Security for Building Occupants and Assets  

the WBDG Secure/Safe Committee

Overview

The 2001 terrorist attacks at New York City's World Trade Center and the Pentagon, the 1995 bombing of Oklahoma City's Alfred P. Murrah Federal Office Building, the 2013 Washington Navy Yard shooting, and the 2016 Ohio State University vehicle ramming attack d, shook the nation, and made Americans aware of the need for better ways to protect occupants, assets, public gatherings, and buildings from human aggressors (e.g. disgruntled employees, criminals, vandals, lone active shooter, and terrorists). The 2001 terrorist attacks demonstrated the country's vulnerability to a wider range of threats and heightened public concern for the safety of workers and occupants in all Building Types and public gathering spaces. Many federal agencies responding to these concerns have adopted an overarching philosophy to provide appropriate and cost-effective protection for building occupants.

The basic components of the physical security measures to address an explosive threat considers the establishment of a protected perimeter, the prevention of progressive collapse, the design of a debris mitigating façade, the isolation of internal explosive threats that may evade detection through the screening stations or may enter the public spaces prior to screening and the protection of the emergency evacuation, rescue and recovery systems. Other than establishing a protected perimeter, these protective measures are generally achieved through principles of structural dynamics, nonlinear material response, ductile detailing, and space planning. Operational security and life safety measures should be considered together with the physical security measures to develop a comprehensive building security design.

the new Oklahoma City Federal Building

Security measures, such as setbacks, bollards, protective glazing, and structural hardening, are incorporated into the design of the new Oklahoma City Federal Building, located north of where the former Alfred P. Murrah Federal Building once stood.
Designed by Ross Barney + Jankowski Architects and Atkins Benham
Photo Credit: Ross Barney Architects

Effective implementation of the physical security measures will require the involvement of blast engineers and security consultants at the onset of the programming phase. Early and ongoing coordination between the blast engineer, the structural engineer, the security consultant and the entire design team is critical to providing an optimal design that is both open and inviting to the public and compliant with the security requirements.

Security Standards

In addition to the FEMA risk reduction publications that provide background information for performing risk assessments and guidance for protective design approaches, different branches of the federal government developed design criteria for the protection of federal facilities. The most prominent of these agency design criteria are the Interagency Security Committee (ISC) risk management process, the Department of Defense Unified facility Criteria, the Department of Veterans Affairs (VA) Physical Security Design Manuals, and the Department of State (DOS)Overseas Building Organization (OBO) Design Standards. Each of these government agencies considers the effects of terrorist explosive events on their facilities and the protection of their occupants. An overview of each of these agency design criteria is provided below.

Interagency Security Committee (ISC)

Membership in the ISC consists of over 185 senior level executives from 54 federal agencies and departments. In accordance with Executive Order 12977, modified by Executive Order 13286, the ISC's primary members represent 21 federal agencies and is chaired by the Department of Homeland Security (DHS). The ISC criteria underwent a major revision in April of 2010 and had minor amendments in August 2013 and again in January 2016.

The most recent revision of the ISC guidance compendium is a risk-based approach that is composed of:

  • Interagency Security Committee Policies, Standards, and Best Practices
  • The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard, November 2016 (Second Edition).

      Note: Three of the appendices to this document are For Official Use Only (FOUO) and will only be distributed outside the Government on a need-to-know basis.

    • The Risk Management Process for Federal Facilities, Appendix A: Design-Basis Threat Report (FOUO), 11th Edition by Interagency Security Committee. Washington DC: U.S. Department of Homeland Security, 2017.
    • The Risk Management Process for Federal Facilities, Appendix B: Countermeasures (FOUO), 3rd Edition by Interagency Security Committee. Washington, DC: U.S. Department of Homeland Security, 2016.
    • The Risk Management Process for Federal Facilities, Appendix C: Child-Care Centers Level of Protection Template (FOUO), 2nd Edition by Interagency Security Committee. Washington DC: U.S. Department of Homeland Security, 2016.

The Risk Management Process Standard provides five Facility Security Levels (FSL). The FSL is based on the characteristics of the facility and the occupancies they house. Five factors (mission criticality, symbolism, facility population, facility size, and threat to tenant agencies) are quantified to determine the FSL. The FSL is determined by the Facility Security Committee (FSC)in multi-tenant facilities, which consists of representatives of all Federal tenants in the facility, the security organization, and the owning or leasing department or agency. In single-tenant facilities the determination is made by a representative of the tenant agency. Once the FSL is established, the Design Basis Threat document provides the Design Basis Threat Scenario, Baseline Threat, Analytical Basis, Target Attractiveness and Outlook for 33 "undesirable events" that range from Aircraft as a Weapon to Workplace Violence. This all-hazards approach provides a comprehensive review of the potential acts of violence the facility faces and provides guidance to assess the risk. Risk Management Process Standard provides the overall basis for the threat and risk assessment. The Facility Security Committee is responsible for addressing the facility specific security issues and approving the implementation of security measures and practices. The implementation may be a combination of operational and physical security measures based on the FSL and the Level of Protection (LOP) that is deemed both appropriate and achievable. To facilitate the process, the document tabulates the requirements for all the individual security criteria categories relative to the desired LOP. The security criteria categories are further correlated to additional Appendix information and to the specific undesirable events that the protective measures are intended to address. This presentation of the protective design criteria helps illustrate the all-hazard risk based approach.

General Services Administration (GSA)

The ISC PSC is risk based and open to the interpretation of the protective design consultant. To establish a consistent application of the ISC PSC across the building portfolio, the General Services Administration (GSA) has developed the "General Services Administration Facility Security Requirements for Explosive Devices Applicable to Facility Security Levels III and IV, GSA's Interpretation of the Interagency Security Committee (ISC) Physical Security Criteria" (2 August 2011) (SBU). This document provides specific facility security requirements for explosive devices for Facility Security Levels (FSL) III and IV. The guidance includes the calculation of blast loads, material strength factors, flexure and shear response criteria, glazed system response criteria, facade performance, structure performance and progressive collapse resistance.

Department of Defense (DoD)

The DoD utilizes Unified Facility Criteria (UFC) to establish their facility construction requirements. The two overarching security engineering UFCs are UFC 4-020-01 DoD Security Engineering Planning Manual and UFC 4-010-01 DoD Minimum Antiterrorism Standards for Buildings. The DoD Security Engineering Planning Manual is the starting point and, based on the risk to and value of the asset, drives the application of the DoD Minimum Antiterrorism Standards for Buildings and any additional protective construction over and above the minimum standards. The planning manual implements a risk based model that ranks 14 rating factors to determine the level of protection required for each of 13 aggressors (threats). Those rating factors include asset value, asset replaceable, military impact of loss, political sensitivity, related value, location, public profile, accessibility, availability, mobility of asset, recognizable value to aggressor, law enforcement presence, perceived success, threat level, local history, terrorist capability, terrorist environment, and terrorist activity. All these factors are scored to determine the level of protection. Regardless of the risk and value of the asset, DoD has directed that all occupied facilities must receive a baseline level of protection for its employees, contractors and dependents in order to protect against mass casualties. Therefore assets that score less than 0.5 in asset value or threat likelihood must only comply with the baseline protective requirements in the UFC 4-010-01 DoD Minimum Antiterrorism Standards for Buildings. These two UFCs and other supporting security engineering UFCs can be found on the Whole Building Design Guide, Federal Facility Criteria - Department of Defense section.

For off installation leased DoD facilities for DoD must follow the Interagency Security Committee (ISC) The Risk Management Process for Federal Facilities. This exception is intended to reduce the cost of leased facilities, eliminate relocation cost, align with other federal agency security requirements and make it easier to obtain commercial leased space.

Department of Veterans Affairs (VA)

VA conducted assessments of representative facilities and campuses in both urban and rural areas and identified the vulnerabilities that are common to most facilities. Based on the findings of these assessments, VA developed the Physical Security Design Manuals (PSDM) for Mission Critical (MC) Facilities and for Life-Safety Protected (LSP) Facilities. These documents outline the most practical and cost effective protective measures that address both natural and man-made hazards to which occupants may be exposed. The Design Manuals address site conditions, building entrances and exits, functional areas, building envelope, building structure, utilities and building services, building systems, and security systems.

Department of State (DoS)

The Department of State (DoS) security criteria for their international facilities are documented in the 2014 Overseas Building Organization (OBO) Design Standards Controlled Unclassified Information (CUI). The approach of the DOS requirements is to enforce both an anti-ram and anti-personnel standoff distance, provide a debris mitigating and forced entry ballistic resistant (FEBR) façade; provide a regular moment resisting frame that is inherently resistant to progressive collapse and to design the structure to resist the blast induced base shears. Both the magnitudes of the design basis threats (DBT) and the performance criteria for the DoS buildings are generally much more arduous than the corresponding requirements imposed by other government agencies.

Guidance for Commercial Buildings

Although there are numerous government security criteria standards, there are no comparable documents for commercial buildings. The American Society of Civil Engineers (ASCE) therefore undertook the task to develop a consensus based Blast Standard that identifies the minimum planning, design, construction, and assessment requirements for new and existing buildings subject to the effects of accidental or malicious explosions, including principles for establishing appropriate threat parameters, levels of protection, loadings, analysis methodologies, materials, detailing, and test procedures. The document does not prescribe requirements or guidelines for the mitigation of progressive collapse or other potential post-blast behavior. Unlike the government standards, the ASCE Standards are written for structural engineers with specific information pertaining to the design and detailing of blast resistant structures and facade systems.

Crime Prevention Through Environmental Design (CPTED)

Crime Prevention Through Environmental Design (CPTED)  is a proven methodology that not only enhances the performance of these security and safety measures, but also provides aesthetics and value engineering. CPTED utilizes four (4) primary, overlapping principles: Natural Surveillance, Natural Access Control, Territoriality, and Maintenance. Natural surveillance follows the premise that criminals do not wish to be observed; placing legitimate 'eyes' on the street, such as providing window views and lighting, increases the perceived risk to offenders, reduces fear for bona fide occupants and visitors, as well as lessening reliance on only camera surveillance. Natural Access Control supplements physical security and operational measures with walls, fences, ravines, or even hedges to define site boundaries, to channel legitimate occupants and visitors to designated entrances, and to reduce access points and escape routes. Territoriality involves strategies to project a sense of ownership to spaces such that it becomes easier to identify intruders because they don't seem to belong. Clear differentiation between public, semi-public, and private spaces by using signage, fences, pavement treatment, art, and flowers are examples of ways to express ownership. Maintenance is a key element to preserve lines of sights for surveillance, to retain the defensiveness of physical elements, and to project a sense of care and ownership. Together, the principles of CPTED increase the effectiveness of operational, technical, and physical safety methods, thereby lessening equipment and operating costs.

For total design efficiency and cost effectiveness, security, safety, and CPTED measures are best applied at the beginning of a project. Security programming is a useful practice to identify security design requirements necessary to satisfy stakeholder concerns.

Application of Standards to Buildings

As is evident in the overview of the different existing standards above, there are currently no universal codes or standards that apply to all public and private sector buildings. However, most designers agree that security issues must be addressed in using integrated design process with an understanding of the impacts and goals of other design objectives. This will ensure a quality building with effective security.

Design Basis Threat Tactics

Depending on the building type, acceptable levels of risk, and decisions made based on recommendations from a comprehensive threat assessment, vulnerability assessment, and risk analysis, appropriate countermeasures should be implemented to protect people, assets, and mission.

Some types of attack and threats to consider include:

  • Unauthorized entry/trespass (forced and covert), including vehicle ramming threats
  • Insider threats
  • Explosive threats: Stationary and moving vehicle-delivered, mail bombs, package bombs
  • Ballistic threats: Small arms, high-powered rifles, drive-by shootings, etc.
  • Weapons of mass destruction (chemical, biological, and radiological)
  • Disruptive threats (hoaxes, false reports, malicious attempts to disrupt operations)
  • Cyber and information security threats
  • Supervisory Control and Acquisition Data (SCADA) system threats (relevant as they relate to HVAC, mechanical/electrical systems control and other utility systems that are required to operate many functions within building)
  • Multi-tactic threats

Unauthorized Entry (Forced and Covert)

Protecting the facility and assets from unauthorized persons is an important part of any security system. Some items to consider include:

  • Compound or facility access control
    • Control perimeter: Fences, bollards, anti-ram barriers
    • Traffic control, remote controlled gates, anti-ram hydraulic drop arms, hydraulic barriers, parking control systems
    • Forced-Entry-Ballistic Resistant (FE-BR) doors, windows, walls and roofs
    • Barrier protection for man-passable openings (greater than 96 square inches) such as air vents, utility openings and culverts
    • Mechanical locking systems
    • Elimination of hiding places
    • Multiple layer protection processes
  • Perimeter intrusion detection systems
    • Clear zone
    • Video and CCTV surveillance technology
    • Alarms
    • Detection devices (motion, acoustic, infrared)
  • Personnel identification systems
    • Access control, fingerprints, biometrics, ID cards
    • Credential management
    • Tailgating policies
    • Primary and secondary credential systems
  • Protection of information and data
    • Acoustic shielding
    • Shielding of electronic security devices from hostile electronic environments
    • Computer screen shields
    • Secure access to equipment, networks, and hardware, e.g. satellites and telephone systems

Insider Threats

One of the most serious threats may come from persons who have authorized access to a facility. These may include disgruntled employees or persons who have gained access through normal means (e.g., contractors, support personnel, etc.). To mitigate this insider threat some items to consider include:

