Security: Standards, Old and New, Can Provide Guidance in Addressing Risks
By Jeffrey Cosiol - December 2005 - Security
Good building security design is based on good assessment of building risks. Once the risk assessment identifies specific threats, the appropriate design standards can be used. The question is, how far should security design be taken when trying to respond to all identified risks? That point is particularly pertinent when it comes to the risk of terrorist attacks, but it also applies to the danger of crime.
There are no universal security codes or standards that apply to both public and private-sector buildings. Instead, when it comes to physical and electronic security, there is an amalgamation of old and new standards that challenge building owners and the professionals responsible for design of new buildings and renovations.
Standards promulgated by the Department of Defense (DOD), the General Services Administration (GSA), the Federal Emergency Management Agency (FEMA) and professional organizations provide the guidance for the design of most buildings. The National Fire Protection Association’s new document, NFPA 730, Guide for Premises Security, is loosely based on the federal standards described here. Many physical security standards were developed using DOD and State Department experience with terrorism attacks over many years. These antiterrorism standards are based on classified parameters and test results from destructive research on building envelope systems, mainly glazing, skin and structural systems. Security standards also take into account everyday life and property protection policies.
Many building owners are using these standards in whole or in part to protect human and physical assets. Some landlords have tried to implement aspects of these standards as a marketing tool to differentiate their buildings from other buildings with fewer protective measures. There is also the specter of litigation: Building occupants expect to be protected against terrorism and violence in the workplace.
Protecting a building against terrorism and crime requires a security risk assessment that examines threats, vulnerabilities and consequences.
The risk assessment covers the full range of possible criminal and terrorist actions based on the location, surroundings, use and contents of the building. The results for a suburban office building will be different than those for a federal building that houses a law enforcement agency or a building that has an animal research facility. The risk assessment analyzes the likelihood of an event and its chances of success. For example, if a building’s location and design make it a more difficult target than nearby facilities, it is less likely to be attacked unless its use or contents make it a high-value target. Because terrorist attacks are quite random, the probability of an incident cannot be quantified.
Protecting people is the highest security priority. Protecting fixed assets and facility operations are next. The most critical threats include:
- Unauthorized entry from outside
- Threats from building occupants
- Explosive threats (bombs) from stationary and moving vehicles, packages and mail
- Projectile threats (bullets)
- Chemical-biological-radiological (CBR) weapons
- Threats to IT.
The vulnerability assessment examines the potential results from an event, which can include loss of life, loss of the use of physical assets and financial losses. The vulnerabilities can be identified as:
- Catastrophic — building is damaged beyond repair.
- Severe — building is partially damaged, portions damaged beyond repair.
- Significant — building is temporarily closed, but a majority of the facility remains operational.
- Not significant — no major assets are lost.
The vulnerability assessment must identify the importance of the facility and its likelihood of being a target. Generally, federal facilities are classified as follows:
- Level 1 — Less than 2,500 square feet with less than 10 occupants.
- Level 2 — Between 2,500 and 80,000 square feet with 11 to 150 occupants with routine activities.
- Level 3 — Between 80,000 and 150,000 square feet with 151 to 450 occupants.
- Level 4 — More than 150,000 square feet with more than 450 occupants.
- Level 5 — Facilities critical to national security.
These federal building classifications also can be used as guidelines for evaluating private security vulnerabilities. The classifications and associated security requirements can be edited and adapted to suit private building needs.
A vulnerability assessment covers all known threats, including projectile, explosive and CBR events, even though they may be considered unlikely. Each of these events requires a different response, such as improvements to structural systems, walls, roofs, glazing and mechanical-electrical-plumbing systems. The assessment must identify the potential impact of events in each type of facility and what systems need to be upgraded to handle each identified event.
The response to the vulnerability assessment may be a list of countermeasures to be taken or considered. There are many possible measures, including safety glass windows, structural reinforcements, segregated mail facilities, relocated parking facilities and elevated HVAC air intakes.
High risks must be addressed as soon as possible in existing facilities and always in the design of new facilities. Responses to moderate risks can be incorporated in future renovations to existing buildings or may be included in the design of new facilities. Measures to deal with low risks may be included in existing or new facilities but are not required.
Guidelines and Standards
DOD, GSA, FEMA and NFPA standards provide the basis for planning and designing security. The federal standards can be used as guides for the design of private building security measures. Security standards for most events, with the exception of explosive, projectile and CBR events, are well-developed and well-understood and are built on basic principles of preventing crime or other antisocial behavior or on established corporate security standards.
The designs of most private buildings, apart from high-visibility or high-value buildings, do not directly address the risk of terrorist bombings. Nevertheless, building owners need to have a basic knowledge of these standards, as current world affairs may change the landscape of what constitutes a likely terrorism event.
The current, unclassified Unified Facilities Criteria (UFC) 4-010-01 DOD Minimum Antiterrorism Standards for Buildings describes levels of protection for different types of buildings, billeting, primary gathering buildings and inhabited buildings without or within a controlled perimeter. These standards apply to old and new buildings and to government facilities, whether owned or leased. The explosive load that a DOD building must withstand is based on classified standards. Federal building designers are provided with the blast loads buildings must be designed to withstand. Most DOD and federal buildings have well-established standards for access control and CCTV systems to protect against outside and inside threats.
GSA facility standards for the Public Buildings Service provide standards similar to the DOD UFC, but they also provide additional architectural, structural and mechanical-electrical-plumbing considerations for achieving the desired protection against defined threats. The newly released GSA Primer for Design of Commercial Buildings to Mitigate Terrorism Attacks is another derivative of the UFC DOD Minimum Antiterrorism Standards for Buildings.
The practical effect of all these standards is that the risk assessment of many DOD and federal buildings requires protecting buildings with a standoff distance of 45 meters (148 ft.) for billeting buildings and a standoff distance of 25 meters (82 ft.) for primary gathering buildings to protect against specific explosive threats. Other protective measures include reinforcing building structural systems against progressive collapse and placing building systems and utility services judiciously. The graphic on page 17 shows a typical site layout with the required setbacks for facilities without a controlled perimeter.
In addition to standoff distances and unobstructed space, the design of new buildings must include measures to prevent progressive collapse if the building is three stories or more, as well as improved glazing to minimize hazards from glass fragments, segregated entrance areas for effective access control, and placement of critical-use spaces within interior building areas. Mechanical and electrical design standards address fresh air intake locations, emergency air distribution shutoff systems, utility routing and redundant utilities.
Whether it is practical to use these standards must be determined when it comes to existing buildings. Buildings in urban settings cannot be relocated to meet the design standoff guidelines. In most cases, existing high-rise buildings cannot be reinforced in a cost-effective manner to avoid progressive collapse. On the other hand, existing air intakes can be relocated or emergency air handler shutoff systems can be installed. And glazing systems can be reinforced and safety film installed to protect occupants against flying glass and debris. In some cases, however, these measures are unachievable because of technical reasons, even when an ample budget is available.
The impact on security standards of the recent NFPA 730 Guide for Premises Security is yet to be determined. This standard could eventually have the same effect on building design as other NFPA life safety codes, with an impact on insurance rates, building designers and owner liability.
High-value buildings or buildings with critical missions — such as command and control centers, special laboratories, R&D facilities, and State Department buildings — need to meet additional standards and criteria developed by the facility stakeholders when the protection of the facility is as important as the safety of the occupants regardless of the costs. The reality of building security standards, however, is that budget usually sets the ultimate standard.
Most building owners agree that security issues must be addressed in concert with other building life safety standards and design and operational objectives and must be integrated into the overall building design. Threats need to be defined, risks need to be determined, and countermeasures need to be developed and implemented.
Jeffrey Cosiol is managing principal for engineering consulting services for Kling, a full-service, international firm providing architecture, engineering, interiors and planning services.
StanAlarm wrote re: Security: Standards, Old and New, Can Provide Guidance in Addressing Risks
on 1/28/2011 1:24:50 AM
Gee you would want to be competent in this field. I would personally have a specialist whose primary role is to conduct surveys and or audits. Even your most experienced engineer, may miss symptoms if it is not his or her key role in the organization. Great post and thoughtfully prepared.