At the onset of a project, every project leaders goal is to maximize the function of a building with available funds. At the minimum, the building must meet the requirements laid out by qualifying authorities. Aesthetics play a role, and there can be challenges related to square footage in some cases.
Increasingly, however, the importance of security in optimizing and preserving a building is becoming ever more prevalent. This is especially true for military and government buildings.
Whether stateside or overseas, firing ranges, ammunition storage and handling buildings, or barracks: each building has a specific security requirement and forms a unique piece of the security landscape.
While the security landscape has changed over the past years due to terrorism and cyber threats, this landscape goes a step further with physical and digital security planning and risk assessments used to determine the need for and effectiveness of various security protocols.
Here are insights.
Define Physical + Technical
Physical Security is defined as the protection of personnel, hardware, software, networks, and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protections from fire, flood, natural disasters, burglary, theft, vandalism, and terrorism.
Physical security manifests itself in some of the more traditional protections, such as perimeter fencing and access control, bollards, crash-rated barriers to protect from vehicular attacks, or earthen berms. There is a also procedural element to physical security. Each installation has its own physical security plan, including emergency evacuation protocols.
Blast design is one example of physical security planning challenges. Variables in blast design deal with the unique topography of the site and how much setback distance there is between parking and roadways. For external blasts, the plan is based on the hypothetical distance a blast would be from the building. If there is a shorter setback, the blast may a take out a wall section. Reinforced walls to combat such effects drive up costs.
Internal blast design is even more complex. For load-bearing walls, the locations of doors and windows are critical. Windows tend to be the weakest link, and those designed to withstand blast pressures can associated cost. Blast design can apply to any building, whereas other physical security measures are specific to the project or facility type.
One of the biggest challenges in physical security planning is prioritizing the needs for planning based on the unique needs of the facility and its application. In some cases, the biggest asset may be having a project team member with a background in a specific area.
For example, an Army base has much different security needs than an overseas embassy compound. Having a design/security professional with the right experience to assess the security needs based on the location and facility type can be critical. In any project dealing with an existing site, there is additional redevelopment beyond the original impetus for the renovation. For entry control points, in particular, there can be spatial challenges related to having room for vehicles to queue, undergo inspection in a timely fashion, and back up or turn around if rejected.
Consider a project example. A project team planned a new route that manipulated the roadway, introducing curves and obstacles to reduce speed before vehicles reached the final denial barrier. A crash-rated popup barrier was also added. Space was at a premium around the base, where there had been subsequent real estate development in the 30 years since the original entry was built. In addition to restructuring the roadway to meet the requirements of function and security, the project also had aesthetic considerations, using ornamental fencing that was also crash rated. Such conditions and considerations are exemplary of the complexity of physical security.
Technical Security deals with the underlying systems that enhance the effectiveness of the physical barriers. Exterior technical features include elements such as video surveillance systems that monitor activity outside the building. Intrusion detection systems indicate for users which doors were opened, when, and even by whom. For regular users of the facility, access control is still required. Elements such as metal detectors at the entrance, and sophisticated locks and other hardware manage entry. Within the building, there is a separate set of requirements to control access to the most secure areas of the facility.
To create the most effective technical security plan, it is key to understand the user’s requirements and their operating protocol, especially as it relates to the design standards. It can be challenging to find solutions that work for the client while still meeting the requirements. It helps to guide project decision makers through various scenarios, including specific examples of security risks to decide how these aspects should be handled, not only from a security standpoint, but also how many security personnel will be required, and other concerns that will affect the budget and the overall plan.
Cyber Security is a growing concern. In the digital age, cyber terrorism poses a real threat to infrastructure, and has become and emerging concern for security design. Mason and Hanger supports the Army Cyber Command in designing secure buildings, including a current project to build training spaces for cyber warfare. With more and more components of building infrastructure connected to wi-fi, each piece of equipment—including HVAC and lighting—must be safeguarded from cyber threats.
It takes experience to specify the right equipment and ensure that it is installed properly to prevent attacks and threats. The design planning effort is ensuring that the required network infrastructure is in place—cabling, data centers, etc., and that each component connected to the network can resist potential attacks. The rigors of cyber security planning vary by building type and each engineering discipline has a role to play in ensuring the cyber security of the facility.
While planning for security presents a host of challenges, assessing the risks prior to planning is even more difficult.
Risk assessments – Identifying Vulnerabilities
The assessment process is comprised of multiple phases. Effective assessment starts with gathering data to define the current state of operations. This includes identifying potential hazards and developing an assessment of the response plan in place. Insights to this process include identifying what control measures project stakeholders plan to implement to address threats and making a recommendation based on these needs. To specify things like blast-resistant windows to withstand a certain charge, or the best surveillance cameras, a thorough, up-to-date knowledge of products and their applications is required.
Not all risks are equal, which leads to the next step in the assessment process which is risk characterization. Weigh how the identified hazards relate to individual risks and try to hypothesize which are the most and least likely to occur. To do this accurately, it is critical to engage the participation of security personnel. When the potential risks have been outlined, they are categorized and prioritized based on the severity of the threat. A response or control mechanism is assigned to each risk, and, ultimately, the entire account is documented and an action plan developed to implement the control measures, both physical and procedural.
Elements of the assessment include a categorical study of vulnerabilities, security, and planning for implementation of the findings. There are government guidelines that can help determine the tipping point for whether to upgrade or replace problematic elements. It takes longstanding and in-depth experience with security assessments to give project leaders the key information needed to make the best decision.
Identify the threats unique to the location, such as the political climate, and the responsibility of the facility to protect the life and wellbeing of people, infrastructure, and information. For anti-terrorism/force protection, specifically, site design is a consideration. Where dumpsters are located, how close trees are planted, and other details related to access can be shown graphically as part of the assessment.
Creating a new security plan based on the risk assessment findings is the key outcome. Good planning practices are vital in this stage. First, identify the primary function of the facilities and related requirements for location and site parameters. Meet with project decision makers and users/occupants of the facility to understand and address their concerns. Create conceptual or preliminary plans and a strategy for roll out. Address concerns immediately as they come up to make the entire process smoother.
Cost is a major consideration in any project, but with security as the focus, certain elements cannot go unaddressed. It can be challenging to balance these in the context of the project budget. Security does not carry the cache of a more attractive façade, or added square footage to justify the cost, it is simply a necessity. While security always affects the budget, location impacts how significant a factor it is.
In remote island locations, availability of materials and time to ship can increase the budget impact over a similar project where resources are more readily available. For planning, it is important to know the costs of materials in the area, and use a location factor when creating the budget, but there are many variables related to shipping that make it difficult to predict.
Staying within the defined budget for a project is always an important project condition. Security can involve significant investment and is of critical importance. Factoring these investments into the plan for security early in the project avoids unwanted and often costly surprises later on.
To develop a comprehensive plan, it is important to factor in physical, technical, and cyber security elements and the effect they have on one another in the project planning and execution. Detailed risk assessments provide the information required to make an effective plan, but the successful combination of all these elements can only be achieved with an experienced team comprised of key players from all the affected areas and a client who understands the importance of the process.
Richard Heap, Associate AIA, IABC
Arate Communications Consulting, Inc.
MARKET-FOCUSED VISIBILITY. ANALYTICAL