  • Implement personnel reliability programs and background checks
  • Limit and control access to sensitive areas of the facility
  • Compartmentalization within the building/campus
  • Two-man rule for access to restricted areas
  • Video and CCTV surveillance technology

Explosive Threats: Stationary and Moving Vehicle-Delivered, Mail Bombs, Package Bombs

Explosive threats tend to be the terrorist weapon of choice. Devices may include large amounts of explosives that require delivery by a vehicle. However, smaller amounts may be introduced into a facility through mail, packages, or simply hand carried in an unsecured area. Normally the best defense is to provide defended distance between the threat location and the asset to be protected. This is typically called standoff distance. If standoff is not available or is insufficient to prevent direct contact or reduce the blast forces reaching the protected asset, structural hardening may be required. If introduced early in the design process, this may be done in an efficient and cost-effective manner. If introduced late in a design, or if retrofitting an existing facility, such a measure may prove to be economically difficult to justify. Some items to consider include:

  • Including qualified security and blast consulting professionals from programming forward.

  • Providing defended standoff for vehicle-borne weapons using rated or certified barriers such as anti-ram fencing or bollards, by using reinforced street furniture such as planters, plinth walls or lighting standards, by using natural and man-made elements such as storm water elements, berms, ditches, tree masses, etc., by site layout strategies for parking areas, roadways, loading docks and other locations accessible by vehicles, by critical asset location strategies, and/or by security protocol through policy and procedures (e.g. vehicle inspections, etc.).

  • Consider structural hardening and hazard mitigation designs such as ductile framing that is capable of withstanding abnormal loads and preventing progressive collapse, protective glazing, strengthening of walls, roofs, and other facility components.

  • For critical assets that cannot be disrupted or for emergency response assets, provide redundancy and physical separation of critical infrastructure (HVAC), utility systems (water, electricity, fuel, communications and ventilation).

  • Provide for refuge and evacuation.

  • Consider plans for suicide bombers. Confer with authorities who have had previous experience.

  • Provide defended standoff for hand-carried weapons with anti-climb fencing, barrier (thorny) plants, natural surveillance of routine occupants and unobstructed spaces, electronic surveillance, intrusion detection, territoriality using defined spaces, natural access control using exterior and interior pedestrian layout strategies, security protocol through policy and procedures (visitor management, personnel and package screening, etc.).

  • Consider handling mail at alternate or remote locations not attached to the building or in a wing of the building with a dedicated HVAC system to limit contamination and damage to the main building.

  • Consider loading docks in structures unattached to the main building with a dedicated HVAC system to limit contamination and damage to the main building.

Ballistic Threats

These threats may include active shooters, random drive-by shootings to high-powered rifle attacks directed at specific targets within the facility (assassinations). It is important to quantify the potential risk and to establish the appropriate level of protection. The most common ballistic protection rating systems include: Underwriters Laboratories (UL), National Institute of Justice (NIJ), H.P. White Laboratory, and ASTM International. Materials are rated based on their ability to stop specific ammunition (e.g., projectile size and velocity). Some items to consider include:

  • Obscuration or concealment screening using trees and hedges, berms, solid fencing, walls, and less critical buildings
  • Ballistic resistant rated materials and products
  • Locating critical assets away from direct lines of sight through windows and doors
  • Minimize number and size of windows
  • Physical energy absorption screens such as solid fences, walls, earthen parapets
  • Provide opaque windows or window treatments such as reflective coatings, shades or drapes to decrease sight lines.
  • Avoid sight lines to assets through vents, skylights, or other building openings
  • Use foyers or other door shielding techniques to block observation through a doorway from an outside location.
  • Avoid main entrances to buildings or critical assets that face the perimeter or an uncontrolled vantage point
  • Secured compartmentalization of the facility to limit internal mobility
  • Mass notification and security systems
  • Facility access control
  • CCTV

Weapons of Mass Destruction: Chemical, Biological, and Radiological (CBR)

Commonly referred to as WMD, these threats generally have a low probability of occurrence but the consequences of an attack may be severe. These threats may be delivered by hand, mail, or as a result of accidental release of toxic industrial agents. While fully protecting a facility against such threats may not be feasible with few exceptions, there are several common sense and low cost measures that can improve resistance and reduce the risks. Some items to consider include:

  • Protect ventilation pathways into the building
    • Control access to air inlets and water systems
    • Locate air intake well above ground level
    • Provide detection and filtration systems for HVAC systems, air intakes and water systems
    • Provide for emergency HVAC shutoff and control
    • Segregate portions of building spaces (i.e., provide separate HVAC for the lobby, loading docks, and the core of the building)
    • Consider positive pressurization to keep contaminates outside of the facility
  • Provide an emergency notification system to facilitate orderly response and evacuation
  • Avoid building locations in depressions where air could stagnate
  • Provide access control to mechanical rooms
  • Provide CBR monitoring apparatus

Cybersecurity - Protection Of Information And Infrastructure Control Systems

The Target Stores data hack brought increased attention to the network connectivity of facilities/buildings operations and maintenance vendors, the organization's business IT systems, and the facility/building control systems.

