Presentation to: THEAMERICAN WATER WORKS ASSOCIATION OUR RESOURCES / OUR LIFE A STRATEGY FOR FACILITY PROTECTION By: Mark A. Graves, AIA DMJMH+N

Presentation to:THEAMERICAN WATER WORKS ASSOCIATION

OUR RESOURCES / OUR LIFE

A STRATEGY FOR FACILITY PROTECTION

By:

Mark A. Graves, AIA

DMJMH+N

SECURITY MASTER PLANNING

I. Asset Definition

II. Threat Definition & Vulnerability Analysis III. Development of Security Measures

- Electronic Security

- Physical Barriers- Policies and Procedures- Security Personnel

IV. Selection of Security CountermeasuresV. The Design Process

I. ASSET DEFINITIONPROCESS

Interview Stakeholders

- Senior Management, Mid Management, & Operations Professionals

Identify Components of Your Operation

- Research & Development

- Plants & Equipment

- Employee Morale


-List and Classify Assets

*Tangible Assets- Plant and Equipment

- Raw Materials- Specialized Personnel

*Operating Elements

- Production- Maintenance- Administration

*Facility Infrastructure- Power

- Communications with Outside Resources

- Domestic Water Requirements- Cooling and Heating Equipment- Access (Road, River Pathways)


-List and Classify Assets (Cont.)*Processing Operations

- Computer & Equip. Hardware

Central Processing Equip.Data StorageCommunications Equip.

- SoftwareOperating Software

Utilities & Applications

Communications

- Physical Plant Support (Emergency)

Dual Comm. Power Supply

UPS

Battery Back-Up System

Emergency Generators

Emergency Drinking Water

Emergency Cooling Tower Make-Up

Water


-List and Classify Assets (Cont.)

*Intangible Assets- Information

Utility Confidential Info.ComplaintsService Data

- Utility ImageReputationStaff MoraleHiring Practices


-Classify Assets VITAL– Loss Would be Catastrophic

IMPORTANT – Loss Would Prove Seriously Disruptive

SECONDARY – