Printer Friendly

Counting on design.


DURING THE PAST TWO DECades, the peacetime threat to personnel and facilities has changed drastically. The organization and intensity of terrorist activity, including terrorists' willingness to die, have increased continuously. A number of terrorist operations have been characterized by extensive training and the organizational ability to use modern military or guerilla tactics and weaponry overtly or covertly.

The security of critical assets against internal and external threats requires the integration of state-of-the-art structural designs, equipment, personnel, and procedures to provide complete physical security in depth.

Attacks against facilities by small, well-equipped, well-trained, and dedicated terrorist groups are usually violent, efficient, and quick. Facilities must not only be able to withstand sophisticated penetration attempts from such external threats but also control and limit the more common lower-order threats and criminal operations involving insider assistance.

The countermeasures development process, shown in the accompanying chart, is a universal physical security system design process for military, commercial, and industrial sites. The process helps facility managers plan appropriate countermeasures to protect their critical assets. The countermeasures development process is equally applicable to threats from terrorists, extremists, organized criminal groups, individual criminals, disoriented persons, and disgruntled employees.

The overall technical approach to countermeasures development involves two basic analytical tasks. The first task is a facility requirements analysis. The first five steps in the chart help the user analyze the security requirements of the facility under consideration. The actual assets that require protection are identified, and their criticality to the facility and its function are determined. The attractiveness of these same assets to potential aggressors and the likely modes of attack are evaluated next. Finally, inadequate countermeasures are identified as facility vulnerabilities.

The second basic task is to identify candidate countermeasures. Based on the results of the on-site requirements analysis, asset-specific physical security countermeasures are applied to various points in and around the facility, as indicated by step 6 of the chart. Countermeasures development can commerce at a designated outer perimeter and can be applied in concentric rings in the postulated terrorist's path to each specific asset. Regardless of the facility type or configuration, countermeasures development must embrace a complete protection-in-depth concept. This concept combines the full range of countermeasures, such as barriers, intrusion detection, access control, and assessment subsystems, as well as procedural and personnel-intensive countermeasure combinations appropriate to each asset. The final step involves selecting countermeasure integration options and gathering cost estimates.

AS THE CHART SHOWS, THE COUNtermeasures development process involves the following steps:

* asset definition and criticality determination (steps 1 and 2)

* threat determination (step 3)

* modes of attack determination (step 4)

* vulnerability determination (step 5)

* required protection and identification of candidate countermeasures (step 6)

The process requires certain information to give an accurate indication of potential threats and the relative exposure or vulnerability of assets to these threats. The initial requirements analysis must be thorough and should include information from the security director, law enforcement agencies, the facility engineer, and the facility operations manager. The requirements analysis, when properly and thoroughly completed, becomes the critical ingredient in developing an optimal system configuration and determining the cost-effectiveness of various countermeasure options.

Asset definition and criticality. The process begins with an administrative identification of the asset to be protected, the facility in which it is housed (if applicable), and the installation on which the asset is located. Assets to be protected are identified in relation to monetary or intangible value, association with mission requirements, recognition within regulations, and the presence of key personnel or the density of personnel resources in general.

Once an asset has been identified, its criticality is defined by examining the importance of the asset to the associated mission or facility function; the present or anticipated status of the asset (for example, actively employed, in construction, or down for maintenance); how easily the asset could be replaced; and its monetary or intangible value to the user.

Not only is the asset itself analyzed with respect to criticality, but secondary assets that perform auxiliary functions in support of the primary asset are also analyzed. If these secondary assets (such as fuel for the primary asset) are deemed to be critical to the primary asset, then the secondary assets must undergo the same level of protection analysis as the primary asset.

At this point a decision must be made to continue the analysis or exclude an asset from further consideration due to its low criticality. This first step of the process will result in an asset criticality rating, which will be combined with the results of the threat determination conducted later in the countermeasures development process.

Threat determination. After the asset's criticality to its user is evaluated, it also must be considered from the potential aggressor's perspective. This is initially accomplished in the attractiveness analysis. This analysis selects aggressor categories for further analysis and helps determine the likelihood of attack.

Six categories of generic aggressors are considered in the countermeasures development process. These range from miscellaneous criminals to terrorists. Although the process applies equally to all six aggressor types, this paper will concentrate on terrorists.

