

 

 

Knowledge Review

On the next several screens you will be asked True or False questions related to the material covered in this lesson.

It is important to identify major structures surround the facility (site or building(s)).

  1. True
  2. False

Correct response: A

Correct response feedback: Excellent! The answer is true.

The following are possible surrounding structures that would be considered in site and layout design: large manufacturing plants with large quantities of hazardous materials stored on site, hazmat facilities, important Government and transportation buildings, etc.

 

Knowledge Review

It is important to identify if a perimeter fence or other types of barrier controls are in place.

  1. True
  2. False

Correct response: A

Correct response feedback: Excellent! The answer is true.

Always identify if a perimeter fence or other types of barrier controls are in place.

 

Knowledge Review

Site lighting needs only to be adequate from a security perspective in parking areas.

  1. True
  2. False

Correct response: B

Correct response feedback: Excellent! The answer is false. Site lighting should also be adequate from a security perspective in roadway access.

 

Knowledge Review

The location of items such as trash receptacles and mailboxes do not to need play a role in your assessment.

  1. True
  2. False

Correct response: B

Correct response feedback: Excellent! The answer is false. Trash receptacles and mailboxes that are in close proximity to the building can be used to hide explosive devices. Always identify the location of these items.

 

Knowledge Review

You should identify the source of domestic water.

  1. True
  2. False

Correct response: A

Correct response feedback: Excellent! The answer is true. Sources of domestic water may include utility, municipal, wells, lake, river, storage tank, etc.

 

Summary

Now that you have completed this lesson, you should be able to:

  1. Identify site planning concerns that can create, reduce, or eliminate vulnerabilities and understand the concept of “layers of defense”
  2. Recognize protective issues for suburban site planning
  3. Determine the pros and cons of barrier mitigation measures that increase stand-off or promote the need for hardening of buildings at risk
  4. State the benefits that can be derived from appropriate security design
  5. State the benefits of adopting a creative process to face current design challenges
  6. State the benefits of including aesthetic elements compatible with security and architecture characteristics of buildings and their surrounding environment
  7. Identify mitigation measures needed to reduce vulnerabilities

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 9 – Building Design Guidance

Building Design Guidance Overview

Continuing with our understanding of vulnerability and mitigation measures, we have looked at site and layout concerns and now turn our attention to what considerations are needed in building design to mitigate tactics involving explosive blast or CBR agents.

We will examine design considerations that achieve a balanced building envelope that provides a defensive layer against the given terrorist tactic and avoids creating ripple effects where one incident may affect more than one building system.

Catastrophic collapse of any building is a primary concern. Historically, the majority of fatalities that occur in terrorist attacks directed against buildings are due to building collapse. This was true for the Oklahoma City bombing in 1995 when 87 percent of the building occupants who were killed were in the collapsed portion of the Murrah Federal Building. But glass causes over 80 percent of injuries during bomb blast, and there are some low-cost techniques to keep CBR agents outside of buildings or to limit their spread inside.

 

Lesson ObjectivesAt the completion of this lesson, students will be able to:

  1. Identify architectural considerations to mitigate impacts from blast effects and transmission of chemical, biological, and radiological agents from exterior and interior incidents
  2. Identify key elements of building structural and non-structural systems for mitigation of blast effects
  3. Determine the benefit of building envelope, mechanical system, electrical system, fire protection system, and communication system mitigation measures, including synergies and conflicts
  4. Apply these concepts to an existing building or building conceptual design and identify mitigation measures needed to reduce vulnerabilities

 

Layers of Defense

The first and second layers were discussed in the previous lesson. The third layer of defense is applicable to building design.

FEMA 452 — Third Layer of Defense. This deals with the protection of the asset itself. It proposes to harden the structures and systems, incorporate effective HVAC systems and surveillance equipment, and wisely design and locate utilities and mechanical systems.

The building owner has control of this layer. Its main mitigation measures are hardening against blast and security sensors/CCTV as final access control.

 

Third Layer of Defense

Stand-off Distance

Stand-off distance is the primary impact on design and construction of building envelope and structure against Design Basis Threat (explosives). It helps protect against unauthorized vehicles and aggressors approaching target buildings.

Of all blast mitigation measures, distance is the most effective measure because other measures vary in effectiveness and can be more costly. However, many times it is not possible to provide adequate stand-off distance.

The Design Basis Threat weapon yield and the level of protection desired drive the hardening required for the stand-off distance available.

Note: As shown in the figure, every foot of stand-off at 50 feet and below, AND ESPECIALLY BELOW 20 FEET, is critical to reducing the blast loads on a building. Above 100 feet, that extra foot makes less difference.

Illustration on left showing building labeled Asset, threat identified as an explosion, and area in between labeled Stand-off Zone. Text note: 'Protect against unauthorized vehicles approaching target buildings'. On the right is a chart that shows the range needed for stand-off against an explosive blast. The vertical axis is Peak Reflected Pressure (psi), from 1 to 100,000, and the horizontal axis is the Range (ft), from 1 to 1,000. The three lines graphed are for 10 pounds of TNT; 100 pounds TNT; and 1,000 pounds of TNT.
FEMA 426, Figure 2-8: Concept of Stand-off (Left)

 

Third Layer of Defense

Stand-off Distance vs. Hardening of Structures (continued)

This representation of the estimated damage at Khobar Towers uses the blast modeling software available circa 1997. It shows the front façade of the target building receiving very severe damage when the estimated bomb is at 80 feet. Increasing the stand-off using the same building construction and bomb size shows that the stand-off required to limit damage is 400 feet.

Figure key:

  • Red = very severe damage, possible collapse
  • Yellow = very unrepairable structural damage
  • Green = moderate repairable structural damage

Three examples of stand-off distance and its relationship to blast impact as modeled on five buildings at the Khobar Tower site. First diagram shows detonation impact on building at 80 ft. Second image shows detonation impact at 171 ft. Third image shows detonation impact at 400 ft.

Air Force Installation Force Protection Guide, Figure 4-3: Stand-off distance and its relationship to blast impact as modeled on the Khobar Tower Site, p. 20

 

Note: 82 feet of stand-off allows use of conventional construction with minimal upgrades when used in conjunction with a controlled perimeter that detects larger bombs prior to getting anywhere near the building.

 

Third Layer of Defense

Three illustrations of hardening. First shows two different weights and the effect a blast has on them. Title: Effects of Weight in Blast Response. 1) The weight responds to blast pressure in reverse proportion to the magnitude of the weight; 2) For smaller weights, a higher and potentially damaging response. Second shows a side view of a two story steel building frame titled Concept of Load Paths. As the load path extends further away from the blast rotation, the load severity decreases as indicated by the dashed lines. Third shows Typical Shear Connection and Typical Moment Connection on steel beams.Hardening

Less stand-off requires hardening techniques including:

  • More mass/weight – Inertia results in less acceleration and less movement for short duration explosive forces:
    • Force = mass x acceleration – for a given force, a greater mass results in less acceleration
    • Distance = ½ acceleration x time2 – less acceleration for a given short duration explosive force, results in less movement
  • Continuous load paths – All structural components need to tie together to transfer vertical and horizontal (lateral) loads against the building to the foundation:
    • All structural components are able to achieve their full load capacity
  • Redundancy/alternate load paths – Probably most effective means of limiting progressive collapse:
    • Rigid moment connections transfer load better than shear connections
    • Loss of a component allows load to transfer to the other components still connected
    • Shear connections only bolted on the web to the column (for vertical loads), rigid moment connections also bolted at flanges to tabs welded to the column (for vertical and rotational loads)
    • Very difficult to retrofit a building for redundancy – best to incorporate in new construction

 

Third Layer of Defense

Three building photos; U.S. Embassy: Kampala, Uganda designed to resist explosive blast [far right image], two New York City buildings indicating glass, column, overhang, and easy vehicle access (poor) [upper left image] and window curtain wall (usually poor unless hardened in original design) [upper middle image]. On bottom of page there is a chart that shows load and deflection. Y axis labeled Load, X axis labeled Deflection and 4 marked points on chart labeled a thru d. Note: As the load increases the deflection increases. Higher ductilities are attained by going from point "a" through "c" and "d".Hardening (continued)

Less stand-off requires hardening in the areas of:

  • Tying/bridging/linking – Good connections are always beneficial:
    • Provides global structural stability and protects against progressive collapse
    • Relatively simple and inexpensive for small buildings with accessible connections
  • Ductility/more steel –
    • Brittle materials (such as concrete) reach an ultimate strength point and break
    • Ductile materials (such as steel) reach a strength point that goes from an elastic region (springs back to original position – first straight line on left) into a plastic region (does not return to original position, but accepts additional load without breaking)
    • Adding more steel to reinforced concrete (concrete is inherently brittle) makes the concrete more ductile
  • Thicker/stronger glass – Glass is inherently brittle, but thicker panes with smaller area require higher pressures to break:
    • Ductility added to glass by laminating or retrofitting with fragment-retention film
  • Stronger door and window frame connection to building/wall – Hardening must always consider strong connection of window frames and door frames to the building/wall:
    • Hardening of glass or frame is of little value if the frame-to-wall connection is not equally strong
    • One issue with any window hardening or door hardening retrofit is that you must remove at least one of each type to ensure equivalent connection strength

 

Knowledge Review

Of all blast mitigation measures, which of the following is most effective?

  1. Hardening of the building
  2. Stand-off distance
  3. Both are equally effective

Correct response: B

Correct response feedback: Well done! Stand-off distance is correct. It is the most effective measure because other measures vary in effectiveness and can be more costly. However, many times it is not possible to provide adequate stand-off distance.

 

Third Layer of Defense

The third layer of defense deals with the protection of the asset itself. The column headings in this table include key elements of protection and the row headings include the three layers of defense.

Designers should go through each system to select appropriate mitigation measures for an existing building or provide increased hardening when designing a new building.

The rest of this lesson will follow along the column headings in the order shown, which generally follows the Non-Structural Systems in FEMA 426, Chapter 4 and the Building Vulnerability Assessment checklist.

Building Vulnerability Assessment checklist for the three layers of defense. The items on the checklist are: Architecture, Structural Systems, Building Envelope, Utility Systems, General MEP Systems, HVAC Systems, Electrical/Comm Systems, Plumbing/Fire Prot Systems, Equipment Ops & Maint, and Egress Systems. All items are marked off for the Third Layer, only Utility Systems is marked for the First and Second Layer defense.

Third Layer of Defense

Hardening Considerations

When hardening a building, consider the following:

  • Progressive collapse – The first consideration, as most deaths result from building collapse.
  • Appropriate security systems – To deter, detect, and deny aggressors from accessing the building, this should be done whether or not building hardening is feasible.
  • Hardening the building envelope – After progressive collapse, hardening the building envelope provides the most protection against injury during blast events and aligns with building tightness considerations for exterior CBR releases.
  • Appropriate HVAC systems to mitigate CBR – The control of HVAC operation for exterior and interior CBR releases should be considered based upon the complexity of the existing or designed system.
  • Hardening the remaining structure – After progressive collapse and hardening the building envelope, hardening the rest of the structural/nonstructural components to reduce injury should be considered.
  • Hardening and location of utilities (exterior and interior MEP, etc.) – This might be the most expensive to do with an existing building, but should be fully implemented in a new building design. Accessible, aboveground utilities should receive first consideration for hardening. Seismic connections, seismic shutoffs, and flexible connections to withstand building movement are part of this strategy.

 

Architecture

Designers should balance a number of relevant considerations to the extent that site, economic, and other factors allow.

Some of the relevant considerations include the following:

  • Low, large footprint buildings
  • Tall, small footprint buildings
  • The shape of the building (building configuration)

Building illustrations and photos each showing examples of a Low building, Large Footprint and a Tall building, Small Footprint.

Architecture

Illustration and photo example of low building, large footprint labeled Low, Large Footprint.Low, Large Footprint

General benefits, and drawbacks, of the tall, small footprint include:

  • Distribution of people, assets, systems, and operations across wider horizontal area – tends to limit damage and effects from single incident.
  • Building layout, vegetation, terrain, and other screening elements can be used to protect the asset from hostile surveillance.
  • Allows opportunities to use interior courtyards or atriums to bring light and natural setting to a building without adding vulnerable openings to the exterior. Because access can be more easily controlled, courtyards and atriums typically require less hardening than the building perimeter.

 

Architecture

Illustration and photo example of tall building, small footprint labeled Tall, Small Footprint.Tall, Small Footprint

General benefits, and drawbacks, of the tall, small footprint include:

  • Tends to suffer greater damage due to generally reduced stand-off from vehicle-borne explosive threat and concentration of people, assets, systems and operations.
  • More difficult to protect interior spaces from hostile surveillance as occupied areas are mostly above vegetation, terrain, and other screening elements.
  • Generally requires less explosive blast hardening for upper floors than that needed for first three stories due to rapid fall-off of blast intensity with distance and reflection angle.

 

Architecture

Building Configuration

Much can be done architecturally to mitigate the effects of a terrorist bombing on a facility. These measures often cost nothing or very little if implemented early in the design process. FEMA 430 contains an expanded discussion of incorporating security components in architectural design.

  • Beware of building shapes and configurations that trap the blast wave and increase overall damage:
    • Avoid “U” or “L” or “E”shaped buildings, overhangs, and re-entrant corners in general.
    • The reflected pressure increases, as it cannot vent around the building.
    • Building gets hit with reflected blast waves off the same structure at points already hit by the initial blast wave.
  • Convex rather than concave or flat shapes are preferred. Circular buildings and circular columns result in a 29 to 65 percent reduction in the force coefficient per American Society of Civil Engineers (ASCE) Standard 7-05 compared to flat structures.

Four building architectural plan. First shows re-entrant corners. Second shows a "U" shaped building and blast effect waves. Third and fourth illustration shows "L" shape overhang and blast effect waves from both distance and close up.

FEMA 426, Figure 3-2: Re-Entrant corners in a floor plan (top image)

 

Architecture

Building Configuration (continued)

The General Services Administration (GSA) advises to fully evaluate hardening of the first three building floors for the urban situation because these floors are most vulnerable. At the third through sixth floor, the hardening MAY be reduced, but some hardening is still necessary. Floors above the sixth MAY need only conventional construction with minimal hardening — because the reflection angle is going to result in a lower coefficient of reflection, and the increased stand-off distance to these floors also results in less reflected pressure.

However, as the bomb gets bigger, the upper floors will see severe damage even with the increased reflection angles just due to the higher incident pressure generated by larger bombs. Also, larger bombs at farther stand-off distance have reduced reflection angles that can result in significant pressure on upper floors.

The GSA approach would hold very well for a high-rise building surrounded by low-rise buildings (3 floors and less), but is probably less applicable for the high-rise building surrounded by other high-rise buildings. Blast wave reflections off adjacent buildings, will affect all floors of the building of interest to varying degrees. The reflections will follow much longer paths resulting in larger effective stand-off distances and the various reflection angles will result in lower incident and reflected pressures compared to the initial blast wave. Unfortunately, the reflections my hit a very weak point in the response motion of the building or building component at any floor level resulting in more damage than would have been originally expected.

 

Architecture

Top image shows a drawing of a 'plan view'. Bottom image shows a window with the rigid catch bar system concept.
FEMA 426, Figure 3-1: Glazed areas Orientation

Building Configuration (continued)

Elevating the ground floor makes a moving vehicle attack more difficult.

If the glazing (windows) looks perpendicular to the direction of travel for the blast wave, the glass sees less reflected pressure.

Do not have structural elements, like columns, easily exposed on the outside of the building. This goes for any architectural feature that can become damaged or disconnected by a blast wave.

If an armed attack includes Molotov cocktails or home-made grenades, pitched roofs, and pitched window sills tend to cause the thrown item to roll off and away from the building. Air intakes have similar considerations.

 

Architecture

Top image shows cars parked rear end first into a parking space next to a building. Bottom image shows the inside of a parking garage.Building Configuration (continued)

Parking Considerations

As with loading docks, parking underneath a building is a higher risk situation when you consider a person carrying a large bomb. The minimal stand-off considerations for parking structures in this type of situation include:

  • Restrict parking to vetted vehicles, but also provide access control and security systems.
  • Access from underground parking (stairwells and elevators) to the building should be only to unsecured spaces where access control then occurs, such as outside the footprint of the building.
  • Progressive collapse hardening should be applied to columns when a parking garage is in a building.
  • Keeping the area well-lit, maintaining a security presence, providing emergency communications, and/or CCTV can also be used as a deterrent.

In looking at the top image on the right, which is the preferred parking arrangement between the two cars should one of them have a bomb?

Correct response – The silver car in the back. A larger bomb would be in the trunk, thus the added stand-off is highly desired.

 

Knowledge Review

Assume you have a building with 9 floors. Which floor(s) require the most hardening?

  1. Floors 1 – 3
  2. Floors 4 – 6
  3. Floors 7 – 8
  4. Floor 9

Correct response: A

Correct response feedback: Yes! Floors 1 – 3 is correct. GSA states to fully evaluate hardening of the first three building floors for the urban situation because these floors are most vulnerable. At the third through sixth floor, the hardening MAY be reduced, but some hardening is still necessary. Floors above the sixth MAY need only conventional construction with minimal hardening — because the reflection angle is going to result in a lower coefficient of reflection, and the increased stand-off distance to these floors also results in less reflected pressure

 

Architecture

Space Design

Functional Layout

Public areas such as the lobby, loading dock, mail room, garage, and retail areas should be separated from the more secured areas of the facility. This can be done by creating internal “hard lines” or buffer zones, using secondary stairwells, elevator shafts, corridors, and storage areas between public and secured areas.

In lobby areas, the architect would be wise to consider the queuing requirements in front of the inspection stations so that visitors are not forced to stand outside during bad weather conditions or in a congested line inside a small lobby while waiting to enter the secured areas. Consider allowing enough lobby space for future inspection equipment.

Diagram depicting space design. Blue = Emergency Response; Green = Evac Route; Orange = Mech/Utilities; Purple = Receiving/Storage; Yellow = TeleCom Data.

Diagram information – The loading dock and warehouse provide a single point of entry to the interior.

The mailroom is located within the interior and not on an exterior wall or separate HVAC system.

The telecom switch and computer data center are adjacent to the warehouse.

The trash dumpster and emergency generator are located adjacent to the loading dock.

 

Architecture

Illustrations of a building layout; labeled Original Layout and Improved Layout. Top illustration shows the original space layout of a building, and the bottom illustration shows an improved building layout. The loading dock and garage inside the original layout have been moved to the outside of the building in the improved design.
FEMA 427, Figure 6-4: Improving layout of adjacent unsecured and secured areas, p. 6-10

Space Design

Structural Layout

Unsecured areas should be physically separated from the main building to the highest extent possible.

  • Loading docks are higher risk locations because larger vehicles with potentially larger bombs are allowed minimal stand-off from the building. Keep loading docks outside the core of the building.
  • A separate lobby pavilion outside the main footprint provides enhanced protection against damage and potential building collapse in the event of an explosion or CBR release.
  • Placing parking outside the main building footprint can be highly effective in increasing protection to the building core.

 

Architecture

Top image shows the original space layout of a building. Bottom image shows an improved layout of a building.
FEMA 427, Figure 6-4: Improving layout of adjacent unsecured and secured areas, p. 6-10

Space Design

Structural Layout – Mixed Occupancies

High-risk tenants should not be housed with low-risk tenants. Terrorists may identify some targets based on their symbology, visibility, ideology, political views, potential for publicity, or simply the consequences of their loss. Low-risk tenants are then placed at higher risk due to proximity.

However, if there are very few high-risk tenants among many low-risk tenants, then dispersal and devaluation can be mitigation techniques.

After Oklahoma City, day-care centers (low risk) are separated from the main building functions (high risk) to reduce the risk to the day-care centers. This has been done at the Pentagon, with a relatively minor decrease in convenience.

 

Architecture

Other Location Concerns

When designing high-risk buildings, engineers and architects should consider the following:

  • Retail and other mixed uses
  • Offices
  • Public toilets and service areas
  • Safe havens and shelters

 

Architecture

Other Location Concerns

Retail and Other Mixed Uses

Retail and other mixed uses, which have been encouraged in public buildings by the Public Buildings Cooperative Use Act of 1976 (and provide taxes to municipalities on Federal properties, which are not taxed), create spaces that are open and inviting. Although important to the public nature of the buildings, the presence of retail and other mixed uses may present a risk to buildings and their occupants and should be carefully considered on a project-specific basis during project design. Consider allowing access to retail space only from the outside of the building and not between any interior spaces, or consider access configuration so that movement from retail spaces must go past security to get to the rest of the building.

 

Architecture

Other Location Concerns

Offices

Offices considered to be high risk (more likely to be targeted by terrorists) should be placed or glazed so that the occupants cannot be seen from an uncontrolled public area such as a street. Whenever possible, these spaces should face courtyards, internal sites, or controlled areas. Place meeting and storage rooms on the building perimeter and place offices toward the building interior.

 

Architecture

Other Location Concerns

Public Toilets and Service Areas

Public toilets and service areas, or access to vertical circulation systems (stairwells and elevators) should not be located in any non-secure areas, including the queuing area before visitor screening at the public entrance.

 

Architecture

Other Location Concerns

Safe Havens and Shelters

Safe havens and shelters are the innermost layer of protection within a physical security system. Safe havens are not intended to withstand a disciplined, paramilitary attack featuring explosives and heavy weapons. They are locations where sheltering in place for CBR and protection from natural hazards or bomb blast can occur.

 

Knowledge Review

Which area of a building is the most unsecure?

  1. Internal office space
  2. Loading docks
  3. Parking retail areas

Correct response: B

Correct response feedback: Excellent! Loading docks are higher risk locations as larger vehicles with potentially larger bombs are allowed minimal stand-off from the building. Keep loading docks outside the core of the building.

 

Structural Systems

Materials and Systems

When hardening or assessing a building, consider the following:

  • Reinforced concrete frame:
    • Cast-in-place
    • Detailing (applicable to all systems)
    • Pre-cast and pre-stressed
    • Ultra-high performance/reactive powder
  • Steel frame
  • Bearing walls

 

Structural Systems

Materials and Systems

Reinforced Concrete Frame – Cast-in-Place (preferred)

  • Concrete provides resistance to compression and shear
  • Steel reinforcement provides resistance to tension and constrains concrete core
  • Greater mass than steel, so less response for same blast loading
  • Great energy absorbed in breaking of concrete through internal damping

 

Structural Systems

Materials and Systems

Reinforced Concrete Frame – Detailing (applicable to all systems)

  • Generally needed to ensure craftsmen understand how blast protection features must be built to ensure proper performance
  • Designed to ensure shear failure does not occur before flexure failure, allowing significant plastic deformation (ductile detailing)
    • Steel reinforcement in concrete
    • Fragment-retention film on glass
    • Spray-on truck bed liner on unreinforced masonry
    • Top and bottom reinforcement (walls and floors for load reversals)
    • Staggered lap splices (so weak points do not align)
    • Closely spaced ties to confine the plastic hinge regions
    • Beam to column and floor to column connections or continuous rebar from beam through column to beam on other side

Careful detailing is required for material such as pre-stressed concrete, pre-cast concrete, and masonry (brick and concrete masonry unit) to adequately respond to the design loads. Even calling out seismic connections may not be adequate as the workforce may not be familiar with the changes from their norm; thus detailing is very important.

  • For example, aluminum wiring is not used in homes in the U.S. because copper-trained electricians overtorqued the connections, causing cold flow, loose connections, and fires. Great Britain took path to put copper on the outside of aluminum, taking advantage of the less expensive aluminum without getting the cold flow problem.
  • Another example: Plastic water pipe initially installed by copper-trained plumbers were not twisted 90 degrees to spread the glue, as this was not needed when soldering copper. Imperfections in the plastic would scrape the glue away resulting in leaks. Plumbers now know this procedure, and we still use plastic water piping.

 

Structural Systems

Materials and Systems

Reinforced Concrete Frame – Pre-cast and Pre-stressed

  • Connection detailing is a must as this is the weakest point in this system
  • Two-way reinforcement used in slabs are constructed on the ground and this reinforcement prevents cracking as slabs are lifted into place
  • Pre-stressed/pre-tensioned/post-tensioned concrete and seated connection systems for steel and pre-cast concrete
    • May have little resistance to:
      • Upward forces
      • Load reversals
      • Abnormal loading patterns
    • Cable profile may provide limited resistance to these loadings

 

Structural Systems

Materials and Systems

Reinforced Concrete Frame – Ultrahigh Performance/Reactive Powder

  • 20,000 psi compressive strength
    • Fine particles — very small pores, low porosity, and disconnected pore spaces
  • 30,000 psi compressive strength with steam curing
  • Many advantages over 3,000 to 5,000 psi concrete

 

Structural Systems

Materials and Systems

Steel Frame

  • Inherently ductile – good for large impulse blasts (long duration)
  • Hardening, especially columns, includes concrete encasement (4 inches minimum)
  • Connection detailing is also critical to ensure early shear failure does not occur

 

Structural Systems

Materials and Systems

Bearing Walls

  • The walls carry the load, like in typical wood home construction
  • As with columns, bearing walls should be aligned from foundation to roof to limit potential for progressive collapse
  • Benefits from shear walls perpendicular to primary load-bearing walls
  • Concrete Masonry Unit (CMU) walls should be fully grouted and steel-reinforced

 

Structural Systems

Materials and Systems (continued)

When hardening or assessing a building, consider the following:

  • Columns
    • Round versus square
    • Architectural stand-off
    • Slenderization
    • Seismic protection = hardening, but note change in seismic response
  • Roof structures
    • Mass, strength, and continuity
    • Two-way reinforced concrete beam slab systems
    • Metal deck with reinforced concrete fill
    • Long spans a concern

 

Structural Systems

Materials and Systems

Columns – Round Versus Square

ASCE 7 indicates significant reduction in wind loading (also applies to blast loading) for round versus flat-faced structures.

Benefits for columns also, but less so as clearing of blast waves around columns is much easier than around the side of a building.

 

Structural Systems

Materials and Systems

Columns – Architectural Stand-off

GSA Public Building Standards advises that accessible columns be firred out at least 6 inches to limit column damage (for a bomb that can be carried – briefcase, backpack, etc. — and shape charges designed to cut).

 

Structural Systems

Materials and Systems

Columns – Slenderization

Columns can be sized with or without considering the constraint of floor connections.

Slenderization means that a column becomes too thin and bends/fails upon loss of one or more floor connections.

Progressive collapse guidance (GSA and DoD) calls for columns designed stoutly enough to handle loss of one- or two-floor connections without failing — especially in parking garages under buildings.

In the 1993 bombing of the World Trade Center, the vehicle-borne IED severed five floor connections on columns, but the columns continued to handle their load.

 

Structural Systems

Materials and Systems

Columns – Seismic Protection

  • Hardening: Steel or Kevlar wraps around columns for seismic hardening further constrain the concrete and improve blast response
  • But hardening can alter blast response as shown in the graphic
  • Anytime a design is altered, all loading impacts for all hazards and threats need to be reassessed

 

Structural Systems

Materials and Systems

Roof Structures

  • Small explosives have little impact upon roofs
  • Large explosives at a distance provide more downward force than normal design and significant upward forces (also not normal design) due to negative phase suction or breaching and upward venting inside the building envelope
  • Problem similar to hurricane forces on wood frame homes, where hurricane clips are needed to keep the roof on the house
  • The more mass the better (less reaction to the short duration forces)
  • Strong connections holding the roof together for the forces it may see
    • Two-way reinforcement in the bottom (and top) faces
  • Continuity of strong connections to the structural framing or the load-bearing walls to transmit and handle the forces
    • Connections, especially for pre-cast, flat slab, and flat plate are the weak points and need additional detailing
      • Two-way reinforced concrete beam-slab systems for R/C structural systems
      • Metal deck with reinforced concrete fill for steel structural systems
      • Long spans are a concern as weight is an issue (must sacrifice weight to handle the span)
        • Consider ETFE (fluorocarbon-based polymer ethylene tetrafluoroethylene), like the Watercube at the Beijing Olympics

 

Structural Systems

Materials and Systems (continued)

When hardening or assessing a building, consider the following:

  • Load reversals and uplift
    • Symmetrical retrofit
    • Good connections
  • Global structural stability

 

Structural Systems

Materials and Systems

Load Reversals and Uplift

  • Buildings designed for:
    • Lateral loads against the outside of building – wind, seismic flood
    • Downward loads due to gravity:
    • Live loads — people and items in building
    • Dead loads — building itself and installed equipment
  • Load Reversals – loading in direction opposite of normal design
    • Symmetric reinforcement of reinforced concrete can increase the ultimate load capacity of the structure (walls and floor slabs)
  • Uplift – once envelope is breached, blast wave still wants to clear the building and upward is many times the easiest path due to no hardening in that direction
    • CONNECTIONS, CONNECTIONS, CONNECTIONS! (again, walls and floors, but especially floors to columns)

 

Structural Systems

Materials and Systems

Global Structural Stability

  • Ability of entire structure to resist collapse when subjected to extreme loads, such as blast or seismic
  • The shear walls on the sides of the Murrah building, designed to resist wind loading, prevented total collapse of the structure (loss of Global Structural Stability)

 

Structural Systems

Materials and Systems

Transfer Girders

  • Immediately invokes progressive collapse concerns, as for any system, where the structural elements are NOT CONTINUOUS from foundation to roof
  • Two design examples shown are usually implemented to provide a grand entrance or more open space on a floor
  • Column loadings above have to transfer to other columns:
    • Exterior type
    • Interior type
  • GSA recommends a 30-foot column spacing so that if a column is lost, the beam has to bridge about 60 feet. Above 60 feet, the beam becomes unreasonably large and expensive

Illustration highlighting the exterior and interior transfer girders of a building design.

Knowledge Review

GSA recommends a 60-foot column spacing so that if a column is lost, the beam has to bridge about 90 feet.

  1. True
  2. False

Correct response: B

Correct response feedback: Great job! The answer is false. GSA recommends a 30-foot column spacing so that if a column is lost, the beam has to bridge about 60 feet.

 

Structural Systems

Progressive Collapse

Progressive collapse is the situation where local failure of a primary structural component leads to the collapse of adjoining members, which, in turn, leads to additional collapse. Hence, the total damage is disproportionate to the blast loading and damage of the initial direct blast wave striking the building. Progressive collapse is a chain reaction of structural failures that follows from damage to a relatively small portion of a structure.

  • Either the building arrests the progressive collapse at some point (Murrah Building)
  • The structure remains globally unstable and the whole structure falls to the ground World Trade Center (WTC) 1, 2, and 7)

More information on progressive collapse can also be found in FEMA 427Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks.

In 2005, the DoD and GSA began working a combined progressive collapse standard. The result per the respective proponents is UFC 4-023-03 (2009) which states it was updated in 2009 for “Expansion of applicability to other Government agencies.”

 

Structural Systems

Progressive Collapse (continued)

Buildings should be designed with the intent of reducing the potential for progressive collapse as a result of an abnormal loading event, regardless of the required level of protection.

  • Primary structural elements are columns, girders, and roof beams, which are the first items for design to prevent progressive collapse.
  • Secondary structural elements, such as floor beams and slabs, also may contribute to progressive collapse. Of particular weakness to progressive collapse is flat slab. construction where the floor is thickened in areas to substitute for beams in the interest of cost savings. Floor connections to columns are the concern in this type of construction. This has been a standard office building design for many years, but should not be used if progressive collapse is a concern.
  • Primary non-structural elements, such as ceilings and heavy suspended mechanical equipment, contribute to casualties but not progressive collapse.
  • Secondary non-structural elements (partitions, furniture, light fixtures) like primary nonstructural elements, also contribute to casualties, but not progressive collapse.

 

Structural Systems

Progressive Collapse (continued)

To minimize the potential for progressive collapse, designers should understand the following:

  • The use of redundant lateral and vertical load paths is highly encouraged.
  • Ductile materials are needed for both primary and secondary structural elements to be capable of deforming well beyond the elastic limit and hold together in the plastic region.
  • Both the primary and secondary structural elements should be designed to resist load reversals.
  • Primary structural elements should be able to resist shear failures by having flexural capacity greater than shear capacity.
  • Fire protection should be applied to structural members to survive a worst-case fire duration, allowing firefighters to control damage prior to any initiation of structural collapse. Suggest reviewing the National Institute of Standards and Technology (NIST) report dealing with WTC 7, which collapsed due to fire.

See Table 4-2 – Progressive Collapse and Pertinent Structural Engineering Issues.

 

Structural Systems

Progressive Collapse Concept

The GSA and DoD require that the structural response of a building be analyzed in a methodology that removes a key structural element (e.g., vertical load-carrying column, section of bearing wall, beam, etc.) to simulate local damage from any incident. If effective alternative load paths are available for redistributing the loads that were originally supported by the removed structural element, the building has a low potential for progressive collapse.

  • If a column is lost, will the rest of the building still stand?
  • If an exterior beam is lost, will the rest of the building still stand?
  • If connections between column and floors are lost will the slender column still be able to carry the load, or if the column fails, will the rest of the building still stand?
  • DoD criteria states that columns of high-occupancy buildings will remain standing if all the floor connections on a given floor connecting to that column are lost.

 

Structural Systems

Progressive Collapse Concept (continued)

If the threat can get to an interior column or beam, the same questions apply, such as underground parking or a mailroom.

Keep in mind, the more complex the structure layout (differing from square or rectangle) the more components (columns and beams) that must be analyzed.

  • Although these criteria provide specific guidance on which structural elements must be analyzed for removal from the structural design configuration, they do not provide specific guidance for choosing an engineering structural response model for verifying the effectiveness of alternate load paths.
  • Unless a building is being designed to meet the GSA or DoD criteria, it is up to the owner and the design team to decide how much progressive collapse analysis and mitigation to incorporate into their design.

 

Structural Systems

Progressive Collapse Concept (continued)

GSA and DoD take a threat-independent approach to progressive collapse — it does not matter how the column or beam is damaged or removed, the intent is that the building will remain standing. However, the concept is a single structural member being removed — if the Design Basis Threat is large enough to damage two components simultaneously, then additional analysis would be needed.

Note: A structural bay is defined by the closest four columns in a standard building design. The structural bay may have different dimensions in different parts of the building and can have different dimensions in different directions as indicated on this screen.

DoD UFC 4-023-03 and GSA PBS-P100 State that columns should be able to span two stories unsupported to resist progressive collapse.

For parking garages of two or more levels, GSA requires design to carry load for three stories unbraced by floor connections.

 

Structural Systems

Progressive Collapse Concept – Loads and Stresses

The DoD designates the level of blast protection a building must meet based on how many occupants it contains and its function. The demands on the structure will be equal to the combined effects of dead, live, and blast loads. Blast loads or dynamic rebound may occur in directions opposed to typical gravity loads.

Ronan Point had a whole section of the building collapse due to load-bearing pre-cast concrete panels in one apartment being lost. That incident changed the British Code to prevent similar occurrences.

Khobar Towers was designed to the British Code, and only the façade was lost.

Three examples of progressive collapse concept: Ronan Point, London; Khobar Towers, Dhahran; Murrah Federal Building, Oklahoma City.

Structural Systems

Progressive Collapse Concept – Loads and Stresses (continued)

The Murrah Federal Building was not designed to the British Code, and the loss of one column then affected a transfer girder initially. There were discontinuities in columns across the lobby, causing multiple columns to fail when the transfer girder became unsupported, resulting in load transfers that the building could not handle.

The Murrah Building had exterior transfer girders AND interior transfer girders.

  • The bay size on the third floor and above of the Murrah Building was 20 feet by 35 feet
  • The Murrah Building lobby (and floor 2) had 40-foot column spacing

The minimum goal is to have continuous columns from foundation to roof. When assessing a building, any discontinuity of columns is a flag indicating the need for further analysis.

Three examples of progressive collapse concept: Ronan Point, London; Khobar Towers, Dhahran; Murrah Federal Building, Oklahoma City.

Structural Systems

Ronan Point, LondonProgressive Collapse Concept – Loads and Stresses (continued)

Ronan Point

Ronan Point: On the morning of May 16, 1968, Mrs. Ivy Hodge, a tenant on the 18th floor of the 22 (24 in other reports) -story Ronan Point apartment tower in Newham, East London, struck a match in her kitchen. The match set off a gas explosion that knocked out load-bearing pre-cast concrete panels near the corner of the building. The loss of support at the 18th floor caused the floors above to collapse all the way to the roof.

The impact of these collapsing floors set off a chain reaction of collapses almost all the way to the ground. The ultimate result can be seen in the corner bay of the building, which collapsed from top to bottom. Mrs. Hodge survived but four others died.

Construction of Ronan Point primarily consisted of pre-cast concrete panels. While this type of construction can be designed to avoid progressive collapse from abnormal loading conditions, Ronan Point lacked the connection details necessary to effectively redistribute load. The essential missing detail was reinforcement continuity between panels. Because of this, there was no mechanism in place for achieving effective alternate load paths once failure began to propagate.

Khobar Towers was built to the British Code that was a result of Ronan Point.

The Murrah Building owner wanted fewer columns in the lobby, thus its designer used transfer girders to carry the load of the upper columns on floors three and above.

 

Knowledge Review

To minimize the potential for progressive collapse, designers should understand which of the following:

  1. The use of redundant lateral and vertical load paths is highly encouraged
  2. Ductile materials are needed for both primary and secondary structural elements to be capable of deforming well beyond the elastic limit and hold together in the plastic region
  3. Both the primary and secondary structural elements should be designed to resist load reversals
  4. Primary structural elements should be able to resist shear failures by having flexural capacity greater than shear capacity
  5. All of the above

Correct response: E

Correct response feedback: Well done! All of the items are correct. In addition designers should understand that fire protection should be applied to structural members to survive a worst-case fire duration, allowing fire fighters to control damage prior to any initiation of structural collapse.

 

Building Envelope

General principles:

  • The exterior envelope of the building is the most vulnerable to an exterior explosive threat because it is closest to the blast. Elements of the building envelope and how they are covered in this course are below:
    • Will concentrate on windows and walls, with a little information on doors and louvers
    • Roofs were covered earlier in regard to bomb blast and should be sealed like walls to limit CBR infiltration
    • Foundations will not be covered here, but may be affected by large craters, underground explosions, or below-grade explosions in a very close structure
  • The exterior envelope also impacts the infiltration of CBR agents into the structure and should be considered in design/retrofit projects
  • Minimize “ornamentation” that may become flying debris in an explosion. This includes signage, art work, non-functional building features, etc.

 

Building Envelope

Windows

Window systems on the exterior façade of a building should be designed to mitigate the hazardous effects of flying glass during an explosion event. Designs should integrate the features of the glass, connection of the glass to the frame (bite), and anchoring of the frame to the building structure to achieve a “balanced design.” This means all the components should have compatible capacities and theoretically would all fail at the same pressure-pulse levels. In this way, the damage sequence and extent of damage are controlled.

Ultimately, in a “balanced” design, the order of failure should be:

  • Glass
  • Window frame and frame anchoring
  • Wall
  • Building structural framing

The pressure differences should not be large and the level of protection for the Design Basis Threat should be met.

 

Building Envelope

Windows (continued)

It is unreasonable to attempt to design a façade that resists the actual pressures resulting from the Design Basis Threat everywhere over the surface of the building.

Successful performance of a blast-resistant façade may be defined as throwing debris with less than high hazard velocities. This is especially true for windows.

Note: Non-structural façade connections (windows and walls) must be adequate:

  • To transfer the collected loads on the façade to the structural system
  • To absorb significant amounts of energy associated with the extreme loading through controlled deformation
  • Through analysis
  • Through detailing on construction drawings

 

Building Envelope

Windows (continued)

Five types of glass are commonly used in window glazing systems: annealed, heat-strengthened, fully thermally tempered, laminated, and polycarbonate. Annealed glass and fully thermally tempered glass are the glass types found in most office buildings.

  • Annealed glass, also known as float, plate, or sheet glass, is the most common glass type used in commercial construction. Annealed glass is of relatively low strength and, upon failure, fractures into razor-sharp, dagger-shaped fragments (the image on the far right of the screen is annealed glass failing during an actual explosive test and the left photo is a close-up of the shards). Annealed glass breaks at about 0.2 psi (incident pressure).
  • Heat-strengthened glass (HS), also known as double strength glass, is used where wind loading starts becoming a problem (upper floors of high rises). It breaks like annealed glass, but at about 0.4 psi (incident pressure).
  • Fully thermally tempered glass (TTG) is typically four to five times stronger than annealed glass. Instead of shards, TTG breaks into pellets that can be stopped by a regular suit coat. It breaks at about 0.8 psi (incident pressure).
  • Laminated glass is a pane with multiple glass layers and a pliable interlayer material (usually made from polyvinyl butyral (PVB)) between the glass layers. This interlayer should have a thickness of 30 mils (30 thousandths of an inch) minimum or 60 mils (recommended). Do not use an interlayer of 15 mils.
  • Thermoplastic polycarbonates are very strong and suitable for blast- and forced-entry-resistant window design. They are usually laminated in three or more layers with glass on the outside to prevent environmental degradation of the plastic (yellowing) and to aid in cleaning (avoid scratches).
    • Polycarbonates are 250 times stronger than glass (break at between 5 and 50 psi)
    • It is not uncommon for bullet-resistant windows to have a higher ultimate capacity than the walls to which they are attached

Another type of glass is wire-reinforced. It is a common glazing material that consists of annealed glass with an embedded layer of wire mesh. It is usually used for fire resistance and as a forced entry barrier. It is not recommended for blast design.

 

Building Envelope

Graphic representation of the Flight Model for Glass Hazard in a Test Cubicle / Occupied Space. Depicts how far glass fragments could enter a structure. The distance of 3a is 1 m (3.3 ft); the distance of 3b is 2 m (6.7 ft); and the height of 4 is 0.6 m (2.0 ft).
FEMA 426, Figure 3-4: Flight Model for Glass Hazard, p. 3-22

Windows – GSA Glazing Performance Conditions

Table 4-3, page 4-19, in FEMA 426presents six GSA glazing protection levels based on how far glass fragments would enter a space and potentially injure its occupants (known as a flight model). This screen depicts how far glass fragments could enter a structure for each GSA performance condition. The divide between performance conditions 3a and 3b can be equated to the “threshold of injury.” The divide between performance conditions 4 and 5 can be equated to the “threshold of lethality.” A person standing in the room has a potential of being hit in the upper body/head area by glass fragments that are traveling fast enough to penetrate the body.

The GSA glazing performance conditions shown correlate with the DoD levels of protection presented previously in Lesson 6, Explosive Blast.

Note: The peak pressures and impulses that are used to select the protective glazing makeup are typically established such that no more than 10 percent of the glazed fenestration will produce debris that is propelled with high hazard velocities into the occupied space in response to any single detonation of the Design Basis Threat.

 

Building Envelope

Windows – Frames

Goal: Transfer load from glass to frame and retain glass in frame.

Window frames need to retain the glass so that the entire pane does not pull out (glass flexes and can pull out of frame during the blast) and also should be designed to resist the breaking stress of the window glass.

The window bite (i.e., the depth of window captured by the frame) needs to be at least ½-inch. DoD criteria call for a minimum ⅜-inch bite if silicone sealant is applied, but call for a 1-inch bite if no silicone sealant is used. Butt-glazed strip windows can require even more bite with or without sealant, since there is bite only on the top and bottom of the window.

To retain the glass in the frame, a minimum of a ¼-inch bead of structural sealant (e.g.., silicone) should be used around the inner perimeter of the window. This should be done on all four sides of the window. Since strip windows with butt glazing can only have sealant applied on the top and bottom, they are not good options for blast as the bite must be large, even with sealant.

 

Building Envelope

Window frame - A = Edge clearance; B = Bite-edge Engagement; C = Face Clearance; D = Glazing Thickness.Windows – Frames (continued)

Goal: Transfer load to building structure.

The frame must not flex during the blast loading and cause the glass to pop out.

The blast loading across the glass and frame now transfers to the frame connections to the building. These connections must handle the shear and tensile stresses and the bending moments of the connection design.

The frame members connecting adjoining windows are referred to as mullions. These members may be designed using a static approach when the breaking strength of the window glass is applied to the mullion, or a dynamic load may be applied using the peak pressure and impulse values. Because mullions only connect at their top and bottom ends to the building structure, the mullion must handle the transferred blast loading from both adjacent windows.

Other considerations: Windows must balance the amount of light, energy conservation, noise transmission, venting of fumes, and emergency egress in addition to blast response and CBR protection.

Note: The image on this screen is a non-typical frame used to illustrate the various window components and concerns.

 

Building Envelope

Top image shows 'daylight applicaction' for FRF. Bottom image shows 'wet glazing' (edge to edge) for FRF.Hardening Retrofits – Fragment Retention Film (FRF)

Some important properties of FRF include:

  • Is a clear tough polyester film attached to the inside of a glass surface with strong pressure-sensitive adhesive
  • Is also known as shatter-resistant film, safety film, or protective film
  • Has a relatively low installation cost
  • Its level of protection varies with thickness of film and method of installation
  • Has a limited life
  • Has many benefits – blast protection, physical security (smash and grab), and energy conservation (mirrored or tinted)
  • Can be installed through “wet glazing” (edge to edge) or a “daylight application” as shown in the image to the right

 

 

 

 

 

Building Envelope

Image shows the concept of a rigid catch bar system. The top image shows the 'Plan View'. Bottom image shows bars going left to right and top to bottom on a window.
FEMA 426, Figure 4-32: Concept of Rigid Catch Bar System

Hardening Retrofits – Catch Systems

Safety is increased using fragment retention film by placing a decorative catch bar, catch cable, or grillwork on the interior of the glazing. Note, catch systems must be mounted across the center of mass of each window pane (vision area of glass) to be effective.

  • Rigid or cable systems – centered on window and window panes
  • Catch bar or cable is ineffective with 4-mil FRF as the FRF will just tear (shear) on the catch bar
  • 7-mil FRF is the minimum to use with catch systems, and one manufacturer calls out 12- to 15-mil FRF with cable systems
  • Laminated glass – 60 mil interlayer

Catch systems are usually considered with a retrofit of FRE to not only catch the glass, but also catch the existing window frame that may not be adequately connected to the wall. They can also be considered for laminated glass.

 

Building Envelope

Hardening Retrofits – Blast Curtains

It is now possible to see out of blast curtains as opposed to the “blackout” curtains from WWII. Kevlar or other high-strength fibers are used. In fact, it is easier to see out of sheer black curtains than sheer white curtains.

Blast curtains allow venting of the blast wave while “catching” glass fragments. These curtains may be augmented with FRF (British only specify blast curtains with FRF).

Note: Connections of curtains or blast shields to the building frame are critical.

 

Building Envelope

Best Window Practices

  1. No windows adjacent to doors. When a window is adjacent to a door, it allows easy access to the locking mechanism on the door just by breaking the window and reaching in.
  2. Minimize number and size of windows. Smaller windows are stronger against blast for a given window material and less expensive as well. Using fewer windows also reduces cost. However, building codes may specify the square footage of windows required based on the total square footage of the floor level the windows are on.
  3. Laminated glass is required for high-occupancy buildings by DoD (50 or more people). For life cycle costing and blast resistance, especially at the lower end of weapon yield, laminated glass is the best choice.
  4. Stationary, non-operating windows. Life safety/fire codes may require operable windows as an escape route in certain occupancies (dormitories, for example). Recommend sliding or swing-out windows for better blast performance.
  5. Steel vs. aluminum window framing. Heavy duty aluminum frames have performed well, although steel should be specified if the Design Basis Threat is large.

 

Knowledge Review

Which of the following is a true statement about best window practices?

  1. Windows adjacent to doors are acceptable
  2. Smaller windows are weaker against a blast
  3. Aluminum frames should be specified if Design Basis Threat is large
  4. For life cycle costing and blast resistance, especially at the lower end of weapon yield, laminated glass is the best choice

Correct response: D

Correct response feedback: You got it! The correct response is D.

 

Building Envelope

Best Wall Practices

Ideally, the exterior walls need to be able to accept the loads transmitted by the windows and doors and pass the load to the building’s lateral resistance system through the floors.

Beyond ensuring a flexible failure mode, design the exterior wall to resist the pressure levels of Design Basis Threat. Some best practices for wall design include:

  • One-way wall elements
  • Floor heights
  • Symmetrical reinforcement
  • Unreinforced masonry (brick or concrete masonry units)
  • Wall system layers positively tied together

 

Building Envelope

Best Wall Practices

One-Way Wall Elements

The reason why the walls are connected to the floor above and the floor below is to ensure there is no direct loading on the columns.

  • Because the walls are pinned only at the top and the bottom, this is called one-way, and the reinforcement goes in one direction also
  • If the walls were also pinned to the columns on each side, they would be two-way wall elements and reinforced in both directions to handle the loading
  • Good blast design seeks to keep the structural framing as the absolute last component of the building to fail, thus the use of one-way wall elements

 

Building Envelope

Best Wall Practices

Floor Heights

In general, floor-to-floor heights should be minimized. Unless there is an overriding architectural requirement, a practical limit is generally less than or equal to 16 feet.

  • Consider bond beams (which connect columns at about the midpoint between floors or run across the top of doors and windows), as used in seismic zones for seismic hardening
  • Reduce the effective height of the wall

Similar to glass, the shorter the wall height, the stronger the wall, all other things being equal.

 

Building Envelope

Best Wall Practices

Symmetrical Reinforcements

Just as reinforced concrete floors resist uplift, symmetrical reinforcement adds strength to masonry and concrete walls, especially on the side away from the bomb.

  • Reinforcement increases the tensile strength of the wall for flexure on the side, which is not considered in normal design.
    • Thus, for higher risk locations that have a greater chance of experiencing a bomb:
      • Inside-face reinforcement provides hardening for exterior bombs (where standard design places wind loading, rain, snow, and flying debris)
      • Outside-face reinforcement provides hardening for interior bombs (not standard design)
  • Symmetric reinforcement also reduces the impact of wall rebound (as the wall tries to resume its original position but goes past it) and the negative phase of the blast wave.
    • Minimal or no rebound is considered in standard design

 

Building Envelope

Best Wall Practices

Unreinforced Masonry (Brick or Concrete Masonry Units)

Masonry walls break up readily and become secondary fragments during blasts.

  • Grout (mass) and reinforcement (ductility) are required for blast resistance
  • For example, the Ufundi Cooperative Building next to the U.S. Embassy in Kenya was all unreinforced brick, and a bomb blast toppled the whole building

 

Building Envelope

Best Wall Practices

Wall System Layers Positively Tied Together

Just as a telephone book is ripped a page at a time, wall systems that do not have their layers strongly tied together will allow the blast wave to individually break each layer.

  • If the wall is double-wythe (two wall system) — usually a brick exterior, air gap, and interior CMU block — it is imperative to ensure the two walls act as one

 

Building Envelope

Wall Retrofits

The following are methods for retrofitting existing walls:

Add reinforcing steel (i.e., seismic retrofit) – Standard seismic retrofit is adding vertical reinforcing steel to unreinforced masonry walls. The steel is normally added from the outside of the building.

Reinforced concrete backing wall – A standard recommendation by the U.S. Army:

  • Not the easiest technique
  • Takes up the most space/reduces the size of the room

Steel plate backing wall/stiffened wall panels –

  • Thickness determines level of protection
  • Great fragmentation protection
  • Steel tubing with steel plate strengthens axial loading, especially during wall deformation

Metal studs with or without steel plate/metal deck –

  • Can handle many light or medium hardening requirements

Spray-on “truck bed liner” –

  • Concept tested by U.S. Air Force for rapid deployment and rapid building hardening (one-day)
  • Adds tensile strength and fragmentation protection to wall
  • As it is a hydrocarbon, can add fire loading to building (consider over-spraying with silicone ablative coating for fire protection)

Shotcrete with welded wire mesh –

  • Sprayed concrete adds mass
  • Welded wire mesh adds ductility and fragmentation protection

Blast wallpaper/geotextile material –

  • Adds tensile strength (blast wallpaper) and fragmentation protection (geotextile and blast wallpaper) to wall
  • Blast wallpaper is glued to the wall, like fragment retention film
  • Geotextile material is not glued to the wall
  • Geotextile is used underground and under roads to improve performance of soil interface

Compressive insulation, such as vermiculite –

  • Phoenix, Ariz. police department found that adding vermiculite to the air gap of a double-wythe wall caused the blast resistance to significantly increase
    • All layers of wall now act together during a blast event:
    • Blast must overcome the total wall resistance = R1 (brick) + R2 (filled air gap) +R3 (CMU with #4 rebar, 48 inches on center) together, rather than R1 and R3 individually (single pages of telephone book comparison)

 

Building Envelope

Doors and Louvers

A door system includes the door, frame, and anchorage to the building. As part of a balanced design approach of all components, exterior doors in high risk buildings should be designed to withstand the maximum dynamic pressure and duration of the load from the design threat explosive blast.

Louvers also should follow the same construction concepts, with framing as one way to transfer load to the wall.

Other general door and louver considerations:

  • Provide hollow steel doors or steel-clad doors with steel frames
  • Provide blast-resistant doors for high threats and high levels of protection
  • Keep exterior doors to a minimum while accommodating emergency egress
  • Ensure that exterior doors open outward from inhabited areas

Note: Additional considerations can be found in FEMA 426.

 

Knowledge Review

Exterior doors should open outward from inhabited areas. This allows the frame of the door to be used as support during an explosion.

  1. True
  2. False

Correct response: A

Correct response feedback: Nice job! The answer is true. Exterior doors should open outward.

 

Utility Systems

Building Services

Building services may include:

  • Communications – voice and data
  • Electric – commercial and backup
  • Fire alarms – local and monitored (on-site/off-site)
  • Fuel – coal, oil, natural gas, propane, or other
  • Heat – hot water and steam with or without condensate return
  • Information – building systems
  • Security
  • Sewer – piping and sewage lift stations
  • Storm drainage – off roof and around building
  • Water – domestic and/or fire protection

While Utility Systems are considered first and foremost under Site and Layout Design, they have a direct impact on the building envelope based on where and how they enter the building to provide service to that structure. While most will think of what is brought into a building, it is equally important to note what needs to be taken out of the building to maintain function and operation.

 

Utility Systems

Building Services (continued)

Steam heat may be provided by a central boiler plant on the site/campus that requires condensate to be returned for energy efficiency. But steam heat purchased from a commercial steam heat company in an urban environment is usually dumped to drain to prevent contaminants beyond the steam heat company’s control from fouling their boilers.

Anything feeding into and out of the building should be considered due to its impact on the building envelope and building operations if damaged.

Information about service and building systems should be controlled.

Water service into a building balances against sewer service to get it out of the building. A sewage lift pump or station that is not on backup power results in raw sewage backing up into the building.

 

Utility Systems

Building Services Considerations – Entrances

Service entrances of utilities into buildings take on several concerns.

Number of openings – Reduce the number of utility openings, manholes, tunnels, air conditioning ducts, filters, and access panels into the structure. Balance this with having two well separated service entrances for each utility.

  • GSA calls for a 50-foot separation between primary and backup systems so that one incident does not affect all capability

Proximity – How close the service entrances to each other and whether a single event can affect more than one utility — for example, if all utilities enter along the loading dock ramp because the utility room is adjacent or underneath the loading dock.

  • Locate utility systems away from likely areas of potential attack, such as loading docks, lobbies, and parking areas. The alternative is hardening.

Above or below ground – Below ground is preferred, but gas meters and pressure regulators, electric meters and transformers, and tanks may be aboveground.

Accessible or secure – Can someone outside the building access the utility where it enters the building or use it as a way of getting into the building?

  • Use lockable systems for utility openings and manholes where appropriate. Infrequently used utility covers/manholes can be tack-welded as an inexpensive alternative to locking tamper-resistant covers.

 

Utility Systems

Delivery Capacity Considerations

Delivery capacity is an operational consideration before and after an incident:

  • Will each service entrance handle 50 percent of the total building needs or 100 percent (like hospitals require for electric service). Emergency operations plans should consider all contingencies for losing either or both service entrances for each given utility.

 

Utility Systems

Building Services Considerations – Storage Capacity

Storage capacity is a concern during:

  • Evacuation (e.g., how long will the emergency lighting system continue to operate?)
  • Orderly shutdown of a computer system (e.g., battery backup for uninterruptible power supply)
  • Continued operations, e.g., fuel stored for emergency generator use is to last as long as:
    • Strategic policy/planning requirements
    • Historically longest commercial outage
    • Until contingency contracts in place can refuel the generator on an acceptable schedule
  • Cooling tower operations upon loss of makeup water — how long before cooling is affected?

 

General MEP Considerations

The MEP (Mechanical, Electrical, Plumbing) systems should provide services during normal operation, through an incident, and after the incident to maintain essential functions, provide life-safety requirements (evacuation), and support first responders as should all utilities and building systems.

The following considerations have the goal to protect the MEP systems during an extreme event:

  • Functional layout
  • Structural layout
  • Redundancy

 

General MEP Considerations

Functional Layout

As stated previously, have two service entrances for critical utilities and separate them by at least 50 feet, by at least 50 feet between primary and backup systems, and 50 feet away from loading docks, lobbies, mailrooms, and parking (the higher threat areas of a building).

Those MEP systems that are accessible should be hardened to withstand the Design Basis Threats or have additional security.

Any time the building envelope is penetrated, ensure that there is appropriate sealing to limit infiltration and exfiltration of CBR agents and hazardous materials.

All internal penetrations between floors and fire compartments must be sealed with fire stopping to withstand the heat and flame of a fire and prevent the passage of smoke and water.

  • Applicable to escape/egress routes and shelter-in-place locations

 

General MEP Considerations

Structural Layout

Do not mount MEP system lines on the inside of exterior walls, but, when this is unavoidable, mount fixtures on a separate wall at least 6 inches from the exterior wall face. Also, do not mount MEP system lines on walls of loading docks, lobbies, mailrooms, and parking or through these areas unless actually serving the area.

Avoid suspending plumbing fixtures and piping from the ceiling or roof slab. Remember the upheaval if the blast wave gets inside the building.

  • The roof slab is part of the building envelope
  • The ceiling is less sturdy than the floor above

When the above cannot be avoided use bracing according to seismic design requirements in addition to hardening. Examples of seismic bracing methods include:

  • Vibration isolators to limit the movement (vibration) of MEP elements in a seismic event
  • Flexible connections to allow for lateral movement of the MEP elements in a seismic event without failure
  • Seismic disconnects for utility connections, such as natural gas, to prevent failure and hazard spills in seismic events

 

General MEP Considerations

Redundancy

Balance the amount of backup provided against the maintenance and cost required to keep that backup functional.

You should recommend N+1 redundancy — for electric generators this can be three generators each capable of handling 50 percent of the maximum load expected. Two units can handle the load and one unit can be down for maintenance or repair.

 

General MEP Considerations (continued)

When the distribution within a building is similar to concepts for distribution outside a building to maintain service:

  • Multiple risers and looping on each floor with isolation valving or switches add redundancy
    • Do not limit the design to a single pipe chase — it becomes a single point of failure
  • As high voltage and low voltage electricity is separated from communications circuits due to capacitive coupling and fault tolerance situations, other systems should not share the same pipe chases or provide vertical separation to overcome secondary effects of leakage.

 

General MEP Considerations (continued)

Locations of emergency equipment also figure into redundancy:

  • Seek a 50-foot separation between primary and backup systems as a minimum (the same as service entrances discussed previously).
  • Placing emergency switchgear and commercial switchgear in the same room allows one event in either system to affect the other.
  • Similarly, placing electric fire pumps and diesel fire pumps side-by-side and separated by a single fire wall allows one event to affect both primary and backup systems. The event is not just loss of commercial power.

 

General MEP Considerations (continued)

Physical security for utility rooms, closets, etc., should be implemented to prevent tampering with the systems and to prevent the direct introduction of hazardous materials into heating, ventilating, and air conditioning (HVAC) ducts that distribute air to portion(s) of the building.

Public access to building roofs should be prevented. Access to the roof may allow entry to the building and access to air intakes and HVAC equipment (e.g., self-contained HVAC units, laboratory or bathroom exhausts) located on the roof.

Access to information on building operations (including mechanical, electrical, vertical transport, fire and life safety, security system plans and schematics, and emergency operations procedures) should be strictly controlled.

 

HVAC Systems

The standard HVAC system goals are:

  • Temperature and humidity control
  • Indoor air quality
  • Life safety — smoke control and venting of fire floor
  • Keeping occupants productive, healthy, and safe from conventional hazards

While standard HVAC system design takes care of code requirements, enhanced design goes beyond to provide additional capability before, during, and after an extreme event, including:

  • Protect against expanded threats and hazards
  • External and internal releases (CBR/hazmat)
  • Shelter-in-place

 

HVAC Systems

Ventilation and Filtration – HVAC Control Options

Available options are specific to the building as HVAC equipment and configuration, building functions, continuing operations, and other factors affect what can be done.

HVAC control may not be appropriate in all emergency situations. Protection from CBR attacks depends on the design and operation of the HVAC system and the nature of the CBR agent release.

  • Ducted returns (vice using hallways as returns) offer limited access points to introduce a CBR agent. The return vents can be placed in conspicuous locations, reducing the risk of an agent being secretly introduced into the return system
  • Large buildings usually have multiple HVAC zones, with each zone served by its own air handling unit and duct system

 

HVAC Systems

Ventilation and Filtration – HVAC Control Options (continued)

Complete system shutdown of all HVAC systems is the simplest initial approach to handle either external or internal releases.

  • Since speed is critical, a single shutdown point is desirable, but the larger the system(s) the more difficult this becomes
  • A rapid response may involve closing various dampers, especially those controlling the flow of outdoor air (in the event of an exterior CBR release)
    • Consideration should be given to installing low-leakage, fast-acting dampers to minimize this flow pathway. Fast-acting dampers close in less than 30 seconds
  • Must include all air-handling systems, such as restroom exhausts that run continuously and flames/pilots that draw air into the building, like boilers

Ensure there is no unintended leakage into or out of the ventilation system — filters sealed to channel all air through them thus taking the path of least resistance and dampers fully functional — Good Maintenance.

 

HVAC Systems

Ventilation and Filtration – HVAC Control Options (continued)

If zone pressurization is designed into the system (for fire-fighting as an example, where the fire floor is ventilated to remove heat and adjacent areas are over-pressurized to keep smoke and gases contained), then realize that opening and closing doors or operating elevators will change the zone pressurization being attempted.

  • Even without zone pressurization, opening and closing doors and operating elevators will affect the flow of air and spread smoke, toxic fumes, and CBR agents within the building
  • Consider shelter-in-place rooms or areas where people can congregate in the event of an outdoor release and, in some cases, indoor releases
    • Without pressurization the goal is to create areas where outdoor air infiltration is very low
    • With pressurization, a filtered air supply from an installed or portable unit with filters suitable for the agent released is required

 

HVAC Systems

Ventilation and Filtration – HVAC Control Options (continued)

To prevent widespread dispersion of a contaminant released within loading docks, lobbies, and mailrooms, their HVAC systems should be isolated and the areas maintained with specialized exhaust considerations.

  • Air purge is suitable for removal of smoke and toxic fumes from fire or explosive blast
  • In the case of a CBR release, an air purge would not be suitable as it would just spread the agent vice controlling it unless CBR filters are installed on exhausts to trap the agent and prevent spreading it
  • Another consideration is glazing in these areas
    • If not hardened, then windows will be blown out during an internal blast, which lessens the need for air purge
  • A good design example is for a frangible panel that vents and reduces pressure on the walls shared by the rest of the building
  • Alternate is to harden windows for external blast, but design windows to pop out for internal blast
    • If hardened, then smoke and gases are trapped and air purge is beneficial. However, all walls will require additional hardening because of the increased internal blast pressures.

Egress routes (stairwells) are normally pressurized to prevent smoke from internal fire from entering the stairwells.

  • An external CBR release would be pulled into the stairwells by this system. Either the pressurization system must be turned off during an external release or a filtering system must engage to provide clean air to the stairwells.

 

Electrical Systems

Generators Inside Buildings

When generators are inside a building:

  • Cooling for generator — air or water
    • Ensure cooling is on an emergency power system
  • Provide ventilation for combustion, cooling, and removal of vapors
  • Ensure reliability of fuel supply
    • Galveston Island, Texas, has a hospital using natural gas for generator fuel, but a hurricane had local emergency management shut down natural gas service to the island, forcing evacuation of the hospital
    • Consider dual fuel generators or on-site storage of natural gas
  • Monitor system for fuel leaks when off-line and on-line
    • Avoid jockey pumps to maintain fuel system pressure between main tank and day tank based solely on pressure reading

 

Electrical Systems

Quick Disconnects

If an emergency generator cannot be justified, consider running conduits with conductors through a manual transfer switch to a quick disconnect on the outside of the building.

  • One or more prearranged rental generators/companies can provide rapid backup power without major rewiring
  • Equivalent to a siamese water connection for adding fire fighting water to a sprinkler system

 

Electrical Systems

Building Lighting Compatible With CCTV

Closed circuit television/security cameras and building lighting must be worked as a system to ensure compatible operation:

  • The intensity, angle, and color of the lighting affect camera resolution, including low-light and infrared
  • Detection for response versus identification for police/legal action

 

Knowledge Review

Initially, what is the simplest approach to handle external or internal releases for HVAC systems?

  1. Complete HVAC system shutdown
  2. Total building evacuation
  3. Transfer all building personnel to secure locations within the building

Correct response: A

Correct response feedback: Excellent! Complete HVAC system shutdown is correct.

 

Electrical Systems

Emergency and Exit Lighting

Emergency lighting from a distribution system with central batteries and a backup generator is one design approach, but radial distribution can cause failure in large parts of the system.

  • Distributed emergency lighting with self-contained battery packs along the egress route ensures operation during a wider range of potential incidents
  • Do not forget restrooms in the emergency lighting scheme

Exit lighting traditionally has been at the top of door level, shining downward to the floor or along halls.

  • Smoke, heat, and toxic fumes are normally lighter than air, so traditional exit lighting is obscured
  • Putting exit lighting at floor level (like on aircraft) works whether walking upright or crawling

 

Communications

Information Technology Systems

Distribution considerations are the same as for other systems, especially to ensure some communications capability if an incident affects communication lines.

Redundancy is always a consideration, and any technology selected has pros and cons:

  • Copper is easier to tap through electromagnetic signals.
  • Cell phones get tied up during major incidents, especially analog voice (which locks bandwidth), but walkie-talkie and text features on phones or BlackBerrys use packet transmission when bandwidth is available, so there is more capability, as found during Hurricane Katrina.
  • Handheld radios have blind spots both in dispersed campuses and high-rise buildings, necessitating use of repeaters or distributed antennas to maintain coverage. Consider a base radio communication system with antenna(s) installed in stairwells and portable sets distributed on floors.
  • Alarm and information systems should not be collected and mounted in a single conduit, or even collocated. Circuits to various parts of the building should be installed in at least two directions and/or risers.

Mass notification to building occupants can take many approaches, but must ensure system capability or redundancy for the range of potential incidents. Keeping occupants informed as response requirements change is vital to save lives.

Note: The red phone shown in this image is a telephone connected to the local telephone company and powered by the telephone company. It is the backup to Voice Over Internet Protocol (VOIP) phones throughout the campus.

 

Communications

Information Technology Systems (continued)

  • Future load growth should be considered, especially extra conduits that will speed repair times and allow additional capability as needed.
  • Battery backup and emergency power must be at or link to all distributed equipment in the IT system to keep the system functional. This includes hubs, switches, servers, switchboards, MW links, VOIP phones, building operations, alarms, etc.
  • Fire-stopping conduits – Conduits between floors must have fire stopping installed to prevent spread of fires, fuel leaks, gas leaks, defeat of zone pressurization, or spread of CBR agents and other toxic materials.
  • Dedicated communication lines between security functions — such as central security control and entry control stations — keeps information current, especially during deter and detect situations.
  • Control centers for security, fire, and emergency operations may have backup locations depending on the size of the organization or site.

 

Plumbing Systems

Consider “what-if” scenarios, such as leaks occurring in plumbing, gas, or fuel systems.Water Distribution – Backflow Prevention:

  • Standard consideration in all plumbing fixtures, cooling towers, etc. to keep sewage and chemically treated systems disconnected from water systems
  • Also needed on water service entrance to buildings, especially on a campus to ensure contamination of one building does not spread to surrounding buildings through the water system
  • In like manner, standard underground construction always puts water systems above sewer systems so that a sewer leak will have less chance of contaminating the water system

Gas Distribution – Seismic Shutoffs and Aboveground Entrance Into Building:

  • During an extreme event, even with seismic couplings to take movement, gas lines can break, releasing gas that can reach explosive concentrations
  • Adding seismic shutoffs on the gas service entrance provides some protection from catastrophic leaks by shutting off the gas line during a seismic event
  • By building code, gas lines must come above ground before entering a building to prevent gas leaks from following the piping into the building and reaching explosive concentrations in a basement

Gas Distribution – Seismic Shutoffs and Aboveground Entrance Into Building:

Look at the physical relationship between the systems (which also includes utilities as they enter the building).

  • Will a leak in a fuel system reach a heat source, and will the fuel distribution system aid in spreading the fire throughout the building?
  • Will leaks from water or fuel systems fall upon electrical systems and equipment?
  • Are flammable systems like fuel/natural gas separated from mass notification/communication systems so that an initial fire incident does not disable the mass notification system?

Interaction Between System Leaks:

  • Will a leak in one system impact the functioning of another system or add to the catastrophic loss of that other system?

 

Fire Protection Systems

Building Codes – Alarms

Building codes based on National Fire Protection Association standards are prescriptive:

  • First alarm to evacuate, then call the fire department
    • If localized, alarm bells sound to evacuate the building, and then someone must call fire department
    • If centralized, local alarm evacuates building, then automatic call to fire department
    • If another centralized approach (hotels for example), a response would verify fire before sounding evacuation alarm and calling fire department from manned location

 

Fire Protection Systems

Building Codes – Alarms (continued)

Building codes based on National Fire Protection Association standards are prescriptive:

  • Fire alarm panels are normally near main entrances of buildings so first responder firefighters can determine which zone of the building alarmed if fire location is not obvious
    • Fire control centers are normally manned, and the fire department should know where they are located
  • Interaction with other systems should confirm wiring of the fire alarm system, whether it is combined with any other system for information flow, and whether an alarm activation also initiates actions through other systems, like energy management, SCADA (Supervisory Control and Data Acquisition), or HVAC controls
  • How is off-premises reporting done — direct telephone line to fire department, reporting to a commercial central security/fire company who contacts the fire department, centralized system manned in building that then triggers a call to the fire department or calls 911, autodial to someone else, etc.

 

Fire Protection Systems

Clean Agent Versus Water Sprinkler

Water sprinklers are, by code, to protect the building, but are poor in protecting. Continuity of Operations plans may be necessary to cope with the damages caused.

Goal: Coordinate detection and deployment such that clean agent fires first.

  • If clean agent puts out fire, then everything is fine and operations continue
  • If clean agent DOES NOT put out fire, the sprinklers activate and save the building, but operations are impacted

 

Knowledge Review

Battery backup and emergency power must be at or link to all distributed equipment in the IT system to keep the system functional.

  1. True
  2. False

Correct response: A

Correct response feedback: Correct! The answer is true.

 

Equipment Operations and Maintenance Procedures

Preventive maintenance and procedures:

  • Drawings indicating locations and capacities are current?
  • Maintenance critical to keep systems operational:
    • Critical systems air balanced and pressurization monitored regularly?
    • Periodic recommissioning of major systems?
  • Regularly test strategic equipment:
    • Sensors, backup equipment and lighting, alarms, and procedures tested regularly to ensure operation when needed?
    • Backup systems periodically tested under worst-case loadings?

Maintenance staff training:

  • System upgrades will require new training
  • Specific instructions for CBR event (internal vs. external release)
  • Systems accessible for adjustment, maintenance, and testing

 

Egress Systems

Stairways

Improve the man-system interaction by understanding people’s responses.

People respond differently in emergency situations:

  • Some react with logic (10-15 percent)
  • Some become irrational (15 percent)
  • Vast majority become bewildered and seek additional information
    • Average at WTC took six minutes to start evacuating
    • 1,000 people turned off their computers
    • At first indication of trouble, EVACUATE – Morgan Stanley lost only one person (security manager) who advised people not to listen to the public address system announcements but to evacuate and sort it out later OUTSIDE. Security manager was the only death as he went back in to verify all employees were out of the building.

Training improves response and evacuation:

  • Only 45 percent of WTC workers knew there were 3 stairways and transfer hallways were involved
  • Only 50 percent of WTC workers knew the doors to roof were locked

 

Egress Systems

Stairways – Upgrade Design and Harden

Stairways need hardening like envelope and critical structural components of a building:

  • Disperse stairways to the four corners of a building to maximize distance between them (and avoid discharge near loading dock, lobby, and mailroom)
    • Building codes set a maximum travel distance/time to get to a stairway
    • Dispersal improves survival of one or more stairways; however, this costs more
    • Scissor stairs are side-by-side — can consider one side for evacuation and one side for first responders
  • Look at stair width: wide enough for two people, one providing assistance to the other, AND a first responder coming in opposite direction?
    • If evacuees and first responders separate to different stairwells, this becomes less of an issue
  • Photoluminescent signs for wayfinding, especially if at elevation AND at floor level to support emergency lighting
    • WTC evacuees most commonly mentioned forms of aid on 9/11:
      • Help of co-workers and emergency responders
      • Photoluminescent markings in stairways

 

Egress Systems

Elevators

First Responder:

  • Standard procedure is to not use elevators for evacuation during fire, with fire responders taking over control of the elevator
  • The time required for a fully outfitted firefighter to climb to the top floor of a high-rise building is too long to be of any benefit
  • A firefighters lift, specially designed to operate during a fire, can get firefighters to the fire level in reasonable time

Evacuation:

  • A firefighters lift can be used for evacuation under firefighter control at firefighters’ discretion
  • Alternate is a hardened elevator designed for evacuation
    • Each elevator lobby, especially at upper floors, would need to be a safe haven to maintain conditions for mobility impaired personnel to await the elevator
    • Procedures should call out upper floors evacuate with elevator, with lower floors using stairways
  • As with stairways, elevator evacuation must have associated training
  • 22 percent of all evacuees in the second tower hit on 9/11 took only 16.5 minutes to evacuate by elevator prior to firefighter arrival thus, the remaining 78 percent took 72 minutes to evacuate by stairs

Harden (like stairways):

  • Elevators should be structurally hardened and protected from water, fire, smoke, CBR filtration
  • Mass notification, also like stairways, needs to be understandable in the elevator car and the elevator lobby on each floor
  • The hardened elevators require backup power so that they operate for any incident
  • Selective CCTV coverage (by motion sensor is one way) of elevator lobbies on each floor (like in stairways) assists fire-fighters in understanding where problems exist and where people need additional assistance to evacuate

 

Knowledge Review

Stairways should be dispersed to the four corners of a building to maximize distance between them.

  1. True
  2. False

Correct response: A

Correct response feedback: Great job! The response is true. In addition, stairways should be dispersed to avoid discharge near loading docks, lobbies, and mailrooms.

 

Conclusion

This lesson provided a foundation for a systematic approach to assessing the vulnerabilities of a building to man made hazards.

The Building Vulnerability Assessment Checklist in FEMA 426 can provide an excellent framework for the identification of mitigation options that will, over time, significantly reduce the vulnerability of a building to man made hazards.

Note that there are many different techniques to mitigate each vulnerability. They have different costs and may increase, reduce, or have no effect on risk for other tactics. Some measures will mitigate more than one threat/hazard(s) in a positive, synergistic way. However, mitigation measures can be in conflict, where a measure reduces overall risk for one threat/hazard but increases overall risk for one or more other threats/hazards. Thus, each mitigation measure needs to be compared to every threat/hazard tactic for the building particulars.

Antiterrorism assessment teams indicate that historically about 80 percent of mitigation recommendations are low cost /no cost planning and procedural changes.

 

Knowledge Review

The following series knowledge review questions are aimed at understanding the process for identifying vulnerabilities in site and layout design.

Stairwells for emergency egress should be located away from possible high-risk areas where blast might occur.

  1. True
  2. False

Correct response: A

Correct response feedback: Great job! The response is true. Stairwells should be located away from possible high-risk areas. To achieve this, they can be located in the interior of the building, away from perimeter walls and other high-risk areas, where they might be susceptible to blast events.

 

Knowledge Review

The following series knowledge review questions are aimed at understanding the process for identifying vulnerabilities in site and layout design.

Stairwells for emergency egress should be located away from possible high-risk areas where blast might occur.

  1. True
  2. False

Correct response: A

Correct response feedback: Great job! The response is true. Stairwells should be located away from possible high-risk areas. To achieve this, they can be located in the interior of the building, away from perimeter walls and other high-risk areas, where they might be susceptible to blast events.

 

Knowledge Review

Which of the following structural characteristics should be considered in a vulnerability assessment?

  1. Materials used in construction (i.e. steel, reinforced concrete, etc.)
  2. Progressive collapse potential
  3. Locations for access control devices and CCTV cameras
  4. All of the above
  5. A and B only

Correct response: E

Correct response feedback: Yes! A and B are both correct. Access control devices are not part of the structure itself.

 

Knowledge Review

Which of the following structural characteristics should be considered in a vulnerability assessment?

  1. Low on the building, near the ground
  2. Roof
  3. Four to five stories above ground

Correct response: A

Correct response feedback: That’s right! Louvers are most vulnerable if placed near the ground, especially if they are publicly accessible.

 

SummaryNow that you have completed this lesson, you should be able to:

  1. Identify architectural considerations to mitigate impacts from blast effects and transmission of chemical, biological, and radiological agents from exterior and interior incidents
  2. Identify key elements of building structural and non-structural systems for mitigation of blast effects
  3. Determine the benefit of building envelope, mechanical system, electrical system, fire protection system, and communication system mitigation measures, including synergies and conflicts
  4. Apply these concepts to an existing building or building conceptual design and identify mitigation measures needed to reduce vulnerabilities

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 10 – Integrated Protective System (IPS)

Integrated Protective System OverviewThis lesson will describe the integration of various types of sensors, concepts of operation of integrated protective systems, and terminology used in the industry.

 

Lesson ObjectivesAt the completion of this lesson, students will be able to:

  1. Identify the basic concepts of integrated protective system components, their capabilities, and their interaction with other systems
  2. Determine the integrated protective system concepts and practices that warrant special attention to enhance public safety
  3. Using the assessment process, identify integrated protective system requirements that can mitigate vulnerabilities

 

Integrated Protective System (IPS)

Integrated protective systems require a multidisciplinary approach.

Designing an effective protective system requires extensive expertise particularly when interpreting the threats and developing effective measures to counter or defend against them. The use of a multidisciplinary approach in developing the protective system involves teaming architectural and engineering disciplines with experts in security, blast and chemical, biological and radiological fields to better define the threat, and develop and apply protection strategies that effectively protect the asset.

 

Components of an Effective System

Components of an effective protective system:

  • Physical security
  • Security operations and intelligence
  • Security systems and equipment
  • Policies, plans, and procedures
  • Cyber security

A thorough planning process will ensure that all components are considered.

Overlapping the various layers of security will limit vulnerabilities and reduces opportunities for an aggressor to exploit.

 

Defensive and Offensive Strategies

Integrated Protective Systems
Defense Offensive
Intelligence Collection Detection and Assessment
Analyzing Vulnerabilities Delay Systems
Prevention Measures Systems Redundancy
Establishing Stand-off Continuity of Operations
Facility and System Hardening Responding to an Incident
Facility and System Clustering Crisis Management
Defensive Systems Incident Recovery
Testing the IPS

The core of an effective protective system consists of two main strategies: defensive and offensive countermeasures.

The IPS utilizes both offensive and defensive measures jointly to develop an effective protective system approach. These core strategies must be mutually present in the protective system for it to function effectively. An unbalanced protective system will fail in detecting, defending against, and defeating the aggressor. Understanding these core strategies will help in the design and development of an effective protective system.

 

Security Resiliency and Sustainability

A new concept in developing the security protective systems is consideration for resilience and sustainability. Resilience is defined by Merriam-WebsterTM as “the ability to recover from or adjust easily to misfortune or change.” As the term relates to Security Resilience and Sustainability, a slightly adjusted definition is “the ability to respond and recover from an aggressor attack and maintain operational integrity throughout.” Sustainability provides the concept of readiness at all times.

Security Resilience and Sustainability provides a concept of the life cycle of the protective system before, during, and after the aggressor act.

 

Security Resiliency and Sustainability (continued)

Elements of a security protective system include:

Detect – A detection measure senses an act of aggression, assesses the validity of the detection, and communicates the appropriate information to a response force. A detection system must provide all three of these capabilities to be effective. Detection measures may detect an aggressor’s movement via IPS, or they may detect weapons and tools used by the aggressor. Detection measures may also include access-control elements that assess the validity of identification credentials. These control elements may provide a programmed response (admission or denial), or they may relay information to a response force. The goal is to detect the aggressor activity in the pre-attack or early in the attack stage. Layers of detection are recommended to add redundancy to detection. Detection should be placed farthest away from the asset as possible, including outside the first layer of defense when practical.

Response – Response typically involves response of guard forces and/or police personnel who are trained and equipped to prevent the attack. Response may also include a reaction to the threat, such as sheltering in place or other precautionary measures.

Delay – Delay requires early detection of the attack and includes measures such as fencing, distance, vehicle barriers, ditches, culvert, etc.

Defense – Defensive measures protect an asset from aggression by preventing an aggressor’s movement toward the asset or by shielding the asset from weapons and explosives. Defensive measures should:

  • Delay aggressors from gaining access by using tools in a forced entry. These measures include barriers along with a guard force for response.
  • Prevent an aggressor’s movement toward an asset. These measures provide barriers to movement and obscure lines of sight (LOS) to assets.
  • Protect the asset from the effects of tools, weapons, and explosives.
  • Incorporate an access control function when entry through the defensive layer must be provided.

Defensive measures may be active or passive. Active defensive measures are manually or automatically activated in response to acts of aggression. Passive defensive measures do not depend on detection or a response. They include such measures as blast-resistant building components, blast walls, or envelope protection against CBR. Guards may also be considered a defensive measure.Deny – The protective system must deny the aggressor’s access to the target or asset. Denying the aggressor may include response forces and defensive hardening.

Defeat – Defeat of the aggressor’s intentions is the primary objective of protective systems. Although defeat is not a design objective, defensive and detection systems must be designed to accommodate (or at least not interfere with) guard force response activities.

Assess – Directly after defeating or denying the aggressor access to the asset, perform an assessment of the protective system to determine the effects of an aggressor act. Develop a prioritized list of corrective actions required to recover and fully restore the protective system.

Recover – Implement prioritized actions required to return the protective system to operational stability following an attack or other disruption. Initial recovery may only be partial, to maintain mission and not fully restore the protective system. Recovery may include hasty provisions that quickly repair the protective system or asset so that it can operate until more substantial provisions can be provided. Examples of hasty provisions include jersey barriers, portable lighting, and alternative power connections.

Reassess – Reassess and improve the protective system against new threats. This often includes an after-action review by key staff to identify what went wrong and what went right, and the creation of corrective actions list. The corrective actions list will be measured against a revised risk assessment to ensure it addresses new threat profiles.

Restore – The action of returning the protective system or asset back to normal operation. This normally includes full protective system functionality and/or full restoration of the asset.

Test – A pass/fail evaluation of the protective system against defined threats. Testing can be performed through various methods which include the following exercises: drills, tabletop, functional unit, and full scale. Testing should occur regularly based on threat profile, but reaction drills should occur at least twice a month and full scale exercises once a year.

Deter – A potential aggressor who perceives a risk of being caught may be deterred from attacking an asset. The effectiveness of deterrence varies with the aggressor’s sophistication and determination, the asset’s attractiveness, and the aggressor’s objective. Although deterrence is not considered a direct design objective, it may be a result of the design.

A security protective system missing one of these elements will result in a break in the cycle and either limit the effectiveness of the protective system or disable it, creating a system with vulnerabilities that may be exploited by the aggressor. Therefore, careful examination is required of the protective system to ensure the security resilience and sustainability framework is maintained.

 

Security in Layers

The protection of a facility is designed with layers of defense, detection, and response. Before we discuss integrated protective systems, let’s review several basic concepts.

A protected area’s perimeter is usually defined by an enclosing wall or fence, or a natural barrier such as water. For exterior sensors to be effective, the perimeter around which they are to be deployed must be precisely defined.

Each layer of defense must be able to accomplish the tasks of deterring, detecting, assessing, delaying and responding, in varying degrees.

 

 

Knowledge Review

The following items are examples of which type of protective system strategy?

  • Intelligence collection
  • Analyzing vulnerabilities
  • Preventing measures
  • Establishing standoff
  • Facility and system hardening
  • Facility and system clustering
  1. Defensive
  2. Offensive

Correct response: A

Correct response feedback: Correct! The items listed are examples of defensive countermeasures.

 

Multidisciplinary Approach

The multidisciplinary approach to security is a major concept that is very successful. It involves using several disciplines to design a security system, including:

  • Security specialists
  • Engineers and architects
  • Owner/operators
  • Emergency responders
  • Communications specialists
  • Maintenance and installation

Unlike the conventional physical security, which is led by one individual, the multidisciplinary approach uses a team that is collaborative and requires a team leader to oversee the effort, but also ensures the various disciplines are focused on an integrated goal, the protective system. A common failure in many protective systems is misunderstanding or complete oversight of offensive countermeasures.

 

IPS Planning

The approach to developing protective systems for assets should be based on a systematic process resulting in an integrated protective system. The protective system focuses on protecting specific assets against well-defined threats (which include aggressor tactics) to acceptable levels of protection. Where vulnerabilities have been identified for assets, protective measures must be identified to mitigate them. The IPS should be planned in-depth and contain mutually supporting elements coordinated to prevent gaps or overlaps in responsibilities and performance.

 

Aggressor Sequence Diagram

An Aggressor Sequence Diagram (ASD) is a key tool for developing the security system in the design phase.

These diagrams allow the design team to understand each attack-type scenario. They also show the events between the time an attack is detected to the time it has ended.

The ASD allows for a determination of which elements are essential to achieve effective protective measures for a given attack type.

Aggressor Sequence Diagram depicting the time it takes a person to go through the three layers of defense with a 30 second time span between each layer. First layer is bypassed in 20 seconds, second layer in 5 seconds, upon reaching third layer it takes 10 seconds to attack or release an agent. Design team in meeting with map of aggressor's path.

Aggressor Sequence Diagram (continued)

This ASD portrays an aggressor utilizing the tactic of a CBR attack on an HVAC system. As the HVAC intake is most likely outside of the building, the third layer of defense offers little or no protection.

Initially the first layer is a perimeter fence that offers 20 seconds of delay; however, it offers no detection or assessment, and the second layer is a concrete knee-wall that offers little delay but has significant detection and assessment. The response force is capable of intercepting the aggressor within one minute. The first point of detection is at the second layer, which then allows for a maximum of 35 seconds of delay before getting to the HVAC system. The response force time exceeds the amount of time necessary for the aggressor to complete his attack, and the aggressor is successful.

Note: Switching around the first and second layers of defense would allow for detection at the first layer and delay at the second layer. The resulting affect is that there would now be 90 seconds of delay built into the system, which would allow the response force sufficient time to intercept the aggressor before completing the attack.

Aggressor Sequence Diagram depicting the time it takes a person to go through the three layers of defense with a 30 second time span between each layer. First layer is bypassed in 20 seconds, second layer in 5 seconds, upon reaching third layer it takes 10 seconds to attack or release an agent. Design team in meeting with map of aggressor's path.

Programming Process

The programming process consists of seven steps:

  • Step 1 – Select Protective Strategies
  • Step 2 – Assess Design Opportunities and Constraints
  • Step 3 – Determine Required Protective Measures
  • Step 4 – Integrate Protective Measures Into Overall IPS
  • Step 5 – Assess Protective Systems Acceptability
  • Step 6 – Prepare Design Documentation
  • Step 7 – Verify Protective System

 

Programming Process

Step 1 – Select Protective Strategies

Select the appropriate design strategy for each tactic based on the level of protection associated with that tactic using strategies outlined in this course as guidelines.

 

Programming Process

Step 2 – Assess Design Opportunities and Constraints

Constraints listed in the planning phase included non-technical considerations related to user requirements. Opportunities enhance protection, reduce requirements for protective measures, or solve a design problem resulting in an overall saving of time, design effort, or money. Constraints restrict design or create additional problems, which must be compensated for by the protective design. Any given element may be either an opportunity or a constraint depending on the site and particular aggressor tactics. Protective measures for one tactic may be opportunities or constraints to another.

 

Programming Process

Step 3 – Determine Required Protective Measures

Select required protective measures separately for each asset and each applicable tactic. The tactics should be organized according to the intensity of their effects against the asset, with the most severe tactics presented first. The protective measures for one tactic generally provide advantages for protecting against the less severe tactics, and thus protective measures required to resist one tactic become opportunities for the following tactics.

 

Programming Process

Step 4 – Integrate Protective Measures Into Overall IPS

The aggregate of the selected protective measures represents a preliminary protective system for an individual asset. To ensure uniform and effective protection of all assets against all threats, protective measures must be integrated into a system. To integrate a system effectively, consider the following requirements:

  • Evaluate the preliminary security system for all assets.
  • Ensure that proposed protective measures do not adversely affect operations of the assets or of adjacent facilities.
  • Ensure that protective measures for one asset are compatible with measures for other assets. Then eliminate unnecessary duplicate protective measures. Caution must be made to not remove a necessary protective measure for individual asset during this process.
  • Ensure compatibility with the individual assets being protected.
    • Verify that the assets are protected uniformly to the appropriate levels of protection and threat severity levels.
    • Verify that protective measures do not interfere with the operations of the protected asset and that they comply with all design constraints.
  • The remaining compatible protective measures form the protective system for the project. Prepare sketches, layouts, and schematics showing the protective system components and quantities.

 

Programming Process

Step 5 – Assess Protective System Acceptability

Assess the acceptability of the protective system to the user of the assets being protected before finalizing the design.

 

Programming Process

Step 6 – Prepare Design Documentation

Provide the necessary design criteria and any information such as sketches, schematics, or reports necessary to justify the proposed protective system and support the cost estimate.

 

Programming Process

Step 7 – Verify Protective System

Verify the design matches the protective system countermeasure lists and sketches developed in Step 3. This will often require the design team to review ASDs and run through the various aggressor scenarios against the identified assets to confirm the protective system meets the prescribed countermeasures.

 

Knowledge Review

Detection measures should be employed at all layers of defense.

  1. True
  2. False

Correct response: A

Correct response feedback: Excellent! The answer is true.

 

IPS Evaluation and Adjustment

The protective system is always in need of evaluation and adjustment, which is mostly due to fluctuations in original determinations. For instance, changes in procedural measures, such as guard forces performing rover patrols in high risk or vulnerable areas, may require adjustments with the IPS plan where intrusion detection, electronic access controls, and video assessment systems may be used to offset the risks for procedural changes. The assessment and response function originally planned will likely be displaced with security personnel monitoring security activities in a monitoring center. Of course with any IPS, the response function must still be performed by guard force personnel.

 

Security Operations and Intelligence

Security operations and intelligence protective measures are essential to the success of any protective system. The effectiveness of detection systems, delaying systems, response, and defense against an aggressor depends on an effective guard force.

  • Determining the need
  • Security guard force duties

 

Security Operations and Intelligence

Determining the Need

The main component for determining guard force needs is the protective system design and the determination of procedural needs. In some instances, outside response forces (police, hazmat, and fire department) may fulfill incident response; however, a contingency force for initial response should be considered. When dependent on outside resources to fulfill response needs, a memorandum of understanding should be initiated to clearly identify goals, responsibilities and coordination needs. Outside response forces should also participate in drills, so they are familiar with the facility and its potential threats.

 

Security Operations and Intelligence

Security Guard Force Duties

In order to make a decision on utilizing a security guard force of any size, consider the following duties guard forces will perform:

  • Entrance Control – Operate and enforce a system of access control (vehicle or pedestrian), including inspection of identification and packages
  • Roving Patrol – Patrol routes of designated mission essential and vulnerable areas, such as perimeters, utility areas, building areas, and public areas
  • Traffic Control – Direct traffic (vehicle or pedestrian) around vulnerable areas or verify bills of lading and identifications; control parking
  • Security, Fire, and Utility Systems Monitoring and Response – Monitor, operate, and respond to systems alarms or protective devices
  • Response to Emergencies – In case of any emergency, such as bomb threat, bombing incident: Provide response, summon assistance, administer first responder aid, mitigate damage by extinguishing small fires, and assist public safety personnel
  • Countersurveillance – Perform countersurveillance activities to deter or thwart aggressors’ preoperational activities

 

COOP Considerations

COOP sites generally require the same or higher level of security. The activation of a COOP site generally indicates that something has affected the main site. For example, if the main site was attacked by terrorists and destroyed, the value of the COOP site would increase and the threat level would likely increase requiring additional security.

  • Design Basis Threats (DBTs) may be different for COOP sites. The DBT must be re-evaluated at the COOP site to ensure that the appropriate level of protection is used to mitigate specific threats such as close proximity to different chemical hazards.
  • Consequence may drive a higher level of protection. The level of protection may need to be increased if the consequence of the loss of the COOP site increases.
  • Select COOP facility that has existing IPS. One possible measure is to select a COOP site that has an existing level of protection that is adequate.
  • Build COOP facility to the desired level of protection.
  • Transition mobile equipment. Some equipment can be easily transferred from the main site to the COOP site. This can be a cost effective way to ensure the appropriate level of security.
  • There is also a heavy reliance on additional personnel.

Note: COOP sites are usually occupied 24 hours a day. This would lead to some IPS equipment being placed in an access status, relying on the occupants for detection.

 

Deterrence

Three images, left to right: metal detectors, gate and house, and security guards inspecting a vehicle.Deterrence is used to create the perception that a facility is strong and well-protected. Highly visible security measures may convince some aggressors that the facility is too strong to be attacked.

It is a good idea to keep the location and function of COOP sites low-profile.

While deterrence provides some level of positive benefits, the exact benefit cannot be measured. Crime Prevention Through Environmental Design (CPTED) measures are a good example of this affect. Parking a marked police vehicle in a high crime area may persuade some criminals to limit their activities; however, other criminals may not be affected at all.

Some examples of deterrents are:

  • Visible security devices
  • Visible camera systems
  • Uniformed guards
  • Good lighting and warning signs
  • Dogs appearing to be police dogs

Image descriptions:

  • Metal Detectors – The metal detectors perform a valued function, however there is no additional delay.
  • Gate and House – The gate and house look very secure and imposing, however are they constructed of crash-rated materials?
  • Security Guards – The security guards are armed, however their attention is focused on searching and they may not be able to stop a vehicle.

 

Security Systems and Equipment

The applicable threat and design criteria will define the IPS’s general requirements. The exterior and interior IPSs should be configured as layers of unbroken rings concentrically surrounding the asset.

Security systems and equipment examples include:

  • Electronic security systems
  • Design considerations
  • Response and delay
  • Basic guidance
  • System effectiveness
  • Perimeter layout and zoning
  • Alarm annunciation

 

Detection

Various detection equipment can be used in a variety of ways to look for intruders or contraband. We will further discuss these general types of detection equipment:

  • Perimeter sensors
  • Area sensors
  • Point detection
  • Volumetric detection
  • Personnel screening
  • Vehicle screening
  • Package screening

 

Sensor Types

Sensors can fall into two general types:

  1. Passive – The sensor does not emit any forms of energy; instead the passive sensor reads and measures forms of energy emitted by other objects.
  2. Active – The sensor emits some type of energy to create a field in which interruptions or changes trigger an alarm.

 

Microwave (MW) Sensors

Two microwave intrusion detection sensor images and illustrations for each, left to right: top left, bistatic system labeled "Bistatic System," bottom illustration demonstrating system uses a transmitter and a receiver that are typically separated by 100 to 1,200 feet and are within direct line of sight of each other: two separated dotted outline oval shapes connected to end rods on both sides , top right, monostatic system labeled "Monostatic System," bottom illustration demonstrating system usually combines the transmitter and receiver into a single package: one filled dotted oval shape with narrowed capped left edge and callout line with arrow pointing to left edge labeled "Transceiver" and callout line with arrow pointing to top of oval edge labeled "Microwave beam."Microwave intrusion detection sensors are categorized as bistatic or monostatic. Bistatic sensors use transmitting and receiving antennas located at opposite ends of the microwave link, whereas monostatic sensors use the same antenna.

bistatic system uses a transmitter and a receiver that are typically separated by 100 to 1,200 feet and are within direct line of sight of each other.

Army TM 5-853-4, Electronic Security Systems, pgs. 5-15 and 5-7

Monostatic microwave sensors use the same antenna or virtually coincident antenna arrays for the transmitter and receiver, which are usually combined into a single package.

Microwave systems function on a line of sight principle. Any disruptions such as uneven terrain or fallen trees can create a window that can be exploited.

Note: Items marked with (COOP) have the potential to be moved to the COOP site when needed.

Also, the size and shape of the sensor fields create areas that could be exploited. The areas closest to the sensor heads have vulnerable areas where there is no detection. These areas must be overlapped or otherwise protected in order to be effective.

 

Knowledge Review

Which of the following is an example(s) of a deterrent?

  1. Visible security devices
  2. Visible camera systems
  3. Uniformed guards
  4. Good lighting and warning signs
  5. All of the above

Correct response: E

Correct response feedback: Great job! All of the items are examples of a deterrent.

 

Intrusion Detection Systems

Exterior intrusion detection sensors are customarily used to detect an intruder crossing the boundary of a protected area. They can also be used in clear zones between fences or around buildings, for protecting materials and equipment stored outdoors within a protected boundary.

Because of the nature of the outdoor environment, exterior sensors are also more susceptible to nuisance and environmental alarms than interior sensors. Inclement weather conditions (e.g., heavy rain, hail, and high wind), vegetation, the natural variation of the temperature of objects in the detection zone, blowing debris, and animals are major sources of unwanted alarms.

The combination of MW and PIR (Passive Infrared) works well to eliminate weather, birds/animals, vegetation, blowing debris, hail, etc. from causing false alarms.

 

Intrusion Detection Systems

Seismic/Vibration Sensors

Seismic/vibration sensors detect low-frequency energy generated in an attempted penetration of a physical barrier (such as a wall or a ceiling) by hammering, drilling, cutting, detonating explosives, subterranean digging, or employing other forcible methods of entry. Vehicles are detected when they create vibrations by traveling across the sensor area.

Seismic/vibration sensors can experience nuisance alarms from earthquakes, thunder, or other natural events.

 

Intrusion Detection Systems

Buried Line Sensors

A buried line sensor system consists of detection probes or cable buried in the ground, typically between two fences that form an isolation zone. These devices are wired to an electronic processing unit. The processing unit generates an alarm if an intruder passes through the detection field.

Buried line sensors have several significant features:

  • They are hidden, making them difficult to detect and circumvent
  • They follow the terrain’s natural contour
  • They do not physically interfere with human activity, such as grass mowing or snow removal
  • They are affected by certain environmental conditions, such as running water and ground freeze/thaw cycles

 

Intrusion Detection Systems

Fence-Mounted Sensors

Fence sensors detect attempts to penetrate a fence around a protected area. Penetration attempts (e.g., climbing, cutting, or lifting) generate mechanical vibrations and stresses in fence fabric and posts that are usually different than those caused by natural phenomena like wind and rain.

Examples of fence sensors include:

  • Strain Sensitive Cable – Strain sensitive cables are transducers that are uniformly sensitive along their entire length. They generate an analog voltage when subject to mechanical distortions or stress resulting from fence motion.
  • Taught Wire Sensors – Taut wire sensors combine a physically taut wire barrier with an intrusion detection sensor network. The taut wire sensor consists of a column of uniformly spaced horizontal wires up to several hundred feet in length and securely anchored at each end.
  • Fiber Optic Sensors – Fiber optic sensors are functionally equivalent to the strain-sensitive cable sensors previously discussed. However, rather than electrical signals, modulated light is transmitted down the cable, and the resulting received signals are processed to determine whether an alarm should be initiated.
  • Capacitance Proximity Sensors – Capacitance proximity sensors measure the electrical capacitance between the ground and an array of sense wires. Any variations in capacitance, such as that caused by an intruder approaching or touching one of the sense wires, initiates an alarm.

 

Intrusion Detection Systems

Area Detection

Area sensors can be used to provide a detection area instead of a single line. Area sensors are used to cover the empty space between layers of defense, or they can be used to extend a perimeter zone without the added cost of installing a fence and multiple sensors. Many area sensors can detect and track an intruder, displaying the information on graphic displays and maps.

Examples include:

  • RADAR
  • Video motion detection
  • Thermal
  • Infrared

 

Entry Control Systems and Technology

Boundary Penetration Sensors

Examples of boundary penetration sensors include:

  • Structural vibration sensors – Detect low-frequency energy generated in an attempted penetration of a physical barrier (such as a wall or a ceiling) by hammering, drilling, cutting, detonating explosives, subterranean digging, or employing other forcible methods of entry.
  • Glass breaking sensors – Detect the breaking of glass. The noise from breaking glass consists of frequencies in both the audible and ultrasonic range.
  • Balanced magnetic switches (BMSs) – Are typically used to detect the opening of a access portal. These sensors can also be used on windows, hatches, gates, or other structural devices that can be physically opened to gain entry.
  • Passive ultrasonic sensors – Detect acoustical energy in the ultrasonic frequency range, typically between 20 and 30 kilohertz (kHz). They are used to detect an attempted penetration through rigid barriers (such as metal or masonry walls, ceilings, and floors), and windows and vents covered by metal grilles, shutters, or bars if these openings are properly sealed against outside sounds.
  • Grid wire sensors – Consist of a continuous electrical wire arranged in a grid pattern. The wire maintains an electrical current. An alarm is generated when the wire is broken. The sensor detects forced entry through walls, floors, ceilings, doors, windows, and other barriers. (This type of sensor works well with structural vibration sensors.)

 

Point Sensors

Point sensors are used to protect specific objects within a facility. These sensors (sometimes referred to as proximity sensors) detect an intruder coming in close proximity to, touching, or lifting an object. Several different types are available, including capacitance sensors, pressure mats, and pressure switches.

Capacitance sensors detect an intruder approaching or touching a metal object by sensing a change in capacitance between the object and the ground. Think of some types of car alarms.

Pressure mats generate an alarm when pressure is applied to any part of the mat’s surface, such as when someone steps on the mat.

Pressure switches are mechanically activated contact switches or single ribbon switches.

 

Volumetric Motion Sensors

Designed to detect intruder motion within the interior of the protected volume:

  • Microwave Motion Sensors – Use high-frequency electromagnetic energy to detect an intruder’s motion within the protected area. Interior or sophisticated microwave motion sensors are normally used. Interior microwave motion sensors are typically monostatic; the transmitter and the receiver are housed in the same enclosure (transceiver). Sophisticated microwave motion sensors may be equipped with electronic range gating. This feature allows the sensor to ignore the signals reflected beyond the settable detection range.
  • Passive Infrared (PIR) Motion Sensors – Detect a change in the thermal energy pattern caused by a moving intruder and initiate an alarm when the change in energy satisfies the detector’s alarm criteria. These sensors are passive devices because they do not transmit energy; they monitor the energy radiated by the surrounding environment.
  • Ultrasonic Motion Sensors – Can be either active or passive. Passive ultrasonic sensors are devices that “listen” for ultrasonic sound energy in a protected area and react to high frequencies associated with intrusion attempts. Active ultrasonic sensors are devices that emit ultrasonic sound energy into a monitored area and react to changes in the reflected energy pattern.
  • Dual Technology Sensors – Combine two different technologies in one unit to minimize the generation of alarms caused by sources other than intruders.
    • Stereo doppler is a dual channel microwave design. The combination of an MW sensor and a PIR sensor must activate simultaneously to create an alarm.
  • Video Motion Sensors – Generate an alarm when an intruder enters a selected portion of a CCTV camera’s field of view. The sensor processes and compares successive images between the images against predefined alarm criteria. There are two categories of video motion detectors, analog and digital. Analog detectors generate an alarm in response to changes in a picture’s contrast. Digital devices convert selected portions of the analog video signal into digital data that are compared with data converted previously; if differences exceed preset limits, an alarm is generated. The signal processor usually provides an adjustable window that can be positioned anywhere on the video image.

 

Knowledge Review

Which type of volumetric motion sensor uses high-frequency electromagnetic energy to detect an intruder’s motion within the protected area?

  1. Video motion sensors
  2. Dual technology sensors
  3. Microwave motion sensors
  4. Ultrasonic motion sensors

Correct response: C

Correct response feedback: Way to go! Microwave motion sensors is correct.

Keep in mind, interior or sophisticated microwave motion sensors are normally used. Interior microwave motion sensors are typically monostatic; the transmitter and the receiver are housed in the same enclosure (transceiver). Sophisticated microwave motion sensors may be equipped with electronic range gating. This feature allows the sensor to ignore the signals reflected beyond the settable detection range.

 

Personnel Screening

Personnel screening is used to prevent the unauthorized entry of threats or contraband material such as weapons, explosives, or drugs. There are several highly effective technologies available that can detect contraband material on personnel. While the technologies are highly effective, there is significant debate on the use of this equipment.

Backscatter technology relies on a narrow, low intensity X-ray beam scanned over the body’s surface at high speed that is reflected back from the body and other objects placed or carried on the body, where it is converted into a computer image of the subject and displayed on a remote monitor.

Millimeter wave technology uses non-ionizing radio frequency energy in the millimeter wave spectrum to generate an image based on the energy reflected from the body. The three-dimensional image of the body is displayed on a remote monitor for analysis. The energy projected by the system is 100,000 times less than a cell phone transmission. Millimeter wave technology uses millimeter wave cameras to screen for anomalies on a person’s body. These devices, which may be active or passive, must be located approximately 10 feet from a person and must be able to view the person for approximately two seconds, either while walking or standing.

 

Personnel Screening (continued)

Explosive detection devices. Air is puffed over the person being searched, and it is drawn into a concentrator in the bottom of the portal. The concentrator is a Teflon-coated screen onto which explosive vapors tend to stick. The screen is rotated and heated, and this eludes the explosive vapor particles into an ion mobility spectrometer.

The explosive vapor particles are then ionized in the reaction region by an electron source, and then they are released to drift down the spectrometer tube to the Faraday plate. The time that it takes them to drift the fixed distance is a measure of their mass, and peaks appear on the instrument depending on the mass of the molecules in the sensing tube. Explosive vapors have unique masses and if a peak appears on the display just where the explosive vapor is expected then there are explosives present.

Note: Modern backscatter X-ray and RADAR machines can detect and identify materials in sufficiently high detail. The detail is not limited to material only but can also provide in-depth images of the human anatomy. This has spawned many invasions-of-privacy discussions and forced a “de-personalization” of displays.

 

Package Screening

In addition to personnel screening, numerous devices are available that can screen packages. Available equipment operates using the same technologies as personnel screening equipment.

Package screening includes:

  • X-ray
  • RADAR
  • Explosive detection

 

Vehicle Screening

Vehicles can present a significant risk to buildings because there are very few limits to the types of materials that vehicles can carry. A large tractor-trailer can carry loads of up to 100,000 pounds. If this was an explosive load, then the potential for damage would be extreme. Most automobiles are capable of carrying at least 500 pounds of materials.

There are varieties of fixed and mobile equipment that can be used for vehicle screening. These systems use X-ray and RADAR technologies. The only significant difference between human and vehicle scanners is that vehicle scanners commonly use higher intensity emissions in order to penetrate through cargo loads. In most cases, while the energy levels are higher, brief exposures are generally not life-threatening.

 

Delay

Delay is the planned measures that are designed and installed in order to slow an aggressor down until response forces arrive. Delay can consist of non-technical items such as distance, large rocks, fences, or building materials. Electronic types of delay can be integrated in to the integrated protective system.

  • Active barriers
  • Access control
  • Denial systems

 

Access Control

Access control to the building and interior rooms can be operated automatically. Most people are familiar with the capabilities of an automatic locking mechanism, in that the lock can disengage when the proper code is entered on the keypad.

  • Intrusion Detection – Electronic locks can also be integrated with intrusion detection sensors. The integrated protective system can be programmed to lock all doors in the event of intrusion detection or to lock down designated high security areas and override normal operating procedures.
  • Active Shooter – In situations where an active shooter is identified, doors can be locked from the control station to trap the shooter while at the same time opening different doors to evacuate potential victims safely.
  • Metal or Explosives Detector – Electronic locks can be integrated with metal or explosives detectors. The integrated protective system can be programmed to lock doors or turnstiles in the event of a detection to prevent the contraband from entering the facility and/or lock down the entry doors to contain the weapons or explosives at the screening area.

 

Electronic Entry Control

Electronic entry control devices include:

  • Coded devices
  • Credential devices
  • Biometric devices

The function of an entry control system is to ensure that only authorized personnel are permitted into or out of a controlled area. Entry can be controlled by locked fence gates, locked doors to a building or rooms within a building, or specially designed portals. These means of entry control can be applied manually by guards or automatically by using entry control devices.

  • In a manual system, guards verify that a person is authorized to enter an area, usually by comparing the photograph and personal characteristics of the individual requesting entry
  • In an automated system, the entry control device verifies that a person is authorized to enter or exit. The automated system usually interfaces with locking mechanisms on doors or gates that open momentarily to permit passage

All entry control systems control passage by using one or more of three basic techniques (e.g., something a person knows, something a person has, or something a person is or does). Automated entry control devices based on these techniques are grouped into three categories: coded, credential, and biometric devices.

 

Knowledge Review

Vehicles can present a significant risk to buildings because there are very few limits to the types of materials that vehicles can carry.

  1. True
  2. False

Correct response: A

Correct response feedback: Great job! The answer is true. Keep in mind, a large tractor-trailer can carry loads of up to 100,000 pounds. If this was an explosive load, then the potential for damage would be extreme. Most automobiles are capable of carrying at least 500 pounds of materials.

 

Coded Devices

Coded devices operate on the principle that a person has been issued a code to enter into an entry control device. This code will match the code stored in the device and permit entry. Depending on the application, a single code can be used by all persons authorized to enter the controlled area (not effective for secure areas but useful for areas such as storage closets or bathrooms) or each authorized person can be assigned a unique code. Individual codes are usually required for control of entry to more critical areas. Electronically coded devices include electronic and computer controlled keypads.

Examples of coded devices include:

  • Electronic keypad devices – Are similar to telephone keypads (12 keys). This type of keypad consists of simple push-button switches that, when depressed, are decoded by digital logic circuits. When the correct sequence of buttons is pushed, an electric signal unlocks the door for a few seconds.
  • Computer controlled keypad devices – Are devices similar to electronic keypad devices, except they are equipped with a microprocessor in the keypad or in a separate enclosure at a different location. The microprocessor monitors the sequence in which the keys are depressed and may provide additional functions, such as personal ID and digit scrambling. When the correct code is entered and all conditions are satisfied, an electric signal unlocks the door.

Note: Access codes should be unique to individuals. This allows the computer system to verify and record individual access.

 

Coded Devices

Precautions

Take the following precautions when using coded devices:

  • Care should be taken so other persons cannot observe individuals entering their assigned code. Installation of an opaque shield around the device aids in control of unauthorized observations. This helps to eliminate the use of another’s code to gain entry into an unauthorized area.
  • Also, care should be taken to replace coded pads that show wear from repeated code entries. Code compromise may be accomplished by attempting use of the worn keys (which results in fewer permutations of the combination to gain access).
  • Individual codes are best for access control and accountability.

 

Credential Devices

A credential device identifies a person having legitimate authority to enter a controlled area. A coded credential (e.g., plastic card or key) contains a prerecorded, machine-readable code. An electric signal unlocks the door if the prerecorded code matches the code stored in the system when the card is read.

Credential devices may include:

  • Magnetic stripe card – A magnetic stripe card is a strip of magnetic material located along one edge of the card that is encoded with data (sometimes encrypted). The data are read by moving the card past a magnetic read head.
  • Wiegand-effect card – A wiegand-effect card contains a series of small-diameter, parallel wires approximately ½-inch long embedded in the bottom half of the card. The wires are manufactured from ferromagnetic materials that produce a sharp change in magnetic flux when exposed to a slowly changing magnetic field. This type of card is impervious to accidental erasure. The card reader contains a small read head and a tiny magnet to supply the applied magnetic field. It usually does not require external power.
  • Proximity card – A proximity card is not physically inserted into a reader; the coded pattern on the card is sensed when it is brought within several inches of the reader. Several techniques are used to code cards. One technique uses a number of electrically tuned circuits embedded in the card. Data are encoded by varying resonant frequencies of the tuned circuits. The reader contains a transmitter that continually sweeps through a specified range of frequencies and a receiver that senses the pattern of resonant frequencies contained in the card. Another technique uses an integrated circuit embedded in the card to generate a code that can be magnetically or electrostatically coupled to the reader.
  • Smart card – A smart card is embedded with a microprocessor, memory, communication circuitry, and a battery. The card contains edge contacts that enable a reader to communicate with the microprocessor. Entry control information and other data may be stored in the microprocessor’s memory.
  • Bar code – A bar code consists of black bars printed on white paper or tape that can be easily read with an optical scanner. This type of coding is not widely used for entry control applications because it can be easily duplicated.
  • “i” Button – The “i” button is a computer chip enclosed inside a 16mm stainless steel can. The “i” button can grant its owner access to a building, a PC, a piece of equipment, or a vehicle. Some “i” buttons can be used to store cash for small transactions, such as transit systems, parking meters, and vending machines. Also used as an electronic asset tag to store information needed to keep track of valuable capital equipment.
  • The Radio Frequency Identification Device (RFID) – Systems rely on a radio frequency identification chip implanted in an access card, (i.e., proximity, smart, or similar) that transmits card-owner information wirelessly.Significant security and privacy issues exist to a level that Government agencies eager to use this technology have abandoned their acceptance and use until the security and privacy issues are resolved. The ability for the remote operation of this technology gives it great interest for now and the future.Without a biometric device necessary to be used with a credential device, the only thing to be verified from an after-incident-entry-point-log review is “the device” was used to enter the area. Without some other means of identification (biometrics or personal identification number), a person other than the owner can use a lost or stolen card and cannot be tied to it.In the absence of biometric devices, anti-pass back devices and procedures should be in place to eliminate unauthorized usage. Assign responsibility of the person issued the device to ensure two people cannot use the same credential device. This commonly occurs when one tells another he “forgot” his device.

 

Biometric Devices

The third basic technique used to control entry is based on the measurement of one or more physical or personal characteristics of an individual. Because most entry control devices based on this technique rely on measurements of biological characteristics, they have become commonly known as biometric devices. Characteristics such as fingerprints, hand geometry, voiceprints, handwriting, and retinal blood-vessel patterns have been used for controlling entry. Typically, in enrolling individuals, several reference measurements are made of the selected characteristic and then stored in the device’s memory or on a card. From then on, when that person attempts entry, a scan of the characteristic is compared with the reference data template. If a match is found, entry is granted.

Biometric devices may include:

  • Fingerprint verification devices – Use one of two approaches. One is pattern recognition of the whorls, loops, and tilts of the referenced fingerprint, which is stored in a digitized representation of the image and compared with the fingerprint of the prospective entrant. The second approach is minutiae comparison, which means that the endings and branching points of ridges and valleys of the referenced fingerprint are compared with the fingerprint of the prospective entrant.
  • Hand geometry devices – Use a variety of physical measurements of the hand, such as finger length, finger curvature, hand width, webbing between fingers, and light transmissivity through the skin to verify identity. Both two- and three-dimensional units are available.
  • Retinal pattern verification – Is based on the premise that the human eye’s iris is unique to an individual. While the eye is focused on a visual target, a high quality digital camera takes a picture of the iris. A computer program conducts an analysis of the iris and converts this information into a unique computer code. This information is processed and converted to a digital template that is stored as the eye’s signature.
  • Facial recognition devices – Is based on the premise that each individual’s facial features are unique. There are two main methods to accomplish facial recognition. The first technique involves stereo imaging, which captures facial images from two separate points/cameras. A computer combines and analyzes the images by measuring features such as the size and shape of the eye sockets or distance from nose to chin. These measurements are stored and compared to new images when access is attempted. The second method involves using a low intensity laser to develop a three-dimensional image of the face, which is then stored and compared. Both methods can currently be used to detect and identify an individual.

 

Assessment

Alarm assessment is the determination of the nature of an alarm to determine if there is a threat. When an alarm sounds, human interaction is required to determine what caused the alarm. In the absence of technology, this requires a human to go to the site of the alarm. Depending on the location of the alarm, this can take a significant amount of time, which increases the potential that the alarm trigger is no longer present. This time delay is very detrimental to any effective response.

COOP facilities are frequently manned continuously. Additional security guards are commonly used to compensate for the lack of installed security measures.

Modern integrated protective systems can utilize properly positioned cameras to determine the cause of an alarm almost instantly from one central location and further track an aggressor to guide response efforts.

 

Video Assessment

The use of digital cameras significantly increases the effectiveness of assessment. A properly installed and focused camera can provide almost instant assessment of alarm activation. A time capture of the video recording can also provide a 5-15 second window of the moments in time directly before the alarm activation to show the exact cause of the alarm.

Key points:

  • Fixed Cameras on alarm points. Pan, tilt, and zoom cameras can economically provide camera coverage over a large area and can be programmed to automatically turn to the location of alarm activation. While this sounds prudent, having to wait for a camera to move creates the potential to miss the activating event of an alarm. If cameras are used for assessment purposes, it is best to have a fixed camera on the alarm points.
  • Movable cameras for tracking. While it is essential to maintain fixed camera views on alarm points, having a movable camera to track an aggressor’s movement is a valuable tool to directing response activities. Without a movable camera the security force would have to manipulate cameras individually in order to track an aggressor’s movements, which can create problems.
  • Proper lighting. Proper lighting is essential to the use of camera systems. The lighting level of exterior cameras changes constantly throughout the day due to natural conditions such as sunrise and fall or weather patterns. Cameras must be installed in a manner where they receive the correct amount of light to operate properly.
  • Sufficient resolution. Cameras must have sufficient resolution to perform their intended purpose. Cameras can be used for detection, characterization, or identification.

 

Lighting

Lighting for video recording must be properly installed at the correct illumination to ensure that the image quality is sufficient. If the lighting is too intense, the image will be washed out. If there is not enough lighting, that image will be mostly black and provide little use.

When installing lighting, care must be taken to ensure that the light intensity does not become offensive to neighbors.

Absent Lighting – Lighting is absent at the front entrance of the building and too intense at the side of the building.

Good Lighting – Image shows an example of good lighting.

Lighting is Too Intense, Too Low and Pointed at the Camera – The lighting is too intense, too low and pointed at the camera. On the left side you cannot see the man standing under the light. On the right side you can see the man but there is still too much lighting. The difference is that the direction of the light was pointed down and more towards the building.

Lighting Too Intense – Lighting so intense that the entire block is illuminated.

 

Alternative Video

Old camera options used to be poor quality black and white or high quality black and white. Cameras are available today in high definition color, varying amounts of zoom and focus, and even color cameras that switch to black and white for low light situations. Various types of night vision cameras are also available.

Thermal and infrared cameras can be used for assessment and video analytics just like any other camera.

Thermal – Creates images based on the surface temperature of objects and persons. This does not require any kind of light, however there can be problems if the object’s temperature is the same temperature as its surroundings.

Infrared – Creates images based on the amount of infrared light that an object emits or reflects. This type of camera requires that there be some source of IR. If the object does not generate enough IR, then an IR floodlight can be used.

 

Video Analytics

Camera technology over the last several years has seen tremendous advances in technology. Many security cameras are now digital cameras instead of analog cameras. Digital images are composed of a series of varying color dots or pixels that can be used on computer media. Video analytics consists of computer software that can analyze digital images to identify changes in the pixels. Modern security cameras record video directly to hard drives on computers, which can then be analyzed by the software to create a sensor utilizing existing cameras.

Requirements:

  • Fixed camera
  • Sufficient resolution
  • Effective programming

Potential Applications:

  • Motion detection
  • Asset security
  • Approach speed
  • Lingering people
  • Abandoned objects
  • Detect individual falling
  • Facial recognition
  • Behavioral recognition

 

Knowledge Review

Which device used to control entry is based on the measurement of one or more physical or personal characteristics of an individual?

  1. Coded devices
  2. Credential devices
  3. Biometric devices

Correct response: C

Correct response feedback: You got it! Biometric devices are based on the measurement of one or more physical or personal characteristics of an individual.

Because most entry control devices based on this technique rely on measurements of biological characteristics, they have become commonly known as biometric devices.

 

Security Operations Center (SOC)

The SOC is the focal point for an integrated protective system. The SOC is the termination point for all sensors, cameras, access controls, and many other things. The systems operator should be able to control all aspects of the integrated protective system. The operator is intended to operate the integrated protective system, not function as a sensor (using video displays to search for aggressors) or as a visitor center. Depending on the size and activity of the facility, there may be a need for additional operation centers that function with redundant capabilities that are focused to increase the effectiveness in each sector or zone.

  • SOC incorporates CCTV displays and visual and audio alarms
  • Alarms, displays, video recording, and access logs should all terminate at the SOC
  • Utilize maps and building drawings
  • CCTV with instant replay of alarm activation and data recording
  • Operate access controls and delays
  • Incorporate building automation
  • Incorporate CBRN sensors
  • Direct response activities
  • Since electric power is needed for system operation throughout the system, backup power with redundant lines should also be considered

 

Communications

You just learned that the SOC is the focal point for an integrated protective system. Also, the SOC is the termination point for all sensors, cameras, access controls, and many other things. This point is emphasized twice due to the significance of the security operations, the ability to turn off sensors, and the ability to operate doors and access controls. Communications into and out of the security operations center need to be protected to ensure the continued functionality of the integrated protective system.

There is a vast amount of information and capabilities. Most security functions can be performed in the SOC. However, an independent secure network is needed. The SOC needs an independent closed network that does not cross over into the building’s network or to the Internet. Skilled network professionals can implement a significant defense against intrusions; however, if the assets being protected are of a critical importance, it is best to keep the security network separate and closed from all other networks. By using a closed network, an aggressor will have to enter the facility through the layers of defense in order to attempt to manipulate the integrated protective system, making the task much more difficult.

Be sure to incorporate data and voice. Both communications should have built in redundancy to ensure that the system is always functioning. Voice communications between the security operations center and response force should be protected in order to not provide the aggressor any advantages.

In addition, it is essential to have tamper detection of communications lines. Tamper detection can detect attempts to circumvent the integrated protective system or provide the system with false information.

 

Response

Response is the ability to locate, interrupt, and prevent an aggressor from achieving his objective. Typically response actions are performed by response forces such as security guards or law enforcement. With increases in technology and innovations, there are now some response actions that can be automated. As previously discussed, door locks, access controls, and other delay mechanisms can be operated automatically or electronically. Depending on the level of security required, various lethal and non-lethal techniques can be operated by the control center.

Examples of response measures include:

  • Operation of access controls
  • Operation of delay mechanisms
  • Release of aqueous foam
  • Release of sticky foam

 

Cyber Security

The cyber security threat is the most active threat that we face as a nation. Threats to the built environment include:

  • SCADA systems threat – Cyber threats to the built environment are often associated with Supervisory Control and Data Acquisition (SCADA), also known as Utility Monitoring and Control Systems (UMCS). SCADA provides monitoring and control of utilities. For many facilities SCADA performs monitoring and control of utilities over the Internet, and therein lies its largest vulnerability. When utilities are operated over the Internet; they are vulnerable to whomever has access to a computer and Internet connection.
  • Information systems threat – The last vulnerability relating to the built environment is associated with information concerning assets on Web portals. Many organizations provide details of the facility and other assets on their Web sites. This information in the wrong hands such as the aggressor can be used against the asset. Information concerning assets should be removed from Web pages.

 

Information System Protection

The best method of protecting against cyber threats is to limit access to the asset altogether; however, some assets must be connected to cyberspace in order to function. In these cases, information systems must be protected to a higher level than closed systems (those systems that are not connected to cyberspace). Whether or not the system is connected to cyberspace, every system has vulnerabilities that need to be protected against the aggressor. We strongly recommend a detailed process to identify vulnerabilities in any systems that support an asset or the facility’s mission. Perhaps the most developed processes for determining system vulnerabilities and applying countermeasures to reduce these threats are produced by the National Institute of Standards and Technology (NIST).

The NIST Web site provides guidance and access to publications and computer security information resources on the following IT security concerns:

  • Audit and accountability
  • Certification and accreditation
  • Continuity planning
  • Incident response
  • General IT security
  • Authentication
  • Awareness and training
  • Communications

 

Plans, Policies, and Procedures

Be sure to have plans, policies, and procedures set for the following:

  • General order guidance
  • Personal conduct
  • General duties
  • Post order guidance

 

Plans, Policies and Procedures

General Order Guidance

General duties involve duties establish general operating standard and procedures of performance for all guard force personnel. Key components to general orders are personal conduct and general duties. General orders are those orders that are identical for all guard force personnel no matter where their duties are required.

 

Plans, Policies and Procedures

Personal Conduct

Personal conduct includes a summary of requirements that must be followed in the performance of guard force personnel’s duties. These requirements often relate to core performance needs to carry out guard force operations, particularly in an environment where the threat of terrorism exists.

 

Plans, Policies and Procedures

General Duties

General duties involve core protection of the facility and assets where an officer may be stationed. They include:

  • Performance of duties requirements
  • Knowledge of general procedures
  • Knowledge of their assignment and post orders
  • Knowledge of the physical layout of the facility and key assets
  • A complete knowledge of all rules or regulations that they are required to enforce (use of force, levels of force, lethal force, legal limitations, etc.)

 

Plans, Policies, and Procedures

Post Order Guidance

Post orders are the most important written instructions for the guard forces. Post orders do the following:

  • Express the policies of the protected facility and asset
  • Summarize required security officers duties
  • Avoid the problems of word of mouth instructions
  • Provide basis for site-specific training. Clear and understandable post orders are important in serious incidents that may call into question the integrity, competence, or capacity of the guard force

 

Knowledge Review

Which of the following is described as the most important written instructions for the guard forces?

  1. General order guidance
  2. Personal conduct
  3. General duties
  4. Post order guidance

Correct response: D

Correct response feedback: Great job! Post order guidance is the most important written instructions for the guard forces.

 

Conclusion

Remember, all the different components of the system must support each other’s functions. For example, the best barriers are those tied to a detection system, like a strain-sensitive cable alarm sensor on a chain-link fence with a steel cable woven into the fence and delay function that’s overseen by an assessment method, such as a CCTV system.

In addition:

  • Integrated protective systems are enhanced by integrating electronic technology throughout the layers of defense
  • Each layer of defense must be able to deter, detect, assess, delay, and respond
  • Integrated protective systems components and capabilities interact with other systems (building automation, CBRN detectors, access controls, barrier delays, etc.)
  • Aggressor sequence diagramming aids in establishing layers of defense and selecting proper equipment

 

Knowledge Review

The following series of knowledge review questions are aimed at understanding the process for identifying vulnerabilities in site and layout design.

Which of the following factors should be considered in evaluating a perimeter security system?

  1. The age, quantity and type of CCTV cameras monitoring the perimeter
  2. The existence of call buttons or intercoms
  3. Whether or not exterior Intrusion Detection Systems are in place
  4. All of the above

Correct response: D

Correct response feedback: Yes! All of the items listed are correct. In addition to these, the monitoring schedule of the CCTV cameras should be considered, as well as the manufacturer of the cameras.

 

Knowledge Review

Security access control systems, locking hardware, and intrusion detection systems are all part of which security system:

  1. Perimeter systems
  2. Interior systems

Correct response: B

Correct response feedback: That’s right! Additional interior system technologies include manual and electromagnetic ciphers, keypads, pushbuttons, panic bars and door strikes. Security control rooms are also part of the interior security system.

 

Knowledge Review

Based on your understanding of the topics covered in this lesson, if basic chemical sensors were installed outside the air intake for the HVAC system, would you reduce the risk rating for a CBR attack to impact this building attribute?

  1. Yes
  2. No

Correct response: A

Correct response feedback: Great job! The correct response is yes. The installation of chemical sensors would reduce the vulnerability of this building attribute.

 

Summary

Now that you have completed this lesson, you should be able to:

  1. Identify the basic concepts of integrated protective system components, their capabilities, and their interaction with other systems
  2. Determine the integrated protective system concepts and practices that warrant special attention to enhance public safety
  3. Using the assessment process, identify integrated protective system requirements that can mitigate vulnerabilities

 

Course: IS-156 – Building Design for Homeland Security
Lesson: 11 – Course Summary

OverviewIn this section you will review the main points from each lesson in this course.

 

Course OverviewIn Lesson 1 – Course Overview, you learned:

  • FEMA 426 and 452 are intended for building sciences professionals
  • Man-made hazards risk assessments use a “Design Basis Threat” and “Levels of Protection” for man-made disaster loading upon buildings versus building codes which prescribe loadings for natural disasters
  • Impact of resiliency upon vulnerability rating per NIPP
  • Site and building systems and infrastructure protection are provided by layers of defense
  • There are multiple mitigation options and techniques to deter, detect, deny, and devalue
  • Use cost-effective multi-hazard analysis and design

In addition, you learned:

The objective of this course is to provide a comprehensive approach to reducing the physical damage to structural and non-structural components of buildings and related infrastructure.

Most importantly, the course provides participants with a solid foundation on the key concepts needed for designing mitigation measures:

  • Design Basis Threat (DBT)
  • Levels of Protection
  • Layers of Defense

 

Threat and Hazard Assessment

In Lesson 2 – Threat and Hazard Assessment, you learned how to:

  • Identify the threats and hazards that may impact a building or site
  • Identify threats and hazards using the FEMA 426 methodology
  • Identify a numerical rating for the threat or hazard and justify the basis for the rating
  • Review a threat rating scale and determine the threat rating score for the given threats
  • Define the Design Basis Threat, Levels of Protection, and Layers of Defense
  • Use Federal, State, or local law enforcement to help determine threat ratings
  • Complete the Critical Functions and Critical Infrastructure Matrices
  • Establish the Design Basis Threat
  • Select the Level of Protection
  • Use Layers of Defense strategy to mitigate attack and develop mitigation options

 

Consequence Assessment

In Lesson 3 – Consequence Assessment, you learned how to:

  1. Identify the consequences resulting from a threat or hazard event
  2. Explain the components used to determine the rating of a consequence
  3. Determine the critical and cascading consequences of an event
  4. Provide a numerical rating for the consequence and justify the basis for the rating
  5. Determine how to differentiate building, system, NIPP sector, regional, and national consequences

 

Vulnerability Assessment

In Lesson 4 – Vulnerability Assessment, you learned how to:

  1. Explain what constitutes a vulnerability
  2. Identify vulnerabilities using the Building Vulnerability Assessment Checklist
  3. Understand that an identified vulnerability may indicate that an asset is vulnerable to more than one threat or hazard and that mitigation measures may reduce vulnerability to one or more threats or hazards
  4. Provide a numerical rating for the vulnerability and justify the basis for the rating

 

Risk Assessment and Risk Management

In Lesson 5 – Risk Assessment and Risk Management, you learned how to:

  1. State what constitutes risk
  2. Provide a numerical rating for risk and justify the basis for the rating
  3. Evaluate risk using the Risk (Threat-Vulnerability) Matrix to capture assessment information
  4. Identify top risks for asset-threat/hazard pairs of interest that should receive measures to mitigate vulnerabilities and reduce risk

 

Explosive Blast

In Lesson 6 – Explosive Blast, you learned how to:

  1. Describe the basic physics involved during an explosive blast event, whether by terrorism or technological accident
  2. Describe the possible building damage and personnel injuries resulting from the blast effects upon a building
  3. Perform an initial prediction of blast loading and effects based upon incident pressure
  4. Predict loading, damage, and injury using range-to-effect chart and incident pressure chart

 

Chemical, Biological, and Radiological (CBR) Measures

In Lesson 7 – Chemical, Biological, and Radiological (CBR) Measures, you learned how to:

  1. Sate the impact of CBR threats on the COOP site
  2. Identify the general forms of CBR threats
  3. Identify the methods of CBR detection
  4. Identify four possible protective actions
  5. Describe the techniques of decontamination

 

Site and Layout Design Guidance

In Lesson 8 – Site and Layout Design Guidance, you learned how to:

  1. Identify site planning concerns that can create, reduce, or eliminate vulnerabilities and understand the concept of “Layers of Defense”
  2. State protective issues for suburban site planning
  3. Determine the pros and cons of barrier mitigation measures that increase stand-off or promote the need for hardening of buildings at risks
  4. State the benefits that can be derived from appropriate security design
  5. State the benefits of adopting a creative process to face current design challenges
  6. State the benefits of including aesthetic elements compatible with security and architecture characteristics of building and surrounding environment
  7. Identify mitigation measures needed to reduce vulnerabilities

 

Building Design Guidance

In Lesson 9 – Building Design Guidance, you learned how to:

  1. Identify architectural considerations to mitigate impacts from blast effects and transmission of chemical, biological, and radiological agents from exterior and interior incidents
  2. Identify key elements of building structural and non-structural systems for mitigation of blast effects
  3. Determine the benefit of building envelope, mechanical system, electrical system, fire protection system, and communication system mitigation measures, including synergies and conflicts
  4. Apply these concepts to an existing building or building conceptual design and identify mitigation measures needed to reduce vulnerabilities

 

Integrated Protective System

In Lesson 10 – Integrated Protective System, you learned how to:

  1. Identify the basic concepts of integrated protective system components, their capabilities, and their interaction with other systems
  2. Determine the integrated protective system concepts and practices that warrant special attention to enhance public safety
  3. Using the assessment process, identify integrated protective systems requirements that can mitigate vulnerabilities