By Steve R. Knipper
At one time, facility security was little more than a passing thought, considered only after the facility had been constructed and was in normal operation, and only, perhaps, if some incident occurred that impacted the facility. As a facility owner, you could get by with simply placing locks on doors.
Today, however, security has exploded into a high-tech, 24/7/365 necessity. Threats to your organization's personnel or products can come from exterior sources or from inside your operation. The products that you produce or information that you possess may attract criminal or terrorist attention.
In fact, many companies now closely watch and make specific security procedure shifts as changes are made to Homeland Security's color-coded threat-level advisory system. For example, if the threat level rises from yellow ("elevated") to orange ("high"), only people with card access are admitted through the front door. Other visitors are checked and cleared for entrance outside the lobby. Additionally, some companies with multiple entrances will close down all but one entrance when the threat level is increased.
Some facilities have incorporated single-entry/exit locations, using turnstiles to control traffic flow and monitoring the flow from behind bullet-proof glass. Simple counters in lobbies are now reinforced or made bullet-proof to prevent violators from "shooting their way" into the facility.
Because of its increased importance, security must be built in from the beginning of construction to be flexible and responsive to new threats as quickly as they develop - it's much more cost-effective to bring security in from the beginning than to retrofit after the fact. At the project outset, security planning during site selection and facility placement processes for a greenfield construction should be conducted. During the project, a security program should be developed and implemented, forming a specific basis for the site, facility, and operations layout. This program enables architects and engineers to design proper accommodations for current security measures, as well as provide practical alternatives if security needs change.
Assessing the Risk
Designing facility security begins with the development of a security assessment. This assessment addresses multiple issues through the use of informational analyses.
Asset analysis identifies and prioritizes the assets to be protected, including people, operations, information, trade secrets, and property. This analysis should prioritize the assets in order of importance by organizational survival should an asset be destroyed or stolen.
Threat analysis assesses the types of threats that can occur against the organization. These threats can cause harm or death to employees, destruction to property, disclosure of sensitive material, interruption of operations, or denial of services. Types of threats can include forced entry, bomb, or ballistic (gun/rifle, mortar, vehicular, or flying craft). This analysis also identifies the potential individuals or groups who represent a threat and the level of motivation they might have, as well as factors such as:
- Have past threats or actions been carried out against the organization?
- What types of political events may bring on new threats?
- Does the location of the facility increase the level of threat by exposure?
- Does the facility or organization have symbolic value?
Vulnerability analysis identifies weaknesses that can be exploited or taken advantage of to carry out a threat. This analysis - which includes site topography and facility location on-site, as well as facility security operations and facility hardening - is conducted on either existing-site/-facility conditions or proposed projects in development.
Risk analysis examines the security measures that will be taken against identified threats, along with the extent of costs of each measure (monetary and operational). Ultimately, a plan is developed that identifies which level of security will be provided against each threat.
Because of its nature, the development of a security assessment frequently involves the use of specialty consultants to assist in the analyses by offering special, detail-oriented, current knowledge of security tactics. The outcome of the security assessment is the development of functional criteria outlining security requirements and strategies. This criterion provides the project team with the data needed to develop programmatic security requirements.
From Theory to Application
Once functional criteria have been identified, design concepts can be applied. Security is based on several premises: detection, deterrence, and response. Using these premises, several design concepts have been developed.
Crime Prevention Through Environmental Design (CPTED) reduces stranger-to-stranger crime through proper facility and site. To create a safer built environment, this theory uses both behavioral psychology and facility design strategies such as:
- Natural strategies. These incorporate natural conditions of the site along with facility placement and design to provide visual surveillance and territorial reinforcement of ownership. Natural strategies use the principles of line-of-sight visual control for facility occupants and security personnel while incorporating features such as shrubs, gates, and fences to instill a feeling of ownership, sending the message that trespassers will be identified.
- Mechanical strategies. There are a multitude of electronic technologies that can provide facility security. Video cameras, closed-circuit television, electronic locks using key-card or proximity devices, scanning devices, and interior and exterior sensor devices are just a few of the items from which to choose. However, these methods are not as secure as they may seem and are recommended for use in conjunction with other strategies.
- Organizational strategies. These strategies rely on the occupants of the facility to provide surveillance and access control. For these to be effective, occupants need to understand the overall security concept, including what is expected from them if an event occurs.
Layering (or defense-in-depth) creates various layers of security, also known as zones. Zones begin at the perimeter of the site, where methods to control pedestrian and vehicular traffic form the initial defense. Providing facility-hardening techniques at the perimeter forms the next defense. Layering then continues from the facility envelope to the interior areas. Once inside, the facility's interior walls can create zones of protection throughout until reaching the highest secured area within the center of the facility.
3-D reduces the fortress-like look often associated with highly secure facilities, using a site's natural security defenses to provide some (or all) of the facility-hardening design criteria. This approach considers three aspects of space to gather functional security-design information.
- Designation: Questioning the proposed use(s) of the facility. For example, who will use it and when will it be used?
- Definition: Questioning how the space is to be defined. For example, is the space being used for social or cultural uses?
- Design: Questioning whether the design supports concerns that were raised in the areas of "designation" and "definition."
Facility hardening is the process of designing facilities to withstand ballistic, forced-entry, and blast attacks. Starting with site design, facilities can be positioned to reduce the impact of an attack. Setting the facility back from the street or angling the facility can reduce blast impact. If the facility must be at the face of a street, using laminated glazing will reduce the fragmentation from glass. Facility façades can be strengthened using additional reinforcement or steel members. These methods are employed in multi-story facilities to prevent progressive collapse. Perimeter protection using operable vehicular bollards, fixed bollards, fences, and concrete planters can also be used. Structures must be designed to resist the overturning possibility from a shockwave or object.
The Next Wave of Security
In today's world, the threat of chemical, biological, and radiological (CBR) terrorism is becoming more and more real. CBR threats pose higher levels of concern when designing facility-protection systems. Chemical agents include both chemical warfare agents (sarin, mustard gas, VX, and phosgene) and toxic industrial chemicals (ammonia, chlorine, and ethylene oxide). Biological agents include bacteria (anthrax and plague), viruses (smallpox and Marburg), and toxins (racin and saxitoxin). Radiological agents are categorized by the type of energy emitted (alpha, beta, and gamma radiation and neutrons).
Designing for CBR protection involves both facility-design features and occupant-procedural training. Facility design involves keeping contaminants from entering the facility through mechanical systems. Intake air-duct placements must be considered so that contaminants cannot be deposited into the ducts or so that lighter-than-air contaminant delivery could be used. Package-delivery contamination must be considered as well. If contamination occurs in a facility, then containment to a particular area (or removal to minimize the spread of the contamination) should be considered. Ultimately, removal of building occupants may be needed for improved CBR protection.
Adapting for a Secure Future
It would be unwise to think that terrorism, organized crime, or individual criminal behavior will decline in the near future. In fact, these organizations and individuals are keeping pace, adapting, and learning, forcing continual advancements in facility-security methods. Repeatedly, history shows that when protection is increased or improved, new ways will be found - often rather quickly - to breech the best and newest defenses. It is the job of architectural/engineering and buildings professionals to produce facilities that meet users' needs, as well as to work with other professionals in fields related to security to adjust and learn new methods that provide the best defense against harm.
Steve R. Knipper is senior project architect at Cincinnati-based architecture, engineering, and interiors firm Hixson (www.hixson- inc.com).