Unlike miscellaneous or sophisticated criminals, terrorists demonstrate unusual bonds. They maintain a sophisticated network of sympathizers and derive great satisfaction from attacking an asset they consider representative of an oppressive society or state.

Ordinarily, aggressor characteristics are presented to the user as default options in an automated process that the user may modify to suit local conditions. The characteristics are expressed at a very low to very high level for each type of aggressor. The different types of aggressors can be described and distinguished from each other through their organizational, operational, and behavioral characteristics and the resources they use.

After each type of aggressor under consideration has been assigned a set of characteristics, the design basis threat descriptions must be prepared. These tell the user what types of aggressors the security system will protect against, what their characteristics are, and what capabilities those characteristics imply.

The following are the aggressor ratings of various generic qualities of terrorists:

* international connections - high likelihood

* financing - high level

* recruiting - high sophistication

* organization - very high sophistication

* insider collusion - very low likelihood

* tactics - very high sophistication

* timing - very high consideration

* planning - high sophistication

* motivation - very high levels

* dedication and discipline - high level

* willingness to kill - very high

* willingness to die - high

* training and skills - high level

* personnel sophistication - medium

* group size - high (one to six persons per cell)

* weapons - high sophistication

* equipment - high sophistication

* transportation - high variety

The attractiveness of an asset to an aggressor can be established by considering the following factors:

* historical events related to the asset

* the value the asset would have to a potential aggressor

* the objectives of an aggressor in terms of the asset

* the logistical capabilities associated with each aggressor type

The historical events analysis portion of the attractiveness determination involves reviewing information on attacks against similar assets. Local law enforcement and other government agencies are the likely sources for this information.

The value of the asset to an aggressor is established by considering how the asset can be used by an aggressor (for publicity or simply money) and how an attack on the asset would reduce the operational capability of the user.

The aggressors' objectives, as considered at this point in the process, identify the specific intent of the aggressors regarding each particular asset. Their objectives can be injury, theft, or destruction.

The logistical capability of an aggressor is determined by evaluating how accessible the location of the asset is, how well access to the general area of the asset or to the asset itself is controlled, whether visible security measures might deter the aggressor, and how likely it is that the aggressor could escape after the attack.

Having evaluated the attractiveness of the asset for each aggressor category, the user may eliminate some of the aggressor types from further analysis if the attractiveness of the asset to them is very low. At this point, the user is ready to prepare a design basis threat description that will serve as part of the subsequent rationale for determining likelihood of attack and selection of likely modes of attack.

The data evaluated previously should be weighed and combined to indicate a high, medium, low, or very low likelihood of attack for each aggressor category selected for evaluation. This likelihood of attack will be used later in the methodology to select severity levels for the various modes of attack. An asset's likelihood of attack is a function of its criticality to the facility's operations and its attractiveness to each category of aggressor under consideration.

AFTER ASSIGNING LIKELIHOOD ratings to each threat under consideration, those rated high, medium, and low will be used to assign attack modes and severity parameters for each mode. This information should be used to determine the adequacy of existing protective measures and to assess the extent of additional protective measures required. Attack modes include foot, exterior, vehicle, standoff, aerial, common delivery, chemical or biological, and insider modes.

Severity parameters are then assigned to each mode of attack selected at the same level as the likelihood of attack by that aggressor. Each mode of attack is generally associated with a set of tools, weapons, and explosives at specific severity levels. For example, in the vehicle mode of aggression, a moving car or truck bomb would have a high severity level when laden with 1,000 lb. of TNT, while a low severity level would be associated with a vehicle laden with 50 lb. of TNT. The assumption here is that an asset of higher criticality to its user or greater attractiveness to an aggressor may prompt an aggressor to use more force in an attack on that asset.

Having determined what is to be protected, its value, and its attractiveness to various aggressor types, the user then turns to the analysis of what is in place to deter, delay, deny, detect, assess, and respond to attacks.

For an existing facility, a site survey may be required to detail the existing security measures. Information is compiled about security force capabilities, barriers and structural integrity, access controls, detection systems, and assessment systems. These existing measures are compared with the minimums required to protect against the likely attack modes and their severities. Shortfalls in existing protective measures are identified as vulnerabilities.