Buildings are increasingly relying on building control systems with embedded communications technology and many enabled via the Internet. These systems provide critical services that allow a building to meet the functional and operational needs of building occupants, but they can also be easy targets for hackers and people with malicious intent. Attackers can exploit these systems to gain unauthorized access to facilities; be used as an entry point to the traditional informational technology (IT) systems and data; cause physical destruction of building equipment; and expose an organization to significant financial obligations to contain and eradicate malware or recover from a cyber-event.

The facility/building controls systems such as the Building Automation Systems (BAS), Energy Management Systems (EMS), Physical Security Access Control Systems (PACS), and Fire Alarm Systems (FAS) are just beginning to be considered as potential hacking points into an organization. These control systems are often referred to as Operational Technologies (OT) and use a combination of traditional IT protocols such as TCP and UDP, but also use controls systems' unique protocols such as Modbus, BACnet, LonTalk, and DNP 3 to communicate with the sensors, devices, and actuators.

IT is about data, OT is about controlling machines and OT is increasingly becoming more IP based. The Internet of Everything, Smart Grid, Smart Cities, Smart Buildings and Smart Cars are redefining the boundary between IT and OT. As the IT and OT systems have converged, so have the risk and vulnerabilities of hacking and using the OT systems as a point of entry and then pivoting up the network and taking control of other system assets.

Table 4 Comparing IT and OT Systems

  Information Technology Operational Technology
Purpose Process transactions, provide information Control or monitor physical processes and equipment
Architecture Enterprise wide infrastructure and applications (generic) Event-driven, real-time, embedded hardware and software (custom)
Interfaces GUI, Web browser, terminal and keyboard Electromechanical, sensors, actuators, coded displays, hand-held devices
Ownership CIO, IT Engineers, technicians, operators and managers
Connectivity Corporate network, IP-based Control networks, hard wired twisted pair and IP-based
Role Supports people Controls machines

The National Institute of Standards and Technology (NIST) has been a primary source of IT cyber standards and guides. The NIST SP 800-37 and NIST SP 800-53 publications, the SANS Top Twenty controls, and ISO standards have been used by both government and industry as IT best practices for many years.

Control System Cyber Exploits Increasing in Number and Complexity: On the OT side, the ISA 99 and NIST SP 800-82 Rev 2 Industrial Control Systems Security Guide  provide the standards and guides for Industrial Control Systems (ICS)1. ICS or OT has traditionally not received the same level of cyber scrutiny as the IT systems; however, malware such as Stuxnet, Duqu, and Flame are now specifically designed to infect the OT components and devices at the firmware or Project File level, and then inject false commands to spoof the operator's Human Machine Interface (HMI) console, establish a command and control channel to exfiltrate data (technical specifications, floor plans, drawings, etc.), create Botnets, or physically destroy the equipment and other IT systems.

An underlying fundamental concept of the NIST SP 800-82 Rev 2 Industrial Control Systems Security Guide is the concept of "Inbound Protection and Outbound Detection". All control systems should be on a separate network with multiple levels of DMZs and sub-networks.

Defending Building Control Systems: The WBDG Cybersecurity Resource Page is meant to be primarily for the buildings community, but also has additional information and links to other control systems, workshops, and training. All facility/building owners, property managers, engineering, and security staff are highly encouraged to understand the basic principles of NIST SP 800-82 R2; know how to use the DHS CSET tool; understand how the Shodan, Kali Linux, SamuraiSTFU, and other tools work for penetration testing; and prepare to adopt new acquisition and procurement processes into their organizations. Whereas the IT community has had almost two decades to learn and implement cybersecurity, the OT community will have an accelerated learning curve and will need to work closely with senior management, IT, and other stakeholders to properly cybersecure their assets.

Every building owner should have a building cybersecurity strategy and have the following key documents that cover both the IT and OT assets:

  • System Security Plan (SSP);
  • Plan of Action and Milestones (POAM);
  • Information Technology and Concept of Operations Plan (ITCP);
  • Incident Communications Procedures (ICP);
  • Security Auditing Plan (SAP)

DHS ICS-CERT maintains the list of vulnerabilities and alerts for control systems, and publishes the Cyber Security Evaluation Tool (CSET) which is free of charge to any organization and contains standards, guides, references, networking diagram tools, compliance evaluations, and can generate System Security Plans and other key documents.

Another effort being led by the DHS Interagency Security Committee is the Securing Government Assets through Combined Traditional Security and Information Technology White Paper . This document outlines the Risk Management Framework process applied to Physical Security systems such as Closed-Circuit Video Equipment (CCVE) or video systems, Intrusion Detection Systems (IDS) and electronic Physical Access Control Systems (PACS). Key to the recommendations is to bring the physical security specialists, facility engineers and managers, IT, system integrators, and property owner to the table to conduct assessments and develop System Security Plans.

DoD Cybersecurity Design Guidance and Tactics, Techniques and Procedures
The DoD has adopted the Risk Management Framework (RMF) for all Information Technology and Operational Technology networks, components and devices to include Facility-Related Control Systems (FRCS).

The DoD Unified Facility Criteria (UFC) 04-10-016 Cybersecuring Facility-Related Control Systems was published in September 2016 describes requirements for incorporating cybersecurity in the design of all facility-related control systems. It defines a process based on the Risk Management Framework suitable for control systems of any impact rating, and applies to all planning, design and construction, renovation, and repair of new and existing facilities and installations that result in DoD real property assets, regardless of funding source. The publication is based on NIST SP 800-82 R2 and is generic enough such that it can be used by any organization.

The DoD Advanced Cyber Industrial Control Systems Tactics, Techniques and Procedures is a step-by-step guide on how to Detect, Mitigate and Recover a Facility-Related Control System that has been attacked/compromised, and establishes the requirement for a Jump-Kit Rescue CD with the Fully Mission Capable Baseline configurations. The publication is generic enough such that can it be used by any organization.

The DoD ESTCP Cybersecurity Guidelines website is a comprehensive "One Stop Shop" for Cybersecurity Guidance. ESTCP FRCS projects will be required to meet RMF requirements and demonstrate the capability to meet certain cybersecurity criteria, and if required, obtain an Authorization To Operate (ATO) on the DoD Information Network (DoDIN). The site provides step-by-step instructions to create a baseline risk assessment in the planning and design phases, how to create a Test and Development Environment, a Design and Construction Sequence Table that identifies deliverables and expected timeframe such as when and how to perform Factory Acceptance Testing (FAT) in the construction phase; and conduct full Site Acceptance Testing (to include penetration testing) for system turnover, templates, resources and tools.

Related Issues

Building Design to Mitigate the Potential for a Progressive Collapse

Progressive collapse is loosely defined as a situation where a localized failure of a primary structural element leads to the collapse of adjacent structural elements, which propagates to disproportionate collapse of the structure. ASCE 7 states "Progressive collapse is defined as the spread of an initial local failure from element to element, eventually resulting in the collapse of an entire structure or disproportionately large part of it." The initial failure or damage could be from a number of different causes, which might include natural or man-made hazards. The phenomenon is applicable to structure of any appreciable size and type of construction. Concern is greatest for taller structures, as the propagation mechanism is typically vertical.

Design guidelines for the prevention of progressive collapse typically take a threat-independent approach that, regardless of initial cause, is intended to develop inherent robustness and continuity in the structure to resist and arrest propagation of failure. For example, design of a structural frame to resist propagation of damage after loss of a primary vertical-load-carrying element (such as a load-bearing wall or column) is a typical threat-independent approach to providing this resistance. This approach assumes complete damage of the structural element being considered and enhances the structure to prevent disproportionate spread of damage. By assuming loss of single vertical-load-carrying elements at key locations in the structure, the designer can reduce the potential for progressive collapse, should an initiating event occur. Design approaches and requirements are presented by the Department of Defense (UFC 4-023-03 Design of Buildings to Resist Progressive Collapse) and the General Services Administration (2013 Alternative Path Analysis & Design Guidelines for Progressive Collapse Resistance). Each of these guidelines provides methods for analysis and measures of acceptability to meet each specific criterion. These Progressive Collapse guidelines (GSA and UFC) are currently the most complete sets of criteria in terms of providing usable guidance to the designer.

Additional discussion of the role of Progressive Collapse mitigation measures in securing buildings can be found in the resource pages for Blast Safety of the Building Envelope and Designing Buildings to Resist Explosive Threats.

