196 68 13MB
English Pages 470 [471] Year 2021
ASCE Manuals and Reports on Engineering Practice No. 142
Structural Design for Physical Security Prepared by the Task Committee on Structural Design for Physical Security of the Blast, Shock, and Impact Committee of the Dynamic Effects Technical Administration Committee of the Structural Engineering Institute of the American Society of Civil Engineers Edited by Peggy Van Eepoel, P.E. Sharon M. Gallant, P.E., S.E.
Published by the American Society of Civil Engineers
Library of Congress Cataloging-in-Publication Data Names: Structural Engineering Institute. Task Committee on Structural Design for Physical Security, author. | Van Eepoel, Peggy, editor. | Gallant, Sharon M., editor. | Structural Engineering Institute. Task Committee on Structural Design for Physical Security, author. Title: Structural design for physical security / edited by Peggy Van Eepoel, P.E., and Sharon M. Gallant, P.E., S.E. ; prepared by the Task Committee on Structural Design for Physical Security of the Blast, Shock, and Impact Committee of the Dynamic Effects Technical Administration Committee of the Structural Engineering Institute of the American Society of Civil Engineers. Description: Reston : American Society of Civil Engineers, 2021. | Series: ASCE manuals and reports on engineering practice ; no. 142 | “The first edition of this book was published in the aftermath of the bombing attacks on the World Trade Center in New York, New York in 1993 and on the Alfred P. Murrah Building in Oklahoma City, Oklahoma in 1995.”--Preface. | Includes bibliographical references and index. | Summary: “This Manual Practice provides guidance to structural engineers in the design of civil structures to resist the effects of terrorist bombings”-- Provided by publisher. Identifiers: LCCN 2020057235 | ISBN 9780784415498 (hardcover) | ISBN 9780784482681 (adobe pdf) Subjects: LCSH: Building, Bombproof. | Structural design. | Buildings--Security measures-United States. Classification: LCC TH1097 .S76 2021 | DDC 693.8/54--dc23 LC record available at https://lccn.loc.gov/2020057235 Published by American Society of Civil Engineers 1801 Alexander Bell Drive Reston, Virginia 20191-4382 www.asce.org/bookstore | ascelibrary.org Any statements expressed in these materials are those of the individual authors and do not necessarily represent the views of ASCE, which takes no responsibility for any statement made herein. No reference made in this publication to any specific method, product, process, or service constitutes or implies an endorsement, recommendation, or warranty thereof by ASCE. The materials are for general information only and do not represent a standard of ASCE, nor are they intended as a reference in purchase specifications, contracts, regulations, statutes, or any other legal document. ASCE makes no representation or warranty of any kind, whether express or implied, concerning the accuracy, completeness, suitability, or utility of any information, apparatus, product, or process discussed in this publication, and assumes no liability therefor. The information contained in these materials should not be used without first securing competent advice with respect to its suitability for any general or specific application. Anyone utilizing such information assumes all liability arising from such use, including but not limited to infringement of any patent or patents. ASCE and American Society of Civil Engineers—Registered in US Patent and Trademark Office. Photocopies and permissions. Permission to photocopy or reproduce material from ASCE publications can be requested by sending an email to [email protected] or by locating a title in the ASCE Library (https://ascelibrary.org) and using the “Permissions” link. Errata: Errata, if any, can be found at https://doi.org/10.1061/9780784415498. Copyright © 2021 by the American Society of Civil Engineers. All Rights Reserved. ISBN 978-0-7844-1549-8 (print) ISBN 978-0-7844-8268-1 (PDF) Manufactured in the United States of America. 27 26 25 24 23 22 21 1 2 3 4 5
MANUALS AND REPORTS ON ENGINEERING PRACTICE (As developed by the ASCE Technical Procedures Committee, July 1930, and revised March 1935, February 1962, and April 1982) A manual or report in this series consists of an orderly presentation of facts on a particular subject, supplemented by an analysis of limitations and applications of these facts. It contains information useful to engineers in their everyday work, rather than findings that may be useful only occasionally or rarely. It is not in any sense a “standard,” however; nor is it so elementary or so conclusive as to provide a “rule of thumb” for nonengineers. Furthermore, unlike a paper (which expresses only one person’s observations or opinions), the material in this series is the work of a committee or group selected to assemble and express information on a specific topic. As often as practicable, the committee is under the direction of one or more Technical Divisions and Councils, and the product has evolved and been subjected to review by the Executive Committee of the Division or Council. As a step in this review process, proposed manuscripts are often brought before the members of the Technical Divisions and Councils for comment, which may serve as the basis for improvement. When published, each work shows the names of the committees that compiled the work and indicates clearly the processes through which it has passed in review so that its merit may be definitely understood. In February 1962 (and revised in April 1982), the Board of Direction voted to establish a series titled “Manuals and Reports on Engineering Practice,” which includes the manuals published and authorized to date, future Manuals of Professional Practice, and Reports on Engineering Practice. All such manuals or report materials of the Society would have been refereed in a manner approved by the Board Committee on Publications and would be bound, with applicable discussion, in books similar to past manuals. Numbering would be consecutive and would be a continuation of present manual numbers. In some cases of joint committee reports, the bypassing of journal publications may be authorized. A list of available Manuals of Practice can be found at http://www.asce.org/ bookstore.
CONTENTS
PREFACE............................................................................................................ix ACKNOWLEDGMENTS............................................................................. xiii 1
PHYSICAL SECURITY CONCEPTS, THREATS, VULNERABILITY, AND RISK................................................................ 1 1.1 Introduction....................................................................................... 1 1.2 Physical Security Concepts............................................................. 5 1.3 Physical Security Team Members and Qualifications............... 15 1.4 Existing Physical Security Criteria and Standards.................... 16 1.5 Risk-Based Physical Security Criteria.......................................... 18 References........................................................................................ 26
2
LOAD DEFINITION................................................................................ 29 2.1 Introduction..................................................................................... 29 2.2 Explosive Attack............................................................................. 32 2.3 Ballistic Attack................................................................................. 68 2.4 Forced-Entry Attack....................................................................... 75 References........................................................................................ 87
3
STRUCTURAL SYSTEMS...................................................................... 91 3.1 Introduction..................................................................................... 91 3.2 Blast Load Considerations........................................................... 103 3.3 Structural System Behavior..........................................................111 3.4 Material-Specific Structural Design........................................... 120 3.5 Structural System Performance Requirements......................... 125 3.6 Multihazard Protective Design................................................... 128 3.7 Other Safety Considerations....................................................... 130 References...................................................................................... 133 v
vi Contents
4
STRUCTURAL COMPONENTS......................................................... 135 4.1 Introduction................................................................................... 135 4.2 General Guidelines for Blast-Resistant Design........................ 136 4.3 Reinforced Concrete Components............................................. 162 4.4 Prestressed and Post-Tensioned Concrete Components......... 177 4.5 Structural Steel and Concrete-Steel Composite Components.................................................................................. 181 4.6 CFS Components.......................................................................... 192 4.7 RM Load-Bearing Walls............................................................... 206 4.8 Structural Wood............................................................................ 213 4.9 Structural Detailing for Blast Resistance................................... 214 4.10 General Guidelines for Forced-Entry and BallisticResistant Design............................................................................ 217 4.11 Design, Specifications, and Constructability Considerations.............................................................................. 220 References...................................................................................... 222
5
NONSTRUCTURAL COMPONENTS AND CRITICAL INFRASTRUCTURE.............................................................................. 229 5.1 Introduction................................................................................... 229 5.2 Types of Nonstructural Components......................................... 230 5.3 Planning, Design, and Construction Considerations.............. 252 References............................................................................................... 258
6
SECURITY GLAZING DESIGN......................................................... 261 6.1 Introduction................................................................................... 261 6.2 Physical Security Design Overview........................................... 263 6.3 System Components..................................................................... 264 6.4 Blast Design Methodology—Dynamic Analysis...................... 274 6.5 Blast Load Design Methodology—Static Analysis.................. 285 6.6 Ballistic Window Design Methodology..................................... 287 6.7 Forced-Entry Window Design Methodology........................... 288 6.8 Planning, Design, and Construction.......................................... 289 References............................................................................................... 292
7
NON-WINDOW OPENINGS.............................................................. 295 7.1 Introduction................................................................................... 295 7.2 Background.................................................................................... 295 7.3 Systems and Components........................................................... 299 7.4 Design and Analysis of Systems................................................. 305 7.5 Testing and Certification.............................................................. 314 7.6 Planning, Design, and Construction Considerations.............. 316 References............................................................................................... 319
Contents
8
vii
EXISTING STRUCTURES.................................................................... 321 8.1 Introduction................................................................................... 321 8.2 Existing Building Assessments................................................... 322 8.3 Blast................................................................................................ 328 8.4 Disproportionate Collapse.......................................................... 349 8.5 Forced Entry and Ballistic Resistance........................................ 353 8.6 Historic Structures........................................................................ 355 8.7 Design, Specifications, and Constructability Considerations.............................................................................. 358 8.8 Explosion Investigation and Forensics...................................... 366 References............................................................................................... 372
9 BRIDGES.................................................................................................. 375 9.1 Introduction................................................................................... 375 9.2 Applying Physical Security Principles...................................... 376 9.3 Threat, Vulnerability, and Risk Assessment.............................. 377 9.4 Design Basis Threats for Bridges................................................ 381 9.5 Global Structural Response of Bridges...................................... 384 9.6 Discussion of Typical Bridge Components............................... 388 9.7 Software......................................................................................... 400 9.8 Example Framework for Defining Performance of Bridges to External Explosive Threats.................................. 401 References............................................................................................... 404 10 TESTING AND CERTIFICATION...................................................... 407 10.1 Introduction................................................................................... 407 10.2 Testing Objectives......................................................................... 407 10.3 Product Certification and Approval.......................................... 409 10.4 Blast Test Methods........................................................................ 412 10.5 Ballistic Test Methods................................................................... 419 10.6 Forced-Entry Test Methods......................................................... 421 10.7 Vehicle Barrier Test Methods...................................................... 422 References............................................................................................... 424 GLOSSARY..................................................................................................... 427 INDEX.............................................................................................................. 437
PREFACE
BACKGROUND The first edition of this book was published in 1999 during the aftermath of the bombing attacks on the World Trade Center in New York City in 1993 and on the Alfred P. Murrah Building in Oklahoma City, Oklahoma, in 1995. These terrorist events and others worldwide created a need for structural engineers to protect a much broader portfolio of facility types against hostile acts, including threats posed by criminals, terrorists, and subversives. Although many US military and other government entities have had methodology and criteria documents, they were primarily restricted to official use only. The goal was to provide a widely available document to structural engineers so they may better understand the design of structures with enhanced physical security. Since 1999, the United States has been subject to significant terrorist events, the most impactful being the 2001 airplane attacks on the World Trade Center in New York City and at the Pentagon in Arlington, Virginia. In the two decades that followed, there have been ongoing wars related to international and domestic terrorism and evolving threats involving bombings, hostile vehicle rammings, active shooters, civil disturbance, and chemical–biological attacks. The constant change in aggressor profile, threat tactics, and types have led to the need for flexible and adaptable physical security designs that account for these new considerations and anticipate future environments, with flexibility and adaptability being priorities. Physical security considerations are now applied to select municipal facilities, cultural venues, hospitals, stadiums, schools, places of worship, and other “soft” targets that previously had no precedence to necessitate protection against attack.
