Experts talk about key security issues in planning, technology and terrorism

Security gets a lot of ink in newspapers and magazines, but it can be hard for facility executives to get behind the headlines. This report takes a close look at four questions that illustrate the diversity of security challenges — within the organization, nationally and internationally.

– By Lynn Proctor Windle, contributing editor

Pitfalls lurk in access control planning
Not all electronic access control systems are created equal, yet facility executives who don’t explore their options often fall prey to this myth, say experts in building security. Facility executives frequently fail to examine the big picture of their security requirements.

They assume that the access control system that has proven successful in one facility will be equally successful in another. This is particularly troublesome when the buildings are of different sizes and house different types of tenants.

“A lot of customers and even system designers have the mentality that they can put together a boilerplate system that can be used in a health care facility or a bank,” says Max Stevens, director, Special Systems Design Group. “That is not the case.”

Another common mistake in access control system selection is to rely on a security vendor who is not looking at the best system for the client, but merely selling the products they represent, says Mark Hankewycz, senior security manager for Gage Babcock and Associates’ Washington D.C. office. If a facility executive announces a project budget, there will be vendors who will design an access control system to fit that plan. The danger is that the system most likely won’t be tailored to the building’s specific needs. The resulting system could be excessive for the facility or it might not offer enough protection.

Accepting the lowest bid isn’t a wise idea either, he says. The lowest bid could translate to inferior products or an insufficient system.

Another mistake is installing a system that can’t accommodate growth. “The trap that people fall into is not procuring a system that is modular in features and scalable in terms of expansion,” says Terrence Gillick, vice president of technology systems for Syska Hennessy. “People find themselves locked into a system because the system can’t grow.”

Another more critical trap is assuming the building is secure once the system is installed.

“If a facility executive doesn’t take into consideration the human aspects as well as electronic elements, and then take a holistic look at the entire system, they’re likely to have a false sense of security,” Gillick says.

Doing the Homework
To avoid these costly mistakes, facility executives must do their homework, and that homework begins with a security audit. Depending upon the size and use of the building, the audit can be a basic assessment of how many doors the building has and how they are installed, to a thorough analysis that evaluates everything from external threats to perimeter and location.

“If facility executives fail to perform a proper audit, the system can be over-designed with too much equipment, under-designed with not enough equipment or just too expensive,” Stevens says. “Facility executives should analyze the building, point by point.”

A $30,000 audit might show that a planned $300,000 installation might be better served with a $100,000 system.

“If you don’t do a proper audit, you could end up with problems,” Stevens says. “You could end up with a system that won’t meet your needs and won’t do what you need it to do.”

“Another component of the security audit is to ensure that the system is not easily bypassed,” says Donald Skorka, senior vice president of Custom Design Communications Inc. Are all the doors properly watched? Is the loading dock properly secured? Do air ducts need some sort of security system?

“Many times facility executives aren’t even aware of all the threats,” Skorka says. “Part of the risk assessment includes training and making facility executives aware of what threats are.”

Skorka recommends that facility executives seek the help of law enforcement experts to help them identify soft targets and other risks.

A security audit also might compare the cost of security to the costs of business disruption. In other words, if a building is evacuated because a utility entrance is breached, how much did that disruption cost as compared to the cost of securing the entrance in the first place?

Once access control requirements are identified, facility executives must educate themselves on the products available so they can ask detailed questions.

• Is the access control system expandable? Is it built on open architecture or a propriety platform? Are products available from multiple vendors?

• How much will the system cost?

• Will the system accommodate different levels of access, such as staff access and visitor access? Will the system have any additional functionality, such as smart card applications? Is there a need to integrate other security subsystems, such as surveillance and intrusion detection systems, and how will that be done? Is the system capable of producing reports, such as audits of specific events?

• What kinds of locking mechanisms are proposed? How will these locks function if there is a power failure? How will the access system function in the event of an emergency? Will the access control system have a dedicated generator?

• Who will administer and maintain the system? Will those functions be outsourced?

An important area that’s easily overlooked is building codes. The facility executive should find out what codes the access system must follow and who has jurisdiction over those codes. The same goes for the question of how the system addresses Americans with Disabilities Act issues.

“Facility executives are extremely cost conscious,” Skorka says. “They know they have to provide a sense of security, so they install a card access system, but often they don’t pay attention to the codes because it invites additional cost. If they violate those codes, they’ll have to fix the problem. It’s better to have it done right the first time and reduce all risks later on.”

