Browse Content by Topic:
Vulnerability Assessments for Public and Private Facilities
Author: Roger L. Kemp, PhD
Copyright: Copyright 9-1-1 Magazine, Feature Content
By Roger L. Kemp, PhD
Originally published in our March, 2008 issue.
From a homeland security standpoint, office, storage, and manufacturing buildings are not typically the subject of a man-made disaster, such as a terrorist attack. Such attacks are usually expected to occur at critical locations such as “key” government buildings, so-called symbols of democracy, transportation centers, nuclear power plants, and locations where “products of war” (e.g., airplanes, helicopters, missiles, and other combat-related items) are produced. Nonetheless, standards are emerging for property owners and building managers to assess the vulnerability, or risk level, of their site and its facilities to a possible terrorist attack.
Typically, these assessment evaluations include potential vulnerability and risk levels based on the visibility of the building, the criticality of the site to the jurisdiction in which it is located, the impact that the facility has outside of its jurisdiction, the accessibility of the site by the general public, possible site-related hazards from both manufacturing and storage standpoints, the site’s population capacity, and, lastly, the potential for mass casualties if the site is attacked. While these variables seem diverse and complex, it is possible to assess a site’s potential vulnerability and risk by rating a facility using these criteria and a numerical ranking process for each category. The final score, or assessment rating, determines the site’s potential exposure to a possible terrorist attack.
A site’s vulnerability rating can be determined using the following nine variables and ranking the response to each potential risk category using a six-point scale ranging from zero to five points. The lower the numerical ranking in each category, the lower the vulnerability or risk level of the site. Conversely, the higher the ranking, the greater the exposure the site has to a possible terrorist attack. The nine assessment criteria contained in this ranking process and the rating scale used in each category are explained in detail below.
As valuable as it can be for private property owners and professional property management companies to understand how to assess their facilities in order to reduce the vulnerability of their property, it can also be valuable for public safety personnel, emergency planners, and policy makers to understand the vulnerability quotient of buildings in their jurisdiction that may serve as target hazards in the event of a fire or disaster response.
The nine rating classifications, along with various risk levels, are explained in greater detail below.
Visibility Level of the Site
Question one relates to the level of the site’s visibility using the following scale. Rating level zero equals “invisible,” where the location is a classified or a secret location unbeknownst to the general public. Ranking level one assumes the site has a “very low visibility,” which means that it is also a so-called secret or classified location that is only known by a very few people. Rating level two represents that the site has “low visibility,” meaning that the knowledge of its existence is public but generally not too well known. The third rating level is used when the site has a “medium visibility,” when the existence of the facility is only known locally. Ranking level four means that the site has a “high visibility” – the existence of the site is typically known throughout the region. Lastly, ranking level five is used when a site has a “very high visibility.” The highest vulnerability assessment rating is only used when the site’s existence and purpose are typically known nationally by members of the general public.
Criticality of the Site to Its Jurisdiction
Question two focuses on the building’s or site’s criticality, or importance, to the jurisdiction (e.g., city or town) in which it is located. This includes an assessment of the impact that the site’s assets have on the local population, economy, and/or government. The six possible assessment rankings in this category include rating level zero for “no usefulness” whatsoever, rating level one for “minor usefulness,” two for “moderate usefulness,” three for “significant usefulness,” four for “highly useful” and, lastly, five when the site’s assets are “critical” to the city or town in which it is located.
Impact of the Site Outside the Jurisdiction
Assessment category three examines the impact that the site or building has outside the jurisdiction in which it is located. The question asked is, “What affect would losing the facility have outside of our county?” The possible assessment rankings using the six-point scale include rating level zero for none (no impact), rating level one for very low impact, two for low impact, three for medium impact, four for high impact and five for very high impact. This last assessment ranking is only used when a site or building serves as a large employer, has a significant impact on the local economy, and/or has a close and vital working relationship with its local government.