ix
x Preface
PURPOSE Despite the ongoing evolution of the threat environment, this book continues to be a relevant reference for the design and assessment of a broad range of facilities. The original text was the state of the practice at its time of publication, and many of the core principles relating to physical security remain the same and have served as the foundation of this book. However, there has been significant development in the field in the last 20 years including research, testing, software, criteria documents, specifications, certifications, testing standards, and products. Projects of all types have been assessed, designed, and built, thus providing a wealth of information on the effectiveness of mitigation strategies. Many of the lessons learned from these projects have emphasized the importance of close coordination with other design considerations, which at times are at odds with physical security design strategies. These considerations include aesthetics, daylighting, energy performance, accessibility and life safety, and the constructability of building systems such as façades. Nevertheless, when addressed early enough in the project, the protective measures can be integrated seamlessly in the design, and the protected facilities will serve their intended functions. The envisioned readership for this Manual of Practice is design professionals involved in projects with physical security concerns, most specifically related to explosive, ballistic, forced-entry, and hostile vehicle threats. This book provides an overview of the typical design considerations encountered in new construction and the renovation of facilities for physical security. Because a structure will likely be damaged in response to these malevolent events, the book helps the engineer appreciate the extent of damage and incorporate upgrades to maintain structural integrity and manage debris. The authors assume that most readers will have training and experience in structural engineering and design for dynamic loadings. This book is not intended to be a textbook or primer on these subjects but rather a manual to guide designers involved in physical security. As such, each chapter references other resources including books, standards, and research, where more in-depth information may be found. Furthermore, the revised edition changed from a Technical Report to a Manual of Practice. As such, this Manual of Practice was peer-reviewed by a Blue Ribbon Panel of experts before seeking final approval from the ASCE Executive Committee. Several of the original edition’s authors served as part of the Blue Ribbon Panel. This second edition is therefore an even more valued resource to the physical security design community.
Preface
xi
OVERVIEW This Manual of Practice is organized into 10 chapters that parallel the considerations commonly encountered by structural engineers designing for physical security. In general, the book follows the chapter organization of the original edition. Chapter 1 addresses threat determination and available assessment and criteria documents. Chapter 2 explains the methods by which structural loadings are derived for the determined threat. Chapter 3 addresses the behavior and selection of structural systems. Chapter 4 discusses the design of structural components. A new Chapter 5 discusses non-structural components. Chapter 6 addresses security glazing design, and the previous Chapters 6 and 7 were combined into a single chapter (Chapter 7) that considers non-window openings. Finally, specific considerations for retrofitting structures are examined in Chapter 8, with the addition of a section related to forensics following an explosive event. Two completely new chapters were added; Chapter 9 discusses bridge security, and Chapter 10 discusses testing and certification. These new chapters reflect the growing application of physical security design services.
ACKNOWLEDGMENTS
It took a large team of authors, co-authors, contributors and reviewers 5 years to extract the core elements of the original edition that were to remain and collect 20 years of developments to make this second edition a resource that can continue to guide the physical security community moving into the future. We thank each of them for their time, expertise, and commitment to supporting the overall effort. The following members served as the lead authors for the chapters of the book. James Casper, P.E., S.E., LEED BD+C, GGP, Enclos (Chapter 6) Andy Coughlin, P.E., S.E., Structural Integrity Associates, Inc. (Chapter 10) J. Mikhael Erekson, P.E., Applied Research Associates, Inc. (Chapter 1) Sharon M. Gallant, P.E., S.E., KPFF, Inc. (Chapters 1–10) Kenneth W. Herrle, P.E., CPP, PMP, Applied Research Associates, Inc. (Chapter 5) Tarek H. Kewaisy, Ph.D., P.E., PMP (Chapter 4) Lara D. Leininger, Ph.D., Lawrence Livermore National Laboratory Energetic Materials Center (Chapter 2) Michael J. Lowak, Baker Engineering and Risk Consultants, Inc. (Chapter 7) Robert Smilowitz, Ph.D., P.E., F.SEI, Thornton Tomasetti, Inc. (Chapter 3) Rob Smith, P.E., S.E., FICE, COWI North America, Inc. (Chapter 9) Peggy Van Eepoel, P.E., F.SEI, Thornton Tomasetti, Inc. (Chapters 1–10) xiii
xiv Acknowledgments
The lead authors were supported by the following additional contributors and reviewers: Marlon Bazan, Ph.D., P.E., S.E., Protection Engineering Consultants Deborah Blass, P.E., Arup Jakob Bruhl, Ph.D., P.E. United States Military Academy at West Point James T. Brokaw, P.E., Applied Research Associates, Inc. Vincent Chiarito, P.E., F.SEI, Federal Highway Administration Kennan Crane, Ph.D., P.E. US Army Corps of Engineers ERDC James S. Davidson, Ph.D., Auburn University Carrie Davis, P.E., Facebook Steven Glowny, P.E., WSP USA Cliff Jones, Ph.D., S.E., P.E., CPP, PSP, Facebook Darell J. Lawver, P.E., S.E., Thornton Tomasetti, Inc. Mark J. Nadal, P.E., S.E., KPFF, Inc. Christopher I. Rotenberry, E.I., Systems Readiness Directorate (SRD), US Army AFC-DEVCOM Aviation & Missile Center (AvMC) Eric L. Sammarco, Ph.D., P.E., F.SEI, Protection Engineering Consultants Steven J. Smith, Ph.D., P.E., SJ Smith Consulting Shelly Brock Watson, E.I., Applied Research Associates, Inc. Mark Weaver, S.E., Karagozian & Case Eric Williamson, Ph.D., P.E., F.SEI, University of Texas at Austin Dept. of Civil, Architectural, and Environmental Engineering The Manual of Practice was independently reviewed by a Blue Ribbon Panel consisting of many of the original task committee members. Edward Conrath, P.E., Protection Engineering Consultants Peter Dimaggio, P.E., SECB Thornton Tomasetti, Inc. Aldo E. McKay, P.E., PMP, Protection Engineering Consultants Hollice Stone, P.E., Stone Security Engineering
Acknowledgments
xv
A special thanks to our families, friends, and employers for their support of the many, many hours that we have dedicated to developing this publication. Your patience and insights were key to accomplishing our goal. Sharon M. Gallant, P.E., S.E., KPFF, Inc. Peggy Van Eepoel, P.E., F.SEI, Thornton Tomasetti, Inc.
CHAPTER 1 PHYSICAL SECURITY CONCEPTS, THREATS, VULNERABILITY, AND RISK
1.1 INTRODUCTION The physical protection of occupants and assets from the damaging effects of blast, ballistic, and forced-entry tactics is a consideration that in today’s world is considered for a wide range of facilities, including not just those occupied by military and government but also private corporations, cultural venues, and transportation centers. The designers of US military facilities once dominated the field of physical security within the United States. The protection and hardening of military facilities considered both the life safety and mission-critical performance of facilities to a full range of adversarial and accidental threats. Advances in computational mechanics and materials science allowed designers to become more ambitious and for the structures to become more cost effective as design strategies shifted from risk-averse strategies to a risk-based approach to mitigate hazards, allowing application of physical security protection more readily to both public and private assets and facilities. Criteria affecting structural design for physical security have evolved as a result of historic events and research. A number of key historic events include, but are not limited to, the following. Some of the earliest US military technologies for addressing these threat tactics began following the 1983 bombing attack on the US Marine barracks and US Embassy building in Beirut, Lebanon (Figure 1-1). Shortly after these attacks, US Department of State (DoS) adapted military design philosophies to the protection of DoS structures. These guidelines recognized the need for dynamic analysis of structural systems and components in response to the high-intensity, short-duration loading resulting from explosive detonations and the need for structural details to provide the required ductility, 1
2
Structural Design for Physical Security
Figure 1-1. Beirut, Lebanon, bombing image. Source: Courtesy of Associated Press; reproduced with permission. redundancy, and robustness that enabled the structural materials to utilize their post-yield capacities. US DoS buildings on foreign soil were considered vulnerable to overseas extremists and designs required the ability to resist the effects of explosives and delay intrusion by mob violence. Anti-ram and anti-climb rated perimeter barriers were developed to maintain large standoff distances to vehicle-borne explosive threats, and hardened exterior envelopes were designed to resist standoff detonations. The next transformative events were the bombing of the World Trade Center underground parking facility in New York City in 1993 and the subsequent bombing of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma, in 1995 (Figure 1-2). In these events, substantial injuries were caused by hazardous glazing failure, while the majority of fatalities were caused by the collapsed structure. These events focused attention to the protection of domestic facilities and the prevention of progressive collapse. Access control, the hardening of exposed structural elements, and the design of hazard-mitigating glazing facades were the direct result of these domestic terrorist events. The events of September 11, 2001, at the World Trade Center in New York City and at the Pentagon in Arlington, Virginia, demonstrated a wider range of man-made hazards. This book is being published on the 20th anniversary of 9/11 and although the threats have evolved, the technologies and methodologies are still relevant, although perhaps applied differently. These events highlighted the need to protect the emergency evacuation, rescue, and recovery systems that enable occupants to escape the building
Physical Security Concepts, Threats, Vulnerability, and Risk
3
Figure 1-2. Alfred P. Murrah Federal Building bombing image. Source: Courtesy of Associated Press; reproduced with permission. before a compromised structure can no longer support its own weight. In addition to the hardening of façade and structure to withstand the effects of a vehicle-borne or hand-carried explosive event, attention has focused on the physical protection of life safety systems that addressed a wider range of hazardous events through redundancy and dispersion of systems. Since 2001, the threats from terrorists have continued to evolve and adapt, both in the United States and abroad with sampling of some of these events illustrated in Figure 1-3. A number of these more recent attacks have involved the use of firearms, homemade explosives, vehicle ramming, or even a combination of these tactics. Homegrown violent extremist acts have notably increased in recent years in the United States. In all cases, the tactics were utilized with the intent to cause a large number of casualties and fear. The following are just a handful of examples of many acts of terror that have occurred over the last two decades. In 2002, the Washington, DC, so-called beltway sniper attacks claimed 10 lives and critically wounded 3 others. In 2009, a single active shooter claimed the lives of 13 people and wounded 30 others at the Fort Hood military base in Texas. In 2013, two brothers made pressure cooker bombs and detonated them at the Boston Marathon, in Boston, Massachusetts, killing 4 and wounding 170. In November 2015, there were a series of coordinated attacks across Paris, France, utilizing firearms and explosives in a number of crowded venues
4
Structural Design for Physical Security
Figure 1-3. Example homemade explosive, vehicle ramming, and mass shooting incidents. Source: Associated Press; reproduced with permission. killing 130 and wounding 389 others. Also, in 2016, a vehicle ramming attack was carried out in Nice, France, by driving a 19 ton cargo truck into a crowded area, killing 86 and injuring 458 others. In 2017 there was a notable vehicle ramming attack in New York City with a rented Home Depot truck hitting numerous victims over a mile-long route. In 2020, there was a suicide bombing in Nashville, Tennessee, that injured 8 individuals and damaged dozens of buildings in the surrounding area. While the threats have evolved in the two decades that have passed since September 11, the methodologies and technologies used to mitigate these threats and hazards are still relevant, even if applied differently than in the past. In addition to the aforementioned terrorist attacks, there have been a number of active shooter incidents at schools throughout the United States. Although there have been school and public venue shootings for many decades, there was a notable shift in the severity of these incidents beginning with the Columbine High School massacre in 1999 in Colorado, where 15 individuals were killed and 21 were wounded. The 2007 Virginia Tech shooting in Blackburg, Virginia, claimed 33 lives. In 2012, an active shooter took the lives of 26 elementary school children and teachers at Sandy Hook Elementary in Newtown, Connecticut. In December 2015, a couple utilized firearms to kill 14 and wound 21 others in a commercial building in San Bernardino, California. In 2016, an active shooter entered a night club in Orlando, Florida, taking the lives of 49 individuals and
Physical Security Concepts, Threats, Vulnerability, and Risk
5
wounding 53 others. In 2019, there was a mass shooting at a Walmart store in El Paso, Texas, that killed 23 and injured 23 others. If history has taught us one thing, it is the difficulty of anticipating the unthinkable. As a result, there is a need to provide layers of protection to protect not only against a design basis threat but to provide potential mitigation or protection for unanticipated events. There are a wide range of physical security design strategies that can be utilized to mitigate the potential hazards and risks posed by all the aforementioned tactics. Physical security is typically defined as a combination of physical and procedural measures designed to prevent or mitigate threats or attacks against an asset. Threats may consist of a range of terrorists or criminal events that can pose a risk to public safety and welfare. This chapter is intended to introduce the reader to physical security concepts for structures, existing physical security criteria, and the risk management process as it pertains to structures. While threats cannot typically be completely eliminated through physical security and risk management, the potential impact of applicable threats can be mitigated to an acceptable level. 1.2 PHYSICAL SECURITY CONCEPTS The five main strategies of physical security are to deter, detect, delay, defend, and respond to a given threat or range of threats. These strategies are defined as follows: 1. Deter: result of implemented protective measures perceived by adversaries as too difficult to defeat. Such measures can prevent undesirable action or force adversaries to use a less effective means of attack. 2. Detect: measures implemented to determine whether an undesirable action has occurred, is occurring, or about to occur. 3. Delay: measures implemented to impede a threat from successfully being carried out against an asset. Such measures are intended to give security or law enforcement time to arrive and respond to threats. 4. Defend: measures implemented to strengthen and protect an asset or facility against a threat. Defensive measures are the primary focus of this manual of practice. 5. Respond: measures taken by security or law enforcement to prevent, resist, or mitigate the threat or attack. In practice, it is desirable to utilize concentric rings or layers of physical security measures to protect against potential events, as illustrated in Figure 1-4. The measures typically employed in the design of buildings for
6
Structural Design for Physical Security
Figure 1-4. Layers of physical security. Source: FEMA (2005); reproduced with permission. physical security include the site perimeter, site design and landscaping, the building envelope, the building structure, the building interior, utilities and systems, sensors and intrusion detection, operational measures, and communications. Whereas bridges are somewhat unique structures, there are also a range of measures and strategies that can be applied to bridge structures in a similar manner. Additional specific information for bridges can be found in Chapter 9. It is important to emphasize that physical security is best incorporated in the earlier planning stages of a project, where design basis threats (DBTs) can be developed or identified and mitigation strategies for both new construction or retrofits of existing structures can be more effectively coordinated with conventional design strategies and project objectives. In general, attempting to add physical security at the end of a project is much more costly and challenging to incorporate. The typical layers of physical security considered in the design process are summarized in the following sections. 1.2.1 Site Perimeter The site perimeter is typically the first line of defense against a threat originating exterior to the structure. Effective site planning and landscape design can substantially reduce the risk to occupants or damage to a facility. Measures employed at the site perimeter in general are designed
Physical Security Concepts, Threats, Vulnerability, and Risk
7
to detect unwanted activity at an acceptable distance from the asset to allow sufficient response time and/or control access of people, vehicles, or other objects. Site perimeter features also serve to deter, delay, and even defend in the case of anticlimb fences and antiram barriers. The enforced standoff also helps to limit or reduce potential blast loads. Some sample perimeter elements and barriers used for physical security are illustrated in Figures 1-5 and 1-6. Pedestrian control is typically designed to direct and control the flow of individuals around or through a facility. Fencing or walls are the most common type of pedestrian control barrier for a building perimeter. Fencing can act as a deterrent, provide a platform for intrusion detection devices, and can defend against some threats. Fencing and walls come in many sizes and styles that can be adapted to the architectural and functional needs of the facility or asset. In addition, fencing can incorporate forced entry and anticlimb features to limit unauthorized pedestrian access. Such fences should be reviewed and evaluated against additional criteria such as the method of attack or American with Disabilities Act (ADA) and appearance requirements for each project. In addition,
Figure 1-5. Site perimeter barrier examples (mass, bollard, cable, and wall). Source: GSA (2005), DoD (2011); reproduced with permission.
8
Structural Design for Physical Security
Figure 1-6. Excavations, ditches, and berms (earthwork barriers). Source: DoD (2011); reproduced with permission. coordination with fire department access is an equally important consideration. Vehicle control and barriers potentially play a large role in protecting against vehicular threats such as ramming and explosive attack. A vehicle vector study, as discussed in Unified Facilities Criteria (UFC) 4-022-02, Selection and Application of Vehicle Barriers (DoD 2009), can be used to determine potential approach speeds for a ramming vehicle tactic. Once
Physical Security Concepts, Threats, Vulnerability, and Risk
9
the design speed has been established, vehicle barriers are typically utilized to stop the moving vehicle threat. Common types of vehicle barriers include planters, low walls, bollards, jersey barriers, fencing and cables. Vehicle barriers are typically most successfully used to enforce appropriate standoff distance (for limiting blast loads and maximizing response time), which can mitigate or reduce the need for additional measures such as structural hardening. In the case of protection against explosive attack, additional standoff is often the most effective means of reducing hazards to the structure and occupants. However, site limitations, required functions, and costs may restrict the amount of standoff that can be adequately achieved. In addition, barriers can provide protection to pedestrians and assets against a ramming vehicle threat, which is a tactic being used more frequently. The purpose or function of the barrier system should be taken into consideration when designing or selecting an appropriate barrier solution. For example, many facilities place barriers in front of entrances and critical equipment to protect people or assets from accidental or intentional vehicle ramming. In other cases, barriers may primarily serve to separate and segregate different groups or populations such as visitors and employees. Refer to Chapter 3 for additional information on design of vehicle barriers and Chapter 10 for the testing protocol. Access points are an important feature of both pedestrian and vehicular control. Figures 1-7 through 1-9 illustrate sample access control flows and points for vehicles and pedestrians. Access points can be designed to let authorized personnel within the site, as well as provide a means for delay and detection of potential threats entering the site. In general, gates, turnstiles, electronic scanners, and other similar systems are used to secure openings. As with fencing, barriers, and walls, there are many forms and
Figure 1-7. Sample access control point diagram. Source: UFC 4-022-01 (2010); reproduced with permission.
10
Structural Design for Physical Security
Figure 1-8. Sample pedestrian access control point. Source: GSA (2005); reproduced with permission. architectural styles that can satisfy the security, architectural, and functional requirements of a given facility or asset. Control of parking and parking areas can help minimize the risk to a facility or occupants. Planners, designers, and the physical security specialist must determine whether screening all vehicles (including staff) is required or whether a combination of off-site parking and operational measures can provide adequate mitigation of potential hazards associated
Figure 1-9. Sample vehicle access control point. Source: US Department of Defense (2012); reproduced with permission.
Physical Security Concepts, Threats, Vulnerability, and Risk 11
with unscreened vehicles parked within the building or site perimeter. Such potential hazards include threats brought onto the site both intentionally and unknown to the driver. Hence, there is a desire to provide standoff to parking and to separate critical areas from both underground and adjacent parking, whether these areas are limited to authorized vehicles or not. Without this standoff and separation of critical areas, the blast loads that can be imparted by even a relatively small threat in a parking area can be enormous and potentially cause failure of a critical structural component or other critical areas and systems. Facilities with a waterfront (e.g., harbor, river, lake, and ocean) defining a portion of the site perimeter have an additional consideration for perimeter protection. Such assets have the potential need to maintain standoff for maritime threats. In these cases, waterfront or shoreline barriers may be necessary to control access and maintain standoff along the waterfront. A variety of barriers can be utilized including buoyant security barriers, tethered and anchored floating fences, permanent structures, or a combination thereof. Some representative waterfront barriers are shown in Figure 1-10. Standoff to waterfront barriers is
(a)
(b)
Figure 1-10. Sample water barriers. Source: (a) Courtesy of Truston Barriers, (b) Courtesy of Yodock Wall Company; reproduced with permission.
12
Structural Design for Physical Security
typically based on the mean high water level. One standard for testing such floating barriers is ASTM F2766, Standard Test Method for Boat Barriers. Most of these types of waterfront barriers are primarily intended to control access by maritime vehicles. Pedestrian and swimmer access control is more challenging and typically dealt with through operational procedures. 1.2.2 Site Layout and Landscaping Site layout and landscaping play an important role in limiting the ability of adversaries to approach the building undetected or to conceal threats. Crime Prevention through Environmental Design (CPTED) (FEMA/NCPC 2003) is the strategy of utilizing natural access control, territorial reinforcement and natural surveillance to increase safety and reduce the need for physical hardening measures and security personnel support. CPTED concepts and practices can be used to help in the design of all site and perimeter security measures intended to deter, delay, and detect unauthorized entry. 1.2.3 Building Envelope The building envelope is the next zone or layer of security typically considered in physical security design. The building envelope provides an important barrier for preventing unauthorized people, vehicles, weapons, or substances including airborne and waterborne contaminants into the facility, as well as providing resistance to blast loads. A variety of features and measures are often incorporated into the design of the building envelope to assist in the deterrence, delay, detection, or defense against potential threats. The walls, roof, doors, windows, and other openings all act as delay and defend mechanisms for an aggressor or threat. The security and manufacturing industry and US government have developed a range of forced entry, ballistic, and blast standards for various risk-based levels of performance. Additional guidance and information on physical security design of the building envelope is presented in Chapters 5 through 7. 1.2.4 Building Structure Structural collapse typically results in the largest number of injuries and deaths for threats considered by this document. For example, the vast majority of deaths in the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma, in 1995 was because of the collapsing structure, as shown in Figure 1-11. As such, it is important to incorporate an appropriate level of redundancy, strength, and ductility into structural systems to mitigate the severe hazards associated with structural failure and collapse. The
Physical Security Concepts, Threats, Vulnerability, and Risk 13
Figure 1-11. Fatalities and injuries by location in the Alfred P. Murrah Federal Building collapse. Source: FEMA (2014); reproduced with permission.
structure can also be designed against impacts and a range of other threats besides blast loads. Additional guidance and information on physical security design of the structure and structural components are presented in Chapters 3 and 4. 1.2.5 Building Interior The building interior provides additional opportunities to employ features to deter, detect, delay, and defend against potential aggressors and threats. Walls and slabs can serve to provide barriers between public and protected spaces. From a physical security standpoint, interior barriers typically serve to separate activities, define interior boundaries, aid in access control, conceal sensitive activities or assets, provide a platform for electronic security equipment, and resist weapons effects. In addition, interior building layout should be coordinated closely with security considerations to provide appropriate separation of critical areas and assets, as well as facilitate evacuation and response to potential hazards and threats. A wide range of physical security measures can be incorporated into the building interior to mitigate potential threats, which are discussed further in Chapters 4 and 5.
14
Structural Design for Physical Security
1.2.6 Building Utilities and Systems Building utilities and systems include but are not limited to potable and industrial water, fire protection water, sanitary sewer, fuels, steam, chilled water, electrical power, heating ventilation air conditioning (HVAC), and telecommunications. Utilities and systems often provide penetrations into facilities that should be evaluated from a physical security standpoint and can be directly or indirectly vulnerable to aggressors and threats. Redundant and separated systems are one common method of protecting building utilities and systems from single point failure because of a potential threat. Additional discussion of utilities and systems is presented in Chapter 5. 1.2.7 Sensors and Intrusion Detection Many facilities incorporate sensors, cameras, alarms, and other electronic security equipment for the purpose of deterring and detecting unwanted behavior and threats to the facility. Electronic equipment should be selected and coordinated with structural design in a holistic approach that considers the interdependence of all facility functions and requirements. In many cases, reduced structural hardening can be utilized if the potential threats can effectively be reduced or eliminated from the facility or select portions of the facility. 1.2.8 Operational Countermeasures and Considerations Every physical security program can have a number of operational countermeasures in the form of personnel, procedures, policies, and practices that should be coordinated with the overall design of the facility or asset. These operational measures can deter, detect, delay, and respond to potential aggressors and threats. 1.2.9 Communications Communication systems are an important aspect of physical security design. Communications are needed to facilitate rapid and adequate communication with security personnel, tenants, first responders, and law enforcement. As a result, communication systems should be developed and coordinated with all other aspects of the physical security design for a facility and protected from aggressors and threats. 1.2.10 Bridges Bridges are somewhat unique structures that are also vulnerable to a wide range of aggressors and threats. The basic concepts of physical
Physical Security Concepts, Threats, Vulnerability, and Risk 15
security also apply to bridges with respect to the desire to deter, detect, delay, and defend against potential threats. However, with the generally high-volume use and widely public access to bridges, particular attention must be paid to the structural, electronic, and operational measures relied on to mitigate potential threats. Owing to the unique aspects of bridges, specific risk-based assessments and methodologies have been developed to prioritize and protect bridges and bridge components from a physical security standpoint. The USACE Engineering Research and Development Center worked with ASCE to publish a paper titled, “Risk-Based Prioritization of Terrorist Threat Mitigation Measures on Bridges” in 2007 (Ray 2007). National Cooperative Highway Research Program (NCHRP 2010) Report 645 provides design and detailing guidelines for blastresistant bridges. Federal Highway Administration (FHWA) has also published the Bridge Security Design Manual (FHWA-HIF-17-032, FHWA 2017) to provide information for structural engineers, planners, owners, and others to incorporate effective strategies in bridge projects and make highway systems resilient against terrorist threats. More detailed guidance is provided in Chapter 9. 1.3 PHYSICAL SECURITY TEAM MEMBERS AND QUALIFICATIONS Physical security team members should include specialists with demonstrated experience in risk assessment and management, electronic security, physical security design, fire protection, progressive collapse mitigation, ballistic and forced-entry protection, anti-ram barrier design, determination of the blast load environment, and blast mitigation analysis and design. These specialists should become a part of the design team during the concept phase of the project to ensure security considerations are incorporated in a holistic and cost-effective manner. The purpose of this team is to work together to develop the protective criteria, which is applicable to the design of the facility. The following are specific security team member specialties most frequently directly related to structural design for physical security and recommended qualifications for each. However, it is essential to coordinate with all related disciplines including architecture, landscape, mechanical electrical plumbing (MEP), fire protection, electronic security specialists, and so on. A security specialist typically performs risk and vulnerability assessments, works with the project stakeholders to develop risk-based, project-specific design requirements, and develops operational and physical security measures to mitigate risks to an acceptable level. A qualified security specialist should have a minimum of 5 years of experience in physical security design and ideally should hold professional
16
Structural Design for Physical Security
certification such as a Certified Protection Professional or Physical Security Professional from American Society for Industrial Security (ASIS). The security specialist(s) should have demonstrated knowledge and experience applying security strategies, such as CPTED (FEMA/NCPC 2003), ballistic and forced-entry rating, and electronic security system design. One or more engineers with specialized training in the areas of blast and progressive collapse mitigation analysis and design should be included where projects must mitigate hazards associated with loadings because of explosives and the loss of primary structural members. These professionals incorporate structural design strategies into the project and coordinate with all project disciplines and constraints. These structural specialists should be a licensed Professional Engineer (P.E.) with a bachelor’s degree in structural engineering or a related field and have formal training in structural dynamics and demonstrated experience with accepted design practices for blast and progressive collapse mitigation analysis and design. The specialist should have a minimum of 5 years of experience performing dynamic analysis and blast-resistant design. 1.4 EXISTING PHYSICAL SECURITY CRITERIA AND STANDARDS There are a variety of existing physical security criteria provided by US government agencies and professional organizations that may be applicable or adapted to a wide range of building facilities. The most common criteria include ASCE/SEI 59-11 Blast Protection of Buildings (ASCE 2011), the Interagency Security Committee (ISC) risk management process (ISC 2016), the Department of Defense (DoD) UFC 4-010-01 DoD Minimum Antiterrorism Standards for Buildings (DoD 2020), and the Department of Veterans Affairs (VA) Physical Security and Resiliency Design Manual (VA 2020). FEMA has also published a number of guides and references dealing with protective design for buildings, including FEMA 426 (FEMA 2003) and FEMA 428 (FEMA 2012). All these criteria and standards are living documents that are regularly updated based on evolving practices, threats, and risks. ASCE/SEI 59-11 is available to the public through ASCE and affiliated distributors. The ISC risk management process is available with unlimited distribution, but the appendixes, countermeasures, and design basis threat documents are For Official Use Only and typically provided by the US government to authorized US contractors. UFC 4-010-01 is publicly available from USACE or the Whole Building Design Guide and provides mitigating measures where no identified threat or level of protection has been determined in accordance with the process outlined in UFC 4-020-01, DoD Security Engineering Facilities Planning Manual (DoD 2008). Transportation Security Administration (TSA), VA, and FEMA documents
Physical Security Concepts, Threats, Vulnerability, and Risk 17
are publicly available with some portions and definitions withheld and made available to authorized contractors on request. ASCE/SEI 59-11 is an accredited ANSI standard that may be used as a guide for designing structures to resist blast loads. The ASCE standard is not enforced or required by any specific codes or criteria at the present time but may be identified or required by project specifications. The standard discusses basic design considerations, performance criteria, simplified empirical methods for calculating external and internal blast loads, analysis guidance for structural systems, protection of spaces, the exterior envelope, materials detailing, and performance qualification guidelines. This study does not identify threat sizes or levels of protection for specific threats. These requirements need to be identified through the project development process. ASCE/SEI 59-11 is in the process of being updated at the time of this writing. The ISC risk management process (ISC 2016) is applicable for most federal buildings, offices, and courthouses in the United States. This process involves identifying a facility security level (FSL) based on various factors including but not limited to facility size, the number of occupants, facility mission and functions, symbolism, and so on. Once an FSL has been determined, the criteria provide a variety of countermeasures based on the FSL to address a wide range of potential threats. Applicable DBTs are also documented for use with performance-based countermeasures (ISC 2016). A facility-specific risk assessment can be used to modify the standard recommended countermeasures. The UFC 4-010-01 Minimum Antiterrorism Standards (DoD 2020) apply primarily to the DoD facilities and assets. The UFC standards identify varying levels of protection based primarily on the number of DoD personnel that occupy the facility. Based on the required level of protection, DBTs and a variety of prescriptive and performance-based standards are provided for incorporation into new designs and major renovation projects. As noted in UFC 4-020-01, Facilities Planning Manual (DoD 2008), typical DBTs are for generic aggressors in unspecified locations. The design basis threat serves to develop physical security measures and structural hardening that mitigates hazards in the event of an aggressor action against the facility, but it is important to understand the specific size, standoff, and method of delivery for an actual threat that may be larger or smaller than the basis of design. Intelligence, experience, or judgment of the planning team could warrant the need to modify DBTs and/or protective measures to mitigate against a known likely threat. A discussion on DBTs and maximum credible threats is provided later in this chapter. The VA Physical Security and Resiliency Design Manual (PSRDM) applies to VA (VA 2020) facilities. The document identifies requirements for both life safety and mission-critical facilities. Exempted types of facilities are also listed, which are not subject of the VA PSRDM requirements. Based on
18
Structural Design for Physical Security
the facility classification, DBTs, and a variety of prescriptive and performance-based criteria are provided for design of new facilities and major modernizations. The VA PSRDM permits waivers and modifications to the criteria based on a facility-specific risk assessment. FEMA has published a wide number of guidelines to address a variety of hazards and threats, including blast protection, terrorist attack, and shootings. FEMA 426 (FEMA 2003), Reference Manual to Mitigate Potential Terrorist Attacks against Buildings, provides an overview of many physical security design concepts applicable to buildings and campuses. The reference provides an overview of vulnerability and risk assessment processes, site layout and design considerations, building design guidance, blast effects, and chemical/biological/radiological (CBR) threats. FEMA 428, Primer to Design Safe School Projects in Case of Terrorist Attacks and School Shootings (FEMA 2012) states that its purpose is to provide the design community and school administrators with the basic principles and techniques to make a school safe from terrorist attacks and school shootings and at the same time to ensure that it is functional and esthetically pleasing. The primer discusses security risk management, engineering and architectural design considerations, historic school shootings, blast effects, and measures for dealing with toxic releases. TSA has published Recommended Security Guidelines for Airport Planning, Design and Construction (TSA 2006). These guidelines cover key design considerations such as general airport layout, security areas, vulnerability assessments of vulnerable areas, chemical and biological agents, barriers, boundaries, and access points. These guidelines are specific to securityrelated airport facilities and airport terminal buildings. As with any security design, there are numerous advantages to incorporating security concerns into airport planning and design at the earliest phases. This study provides guidelines and recommendations only and is not intended to suggest mandatory measures for any airport. 1.5 RISK-BASED PHYSICAL SECURITY CRITERIA All facilities and assets face a certain level of risk associated with a range of potential threats. Threats may be natural events, accidents, or intentional criminal or terrorist acts intended to cause harm. While many organizations and individuals tend to be risk averse, project budgets, organizational missions, asset functions, and other competing goals require acceptance of some level of risk. To this end, risk assessment and management processes have been developed to effectively identify potential risks and mitigate associated threats and vulnerabilities to an acceptable level. It should be noted that there are a variety of standardized risk assessment and management processes utilized throughout the industry. Rather than
20
Structural Design for Physical Security
evaluates the vulnerability or consequences of the asset to applicable threats, and evaluates potential countermeasures to applicable threats. The overall risk rating is a product of the asset value, threats and likelihood, vulnerability or consequences, and countermeasures that each receives relative numeric ratings. The resulting combined risk rating can be used to compare design strategies and alternatives to reduce the overall risk to an acceptable level established by owners and stakeholders. For facilities and buildings, this process can be applied to the entire facility or individual assets and components of the facility. For bridges, this process is typically employed to prioritize protection for individual bridge components and systems. The risk management process should be revisited periodically throughout the life of the building, bridge, or asset as threats, vulnerabilities, and requirements change over time. 1.5.1 Asset Identification The first step in any risk assessment and management process is to identify the assets to protect. Risk assessors should consider separate characteristics and the inter-relatedness of different assets and components. This allows each element and system to receive its own protection and prioritization rating. Assets typically include categories such as people, vehicles, fuels, arms and ammunition, communications, supplies, information, buildings, and even reputation. In addition, these assets may be either primary assets or secondary assets. Primary assets are likely to be a direct target of an aggressor. A secondary asset is one on which the primary asset depends and whose compromise would result in the compromise of the primary asset. For example, if communications equipment were a primary asset, its primary power source could be a secondary asset, and a protective measure would be to provide a backup power source. 1.5.1.1 Asset Importance. Once assets to be protected have been identified, it is important to identify how important it is to the user, owner, or stakeholders. The relative value of assets or elements can vary a great deal. Cost is often a key basis for evaluation, but availability, demand for the asset, and other factors can define relative value or importance. In general, asset importance or value is a function of mission criticality of the asset, replaceability, and relative value. An example of a low-value asset might be a warehouse that is not routinely occupied that does not affect essential operations of an organization. A high-value asset might be a large office building that houses critical information and key personnel essential to carry out an organization’s primary mission and objectives.