Crash Rated Barriers and Applicable Standards

A successful site security plan often involves the establishment and enforcement of a controlled perimeter. The controlled perimeter may act to prevent threats that are transported by vehicles or by pedestrians from entering a standoff zone around a protected facility. A controlled perimeter that is designed to stop a vehicle from entering a protected site is often required to be "crash" or "anti-ram" rated. A crash rated barrier system is typically tested or engineered such that it can stop a certain size vehicle (i.e. 4,000 lbs.,15,000 lbs.), travelling at a certain speed (i.e., 30 mph) from penetrating the controlled perimeter more than a certain distance (i.e., 3 ft.). The vehicle size, vehicle speed and penetration distance are typically determined based on the accessibility of the site, the topography and alignment of the surrounding roadways and the required standoff distance. Crash rated barriers take various forms and can include bollards, cable reinforced fences and planters. Where vehicle access is required into the secure site for parking, maintenance, emergencies or deliveries, active vehicle barriers may be employed; these can include plate barriers, wedge barriers, retractable bollards or gates. For more discussion regarding crash rated barrier assemblies, see UFC 4-022-02 Selection and Application of Vehicle Barriers, and the Bollard resource page.

The governing crash testing standard used for evaluating barrier systems is ASTM F2656/F2656M, "Standard Test Method for Crash Testing of Vehicle Security Barriers." This standard replaced the DoS Diplomatic Security standard SD-STD-02.01, Revision A. ASTM F2656/F2656M includes "Impact Condition Designations" or "Crash Ratings" for various test vehicles (ex. small passenger cars, pick-up trucks, medium-duty trucks and heavy goods vehicles) traveling from 40–60 mph. An example impact condition designation is a H50 which designates a "heavy goods vehicle" traveling at 50 mph. Similar C–, PU–, and M–ratings are provided for the other test vehicle types.

Integrating Security and Historic Preservation

Balancing the site, façade, structural, and operational requirements of a building required to comply with security standards with historic preservation goals and standards can be particularly challenging. Careful planning and an understanding of historic preservation objectives is necessary in order to address the requirements of both. A discussion of retrofit methods that have been successfully employed to meet security requirements in existing buildings are provided in the Retrofitting Existing Buildings to Resist Explosive Threats resource page. Specific challenges that may be encountered in applying these retrofit methodologies to historic buildings include lack of documentation on the existing construction, differing building technology at the time of construction, low inherent strength and ductility of existing systems, and limitations on modifications that can be made due to historic preservation restrictions.

Integrating Security and Sustainability

Providing for sustainable design that meets all facility requirements is often a challenge. With limited resources, it is not always feasible to provide for the most secure facility, architecturally expressive design, or energy efficient building envelope. From the planning and concept stages through the development of construction documents, it is important that all project or design stakeholders work cooperatively to ensure a balanced design. Successful designs must consider all competing design objectives and make the best selections. This applies as well to the site, as well as the building. Ensure sustainable site design and CPTED are considered in concert with each other.

Integrating Security and Fire Protection

Care should be taken to implement physical security measures that allow Fire Protection forces access to sites, buildings and building occupants with adequate means of emergency egress to comply fully with NFPA 101. GSA has conducted a study and developed recommendations on design strategies that achieve both secure and fire safe designs. Specifically, the issue of emergency ingress and egress through blast resistant window systems was studied. Training was developed based on this information and is available at the ARA Firefighter Forcible Entry Tutorial.

Integrated Security Systems

Photo of an integrated security system

Integrated security systems can offer more efficient access and control.
Photo Credit: Integrated Security Systems, LTD

There has been a general trend towards integrating various stand-alone security systems, integrating systems across remote locations, and integrating security systems with other systems such as communications, and fire and emergency management. Some CCTV, fire, mass notification systems, and burglar alarm systems have been integrated to form the foundation for access control. The emerging trend is to integrate security systems with facility and personnel operational procedures. By involving facility stakeholders from the programming stage throughout the life of the project, the behavioral-based policies can be successfully integrated with security systems and forces.

Blast Design vs. Seismic Design

Seismic and blast resistant design share some common analytical methodologies and a performance based design philosophy that accepts varying levels of damage in response to varying levels of dynamic excitation. Both design approaches recognize that it is cost prohibitive to provide comprehensive protection against all conceivable events and an appropriate level of protection that lessens the risk of mass casualties can be provided at a reasonable cost. Both seismic design and blast resistant design approaches benefit from a risk assessment that evaluates the functionality, criticality, occupancy, site conditions and design features of a building.

