Presentation to:THEAMERICAN WATER WORKS ASSOCIATION
OUR RESOURCES / OUR LIFE
A STRATEGY FOR FACILITY PROTECTION
By:
Mark A. Graves, AIA
DMJMH+N
SECURITY MASTER PLANNING
I. Asset Definition
II. Threat Definition & Vulnerability Analysis III. Development of Security Measures
- Electronic Security
- Physical Barriers- Policies and Procedures- Security Personnel
IV. Selection of Security CountermeasuresV. The Design Process
I. ASSET DEFINITIONPROCESS
Interview Stakeholders
- Senior Management, Mid Management, & Operations Professionals
Identify Components of Your Operation
- Research & Development
- Plants & Equipment
- Employee Morale
I. ASSET DEFINITIONPROCESS
-List and Classify Assets
*Tangible Assets- Plant and Equipment
- Raw Materials- Specialized Personnel
*Operating Elements
- Production- Maintenance- Administration
*Facility Infrastructure- Power
- Communications with Outside Resources
- Domestic Water Requirements- Cooling and Heating Equipment- Access (Road, River Pathways)
I. ASSET DEFINITIONPROCESS
-List and Classify Assets (Cont.)*Processing Operations
- Computer & Equip. Hardware
Central Processing Equip.Data StorageCommunications Equip.
- SoftwareOperating Software
Utilities & Applications
Communications
- Physical Plant Support (Emergency)
Dual Comm. Power Supply
UPS
Battery Back-Up System
Emergency Generators
Emergency Drinking Water
Emergency Cooling Tower Make-Up
Water
I. ASSET DEFINITIONPROCESS
-List and Classify Assets (Cont.)
*Intangible Assets- Information
Utility Confidential Info.ComplaintsService Data
- Utility ImageReputationStaff MoraleHiring Practices
I. ASSET DEFINITIONPROCESS
-Classify Assets VITAL– Loss Would be Catastrophic
IMPORTANT – Loss Would Prove Seriously Disruptive
SECONDARY – Loss Would Prove Relatively Insignificant
II. THREAT ASSESSMENT PROCESS
CRIMINAL* Possible Crimes
- Burglary & Robbery- Larceny & Arson- Assault & Theft- Bribery & Extortion- Terrorism & Sabotage- Vandalism- Drug / Alcohol Abuse
* Review Internal Loss Data
* Review Internal Crime Data (National & Local)
NATURAL DISASTERS
- Floods
- Tornadoes- Hurricanes- Blizzards- Earthquakes
ACCIDENTS- Hazardous Materials- Fire- Explosion- Industrial Safety- Negligence Exposure (The Contractor)
II. THREAT ASSESSMENT LIST AND CLASSIFY
PROBABILITY OF OCCURANCE*Probable: Expect Event to Occur
*Possible: Circumstances Expected for that Event
*Unlikely: Possible But Unlikely
SEVERITY OF OCCURANCE*Devastating: Disastrous Event
*Moderate: Survivable
*Insignificant: Relatively Inconsequential
III. SECURITY MASTER PLANNING
Vulnerability Analysis
*Develop Analysis Group- Facilitator- Crime Specialist- Resource Specialist (Site Manager)- Computer Systems
Specialist- Structural / Architectural
Facilities Specialist- Plant Engineering
Specialist
*Establish Assets and Threats to Specific Facility
* Prioritize Results
III. SECURITY MASTER PLANNING
Vulnerability Analysis - Process
*Correlate Assets and Threats*Develop Team Analysis
- Operational Management
- Facility Engineering- Data Processing Management- Administration Issues
* Develop Contrived Scenarios
III. SECURITY MASTER PLANNING
Vulnerability Analysis - Process
*Facility Infrastructure Vulnerability Examples: - Site Access: Improper Vehicular Access Travel Lane Capacity
Planned Roadway Access BlockadeAdjacent Rail-Line BlockagePoor Vehicular & Pedestrian Monitoring Control
SystemPoor General Site Access Control (Passive / Active
Monitoring)
- Building Envelope:
Building Stand-Off DistancesBuilding Envelope Resistance to Blast/Forced EntryDoor & Window Resistance to Forced Entry &
Ballistics Intrusion
III. SECURITY MASTER PLANNING
Vulnerability Analysis - Process
*Facility Infrastructure Vulnerability Examples:
- Building Envelope (Cont.):
Visual Exposure of Personnel From Uncontrolled AreasBuilding Access by Vehicles (Parking, Deliveries, Waiting Areas)
- Public / Employee Building Access Control:
Perimeter Door Access ControlStaff Identification SystemVisitor Identification / Holding Area ControlEmployee / Maintenance Personnel Internal Access Control
III. SECURITY MASTER PLANNING
Vulnerability Analysis - Process
*Facility Infrastructure Vulnerability Examples (Cont.):
- Power: Commercial Substation AttackEmergency Power Fuel Line Attack
Internal Power line Sabotage
- HVAC: Chem / Bio Air Born Contaminants
Internal Chem / Bio Release
Water Contaminant Intro. to HVAC Supply System
Power Fluctuations (Brown Out)
III. SECURITY MASTER PLANNING
Vulnerability Analysis - Process
*Facility Infrastructure Vulnerability Examples (Cont.):
- HVAC (Cont.): Power Failure (Re-Start Time)
Maintenance Sabotage
Poor Maintenance Personnel TrainingParts Manufacturer Reliability
III. SECURITY MASTER PLANNING
Vulnerability Analysis - Process
*Facility Infrastructure Vulnerability Examples (Cont.):
- Domestic Water Supply:Introduction of ContaminantsUpstream Line Disruption natural accidental intentional disruption
III. SECURITY MASTER PLANNING
Vulnerability Analysis - Process
*Facility Infrastructure Vulnerability Examples (Cont.):
- Telephone / Data Lines:Attack or Human Error on External
Lines
Internal Employee / Maintenance Sabotage
- Natural Gas: Attack or Human Error on External
Lines Explosive Sabotage
IV. SELECTION OF COUNTERMEASURES
Process1. Define Defensive Strategy
-Least Dangerous Events – Most Likely to Occur
- Most Dangerous Events – Least Likely to Occur
2. Define Priorities3. Define Requirements- Regulatory and Legal (National Guidelines)
Vital Asset – Probable Devastating Threat. Primary, Secondary, Tertiary
Important Asset – Unlikely and Moderate Threat. Primary Assets
4. Select Countermeasures- Electronic (Active) Monitoring
and Surveillance
- Physical (Passive) Barriers
- Policy and Procedure Initiatives
- Security Personnel (Staffing and Training)
IV. SELECTION OF COUNTERMEASURESApplications - Electronic
Access Control- Employee and Visitor Access ID
Badge Software. (Palm, Retinal, Visual Guard ID
Verification, and Proximity Readers)
- Vehicle Access Control Software(Vehicle Bar Code, Proximity, Driver
ID Readers)
- Vehicle Arrest Systems. Sally Port Configuration (Delta Barriers & Gates).
Intrusion Monitoring - Entry and Perimeter Detection
(Subsurface, Vibration, Motion, and Infrared Detection)
- Perimeter Lighting - Door Position Detection. (Alarmed Release Delay, Electronic
Lockdown)
CCTV - Full Operation at Low Light Levels - Pan, Tilt, Zoom Capability - Event Recording
Duress - Emergency Alert Devices
IV. SELECTION OF COUNTERMEASURES
Applications – Electronic (Cont.)Security Communication
- Radio Dispatch System
- Private Intercom System / LAN - Public Address Group Communication
- Telephone / Internet WAN
Life Safety- Fire and Toxic Substance Detection
Process Supervision- Infrastructure Monitoring- Process System Monitoring
- Vehicle Access Control Software(Vehicle Bar Code, Proximity, Driver ID Readers)
- Vehicle Arrest Systems. Sally Port Configuration (Delta Barriers & Gates).
Computer Security - Virus Detection Programs
- File Encryption
- System Sweeps
- Distributed System Architecture
Screening - Walk Thru Metal Detection
- Large Package Inspection
- Mail Inspection
IV. SELECTION OF COUNTERMEASURES
Applications – Physical DesignEnvironmental Site Enhancements
- Eliminate Straight Drive Aisles at Building (Reduce Vehicle Speed)- Ditch/Berm Grading Mote - Landscape Deterrents- Maximize Building Location Setback (Government Standards)
Building Configuration- Configure Building Elements Remoting Sensitive Areas from Perimeter wall. Elevate as High as Functionally Feasible.
- Fire and Toxic Substance Detection
Process Supervision- Infrastructure Monitoring- Process System Monitoring
- Vehicle Access Control Software(Vehicle Bar Code, Proximity, Driver ID Readers)
- Vehicle Arrest Systems. Sally Port Configuration (Delta Barriers & Gates).
Building Envelope - Blast Resistant Structural
System. Develop to Deter Progressive Collapse
- Blast Resistant Skin
- Forced Entry, Ballistic Entry, and Blast Resistant Doors
- FEBR Windows at First Levels, Ballistic only Above.
- Roof Mounted Air Intake
IV. SELECTION OF COUNTERMEASURES
App’s – Physical Design (Cont.)Locking Mechanisms
- Electromagnetic Remote Operated Locks
- Forced Entry Locks
- Carefully Articulated Door Hardware
Internal Compartmentalization- Design Layout to Limit Unnecessary
Access to Operation Sensitive Areas
Building Infrastructure - RedundancyRedundancy is Paramount. is Paramount. - Separate Power Feeds from Different
Grids - Emergency Power Generation - UPS for Critical Systems - Back-Up Battery System for UPS
Assurance - On-Site Storage Tanks for Emergency
Conditions(Determine Emergency Duration)
Domestic and HVAC Water (and/or Well as Allowed)
Diesel Fuel for GeneratorsFire Water as RequiredSanitary Tank
IV. SELECTION OF COUNTERMEASURES
App’s – Policy & ProceduresAccounting
- Audits for Fraud- Inventory Control
Drug and Alcohol Abuse- Termination Guidelines
- Assistance Guidelines
Disaster Avoidance and Recovery- Mitigation Strategy- Delegation of Authority- Implementation- Training Exercises
Facility Access - Access Levels
- Credentials
Security Management - Operating Philosophy
- Security Plan Updates
Personnel - Background Investigations
- Debriefing
- Heightened Security Awareness
IV. SELECTION OF COUNTERMEASURES
App’s – Security PersonnelManagement Philosophy- Legal Requirements vs. Necessary Service
Security Training
Community RelationsOperations - Command Center - Mobile Patrols - Fixed Posts - Investigations
Post Orders Law Enforcement
Liaisons
V. SYSTEM AND FACILITY DESIGN
Design Criteria
Conceptual Design
Preliminary Design
Final Design
Importance of Consensus Importance of Consensus Throughout the ProcessThroughout the Process
Top Related