Physical Security Concepts, Threats, Vulnerability, and Risk 21
For bridges, importance of a component is primarily determined based on the redundancy provided by other members for load transfer. Components that are critical without redundant load paths (e.g., main piers) receive the highest importance ratings, while members with clear redundancy or noncritical performance have the lowest importance. 1.5.1.2 Replaceability and Criticality. For bridges, buildings, and industrial or manufacturing plants, replaceability and criticality are important considerations when establishing the value of an asset or component. This addresses the time required to replace an asset either in-kind or with a reasonable substitute. The concept of this factor is that assets that can be easily replaced may not warrant as much protection as those that cannot. Criticality is considered in terms of the asset’s criticality to the overall purpose of the facility or bridge for its users and stakeholders. This evaluation allows a differentiation to be made between those assets that are important to the local user but not critical to the overall purpose of the facility or bridge. 1.5.1.3 Intangible Factors. Historic status, symbolism, user confidence, and other intangible factors can also affect the relative value of assets. These factors are more subjective in many cases and may require input from all stakeholders to properly rank the relative importance of intangible factors. 1.5.2 Threat Considerations A threat assessment should consider the full range of potential threats, which can include criminal, terrorist, accidental, and natural events. The assessment process should examine supporting information and intelligence to evaluate the relative likelihood of each threat. The Federal Bureau of Investigation (FBI) routinely publishes crime statistics in annual Uniform Crime Reports. The Research and Development Corporation (RAND) also maintains a database with a wide range of statistics including the RAND Database of Worldwide Terrorism Incidents (RDWTI), which is updated periodically. These and other statistical sources can be used to estimate the likelihood of criminal and terrorist incidents. 1.5.2.1 Man-made Threats. Man-made threats are typically the key consideration from a physical security standpoint. The likelihood of these threats is typically influenced by the following factors: 1. Existence of individuals or groups hostile to the asset, organization: Are such individuals or groups active in the area? Can they gain access to the asset to perform a particular action?
22
Structural Design for Physical Security
2. Capability of these persons or groups: A poorly organized untrained group is less likely to carry out a sophisticated attack with weapons of mass destruction than a highly trained group of people with military experience and resources. 3. History of actions and tactics: People tend to utilize tactics they or others like them have successfully employed in the past. However, this does not assure that new and expanded tactics will not be employed. Determined terrorists have demonstrated willingness to spend years training and planning for a large-scale event. Hence, it is important to consider a wide range of potential threats instead of solely protecting against the last attack. 4. Intention of actions: Understanding the objectives and goals of an adversary makes it easier to identify their most likely methods of attack. Someone desiring to strike an entire organization or facility may be more likely to utilize tactics that produce more widespread effects such as arson or explosives. 5. Targeting actions being conducted: If it is known that an adversary is gathering information and intelligence on a particular facility or asset can be a very precise indicator of the tactic they are planning to deploy. However, a substantial amount of information can often be acquired through the internet, social media, and areas of public access. Appropriate threat assessment information can be sought from knowledgeable facility personnel, local law enforcement, local emergency management, FBI, Centers for Disease Control and Prevention, US Department of Homeland Security, and Homeland Security Offices at the state level. 1.5.2.1.1 Criminal. For criminal threats, crime rates in the surrounding area typically provide a good indicator of the type and likelihood of criminal activity that can affect a given threat. In addition, the visibility, accessibility, and type of asset may increase the target attractiveness in the eyes of the aggressor while also relating directly to the potential for occurrence. Criminal threats frequently include, but are not limited to, arson, assault, ballistic attack (active shooter and small arms), forced entry, civil disturbance, kidnapping, robbery, theft, workplace violence, vandalism, and so on. 1.5.2.1.2 Terrorist. For terrorist threats, the attractiveness of the target is a primary consideration. The type of terrorist act can also vary based on the potential adversary and method of attack most likely to be successful for a given scenario. It is important to remember also that while one asset may not be a primary target of terrorist attack, being located adjacent to or near an attractive terrorist target can result in collateral damage as well. The likelihood of terrorist attacks cannot in general be quantified statistically.
Physical Security Concepts, Threats, Vulnerability, and Risk 23
As a result, credible threat scenarios are typically developed based on past events and current intelligence information. Terrorist threats can include, but are not limited to, aircraft as a weapon, ballistic attack (active shooter, small arms, and standoff weapons), chemical/biological/radiological/ nuclear (CBRN) release, coordinated or sequential attacks, explosive devices (vehicular, maritime, mailed, man-portable, and suicide), release of hazardous materials, and vehicle ramming. 1.5.2.1.3 Accidental. Accidental threats are typically established based on historic data available for specific types of assets and environments. For example, a facility on a major road with heavy traffic is more likely to see a vehicle accidentally run off the road than one that is substantially separated from heavy traffic roads. 1.5.2.2 Natural Hazard. Natural hazard mitigation is typically achieved by applying building code requirements and project specifications. In general, the likelihood of natural hazards is based on historical data concerning the frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, winter weather, or earthquakes. Although a physical security risk assessment does not usually establish risks and mitigation measures for dealing with natural hazards, it is important to coordinate requirements for natural hazards with physical security protection. Proper coordination can facilitate identification of physical security strategies that can take advantage of and enhance protection provided for natural threats and hazards. 1.5.3 Countermeasure Assessment After assets and potential threats have been identified, a review is typically made of existing countermeasures. Countermeasures can include visible security, protective measures, security equipment, effectiveness of law enforcement, response time of security, and law-enforcement personnel. The relative contribution of the countermeasure to the level of delay, denial, or detection, and defense should be evaluated. Additional countermeasures are developed later in the process as needed to reduce the overall risk to an acceptable level. 1.5.4 Vulnerability or Consequence Assessment A vulnerability assessment is performed after evaluating the assets, threats, and any existing countermeasures. The purpose of the vulnerability assessment is to evaluate the potential impact or consequence of each credible threat against the potential of loss for each asset. For facilities, the impact of loss is considered, as well as the susceptibility of the asset to a
24
Structural Design for Physical Security
potential threat. For bridges, the vulnerability is limited primarily to resistance of a given component to each credible threat. Resistance or susceptibility to a potential threat should account for existing or designed countermeasures that can help to mitigate the effectiveness of the threat against that asset. 1.5.5 Risk Evaluation Once the assets, threats, and vulnerability of assets and components have been identified, the overall risk rating is determined by multiplying the factors established for asset importance, threat (including likelihood or probability of occurrence), and vulnerability or consequence. The determined factors are typically defined as values ranging from zero to one and depending on the particular process employed may have weighting factors on different aspects or components as well. The typical form of the equation for ranking the risk for each threat and asset is as follows:
R = I ⋅ PT ⋅ V
(1-1)
where R = Risk ranking, I = Asset importance (0 to 1.0), PT = Likelihood or probability of threat occurrence (0 to 1.0), and V = Vulnerability or consequence of compromise of asset by the considered threat (0 to 1.0). 1.5.5.1 Evaluation of Risk Mitigation or Risk Acceptance. Once relative risks are identified for each asset or component and corresponding credible threats, a review can be made of potential physical security measures that can be utilized to further mitigate risks. Considerations are typically made for potential cost impact, risk reduction, design constraints, and desired objectives and functions to determine what risks can be effectively mitigated and where remaining levels of risk must be accepted by owners and stakeholders. Utilizing the risk ratings developed during a risk assessment facilitates decisions on risk acceptance. 1.5.5.2 Establish Design Criteria to Mitigate Risks. After acceptable levels of risk have been established and mitigation measures have been prioritized, design criteria can be established including DBTs based on available data, desired levels of protection and associated response limits, required security and detection equipment, and operational measures.