Accessibility of the Site to the Public
The fourth assessment category asks about possible access to the site or building. The exact question posed is, “How accessible is the site?” The six possible ranking levels for this category range from “restricted” access to “unlimited” access.
Ranking level zero stands for “restricted” access, which means that the site or building is patrolled 24/7, is fenced, alarmed, and equipped with security cameras, has controlled access that requires prior clearance, contains designated parking (with the requirement that no unauthorized vehicle can park within 300 feet of the facility), and has protected airspace and entranceways. The other possible assessment rankings account for the fact that the site is more open in its nature.
A rating level of one means that the site has “controlled” access – the facility has a 24/7 security patrol, is fenced, has controlled access to vehicles and personnel, contains designated parking including a restriction that no unauthorized vehicles can park within 300 feet of the facility, and the site has protected airspace and entranceways.
A ranking level of two means that access to the site is “limited” in nature. It has security guards at the main entrance during regular business hours, is fenced, contains a security alarm, has controlled access for visitors, and has designated on-site parking and the requirement that no unauthorized vehicles can park within 300 feet of the facility. This rating level also includes the fact that the site has protected airspace and entranceways.
The third assessment rating level indicates “moderate” access, which means that the site and building have controlled access for visitors, have security alarms after regular business hours, have protected airspace and entranceways, contain designated parking areas, and have the requirement that there can be no unauthorized vehicles parking within 50 feet of the facility.
Ranking level four means the site has “open” access. The site is open and has public access during regular business hours, has few, if any, safeguards in place, and contains unprotected airspace and entranceways.
The last assessment ranking level in this category, rating level five, means that the site has “unlimited” open access to the public, has no safeguards in place, and has unprotected airspace and entranceways.
Possible Hazards Located on the Site
The fifth rating category involves the assessment of the site relative to on-site hazards. It pertains to the presence of legal weapons of mass destruction (WMD) materials, as well as chemical, biological, radiological, nuclear, and explosive (CBRNE) materials in quantities that could make the site a target for a possible terrorist attack or that would complicate the public response to a terrorist incident at the site if one took place.
The possible six ranking levels for this category range from none to high. Rating level zero means that none of the possible WMD/CBRNE materials are located on the site. Level one means that minimal WMD/CBRNE materials are present in moderate quantities, but they are controlled. Level two reflects a low hazards exposure, indicating that WMD/CBRNE materials are present in moderate quantities, but they are controlled. Level three reflects a moderate hazards exposure –there are major concentrations of WMD/CBRNE materials, but they have established control procedures and are secure in the site. Level four reflects that a high degree or major levels or concentrations of WMD/CBRNE materials are located on the site, with only moderate control features in place. The last rating criteria in this category, level five, indicates there is a very high presence of WMD/CBRNE materials on the site, there are no safeguards in place, and the material is readily accessible to employees as well as non-staff personnel.
Height of the Building
The sixth vulnerability assessment category includes a review of the height of the structure, which ranges from underground to a skyscraper. There are six possible rating levels. Rating level zero indicates that the entire structure was built underground and little or no damage would result from an above ground terrorist attack to the site. Level one recognizes that the structure is only a single story; two means that the structure is a low-rise building, less than five stories tall; and three represents a mid-rise structure, or one that is five to 11 stories tall.
The last two assessment rating categories are for buildings that fall into the high-rise and skyscraper categories. Level four designates a high-rise structure, for buildings that range from 12 to 29 stories. And level five acknowledges that the verticality of the structure falls into the highest level, or skyscraper category. This means that the building is over 30 stories tall. Since skyscrapers in America’s cities are few and far between, not many buildings fall into this highest category.
Type of Building Construction
The seventh category of assessment recognizes the “toughness” of a building’s construction. Assessment level zero acknowledges that the structure is completely built “underground,” which has the lowest vulnerability level from an attack perspective. Rating level one represents a “hardened” structure or one that it is protected by earth berms and embankments. Level two (2) means that the building is constructed with “reinforced concrete” or has steel beams within its structure.
The next three assessment levels in this category include buildings constructed with steel beams, masonry, steel studs, and wood. These ranking options include level three for buildings constructed with “structural steel or masonry”; level four for “light frame” structures, which typically contain steel studs; and level five for a “wood structure,” the most vulnerable type of structure from the standpoint of a terrorist attack.
Population Capacity of the Site
This eighth category relates to the maximum number of individuals at the site or building at any given point in time. Again, there are six possible rating levels. Rating level zero indicates that no one is located at the site. Level one means that one to 250 people are located there. Level two indicates 251 to 5,000 people, three reflects 5,001 to 15,000 individuals, four represents15,001 to 50,000 people, and five indicates that more than 50,000 people are present at the site at any given time.
Potential for Collateral Mass Casualties
The final vulnerability assessment category includes a review of the maximum number of people within a one-mile radius of the site, reflecting the potential for collateral mass casualties should a major terrorist attack take place. The six possible assessment ranking include the following: zero stands for 0 to 100 people, level one means 101 to 500 people, level two includes 501 to 1,000 people, level three represents 1,001 to 2,000 people, level four reflects2,001 to 5,000 people, and, lastly, level five represents 5,001 or more people within a one-mile radius of the site.
Based upon a site’s, or facility’s, vulnerability assessment ranking, the owners or managers of the site or building may wish to take a number of common-sense remediation measures to offset the potential vulnerability of their facility to a possible terrorist attack. These measures include, but are certainly not limited to, providing perimeter fencing, installing parking security safeguards for both employees and delivery persons, purchasing on-site surveillance cameras, using landscaping and vertical impediments to preclude vehicles from getting to close to the site, obtaining some type of employee identification recognition process, and using security guards to protect the facility against possible purposeful human wrongdoing.
Lastly, it should be pointed out that if you review the four phases of emergency management – prevention, mitigation, response, and recovery – it is much less expensive to initiate up-front remedial measures to prevent your site or facility from being attacked than it is to respond to and recover from an attack. While there are no 100% foolproof safeguards, common-sense measures can be taken to minimize the possibility of a terrorist attack and thereby limit the loss of life and property from a man-made emergency. Therefore, the use of such assessment questionnaires to determine a site’s vulnerability is likely to increase in future years.
While this assessment ranking process appears, on the surface, to be objective, greater consideration could be given to the “weight” that each assessment category represents in the overall “vulnerability” equation. For example, an expert in this field could find a good reason to give more “points” to one assessment category over another. Also, if a terrorist used a nuclear device, the various vulnerability assessment categories would have little meaning. For this reason, the criteria selected represent a “general assessment” of a building’s, or facility’s, vulnerability, providing a valuable vehicle to use when assessing the vulnerability of public and private buildings and facilities to a possible terrorist attack.
In closing, it should be noted that when the author applied these ratings to the town hall in which he works as the chief executive officer, this municipal facility achieved a cumulative rating of 16, which would place this government facility in the “low” vulnerability category. Other public and private officials throughout the country are encouraged to apply these criteria to their facilities to assess the vulnerability of their buildings. Given the current political and social environments, citizens as well as customers expect their officials – both public and private – to protect them from the possibilities of a potential emergency, including a possible terrorist attack.
Other information concerning ways to assess and determine the vulnerability of land and improvements can be obtained from the Federal Emergency Management Agency (FEMA) Website (www.fema.gov), the Department of Homeland Security Website (www.dhs.gov), and the READY.GOV Website (www.ready.gov).
Roger L. Kemp, PhD, a career city manager, is a policy advisor in homeland security to the International City/County Management Association, Washington, DC. He also serves as the chief executive officer of the town of Berlin, CT. Dr. Kemp is the author of Homeland Security: Best Practices for Local Government (ICMA, 2003). He may be reached via e-mail at email@example.com.