While there may be more predictability with natural hazards, this is not the case with man-made hazards. Also the explosive threats of the future are very likely to be very different from the explosive threats of the past. Another fundamental difference between seismic and blast events are the acceptable design limits. Since earthquakes are more predictable and affect more structures than are affected by blast events, owners may be willing to accept different levels of risk relative to these different events, and this may translate into differences in acceptable design limits, as defined by allowable deformation, ductility and other functions.

Both seismic design and blast resistant design approaches consider the time-varying nature of the loading function. The response of a building to earthquake loads is global in nature, with the base motions typically applied uniformly over the foundations of the buildings. These seismic motions induce forces that are proportional to the building mass. Blast loading is not uniformly applied to all portions of the building. Parts of the structure and components closest to and facing the point of detonation will experience higher loading than components at a greater distance and/or not facing the point of detonation. The structure's mass also contributes to its inertial resistance. Due to the local versus global nature of blast loading, seismic loading analogies, including the concept of blast-induced base shears, must be applied with great care or they may be misconstrued to provide a false sense of protection.

Building configuration characteristics, such as size, shape and location of structural elements, are important issues for both seismic and blast resistant design. The manner in which forces are distributed throughout the building is strongly affected by its configuration. While seismic forces are proportional to the mass of the building and increase the demand, inertial resistance plays a significant role in the design of structures to reduce the response to blast loading. Structures that are designed to resist seismic forces benefit from low height-to-base ratios, balanced resistance, symmetrical plans, uniform sections and elevations, the placement of shear walls and lateral bracing to maximize torsional resistance, short spans, direct load paths and uniform floor heights.

While blast resistant structures share many of these same attributes, the reasons for doing so may differ. For example, seismic excitations may induce torsional response modes in structures with re-entrant corners. These conditions provide pockets where blast pressures may reflect off of adjacent walls and amplify the blast effects. Similarly, first floor arcades that produce overhangs or reentrant corners create localized concentrations of blast pressure and expose areas of the floor slab that may be uplifted. In seismic design, adjacent structures may suffer from the effects of pounding in which the two buildings may hit one another as they respond to the base motions. Adjacent structures in dense urban environments may be vulnerable to amplification of blast effects due to the multiple reflections of blast waves as they propagate from the source of the detonation. While the geology of the site has a significant influence on the seismic motions that load the structure, the surrounding geology of the site will influence the size of the blast crater and the reflectivity of the blast waves off the ground surface.

On an element level, the plastic deformation demands for both seismically loaded structures and blast-loaded structures require attention to details. Many similar detailing approaches can be used to achieve the ductile performance of structural elements when subjected to both blast and seismic loading phenomenon. Concrete columns require lateral reinforcement to provide confinement to the core and prevent premature buckling of the rebar. Closely spaced ties and spiral reinforcement are particularly effective in increasing the ductility of a concrete compression element. Carbon fiber wraps and steel jacket retrofits provide comparable confinement to existing structures. Steel column splices must be located away from regions of plastic hinging or must be detailed to develop the full moment capacity of the section. Local flange buckling must be avoided by using closely spaced stiffeners or, in the case of blast resistant design, the concrete encasement of the steel section.

Reinforced concrete beam sections require resistance to positive and negative bending moments. In addition to the effects of load reversals and rebound, doubly reinforced sections possess greater ductility than singly reinforced counterparts. Steel beams may be constructed composite with the concrete deck in order to increase the ultimate capacity of the section; however, this increase is not equally effective for both positive and negative moments. While the composite slab may brace the top flange of the steel section, the bottom flange is vulnerable to buckling.

Addressing blast and seismic design goals may be achieved through the consideration of many of the same building attributes and utilizing similar design and detailing solutions. An understanding of the differences between these two loading phenomenon, the effects on the structure, and the performance requirements are essential in order to select and implement the appropriate choices for achieving the project's goals. See the Designing Buildings to Resist Explosive Threats page for additional discussion on this topic.

Relevant Codes and Standards

Highly complex security system design is still neither codified nor regulated, and no universal codes or standards apply to all public and private sector buildings. However, in many cases, government agencies, including the military services, and private sector organizations have developed specific security design criteria. These standards must be flexible and change in response to emerging threats.

Mandates

Federal Standards and Guidelines

Others

Private Sector Guidelines

Additional Resources

Tools

Protective Design Center—Tool also includes software developed by the USACE and maintained on the PDC web site these include SBEDS, VAPO, CEDAWS, etc.

Websites

Security Centers

Organizations and Associations

Trade Journals / Magazines

Training Courses

Tools

Others

Footnotes

1 [The NIST definition of ICS includes a wide range of control systems; an emerging term to categorize these converged systems is Cyber-Physical Systems (CPS)]