Physical Security Concepts, Threats, Vulnerability, and Risk 25
1.5.6 Design Basis Determination The physical security concepts, standard criteria, and risk assessment processes should be used to establish appropriate DBTs and prescriptive or performance-based criteria for a given facility or asset. For facilities covered by existing physical security criteria, the design-basis threats and performance requirements are typically preestablished. For commercial facilities, bridges, and other unique assets or as permitted by some standards, a facility-specific risk assessment process should be utilized to establish appropriate threats, performance-based criteria, and mitigation measures to incorporate into the design. This information provides a common reference point from which security personnel and engineers can start an effective dialog. Such dialog can be the basis for the kind of cooperation that is necessary to ensure that all of the requirements for today’s complex integrated security and protective systems are coordinated at the inception of project planning. In too many cases, security requirements have not been communicated until late in the project or until after its completion. This has often resulted in expensive retrofits or modifications. 1.5.7 DBTs versus Historic and Credible Threats Unlike natural hazards such as earthquakes, floods, and hurricanes, man-made threats are typically difficult to predict. Natural hazards have a substantial amount of data and statistical information that can be used to predict a reasonable frequency and magnitude for developing reasonable design requirements that mitigate the risks for such events to an acceptable level. The magnitude and recurrence of terrorist attacks are unpredictable and ever evolving. As such, determining a particular threat that may be likely against a particular building or asset can be largely subjective unless recent intelligence information indicates something in particular. However, such intelligence information in general is only available when an attack is imminent, which is usually not the case when a building or facility is being designed or renovated with physical security in mind. In general, DBTs are developed to mitigate hazards associated with a potential tactic such as a vehicle bomb, active shooter incident, or other similar threat instead of designing to completely resist a maximum historic threat or tactic. For example, in the case of the attack on the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma, in 1995, the tactic involved the detonation of 4,800 lb (2,180 kg) of ANFO explosive, which caused damage or destruction to more than 300 buildings in a 16-block radius. Designing to fully resist such an attack would require fortress like construction with heavy blast-resistant windows or no
26
Structural Design for Physical Security
windows at all for any facility considered to be at risk. Such an approach would not be economically feasible, and from a statistical standpoint, the likelihood of such an attack against a particular facility is extremely low. Instead, a more appropriate design-basis threat can be selected with the intent of protecting a facility from a threat in the general area, which substantially reduces the potential damage, injuries, and casualties from a threat even if an actual incident uses a larger threat than was considered as the basis of design. Alternate approaches include designing for a larger threat and allowing for more damage or putting a cap or upper bound on design loads. Such approaches would typically result in the use of ductile detailing, redundant load paths to mitigate collapse, and the use of laminated windows to limit hazardous window breakage. The relative cost of these types of design-basis approaches is much smaller while still substantially reducing the risk. REFERENCES ASCE. 2011. Blast protection of buildings. ASCE/SEI 59-11. Reston, VA: ASCE. DoD (US Department of Defense). 2008. Security engineering facilities planning manual. UFC 4-020-01. Washington, DC: DoD. DoD. 2011. Guidelines for the design of passive vehicle barriers for implementation at DoD facilities. Omaha, NE: US Army Corps of Engineers, Protective Design Center. DoD. 2009. Selection and application of vehicle barriers. UFC 4-022-02. Washington, DC: DoD. DoD. 2020. Minimum antiterrorism standards for buildings. UFC 04-010-01. Washington, DC: DoD. FEMA. 2003. Reference manual to mitigate terrorist attacks against buildings. FEMA 426. Washington, DC: FEMA. FEMA. 2005. Risk assessment: A how-to guide to mitigate potential terrorist attacks against buildings. FEMA 452. Washington, DC: FEMA. FEMA. 2012. Primer to design safe school projects in case of terrorist attacks and school shootings. FEMA 428. Washington, DC: FEMA. FEMA. 2014. IS-156: Building design for homeland security for continuity of operations. Washington, DC: FEMA. FEMA/NCPC (Federal Emergency Management Agency/National Crime Prevention Council). 2003. Crime prevention through environmental design guidebook. Washington, DC: FEMA. FHWA (Federal Highways Administration). 2017. Bridge security design manual, infrastructure office of bridges and structures. FHWA-HIF-17-032. Washington, DC: FHWA.
Physical Security Concepts, Threats, Vulnerability, and Risk 27
GSA (General Services Administration). 2005. Protective design and security implementation guidelines. Washington, DC: GSA. ISC (Interagency Security Committee). 2016. The risk management process for federal facilities: An interagency security committee standard. 2nd ed. Washington, DC: ISC. ISC. 2016. The design-basis threat (U), an interagency security committee report. 10th ed. Washington, DC: ISC. NCHRP (National Cooperative Highway Research Program). 2010. Blastresistant highway bridges: Design and detailing guidelines. Rep. No. 645. Washington, DC: Transportation Research Board. Ray, J. C. 2007. “Risk-based prioritization of terrorist threat mitigation measures on bridges.” J. Bridge Eng. 12 (2): 140–146. TSA (Transportation Security Administration). 2006. Recommended security guidelines for airport planning, design and construction. Washington, DC: TSA. VA (US Department of Veterans Affairs). 2020. Physical security and resiliency design manual. Washington, DC: VA.
CHAPTER 2 LOAD DEFINITION
2.1 INTRODUCTION This chapter describes the methods for load definition, quantification, and application that are often considered in the structural design of facilities intended for enhanced physical security. These loads are defined in terms of aggressor threats and tactics that consider intentional events employing explosives, ballistics, forced entry, and vehicle ramming. The chapter should be used in conjunction with a threat assessment (as described in Chapter 1) provided by the building owner or applicable government agency. While accidents are not explicitly covered in this chapter, if the overpressure wave from an explosive reaction is traveling supersonically (faster than the sound speed of uncompressed air), the loading procedures described in this text are applicable. When the reaction wave is subsonic, it is a deflagration and may have different shaped pressure histories from a detonation. These scenarios are covered in detail in Design of Blast Resistant Buildings in Petrochemical Facilities (ASCE 2010). Some examples of accidents that caused significant damage include the fire and subsequent explosion of ammonium nitrate fertilizer at the West Fertilizer Company in 2013 and the explosion of a natural gas pipeline in San Bruno, California, in 2010. More detailed explanations of the loading interaction with structures are included in Chapter 3. Extreme loadings from blast, seismic, and wind events are all different in their nature. Design of a structure to resist a particular extreme event (i.e., wind and seismic) may increase the structural capacity to resist airblast; however, this capacity must still be verified with rigorous analysis as presented in this chapter. 29
30
Structural Design for Physical Security
The most common physical security concern is an explosive attack because it can have a catastrophic consequence with mass casualties if the quantities of explosives are large or if a structural collapse is triggered by airblast. Notable historic terrorist events with large quantities of explosives include the World Trade Center bombing in New York, New York, with approximately 1,000 lb (approximately 450 kg) via a cargo van of urea nitrate and hydrogen gas on February 26, 1993; the 4,000 to 7,000 lb (1,800 to 3,200 kg) ammonium nitrate fertilizer truck bomb delivered to the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma, on April 19, 1995 (majority of fatalities from subsequent disproportionate collapse); the converted petrol tanker truck packed with approximately 5,000 lb (approximately 2,300 kg) of plastic explosives at a housing complex in Khobar, Saudi Arabia, on June 25, 1996; the approximately 6,500 lb (approximately 3,000 kg) truck bomb at the US Embassy in Nairobi, Kenya, on August 7, 1998; and an approximately 1,000 lb (approximately 450 kg) dump truck of aluminized RDX and TNT at the gate of the Marriott Hotel in Islamabad, Pakistan, on September 20, 2008. Shortly before the final edit of this Manual of Practice, on Christmas morning 2020, an unknown quantity and configuration of explosives, delivered by a suicide bomber in a Recreational Vehicle (RV), exploded in downtown Nashville, Tennessee. This event caused damage to dozens of buildings in the area and because the RV was parked in front of a telecommunication network hub, resulted in days-long service outages. Satchel-sized or suicide-bomber-type threats are antipersonnel events that result in significant injuries and casualties with little to no structural damage such as the Boston Marathon bombs in Boston, Massachusetts, in 2013; the series of coordinated attacks (mass shootings and suicide bombings) in Paris, France, in 2015; the airport and metro bombings in Brussels, Belgium, in 2016; and the suicide bomber at a concert in Manchester, England, in 2017. These types of charges often include antipersonnel, improvised fragments (i.e., nails, ball-bearings, bolts, and screws) that typically pose a limited threat to the structure. However, when localized areas of the structure are deemed high risk, such as a publicly accessible structural column vulnerable to the placement of a backpack/satchel charge, then the loading from these charges should be considered a potential structural risk and close-in blast effects dominate. Ballistic and forced-entry events, covered later in this chapter, are not typically a significant structural design concern because the kinetic energy delivered is over a small, focused area with loadings that do not typically cause severe structural damage or collapse. In recent history, events overseas with shoulder-fired rockets were ubiquitous in war-torn regions of the world; active-shooters such as those seen in Newtown, Connecticut, in 2012; San Bernardino, California, in 2015, and Orlando, Florida, in 2016; the attacks on the US Mission and Diplomatic Annex in Benghazi, Libya,