Various design constraints may also apply. Legitimate constraints may, in fact, force the current protective measures to be sufficient, even though vulnerabilities exist. There also may be no identified vulnerabilities. In either case, no upgrade is required. Otherwise, the asset requires the design of additional protective measures.

As a final step in vulnerability determination, an assessment is made of the financial, regulatory, and operational constraints to candidate physical security countermeasures. This could include a review of mandated protection requirements as specified by owner and user groups, current and future budget allocations, and a host of operational issues such as access requirements and facility functional requirements.

THE USER IS NOW READY TO CONSIDER asset-specific options for physical security applications. Several issues associated with countermeasures development must be taken into consideration before one can determine the cost-effectiveness and performance of physical security alternatives. These issues include the following:

* regulatory and insurance requirements and constraints

* asset criticality and aggressor objectives, resources, and tactics

* attack consequences to life, mission, and cost

* the size and update frequency of the access authorization data base

* flexibility of asset locations and movement

* throughput requirements at key points

* operational requirements and constraints

* facility efficiency and safety requirements for physical security location and performance

* ability to use physical barriers to isolate asset

* life cycle cost of operation

* perceptions of the intrusiveness of various elements of the system personally and operationally by user group

Generally, countermeasures come from three sources. Police, intelligence agencies, and other government entities focus on countermeasures that prevent attack. Classical security specialists, electrical and mechanical engineers, and manufacturers focus on physical security systems that also provide surveillance and response. Lastly, architects, structural and civil engineers, and constructors focus on hardening structures and installations.

The physical protection of a facility from terrorist attack requires the integration of each professional's approach to countermeasure development. The emergence of more violent forms of terrorists, who employ large quantities of explosives, longer range weapons, and car and truck bombs makes the structural integrity of a facility just as important as the security system and the interception and prevention ability of law enforcement and intelligence agencies. Depending on the criticality of the assets, alternative countermeasures should also be evaluated. In the case of detection technologies, key criteria include installation and maintenance cost, susceptibility to nuisance alarms, and probability of detection.

The development of a matrix is recommended. This matrix would specify asset priorities, threats, modes and avenues of attack, likelihood of attack, associated vulnerabilities, and primary and alternative physical security countermeasures. Additional criteria that could be employed in countermeasure selection include the following:

* operational restrictions

* nuisance alarm susceptibility

* installation cost

* annual maintenance cost

* reliability and maintainability

* alarm assessment means

* insurance premium impact

* environmental conditions

* aesthetic prohibitions These and other factors may then be used to evaluate cost, performance, and operational impacts while narrowing the list of candidate countermeasures for final selection.

The most effective way to develop facility countermeasures against terrorist or other forms of attack is to examine individual and collective assets from both the user's and potential aggressors' perspective. After selecting the critical assets, the user must systematically determine potential aggressors and their characteristics, the attractiveness of critical assets to various aggressors, potential attack modes and severity, and, finally, a design basis to identify and select appropriate countermeasures.

The countermeasures development process provides the user with a rational means to select security measures. The planners' decisions are based on realistic threat projections, and the protective measures chosen are specific to each asset. Perhaps most importantly, the process helps security planners use their resources most efficiently.

About the Author . . . William J. Schneider is program manager and Richard P. Grassie, CPP, is director of programs development at ASEC Intelligence and Security Group in Burlington, MA. Schneider and Grassie are members of ASIS.
COPYRIGHT 1989 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:terrorism countermeasures
Author:Schneider, William J.; Grassie, Richard P.
Publication:Security Management
Date:Oct 1, 1989
Previous Article:Teaming up against crises.
Next Article:When a star is not born.

Related Articles
Integrating security and design.
Five Steps to Risk Reduction.
Mission Creep: Defining Terrorism. (Citings).
Food safety and security--new guidelines for bioterrorism prevention and response. (Products & Services).
Homeland Security Dept. releases shopping list.
FDA announces major initiatives and goals for 2004.
Reference guide to anti-money laundering and combating the financing of terrorism, 2d ed.
Arson attacks ruled terrorism.
Understanding, assessing, and responding to terrorism; protecting critical infrastructure and personnel.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters