Security for Building Occupants and Assets

by the WBDG Secure/Safe Committee

Last updated: 09-26-2013
Within This Page
Overview
Security Standards
Design Basis Threat Tactics
Related Issues
Relevant Codes and Standards
Major Resources
OVERVIEW
The 2001 terrorist attacks at New York City's World Trade Center and the Pentagon, the 1995
bombing of Oklahoma City's Alfred P. Murrah Federal Office Building, and the 1996 bombing at
Atlanta's Centennial Park, and more recently the bombing at the Boston Marathon, shook the
nation, and made Americans aware of the need for better ways to protect occupants, assets, and
buildings from human aggressors (e.g. disgruntled employees, criminals, vandals, lone active
shooter, and terrorists). The 2001 terrorist attacks demonstrated the country's vulnerability to a
wider range of threats and heightened public concern for the safety of workers and occupants in
all Building Types. Many federal agencies responding to these concerns have adopted an
overarching philosophy to provide appropriate and cost-effective protection for building occupants.

Security measures, such as setbacks, bollards, protective glazing, and structural hardening, are incorporated into the
design of the new Oklahoma City Federal Building, located north of where the former Alfred P. Murrah Federal Building
once stood.
(Designed by Ross Barney + Jankowski Architects and Atkins Benham)
The basic components of the physical security measures to address an explosive threatconsiders the
establishment of a protected perimeter, the prevention of progressive collapse, the design of a debris
mitigating faade, the isolation of internal explosive threats that may evade detection through the
screening stations or may enter the public spaces prior to screening and the protection of the
emergency evacuation, rescue and recovery systems. Other than establishing a protected
perimeter, theseprotective measures are generally achieved through principles of structural dynamics,
nonlinear material response, and ductile detailing. Operational security and life safety measures
should be considered together with the physical security measures to develop a comprehensive
building security design.
Effective implementation of the physical security measures will require the involvement of blast
engineers and security consultants at the onset of the programming phase. Early and ongoing
coordination between the blast engineer, the structural engineer, and the entire design team is
critical to providing an optimal design that is both open and inviting to the public and compliant with
the security requirements.
BACK TO TOP
SECURITY STANDARDS
In addition to the FEMA risk reduction publications that provide background information for performing
risk assessments and guidance for protective design approaches, different branches of the federal
government developed design criteria for the protection of federal facilities. The most prominent of
these agency design criteria are the Interagency Security Committee (ISC) physical security criteria,
the Department of Defense Protective Design Center (DOD-PDC), the Veterans Administration
(VA), and the Department of State (DOS). Each of these government agencies considers the effects
of terrorist explosive events on their facilities and the protection of their occupants. An overview of
each of these agency design criteria is provided below.In addition to the FEMA risk reduction
publications that provide background information for performing risk assessments and guidance for
protective design approaches, different branches of the federal government developed design
criteria for the protection of federal facilities. The most prominent of these agency design criteria are
the Interagency Security Committee (ISC) physical security criteria, the Department of Defense
Protective Design Center (DOD-PDC), the Veterans Administration (VA), and the Department of
State (DOS). Each of these government agencies considers the effects of terrorist explosive events
on their facilities and the protection of their occupants. An overview of each of these agency design
criteria is provided below.
Interagency Security Committee (ISC)
Membership in the ISC consists of over 129 senior level executives from 51 federal agencies and
departments. In accordance with Executive Order 12977, modified by Executive Order 13286, the
ISC's primary members represent 21 federal agencies and is chaired by the Department of
Homeland Security (DHS). The ISC criteria underwent a major revision in April of 2010 and had
minor amendments in July 2011.
The most recent revision of the ISC guidance compendium is a risk-based approach that is
composed of:
Facility Security Level Determinations for Federal Facilities (21 February 2008)
Physical Security Criteria for Federal Facilities (12 April 2010)
Addendum Physical Security Criteria for Federal Facilities 2010, July 2011
The Design-Basis Threat (routine updates, March 2013, 7th edition)
The Use of Physical Security Performance Measures (June 2009)
Facility Security Committees (January 2012, 2nd edition)
Interagency Security Committee Standards, Best Practices and Training Courses
Note: All of these documents are For Official Use Only (FOUO) and will only be distributed
outside the Government on a need-to-know basis.
The Facility Security Level document provides the procedure for determining the Facility Security
Level (FSL) based on the characteristics of the facility and the occupancies they house. Five factors
(mission criticality, symbolism, facility population, facility size, and threat to tenant agencies) are
quantified to determine the FSL. The FSL is determined by the Facility Security Committee (FSC),
which consists of representatives of all Federal tenants in the facility, the security organization, and
the owning or leasing department or agency. Once the FSL is established, the Design Basis Threat
document provides the Design Basis Threat Scenario, Baseline Threat, Analytical Basis, Target
Attractiveness and Outlook for twenty-nine "undesirable events" that range from Aircraft as a
Weapon to Workplace Violence. This all-hazards approach provides a comprehensive review of the
potential acts of violence the facility faces and provides guidance to assess the risk. The Physical
Security Criteria (PSC) document provides the overall basis for the threat and risk assessment. The
Facility Security Committee is responsible for addressing the facility specific security issues and
approving the implementation of security measures and practices. The implementation may be a
combination of operational and physical security measures based on the FSL and the Level of
Protection (LOP) that is deemed both appropriate and achievable. To facilitate the process, the
document tabulates the requirements for all the individual security criteria categories relative to the
desired LOP. The security criteria categories are further correlated to additional Appendix
information and to the specific undesirable events that the protective measures are intended to
address. This presentation of the protective design criteria helps illustrate the all-hazard risk based
approach.
General Services Administration (GSA)
The ISC PSC is risk based and open to the interpretation of the protective design consultant. To
establish a consistent application of the ISC PSC across the building portfolio, the General Services
Administration (GSA) has developed the "General Services Administration Facility Security
Requirements for Explosive Devices Applicable to Facility Security Levels III and IV, GSA's
Interpretation of the Interagency Security Committee (ISC) Physical Security Criteria" (2 August
2011) (SBU). This document provides specific facility security requirements for explosive devices
for Facility Security Levels (FSL) III and IV. The guidance includes the calculation of blast loads,
material strength factors, flexure and shear response criteria, glazed system response criteria,
faade performance, structure performance and progressive collapse resistance.
Department of Defense (DoD)
The DoD utilizes Unified Facility Criteria (UFC) to establish their facility construction requirements.
The two overarching security engineering UFCs are UFC 4-020-01 DoD Security Engineering
Planning Manual and UFC 4-010-01 DoD Minimum Antiterrorism Standards for Buildings. The DoD
Security Engineering Planning Manual is the starting point and, based on the risk to and value of the
asset, drives the application of the DoD Minimum Antiterrorism Standards for Buildings and any
additional protective construction over and above the minimum standards. The planning manual
implements a risk based model that ranks 14 rating factors to determine the level of protection
required for each of 13 aggressors (threats). Those rating factors include asset value, asset
replaceable, military impact of loss, political sensitivity, related value, location, public profile,
accessibility, availability, mobility of asset, recognizable value to aggressor, law enforcement
presence, perceived success, threat level, local history, terrorist capability, terrorist environment,
and terrorist activity. All these factors are scored to determine the level of protection. Regardless of
the risk and value of the asset, DoD has directed that all occupied facilities must receive a baseline
level of protection for its employees, contractors and dependents in order to protect against mass
casualties. Therefore assets that score less than 0.5 in asset value or threat likelihood must only
comply with the baseline protective requirements in the UFC 4-010-01 DoD Minimum Antiterrorism
Standards for Buildings. These two UFCs and other supporting security engineering UFCs can be
found on the Whole Building Design Guide web page.
Recent DEPSECDEF issued new direction for the security of off installation leased facilities.
Effective 7 Dec. 2012 off installation leased facilities for DoD must follow the Interagency Security
Committee (ISC) Physical Security Criteria for Federal Facilities. This change is intended to reduce
the cost of leased facilities, eliminate relocation cost, align with other federal agency security
requirements and make it easier to obtain commercial leased space.
Department of Veterans Affairs (VA)
VA conducted assessments of representative facilities and campuses in both urban and rural areas
and identified the vulnerabilities that are common to most facilities. Based on the findings of these
assessments, VA developed the Physical Security Design Manuals (PSDM) for Mission Critical (MC)
Facilities and for Life-Safety Protected (LSP) Facilities. These documents outline the most practical
and cost effective protective measures that address both natural and man-made hazards to which
occupants may be exposed. The Design Manuals address site conditions, building entrances and
exits, functional areas, building envelope, building structure, utilities and building services, building
systems, and security systems.
Department of State (DoS)
The Department of State (DoS) security criteria for their international facilities are documented in
the 2013 Overseas Building Organization (OBO) Design Standards (SBU). The approach of the
DOS requirements is to enforce both an anti-ram and anti-personnel standoff distance, provide a
debris mitigating and forced entry ballistic resistant (FEBR) faade; provide a regular moment
resisting frame that is inherently resistant to progressive collapse and to design the structure to
resist the blast induced base shears. Both the magnitudes of the design basis threats (DBT) and
the performance criteria for the DoS buildings are generally much more arduous than the
corresponding requirements imposed by other government agencies.
Guidance for Commercial Buildings
Although there are numerous government security criteria standards, there are no comparable
documents for commercial buildings. The American Society of Civil Engineers (ASCE) therefore
undertook the task to develop a consensus based Blast Standard that identifies the minimum
planning, design, construction, and assessment requirements for new and existing buildings subject
to the effects of accidental or malicious explosions, including principles for establishing appropriate
threat parameters, levels of protection, loadings, analysis methodologies, materials, detailing, and
test procedures. The document does not prescribe requirements or guidelines for the mitigation of
progressive collapse or other potential post-blast behavior. Unlike the government standards, the
ASCE Standards are written for structural engineers with specific information pertaining to the
design and detailing of blast resistant structures and faade systems.
Crime Prevention Through Environmental Design (CPTE)
Crime Prevention Through Environmental Design (CPTED) (PDF 867 KB) is a proven methodology that
not only enhances the performance of these security and safety measures, but also provides
aesthetics and value engineering. CPTED utilizes four (4) primary, overlapping principles: Natural
Surveillance, Natural Access Control, Territoriality, and Maintenance. Natural surveillance follows
the premise that criminals do not wish to be observed; placing legitimate 'eyes' on the street, such
as providing window views and lighting, increases the perceived risk to offenders, reduces fear for
bona fide occupants and visitors, as well as lessening reliance on only camera surveillance. Natural
Access Control supplements physical security and operational measures with walls, fences,
ravines, or even hedges to define site boundaries, to channel legitimate occupants and visitors to
designated entrances, and to reduce access points and escape routes. Territoriality involves
strategies to project a sense of ownership to spaces such that it becomes easier to identify intruders
because they don't seem to belong. Clear differentiation between public, semi-public, and private
spaces by using signage, fences, pavement treatment, art, and flowers are examples of ways to
express ownership. Maintenance is a key element to preserve lines of sights for surveillance, to
retain the defensiveness of physical elements, and to project a sense of care and ownership.
Together, the principles of CPTED increase the effectiveness of operational, technical, and physical
safety methods, thereby lessening equipment and operating costs.
For total design efficiency and cost effectiveness, security, safety, and CPTED measures are best
applied at the beginning of a project. Security programming is a useful practice to identify security
design requirements necessary to satisfy stakeholder concerns.
Application of Standards to Buildings
As is evident in the overview of the different existing standards above, there are currently no
universal codes or standards that apply to all public and private sector buildings. However, most
designers agree that security issues must be addressed in using integrated design process with an
understanding of the impacts and goals of other design objectives. This will ensure a quality building
with effective security.
BACK TO TOP
DESIGN BASIS THREAT TACTICS
Depending on the building type, acceptable levels of risk, and decisions made based on
recommendations from a comprehensive threat assessment, vulnerability assessment, and risk analysis,
appropriate countermeasures should be implemented to protect people, assets, and mission.
Some types of attack and threats to consider include:
Unauthorized entry/trespass (forced and covert)
Insider threats
Explosive threats: Stationary and moving vehicle-delivered, mail bombs, package bombs
Ballistic threats: Small arms, high-powered rifles, drive-by shootings, etc.
Weapons of mass destruction (chemical, biological, and radiological)
Disruptive threats (hoaxes, false reports, malicious attempts to disrupt operations)
Cyber and information security threats
Supervisory Control and Acquisition Data (SCADA) system threats (relevant as they relate to HVAC,
mechanical/electrical systems control and other utility systems that are required to operate many functions
within building)
Unauthorized Entry (Forced and Covert)
Protecting the facility and assets from unauthorized persons is an important part of any security
system. Some items to consider include:
Compound or facility access control
o Control perimeter: Fences, bollards, anti-ram barriers
o Traffic control, remote controlled gates, anti-ram hydraulic drop arms, hydraulic barriers, parking control
systems
o Forced-Entry-Ballistic Resistant (FE-BR) doors, windows, walls and roofs
o Barrier protection for man-passable openings (greater than 96 square inches) such as air vents, utility
openings and culverts
o Mechanical locking systems
o Elimination of hiding places
o Multiple layer protection processes
Perimeter intrusion detection systems
o Clear zone
o Video and CCTV surveillance technology
o Alarms
o Detection devices (motion, acoustic, infrared)
Personnel identification systems
o Access control, fingerprints, biometrics, ID cards
o Credential management
o Tailgating policies
o Primary and secondary credential systems
Protection of information and data
o Acoustic shielding
o Shielding of electronic security devices from hostile electronic environments
o Computer screen shields
o Secure access to equipment, networks, and hardware, e.g. satellites and telephone systems
Insider Threats
One of the most serious threats may come from persons who have authorized access to a facility.
These may include disgruntled employees or persons who have gained access through normal
means (e.g., contractors, support personnel, etc). To mitigate this threat some items to consider
include:
Implement personnel reliability programs and background checks
Limit and control access to sensitive areas of the facility
Compartmentalization within the building/campus
Two-man rule for access to restricted areas
Explosive Threats: Stationary and Moving Vehicle-Delivered, Mail Bombs, Package
Bombs
Explosive threats tend to be the terrorist weapon of choice. Devices may include large amounts of
explosives that require delivery by a vehicle. However, smaller amounts may be introduced into a
facility through mail, packages, or simply hand carried in an unsecured area. Normally the best
defense is to provide defended distance between the threat location and the asset to be protected.
This is typically called standoff distance. If standoff is not available or is insufficient to prevent direct
contact or reduce the blast forces reaching the protected asset, structural hardening may be
required. If introduced early in the design process, this may be done in an efficient and cost-
effective manner. If introduced late in a design, or if retrofitting an existing facility, such a measure
may prove to be economically difficult to justify. Some items to consider include:
Including qualified security and blast consulting professionals from programming forward.
Providing defended standoff for vehicle-borne weapons using rated or certified barriers such as anti-ram
fencing or bollards, by using reinforced street furniture such as planters, plinth walls or lighting standards, by
using natural and man-made elements such as storm water elements, berms, ditches, tree masses, etc., by site
layout strategies for parking areas, roadways, loading docks and other locations accessible by vehicles, by
critical asset location strategies, and/or by security protocol through policy and procedures (e.g. vehicle
inspections, etc.).
Consider structural hardening and hazard mitigation designs such as ductile framing that is capable of
withstanding abnormal loads and preventing progressive collapse, protective glazing, strengthening of walls,
roofs, and other facility components.
Provide redundancy and physical separation of critical infrastructure (HVAC), utility systems (water,
electricity, fuel, communications and ventilation).
Provide for refuge and evacuation.
Consider plans for suicide bombers. Confer with authorities who have had previous experience.
Provide defended standoff for hand-carried weapons with anti-climb fencing, barrier (thorny) plants, natural
surveillance of routine occupants and unobstructed spaces, electronic surveillance, intrusion detection,
territoriality using defined spaces, natural access control suing exterior and interior pedestrian layout
strategies, security protocol through policy and procedures (visitor management, personnel and package
screening, etc.).
Consider handling mail at alternate or remote locations not attached to the building or in a wing of the
building with a dedicated HVAC system to limit contamination and damage to the main building.
Consider loading docks in structures unattached to the main building with a dedicated HVAC system to limit
contamination and damage to the main building.
Ballistic Threats
These threats may range from random drive-by shootings to high-powered rifle attacks directed at
specific targets within the facility (assassinations). It is important to quantify the potential risk and to
establish the appropriate level of protection. The most common ballistic protection rating systems
include: Underwriters Laboratories (UL), National Institute of Justice (NIJ), H.P. White Laboratory,
and ASTM International. Materials are rated based on their ability to stop specific ammunition (e.g.,
projectile size and velocity). Some items to consider include:
Obscuration or concealment screening using trees and hedges, berms, solid fencing, walls, and less critical
buildings
Ballistic resistant rated materials and products
Locating critical assets away from direct lines of sight through windows and doors
Minimize number and size of windows
Physical energy absorption screens such as solid fences, walls, earthen parapets
Provide opaque windows or window treatments such as reflective coatings, shades or drapes to decrease sight
lines.
Avoid sight lines to assets through vents, skylights, or other building openings
Use foyers or other door shielding techniques to block observation through a doorway from an outside
location.
Avoid main entrances to buildings or critical assets that face the perimeter or an uncontrolled vantage point
Weapons of Mass Destruction: Chemical, Biological, and Radiological (CBR)
Commonly referred to as WMD, these threats generally have a low probability of occurrence but the
consequences of an attack may be severe. These threats may be delivered by hand, mail, or as a
result of accidental release of toxic industrial agents. While fully protecting a facility against such
threats may not be feasible with few exceptions, there are several common sense and low cost
measures that can improve resistance and reduce the risks. Some items to consider include:
Protect ventilation pathways into the building
o Control access to air inlets and water systems
o Locate air intake well above ground level
o Provide detection and filtration systems for HVAC systems, air intakes and water systems
o Provide for emergency HVAC shutoff and control
o Segregate portions of building spaces (i.e., provide separate HVAC for the lobby, loading docks, and the core
of the building)
o Consider positive pressurization to keep contaminates outside of the facility
Provide an emergency notification system to facilitate orderly response and evacuation
Avoid building locations in depressions where air could stagnate
Provide access control to mechanical rooms
Provide CBR monitoring apparatus
Cyber and Information Security Threats
Businesses rely heavily on the transmission, storage, and access to a wide range of electronic data
and communication systems. Protecting these systems from attack is critical. Some items to
consider include:
Understand and identify the information assets you are trying to protect. These may include personal
information, business information such as proprietary designs or processes, national security information, or
simply the ability of your organization to communicate via email and other LAN/WAN and wireless
functions.
Protect the physical infrastructure that supports information systems. If the computer system is electronically
secure but vulnerable to physical destruction it may need more protection.
Provide software and hardware devices to detect, monitor, and prevent unauthorized access to or the
destruction of sensitive information.
BACK TO TOP
RELATED ISSUES
Building Design to Mitigate the Potential for a Progressive Collapse
Progressive collapse is loosely defined as a situation where a localized failure of a primary
structural element leads to the collapse of adjacent structural elements, which propagates to
disproportionate collapse of the structure. ASCE 7 states "Progressive collapse is defined as the
spread of an initial local failure from element to element, eventually resulting in the collapse of an
entire structure or disproportionately large part of it." The initial failure or damage could be from a
number of different causes, which might include natural or man-made hazards. The phenomenon is
applicable to structure of any appreciable size and type of construction. Concern is greatest for
taller structures, as the propagation mechanism is typically vertical.
Design guidelines for the prevention of progressive collapse typically take a threat-independent
approach that, regardless of initial cause, is intended to develop inherent robustness and continuity
in the structure to resist and arrest propagation of failure. For example, design of a structural frame
to resist propagation of damage after loss of a primary vertical-load-carrying element (such as a
load-bearing wall or column) is a typical threat-independent approach to providing this resistance.
This approach assumes complete damage of the structural element being considered and
enhances the structure to prevent disproportionate spread of damage. By assuming loss of single
vertical-load-carrying elements at key locations in the structure, the designer can reduce the
potential for progressive collapse, should an initiating event occur. Design approaches and
requirements are presented by the Department of Defense (UFC 4-023-03 Design of Buildings to
Resist Progressive Collapse) and the General Services Administration (Progressive Collapse Analysis and
Design Guidelines for New Federal Office Buildings and Major Modernization Projects). Each of these
guidelines provides methods for analysis and measures of acceptability to meet each specific
criterion. These Progressive Collapse guidelines (GSA and UFC) are currently the most complete
sets of criteria in terms of providing usable guidance to the designer.
For buildings that are designed to incorporate physical security hardening measures to protect
occupants against explosive or other intentional threats, progressive collapse mitigation measures
are typically also applied and work in concert with the hardening measures to achieve the
necessary protection of the building occupants and assets. Although the physical hardening
measures include design features that protect against the specific identified threats, the progressive
collapse mitigation measures provide a level of redundancy and continuity that will enhance the
building performance, regardless of the actual threat size or weapon. When considered in the
selection and design of the building structural system, progressive collapse design methodologies
often lead to the utilization of inherently redundant and ductile systems, which are capable of more
easily achieving the performance requirements. Additional discussion of the role of Progressive
Collapse mitigation measures in securing buildings can be found in the resource pages for Blast
Safety of the Building Envelope and Designing Buildings to Resist Explosive Threats.
Crash Rated Barriers and Applicable Standards
A successful site security plan often involves the establishment and enforcement of a controlled
perimeter. The controlled perimeter may act to prevent threats that are transported by vehicles or by
pedestrians from entering a standoff zone around a protected facility. A controlled perimeter that is
designed to stop a vehicle from entering a protected site is often required to be "crash" or "anti-ram"
rated. A crash rated barrier system is typically tested or engineered such that it can stop a certain
size vehicle (i.e. 4,000 lbs.,15,000 lbs.), travelling at a certain speed (i.e., 30 mph) from penetrating
the controlled perimeter more than a certain distance (i.e., 3 ft.). The vehicle size, vehicle speed
and penetration distance are typically determined based on the accessibility of the site, the
topography and alignment of the surrounding roadways and the required standoff distance. Crash
rated barriers take various forms and can include bollards, cable reinforced fences and planters.
Where vehicle access is required into the secure site for parking, maintenance, emergencies or
deliveries, active vehicle barriers may be employed; these can include plate barriers, wedge
barriers, retractable bollards or gates. For more discussion regarding crash rated barrier
assemblies, see UFC 4-022-02 "Selection and Application of Vehicle Barriers," and
theBollard resource page.
The governing crash testing standard used for evaluating barrier systems is ASTM F 2656-07,
"Standard Test Method for Vehicle Crash Testing of Perimeter Barriers." This standard replaced the
DoS Diplomatic Security standard SD-STD-02.01, Revision A. ASTM F 2656 includes "Impact
Condition Designations" or "Crash Ratings" for various test vehicles (ex. small passenger cars,
pick-up trucks, medium-duty trucks and heavy goods vehicles) traveling from 40-60 mph. An
example impact condition designation is a H50 which designates a "heavy goods vehicle" traveling
at 50 mph. Similar C-, PU-, and M-ratings are provided for the other test vehicle types.
Integrating Security and Historic Preservation
Balancing the site, faade, structural, and operational requirements of a building required to comply
with security standards with historic preservation goals and standards can be particularly
challenging. Careful planning and an understanding of historic preservation objectives is necessary in
order to address the requirements of both. A discussion of retrofit methods that have been
successfully employed to meet security requirements in existing buildings are provided in
theRetrofitting Existing Buildings to Resist Explosive Threats resource page. Specific challenges that
may be encountered in applying these retrofit methodologies to historic buildings include lack of
documentation on the existing construction, differing building technology at the time of construction,
low inherent strength and ductility of existing systems, and limitations on modifications that can be
made due to historic preservation restrictions.
Integrating Security and Sustainability
Providing for sustainable design that meets all facility requirements is often a challenge. With limited
resources, it is not always feasible to provide for the most secure facility, architecturally expressive
design, or energy efficient building envelope. From the planning and concept stages through the
development of construction documents, it is important that all project or design stakeholders work
cooperatively to ensure a balanced design. Successful designs must consider all competing design
objectives and make the best selections. This applies as well to the site, as well as the building.
Ensure sustainable site design and CPTED are considered in concert with each other.
Integrating Security and Fire Protection
Care should be taken to implement physical security measures that allow Fire Protection forces
access to sites, buildings and building occupants with adequate means of emergency egress. GSA
has conducted a study and developed recommendations on design strategies that achieve both
secure and fire safe designs. Specifically, the issue of emergency ingress and egress through blast
resistant window systems was studied. Training was developed based on this information and is
available at the GSA Firefighter forcible entry tutorial.

Integrated security systems can offer more efficient access and control.
(Courtesy of Integrated Security Systems, LTD)
Integrated Security Systems
There has been a general trend towards integrating various stand-alone security systems,
integrating systems across remote locations, and integrating security systems with other systems
such as communications, and fire and emergency management. Some CCTV, fire, mass
notification systems, and burglar alarm systems have been integrated to form the foundation for
access control. The emerging trend is to integrate security systems with facility and personnel
operational procedures. By involving facility stakeholders from the programming stage throughout
the life of the project, the behavioral-based policies can be successfully integrated with security
systems and forces.
Blast Design vs. Seismic Design
Seismic and blast resistant design share some common analytical methodologies and a
performance based design philosophy that accepts varying levels of damage in response to varying
levels of dynamic excitation. Both design approaches recognize that it is cost prohibitive to provide
comprehensive protection against all conceivable events and an appropriate level of protection that
lessens the risk of mass casualties can be provided at a reasonable cost. Both seismic design and
blast resistant design approaches benefit from a risk assessment that evaluates the functionality,
criticality, occupancy, site conditions and design features of a building.
While there may be more predictability with natural hazards, this is not the case with man-made
hazards. Also the explosive threats of the future are very likely to be very different from the
explosive threats of the past. Another fundamental difference between seismic and blast events are
the acceptable design limits. Since earthquakes are more predictable and affect more structures
than are affected by blast events, owners may be willing to accept different levels of risk relative to
these different events, and this may translate into differences in acceptable design limits, as defined
by allowable deformation, ductility and other functions.
Both seismic design and blast resistant design approaches consider the time-varying nature of the
loading function. The response of a building to earthquake loads is global in nature, with the base
motions typically applied uniformly over the foundations of the buildings. These seismic motions
induce forces that are proportional to the building mass. Blast loading is not uniformly applied to all
portions of the building. Parts of the structure and components closest to and facing the point of
detonation will experience higher loading than components at a greater distance and/or not facing
the point of detonation. The structure's mass also contributes to its inertial resistance. Due to the
local versus global nature of blast loading, seismic loading analogies, including the concept of blast-
induced base shears, must be applied with great care or they may be misconstrued to provide a
false sense of protection.
Building configuration characteristics, such as size, shape and location of structural elements, are
important issues for both seismic and blast resistant design. The manner in which forces are
distributed throughout the building is strongly affected by its configuration. While seismic forces are
proportional to the mass of the building and increase the demand, inertial resistance plays a
significant role in the design of structures to reduce the response to blast loading. Structures that
are designed to resist seismic forces benefit from low height-to-base ratios, balanced resistance,
symmetrical plans, uniform sections and elevations, the placement of shear walls and lateral
bracing to maximize torsional resistance, short spans, direct load paths and uniform floor heights.
While blast resistant structures share many of these same attributes, the reasons for doing so may
differ. For example, seismic excitations may induce torsional response modes in structures with re-
entrant corners. These conditions provide pockets where blast pressures may reflect off of adjacent
walls and amplify the blast effects. Similarly, first floor arcades that produce overhangs or reentrant
corners create localized concentrations of blast pressure and expose areas of the floor slab that
may be uplifted. In seismic design, adjacent structures may suffer from the effects of pounding in
which the two buildings may hit one another as they respond to the base motions. Adjacent
structures in dense urban environments may be vulnerable to amplification of blast effects due to
the multiple reflections of blast waves as they propagate from the source of the detonation. While
the geology of the site has a significant influence on the seismic motions that load the structure, the
surrounding geology of the site will influence the size of the blast crater and the reflectivity of the
blast waves off the ground surface.
On an element level, the plastic deformation demands for both seismically loaded structures and
blast-loaded structures require attention to details. Many similar detailing approaches can be used
to achieve the ductile performance of structural elements when subjected to both blast and seismic
loading phenomenon. Concrete columns require lateral reinforcement to provide confinement to the
core and prevent premature buckling of the rebar. Closely spaced ties and spiral reinforcement are
particularly effective in increasing the ductility of a concrete compression element. Carbon fiber
wraps and steel jacket retrofits provide comparable confinement to existing structures. Steel column
splices must be located away from regions of plastic hinging or must be detailed to develop the full
moment capacity of the section. Local flange buckling must be avoided by using closely spaced
stiffeners or, in the case of blast resistant design, the concrete encasement of the steel section.
Reinforced concrete beam sections require resistance to positive and negative bending moments.
In addition to the effects of load reversals and rebound, doubly reinforced sections possess greater
ductility than singly reinforced counterparts. Steel beams may be constructed composite with the
concrete deck in order to increase the ultimate capacity of the section; however, this increase is not
equally effective for both positive and negative moments. While the composite slab may brace the
top flange of the steel section, the bottom flange is vulnerable to buckling.
Addressing blast and seismic design goals may be achieved through the consideration of many of
the same building attributes and utilizing similar design and detailing solutions. An understanding of
the differences between these two loading phenomenon, the effects on the structure, and the
performance requirements are essential in order to select and implement the appropriate choices
for achieving the project's goals. See the Designing Buildings to Resist Explosive Threats page for
additional discussion on this topic.
BACK TO TOP
RELEVANT CODES AND STANDARDS
Highly complex security system design is still neither codified nor regulated, and no universal codes
or standards apply to all public and private sector buildings. However, in many cases, government
agencies, including the military services, and private sector organizations have developed specific
security design criteria. These standards must be flexible and change in response to emerging
threats.
Mandates
Executive Orders
o Executive Order 12977, Interagency Security Committee, October 19, 1995
o Executive Order 13286, Amendment of Executive Orders, and Other Actions, in Connection With the
Transfer of Certain Functions to the Secretary of Homeland Security, February 28, 2003
o Executive Order 13514 Federal Leadership in Environmental, Energy, and Economic Performance, October
5, 2009
Interagency Security Committee (ISC) web site
Delegations
o Department of Homeland Security, Delegation Number: 7035.1, 02/01/2005, "Delegation of the Chair of the
Interagency Security Committee to the Chief Security Officer" (PDF 75 KB)
o Department of Homeland Security, Delegation Number: 7035.2, 08/15/2007, "Delegation of the Chair of the
Interagency Security Committee to the Assistant Secretary of Infrastructure Protection" (PDF 35 KB)
Homeland Security Presidential Directives
o Homeland Security Presidential Directive 7, Critical Infrastructure Identification, Prioritization, and
Protection, December 17, 2003
o Homeland Security Presidential Directive 12, Policy for a Common Identification Standard for Federal
Employees and Contractors, August 27, 2004
o Homeland Security Presidential Directive 20, National Continuity Policy, May 4, 2007
Federal Standards and Guidelines
Department of Defense
o FM 3-19.30 Physical SecuritySets forth guidance for all personnel responsible for physical security
o MIL-HDBK-1013/1A Design Guidelines for Physical Security of Facilities
o PDC TR-10-01, Conventional Construction Standoff Distances of the Low and Very Low Levels of Protection
IAW UFC 4-010-01
o PDC TR-10-02, Blast Resistant Design Methodologies for Window Systems Designed Statically and
Dynamically
o UFC 1-200-01 Design: General Building Requirements
o UFC 3-410-02 Lonworks Direct Digital Control for HVAC and Other Local Building Systems
o UFC 3-520-01 Design: Interior Electrical Systems
o UFC 3-530-01 Design: Interior and Exterior Lighting and Controls
o UFC 3-580-01 Telecommunications Building Cabling Systems Planning and Design
o UFC 3-470-01 Lonworks Utility Monitoring and Control System (UMCS)
o UFC 4-010-01 DoD Minimum Anti-Terrorism Standards for Buildings
o UFC 4-010-02 DoD Minimum Standoff Distances for Buildings (FOUO)
o UFC 4-010-05 Sensitive Compartmented Information Facilities Planning, Design, and Construction
o UFC 4-020-01 DoD Security Engineering Facilities Planning Manual
o UFC 4-020-02FA Security Engineering: Concept Design (FOUO)
o UFC 4-020-03FA Security Engineering: Final Design (FOUO)
o UFC 4-021-01 Design and O&M: Mass Notification Systems
o UFC 4-021-02 Electronic Security Systems
o UFC 4-022-01 Security Engineering: Entry Control Facilities / Access Control Points
o UFC 4-022-02 Selection and Application of Vehicle Barriers, with Change 1
o UFC 4-023-03 Design of Buildings to Resist Progressive Collapse
o UFC 4-023-07 Design to Resist Direct Fire Weapons Effects
o UFC 4-024-01 Security Engineering: Procedures for Designing Airborne Chemical, Biological, and
Radiological Protection for Buildings
General Services Administration (GSA)
o Facilities Standards for the Public Buildings Service, P100, Chapter 8
o Other "official use only" documents may be obtained from the Office of the Chief Architect
o GSA Progressive Collapse Guidelines
o GSA Occupant Emergency Program Guide (PDF 1 MB)
Department of Veterans Affairs (VA)
o Physical Security Design Manual for VA Facilities: Mission Critical Facilities
o Physical Security Design Manual for VA Facilities: Life-Safety Protected
Department of Homeland Security
o BIPS 01 Aging Infrastructure: Issues, Research, and Technology
o BIPS 02 Integrated Rapid Visual Screening of Mass Transit Stations
o BIPS 03 Integrated Rapid Visual Screening of Tunnels
o BIPS 04 Integrated Rapid Visual Screening of Buildings
o BIPS 05 Preventing Structures from Collapsing
o BIPS 06 / FEMA 426 Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings
o BIPS 07 / FEMA 428 Primer to Design Safe School Projects in Case of Terrorist Attacks and School
Shootings
o BIPS 08 Field Guide for Building Stabilization and Shoring Techniques
o BIPS 09 Blast Load Effects in Urban Canyons: A New York City Study (FOUO)
o BIPS 10 High Performance Based Design for the Building Enclosure
o Chemical Facility Anti-terrorism Standards (PDF 781 KB)
o Colleges and Universities and the Chemical Facility Anti-Terrorism Standards (CFATS)(PDF 161 KB)
o Colleges and Universities and the Chemical Facility Anti-Terrorism Standards (CFATS) Fact Sheet (PDF 64
KB)
o NIPP Monuments and Icons Sector Specific Plan
o NIPP Risk Management Government Sector Specific Plan
o The Role of Emergency Responders in the Chemical Facility Anti-Terrorism Standards(PDF 267 KB)
o Cyber Security Evaluation Tool (CSET) User Guide, Version 4.1, January 2012
o Active Shooter - How to Respond (PDF 4.15 MB)
o Active Shooter Pocket Card (PDF 228 KB)
Committee on National Security Systems
o CNSSI No. 1253 Security Categorization and Control Selection for National Security Systems, Version
2 (PDF 1.4 MB), March 2012
o Security Control Overlays Template, Version 1 (PDF 95 KB), March 2012
Department of State
o Architectural Engineering Design Guideline (5 Volumes) (For Official Use Only)
o Physical Security Standards Handbook, 07 January 1998 (For Official Use Only)
o Structural Engineering Guidelines for New Embassy Office Buildings, August 1995 (For Official Use Only)
Federal Aviation Administration (FAA)
o FAA Order 1600.69 Security Risk Management
Federal Emergency Management Agency (FEMA)
o FEMA P-361 Design and Construction Guidance for Community Safe Rooms
o FEMA 386 Series on Mitigation Planning
o FEMA 386-7 Integrating Manmade Hazards into Mitigation Planning
o FEMA 424 Design Guide for Improving School Safety in Earthquakes, Floods and High Winds
o FEMA 427 Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks
o FEMA 429 Insurance, Finance, and Regulation Primer for Terrorism Risk Management in Buildings
o FEMA 430 Site and Urban Design for Security
o FEMA 452 Risk Assessment - A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings
o FEMA 453 Design Guidance for Shelters and Safe Rooms
o FEMA 543 Design Guide for Improving Critical Facility Safety from Flooding and High Winds
o FEMA P-750 NEHRP Recommended Seismic Provisions
Interagency Security Committee (ISC)
o Design Basis Threat Report, April 2012
National Institute of Standards and Technology (NIST)
o NIST Special Publication 800-53 Recommended Security Controls for Federal Information Systems and
Organizations - Information Security, Revision 4 (PDF 3.17 MB), February 2012
o NIST Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security (PDF 1.9 MB), June 2011
o Draft NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0 (PDF 7.26 MB),
February 2012
Others
Department of Commerce Administrative Orders
o Inspector General Investigations, DAO 207-10
o Occasional Use of Public Areas in Public Buildings, DAO 206-5
o Security Programs, DAO 207-1
Designing for Security in the Nation's Capital by the National Capital Planning Commission (NVPC).
October 2001
Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological
Attacks by the National Institute for Occupational Safety and Health (NIOSH)
NISTIR 7628 Guidelines for Smart Grid Cyber Security, September 2010
Owner's Project Performance Requirements Tool
More on Occupant Emergency Plans, GSA
Occupant Emergency PlansDevelopment, Implementation, and Maintenance, The Federal Protective
Service
Protective Glazing Manual by PGC International, 2010 Edition
Vulnerability Assessment of Federal Facilities by Department of Justice.
Private Sector Guidelines
ASCE 7-10, Minimum Design Loads for Buildings and Other Structures
ASCE Standard 59-11, Blast Protection of Buildings, 2011
ASIS GDL PSO-2010 Private Security Officer Selection and Training
ASIS GDL FPSM-2009 Physical Security Measures
ASIS GDL WPV 09-2005 Workplace Violence Prevention and Response
ASIS GDL IAP 05-2007 ASIS Information Asset Protection Guideline
Design of Blast Resistant Buildings in Petrochemical Facilities, Second Edition by American Society of Civil
Engineers (ASCE), 2010
International Building Code
BACK TO TOP
MAJOR RESOURCES
WBDG
Building Envelope Design Guide
Fenestration SystemsExterior Doors
Resource Pages
Blast Safety of the Building Envelope, Chemical/Biological/Radiation (CBR) Safety of the Building
Envelope, The Site Security Design Process, Landscape Architecture and the Site Security Design
Process, Effective Site Security Design, Cost Impact of the ISC Security Design Criteria, The Bollard
Tools
Protective Design CenterTool also includes software developed by the USACE and maintained on
the PDC web site these include SBEDS, VAPO, CEDAWS etc.
Security Information and Technologies Exchange (SITE)SITE is a website for accessing and providing
information on best practices and existing and emerging products, systems and technologies that
can provide protection for federal facilities. The project is supported by the Technology Best
Practices Subcommittee of the U.S. Department of Homeland Security (DHS) Interagency Security
Committee. SITE was developed by DHS Science and Technology Directorate, Infrastructure
Protections and Disaster Management division and is managed by the National Institute of Building
Sciences.
Websites
Department of Homeland Security, Science & Technology, Infrastructure Protection & Disaster Management
Division
Federal Emergency Management Agency (FEMA)
Interagency Security Committee (ISC)
Protective Design Center
Security Information and Technologies Exchange (SITE)
The Infrastructure Security Partnership (TISP)
Unified Facilities Criteria (UFC)
U.S. Access Board
U.S. General Services Administration Building Security Technology Program
Security Centers
Department of Defense (DOD) Anti-terrorism bodyPentagon's J34
Federal Emergency Management Agency (FEMA) All-Hazard Mitigation Program on Anti-terrorism
Naval Facilities Engineering Service Center (NFESC), Security Engineering Center of Expertise ESC66E-
mail: securityeng@nfesc.navy.mil
USAF Electronic System Center (ESC), Hanscom AFB
U.S. Army Corps of Engineers, Electronic Security Center
U.S. Army Corps of Engineers, Protective Design Center
U.S. Department of Defense
U.S. Department of Homeland Security
Organizations and Associations
American Society of Civil Engineers (ASCE)
ASCE Building Security Certified Professional
ASIS International
Battelle Memorial Institute, National Security Program
Center for Strategic and International Studies (CSIS)
Centers for Disease Control and Prevention (CDC)
DoD Security Engineering Working Group (no website)
Federal Facilities Council (FFC) Standing Committee on Physical Security and Hazard Mitigation (Sponsored
by National Academies of Science)
FM Global
International CPTED Association (ICA)
Multihazard Mitigation Council
National Crime Prevention Council
National Defense Industrial Association (NDIA)
National Institute of Standards and Technology (NIST)
Postal Security Group (PSG)
Protective Glazing Council (PGC)
Security Industry Association (SIA)
Security Analysis and Risk Management Association (SARMA)
Society of American Military Engineers (SAME)
The Infrastructure Security Partnership (TISP)
Trade Journals / Magazines
Homeland Security Today
Government Security News
Security Magazine
Security Management
Training Courses
FEMA E155Building Design for Homeland Security
ISC training courses
WBDG03 Planning for Secure Buildings
WBDG10 Seismic Design Basics
WBDG11 Site Security Design Process and Strategies
Tools
Cyber Security Evaluation Tool (CSET)
Integrated Rapid Visual Screening Tools (IRVS)
Others
21st Century Security and CPTED: Designing for Critical Infrastructure Protection and Crime Prevention,
Second Edition by Randall I. Atlas, 2013
Agent-Based Simulation of Human Movements During Emergency Evacuations of Facilities.(PDF 168
KB) Joseph L. Smith, PSP, Applied Research Associates, Inc.
Anthrax-Contaminated Facilities: Preparations and a Standard for Remediation (PDF 104 KB) by the
Congressional Research Service. 2005.
Creating Defensible Space by Oscar Newman. Washington, DC: U.S. Department of Housing and Urban
Development, April 1996.
Crime Prevention Through Environmental Design by Ray Jeffery, 1977
National Symposium of Comprehensive Force Protection, Society of American Military Engineers (SAME),
Charleston, SC, Oct 2001. Lindbergh & Associates.
NIST WTC Investigation: Building Standards and Codes: Who is in Charge?
Situational Crime Prevention, 2d Ed by Ronald Clark, 1977
Protecting Building Occupants from Biological ThreatsWebsite from the Center for Biosecurity of UPMC
that includes useful information about biological threats to building occupants, practical steps for reducing
risk, and costs and benefits of risk reduction measures, along with a wealth of related materials and additional
resources.

http://www.wbdg.org/design/provide_security.php