Load Definition
31
in 2012; and the series of coordinated attacks (mass shootings and suicide bombings) in Paris, France, in 2015 have made headlines. Ballistic threats are often considered in designs for the protection of law enforcement, the guard force protecting a facility, and the protection of high-profile targets (e.g., military leaders, government officials, and judges). The main concern of design professionals is the absorption of the kinetic energy and the collateral damage caused by the small amounts of high explosive and/or shaped charges on the warhead of a ballistic mortar ( 3 ft/lb1/3
Load Definition
35
(1.19 m/kg1/3). Sections 2.2.1 and 2.2.4 discuss in more detail about considerations for scaled range and the far-field assumption associated with Z (scaled range) > 3, and when it might no longer apply. Close-in overpressure from a small package or person-portable charge is not expected to result in structural damage (unless the local failure could lead to progressive collapse); however, it produces localized peak overpressure that can result in fatalities at close range (approximately 20 ft or 6 m) or injury from lung damage or eardrum rupture. For example, the threshold for eardrum rupture because of a 50 lb (23 kg) charge is 87 ft (26.5 m) (DoD 2008). Structural blast effects for shorter scaled ranges are more tightly coupled to the loading (e.g., column removal from breach or direct shear) and are addressed in Chapters 3 and 4. A confined, internal explosion, such as one in a parking garage or basement, can result in the catastrophic collapse of the structure because the effects of the direct blast loading are coupled to that of the quasi-static gas pressure build-up developed in the enclosed space delivers more loading to the structure than a transient blast. 2.2.1 Blast Scaling Scaling the properties of blast waves from explosive sources is a common practice, and with a rudimentary knowledge of blast mechanics, these laws are used to predict the properties of blast waves from largescale explosions based on small-scale tests. Similarly, results of tests conducted at sea-level ambient atmospheric conditions are routinely used to predict the properties of blast waves from explosions detonated under high-altitude conditions. Baker (1973) summarized the derivation of laws for scaling of blast wave properties; this section states the implications of the laws most commonly used. The most common form of blast scaling is Hopkinson–Cranz or cube-root scaling. This law, first formulated by Hopkinson (1915) and independently formulated by Cranz (1926), states that self-similar blast waves are produced at identical scaled distances when two explosive charges of similar geometry and identical explosive material (i.e., type), but of different weight, are detonated in the same atmosphere. It is customary to use a scaled distance as the dimensional parameter,
Z = R/E1/3
where E = ∆H d
(2-1)
or
Z = R/W 1/3
(2-2)
36
Structural Design for Physical Security
where R = Distance from the center of the explosive source, E = Total heat of detonation, ΔHd, of the explosive (the total from mechanical and thermal energies of detonation), and W = Total weight of the explosive (i.e., TNT). The relevant equation [Equation (2-1) or (2-2)] may be apparent based on whether E or W is given. Figure 2-3 shows schematically the implications of Hopkinson–Cranz blast wave scaling. An observer located at a distance R from the center of an explosive source of characteristic dimension d is subjected to a blast wave with an amplitude of p, duration t, and characteristic time history. The integral of the overpressure history is impulse i. The Hopkinson–Cranz scaling law then states that an observer stationed at a distance λR from the center of a similar explosive source of characteristic dimension λd detonated in the same atmosphere will feel a blast wave of similar form with amplitude p, duration λt, and impulse λi. All characteristic times are scaled by the same factor as the length scale factor λ. In the Hopkinson–Cranz scaling, pressures, temperatures, densities, and velocities are unchanged at corresponding times. The Hopkinson–Cranz scaling law has been thoroughly verified by many experiments conducted over a large range of W and E. However, the lack of experimental data at very small-scaled distances makes verification of the blast scaling law at those ranges difficult. The lack of blast pressure data indicates that uncertainties associated with blast load predictions increase as the scaled distance is reduced, and it is an indicator that further diligence is required in the form of higher fidelity analysis. A more complete discussion of this
Figure 2-3. Hopkinson–Cranz blast wave scaling states that self-similar blast waves are produced at identified scaled distances when two explosive charges of similar geometry and explosive type are detonated.
Load Definition
37
law and a demonstration of its applicability is provided in Chapter 3 of Baker (1973). The pressure–time histories of a blast wave like those shown in Figures 2-2(a) and 2-3 are typically attributed to the work of Friedlander (1946), in which the author presents the analytical equations of a pressure discontinuity (caused by a blast wave) propagating parallel to a boundary, in an undisturbed fluid, without reflecting surfaces. The Friedlander equation describes a curve that instantaneously jumps to the peak overpressure, decays exponentially, passes through the origin of zero overpressure at the positive phase duration, reaches a point of inflection half-way through the negative phase duration, and finally asymptotes at zero overpressure at the end of the negative phase duration. 2.2.2 Unconfined (External) Blast Unconfined (external) blast is typically classified into three categories: spherical free-air burst, airburst, or hemispherical surface burst (shown in Figure 2-4). Spherical free-air bursts occur adjacent to and above a structure such that there is no reflection of the initial shock wave on the ground surface. The blast wave propagates radially outward with spherical symmetry. An example of this is an air-delivered munition. Airbursts are also above ground, at a standoff distance longer than the normal distance, which allows for the initial shock to be reinforced by a reflection off the ground surface. This reflection creates a region of strong, reinforced, shock front bounded by the path of the triple point (the point of intersection of the incident and reflected waves). These conditions are developed in a nuclear blast or from large charges positioned far-field from relatively smaller structures. Both airburst scenarios are of limited interest to the majority of the physical security designers because they are, in general, applicable when the threat assessment indicates artillery fire or airdropped weapons. The more applicable environment is a hemispherical surface burst that occurs when a charge is detonated at or near the ground surface such that the initial blast wave and the wave reflected from the ground propagate into a single shock front. Many sources of compiled data for airblast waves from explosives are available in the Department of Defense (DoD) references (DoD 2002, 2008) and software [e.g., ConWep (Hyde 1992)]. This section presents scaled curves for the most commonly used configuration by the physical security designer based on the explosive position at or near the ground surface: hemispherical surface burst [Figure 2-4(c)]. The corresponding set of curves for this environment is scaled according to the Hopkinson–Cranz (or cube-root) law discussed in Section 2.2.1 and is specific for spherical TNT (density of approximately 1.6 g/cm3 or 102 lb/ft3) explosive charges, uncased (i.e., bare), and detonated under standard sea-level conditions of
38
Structural Design for Physical Security
Figure 2-4. Far-field external blast: (a) free-air burst, (b) air burst, and (c) hemispherical surface burst environments. Source: From DoD (2008, Figures 2-4, 2-11, and 2-14).
Load Definition
39
po = 14.7 psi (101 kPa) and ao = 1,116 ft/s (340 m/s), where po and ao are the atmospheric pressure and sound speed in air, respectively. The standard set of accepted airblast curves for the positive phase shock wave of a TNT hemispherical surface burst at sea level is shown in Figure 2-5. These curves were from a publication by US Departments of the Army, Navy, and Air Force (DoD 2002, 2008) and were originally developed by Kingery and Bulmash (1984). Experimental and computational data were compiled from many sources and analyzed to present in a usable
Figure 2-5. Positive phase shock wave parameters for a hemispherical TNT explosion at the surface at sea level. Source: From UFC 3-340-02 (DoD 2008, Figure 2-15).
40
Structural Design for Physical Security
form for the various airblast parameters associated with TNT detonations at the ground surface, at sea level. These curves are the accepted standard, but the sources of data on which they were based were in themselves compilations of other sources, so they should be used for general calculations. These compilations, either in graphical or in tabular format, were reduced to individual data points for establishing polynomial equations that describe the curves. Unfortunately, a measure of the scatter of the original data about the blast curves is not indicated in the references, therefore, uncertainty cannot be quantified. Measurements of reflected pressure and impulse by Esparza (reported in Hokanson et al. 1978) at scaled distances as small as 0.8 ft/lb1/3 (0.32 m/ kg1/3) indicate that the scaling law may be applicable. Limited reflected impulse measurements in Huffington and Ewing (1985) show that the Hopkinson–Cranz scaling may become inapplicable for Z