Electronic access control selection should include input from all departments that will have some involvement in the operation of the system. This could include human resources, network managers and, of course, security. Because the access control system should be compatible with the organization’s culture, aesthetics could become relevant.

Bells and Whistles
Technology is one area where facility executives often need a crash course. In the not-so-distant past, technology questions were less critical. There were few dramatic changes in security devices, perhaps explaining why facility executives still tend to adopt systems they are familiar with. Security system manufacturers focused less attention on research and development, Skorka says.

That has changed, and the rising threat of random terrorism has speeded the process. Facility executives are cognizant of new risks, and manufacturers are responding with accelerated product development programs. This acceleration is fostered by the advent of various Internet-based technologies and their logical application to access control systems.

At the network architectural level, system integrators are converging multiple low-voltage systems — such as security, communications and information technology — onto a single backbone, Gillick says. Installation is easier and more cost-effective, and the finished product is easier to manage and maintain. Technologies also can link the access system to additional security tools, such as Web-based closed-circuit television

Such tight integration on a common backbone enables links to be made at higher levels. For example, access control software can be integrated with human resources software, establishing a single point for creating and disabling employee accounts. In university settings, additional technology layers such as smart cards or common access cards can extend system functionality to include the ability to charge cafeteria or store purchases.

In settings that require a higher level of security, biometric access control systems clearly are on the leading edge. Biometric systems include facial and voice recognition technologies and retinal, iris, fingerprint and hand scanners.

Additional security can be provided by multilevel means of authentication. That might mean a card access system combined with a keypad system so that an employee would have to present a card and then enter a PIN. A more high-tech version of that approach might see biometrics used in conjunction with smart cards. An occupant would present a smart card embedded with personal biometric information, then have a hand or eye scanned. If the two don’t match, the person wouldn’t be allowed to enter the facility, Stevens says.

Multilevel authentication can be configured so that access is more tightly controlled during specific times, Stevens says. For example, during the day, the system might require only one level of authentication, such as a hand print. Workers wouldn’t have to carry their access cards with them. But after hours and on weekends cards would be required as well.

The widespread implementation of biometrics has been held back by two main concerns: cost and privacy. Early biometric systems were too expensive for all but the most secure locations, such as high-level research labs or top secret Department of Defense facilities. The dot com boom changed that, Gillick says. During the 1990s, these systems were deployed on a regular basis, driving costs down and reliability up.

Privacy is a major concern with employees, Stevens says. In older systems, biometric information is housed on a database, which itself might not be secure; employees also are concerned about the information not being purged once they leave the organization. With the biometric information written on a smart card, the employee is in control of the information. Retinal scanners were once considered too invasive because they required immediate contact with the person. Newer systems can scan an eye from up to three feet away.

Still, people feel secure with tried-and-true systems. As a result, facility executives are trying to find ways to adapt older technologies to new scenarios.

“As long as it’s done right, it can be OK,” Skorka says. “But most of the time, it’s a bad thing because the new technology is faster, lighter, cheaper, easier to install and more feature-rich.”

A significant disadvantage of older technology is that it is at a higher risk of exploitation. “There are organizations that buy technologies and play with them, looking for ways to defeat them,” Skorka says.

A new system doesn’t necessarily mean brand-new technology. When examining access control options, facility executives must ask, where does the technology stand in terms of its life cycle? Where has this system been installed previously and what is the nature of those sites? Have all the bugs been worked out? Are the installers trained and certified so problems can be resolved quickly?

Those issues make selecting an access control system a delicate balancing act.

“Some facility executives only want to use well-established systems,” Hankewycz says. “They don’t want to use newer technology. On the other hand, there are some facility executives looking at future technologies to better manage facilities with improved access control and systems with more capabilities.”

Regardless of functionality, an electronic access control system is not a set-it-and-forget-it proposition. It always will require some level of administration, maintenance and monitoring.

No matter how advanced the electronic access control system is, the human element remains a vital component of an overall security system. Opinions vary on how much state-of-the-art access systems reduce the numbers of security guards, but all agree that these systems allow guards to work more effectively.

The Human Element
For example, with an effective electronic access control system in place, one guard can monitor multiple points from a single location, leaving others free for other activities. Web-based technology even allows guards to monitor multiple facilities in multiple locations across multiple time zones.

“What electronic systems do is make guards work more intelligently and more efficiently,” Stevens says. “Because they complement each other, building management can concentrate guards where they are needed most for those things that do require human power.”

One theory suggests that a properly designed access system is more reliable and cost-efficient than human guards, thus reducing the number of people required. Electronic access systems never take time off, and they are more accountable for their actions. For example, guards may wave people they know through, leaving no record of who is in the facility.

“There is no longer a need to have a guard at each entrance to check ID,” Stevens says. “If the person is authorized to go in, the guard doesn’t need to do anything.”

However, Hankewycz points out that many corporations can’t control all access points with card systems because of factors such as visitors and deliveries. In those cases, access must be controlled by guards.

What’s more, visible guards offer a greater sense of security, Skorka says. Even with an electronic access control system in place, a human presence can be an added protection to be sure the person coming in has credentials that belong to them. What’s more, guards can prevent people from working around an access control control system by propping doors open and letting others through.

Also, guards would be the first responders in the event of any security breach.

“An electronic control system can be a substitute for some guards, but not all,” says Skorka.

Lynn Proctor Windle, a contributing editor to Building Operating Management, is a freelance writer who has written extensively about real estate.

The recent tragic kidnapping of a young girl in Florida vividly shows the importance of a good closed-circuit television system. The images captured on a carwash surveillance system led to the identification of her abductor.

Closed-circuit television, or CCTV, has become a basic part of any facility security system. A CCTV system can be used for a variety of functions. It is a cost-effective way to monitor controlled

areas, allowing large areas to be viewed using the fewest number of people. Office buildings, manufacturers, governments, hospitals and universities use CCTV to identify visitors and employees, monitor hazardous work areas, thwart theft and ensure the security of their premises and parking facilities.

Today, cameras can be viewed over Internet connections, making it possible to view monitored areas from anywhere. This helps CCTV systems to expand beyond security and into a management role. For example, retailers have long used CCTV to monitor for shoplifters and dishonest employees and compile recorded evidence against accident claims. Now stores are relying on digital cameras to monitor foot traffic past sale items and even keep tabs on checkout lines from hundreds of miles away.

A major advantage of a closed-circuit system is the ability to record and provide permanent records of activity. While there are a few legal issues, in general organizations can record video any place where there is no expectation of privacy. Many facilities view and record at a minimum every entrance and exit to the facility. This permanent record of activity provides a resource to protect the facility in the event of an incident. Recording makes it possible to view events at the time they occurred or that may require close scrutiny later.

Selecting Recorders
There are several options for CCTV recorders. The average consumer video-cassette recorder is built to run only 10 hours a week and is generally inadequate for a security application. By contrast, a time-lapse recorder, depending on model, can run and record up to 960 hours on a single VHS tape.

Time-lapse recording makes it possible to record video over long periods of time on a relatively small amount of video tape — from 12 to 960 hours of video on one T-120 tape. However, the number of pictures recorded per second decreases significantly as the recording time increases. As fewer pictures are recorded per second, critical images may not appear on tape, and movement may appear jerky.

In the real-time recording mode, the tape in a time-lapse recorder moves at the same speed as a home VCR and captures 30 frames per second. This produces high-quality recordings but requires the operator to change tapes every 2 to 6 hours.

As digital video technology takes on an expanding role in the world of security video, facility executives are discovering that the digital advantages over traditional analog systems can be much more than just the convenience of not having to feed tapes into the VCR. In a digital system, there can be days or even weeks of information stored on a hard drive within the unit itself. Because the video is stored in the system, it can be treated just as if it were any other kind of computerized communications.

Retrieving information that has been digitally collected is generally much simpler as well. Video clips can be burned onto a CD and kept indefinitely.

Camera Choices
Cameras provide an image in either color or black and white, with pros and cons to both.

Color produces a more natural, richer image than black and white and may keep the operator's interest for longer periods of time. Color also makes it easier to observe details of what the viewer sees. For example, with a color system, a viewer can easily distinguish a red car from a green one, while on a black and white system both cars would appear a similar shade of gray. In security applications, a color system can help security personnel identify people and their clothing more easily and convincingly.

It is important to understand that different types of lighting can skew color accuracy. That can be a crucial issue. For example, color accuracy is extremely important in casinos, where hundreds of dollars can ride on the ability to recognize the difference between maroon chips and red ones.

While the use of color cameras is growing, black-and-white cameras continue to offer an advantage. Color cameras generally require higher levels of lighting than black-and-white models, making the latter better suited for extreme low-light situations. However, the ability to capture good quality images in low-light situations increases the cost of both black-and-white and color cameras. Before purchasing cameras, consider the crossover points between lighting costs and camera costs. It's possible that low-light cameras will cost less than paying to increase the lighting level of a parking lot.

Providing an effective closed-circuit television surveillance system is not difficult. Careful camera selection followed by an appropriate recording system is a proven way to enhance security.

Jeff Dingle is manager, corporate security, for The Home Depot, and is a contributing editor to Building Operating Management.

A passenger jet escorted to the airport by U. S. fighter planes. International flights to this country canceled. Continued deadly attacks against U.S. troops in Iraq. Ricin-laced letters mailed to government leaders. Rightly or wrongly, news about an attack or threat against the United States anywhere in the world has the potential to raise the specter of al Qaeda.

For facility executives, it comes down to two questions: Is al Qaeda still a threat? And does it pose a risk to buildings in the United States?

In the two-and-a-half years since Sept. 11, the United States has struck back hard against the terrorist organization, driving the group from its bases in Afghanistan and killing or capturing many of its leaders. Knowledge of Osama bin Laden’s whereabouts — even whether he’s alive or dead — is murky at best.

But while it’s true that many of al Qaeda’s top operatives are now dead or captured, some are still at large, including alleged mastermind Abu Musab al-Zarqawi. What’s more, analysts say even if al Qaeda is crippled, it still possesses the ability to strike again.

“Quite strong” is the way that Tom Sanderson of the Center for Strategic and International Studies describes al Qaeda.

“They’re strong in two ways,” he says. “Their core leadership is strong, and they have incredible ideological strength.” The danger in ideological strength, says Sanderson, is the group’s continuing ability to recruit and train future generations of jihad fighters.

Despite any losses al Qaeda suffered at the hands of U.S.-led forces in Afghanistan, suicide terror continues almost daily in some part of the Middle East. A Feb. 8 New York Times story reported that the role of previously regional Islamic groups is expanding, particularly those with ambitions similar to al Qaeda.

Scott Atran, who authored “The Strategic Threat from Suicide Terror” for the Joint Center for Regulatory Studies of the American Enterprise Institute and Brookings Institute, says that there have been more suicide attacks in the last three years than during the previous quarter century. He also estimates that one third of the more than 300 attacks carried out in the last three years are, in some way, attributable to al Qaeda.

Pinning Down a Cloud
Al Qaeda likely has ties to the operatives who continue to use bombs in Pakistan, Afghanistan — particularly in the former Taliban-controlled areas around Khost — Iraq, Saudi Arabia, Indonesia and other countries.

How does the United States guard against future acts of terrorism? Charles Pena, director of defense policy studies at the Cato Institute, says that’s very difficult. “It’s important to remember that all the security measures and military action taken by Israel have not stopped terrorists in that country.”

In addition to the group’s tactics, the organizational nature of al Qaeda also makes the terrorists difficult to combat.

“While many top leaders of al Qaeda are now in custody, the organization is transforming into a highly decentralized network that’s even more difficult to fight than before,” Atran says.

Sept. 11 was a devastating example of suicide terrorism. Despite new security measures and despite the U.S. war on terrorism, analysts worry that al Qaeda or other groups could use suicide attacks on American soil again.

“One thing runs true with terrorist groups like al Qaeda: They use tried-and-true methods,” says Sanderson. For al Qaeda or other operatives, that translates to low-tech but often effective methods, including suicide bombing, rocket-propelled grenades and hijacking.

Hijacking airliners continues to be a threat. A recent publication on concealed weapons by the FBI includes information on a number of “cutting tools” that airport security personnel should screen for. The tools include folding knives that fit into custom belt buckles, pen knives disguised in brooches, pens and other household items. A number of the weapons in the publication also were “invisible” to airport X-ray machines. Plastic knives, carbon-fiber knives, ceramic knives and chipped obsidian knives — which, when made correctly, have a sharper edge than surgical steel — have very faint magnetometer signatures.

In the hands of a dedicated cell of terrorists, serrated plastic lettuce knives could be as effective as box cutters.

If al Qaeda remains a threat, what risk does it pose to buildings?

“Because terrorists understand the psychological impact of targeting them, large buildings will continue to be affected by terrorist threats,” Sanderson says.

Sanderson also underscored the effectiveness of simple explosives against the built environment.

“It goes back to the 1983 bombing of the Marine barracks,” he says. “That building was incredibly strong. It was built by the Israelis and had support pillars that were 5 feet in diameter. A truck loaded with explosives was enough to level it.”

By most estimates, the most likely targets continue to be structures of high economic or political interest. Such a list includes skyscrapers, power plants, government buildings and any structure that houses large numbers of people.
Facility executives can use several tactics to help minimize the risks of future terrorist attacks. If Sanderson is correct and terrorists use tried-and-true methods, then making buildings less vulnerable to standard terrorist attacks is imperative. If truck bombs are modus operandi, then “you’ve got to push out the building perimeters,” says Sanderson. “Install bollards and get excellent lobby security.”

Whatever shape al Qaeda takes today, it is far from being an anemic terrorist threat to America, according to most analysts.

“To think that al Qaeda is neither sophisticated nor smart would be a mistake,” says Pena.

Loren Snyder is a freelance writer and former managing editor of Building Operating Management.

Since the tragic events of Sept. 11, 2001, facility executives in the United States have been diligently working to come up with effective ways to better protect buildings against new threats of terrorism.

“We’ve lived in a country where there wasn’t a perceived terrorist threat,” says Mike Shea, a senior vice president with Ross & Baruzzinni, St. Louis. “There’s a lot to do and develop and we’re far behind where we need to be.”

To help catch up, some U.S. building professionals have begun to look overseas for help. “We’re learning lessons around the world from our neighbors who have had to deal with terrorism,” says Roger E. Frechette III, president, mid-Atlantic region, Vanderweil Engineers, Alexandria, Va.

One place to find that expertise is in Israel, a country that has experienced more than 40,000 recorded terrorist attacks since 1968. According to David Mead, vice president of security design services for A. Epstein and Sons International, Chicago, Israelis are considered to be world leaders in security.

With a greater focus on facility security in the United States, including such higher standards for buildings as the new Department of Defense requirement that laminated glass be installed in all its buildings, it may be worthwhile for U.S. facility executives to examine the strategies used in Israel.

Structurally Sound
Relatively standard for Israeli buildings are reinforced structural designs to protect against progressive collapse. One common technique is what’s known as alternative load transfer where the shock of an impact from a blast is distributed and absorbed throughout the building structure.

Consider Jerusalem’s new Foreign Ministry building. In the event of a blast, the facility’s flexible steel structure and heavy beams work to transfer horizontal forces around the building to prevent progressive collapse, says Randy Epstein, a partner with the Jerusalem architecture firm, Kolker Kolker Epstein. In addition, horizontal beams and stainless steel cables, which appear as attractive architectural elements in the building’s main lobby, have been designed to catch imploding glass.

According to Reuben Eytan, owner of Eytan Building Design, Tel Aviv, “Reinforced inner cores, elevator shafts and stairwells also work to keep buildings from collapsing.”

Other common security measures are blast-resistant windows and curtainwall. Eytan points out that there are several levels of protection provided by reinforced glass, the lowest level being windows with security film, which is often used in the United States, but not nearly as much in Israel.

“Our experience is that this (security film) doesn’t help too much,” he says. “The glass may not break into small pieces, but it will still break and blow in.”

Higher on the protection spectrum are using laminated glass, strengthening the frame and reinforcing the window’s connection to the wall to prevent it from blowing in.

More advanced levels of protection put energy-absorbing systems behind the window to catch imploding glass, as is the case with the Foreign Ministry building. This approach is commonly used in Israeli facilities, says Eytan, particularly for the ground and first floors of a facility.

Even higher levels of blast resistance are being developed, Eytan says. But at the present, the methods just mentioned are the most cost-effective ones available.

Security Guards
Another noted difference between security practices in the United States and Israel is the caliber of security guards employed to protect buildings and occupants.

“Most security jobs in Israel are staffed by highly educated, motivated young people, who are either university students or post-military young men and women,” says Moshe Safdie, AIA, owner, Moshe Safdie & Associates, with offices in Toronto, Boston and Jerusalem. “The salary level is relatively high for these positions, whereas in the U.S., most security jobs in airports and other checkpoints are held by low-wage personnel who come from a completely different segment of the work force.”

Liat Mordechai, formerly employed by a private firm as a security guard at an Israeli border checkpoint, concurs that the typical skill set of Israeli security guards is quite high. Having served in the military for at least three years, Israeli security guards are often in good shape, know self defense and have strong shooting skills. In addition, Mordechai points out, “we know how to recognize suspicious people and how to deal with explosives.”

Typically found guarding most banks, grocery stores, office buildings, malls and the more frequented restaurants, Israeli security guards are commonly accorded a higher level of respect than security guards in the United States. That’s particularly true for those employed by Israeli government buildings and airports, as their judgment is trusted and relied upon.

Barbara Horwitz-Bennett is a Jerusalem-based writer who covers the building and construction industry.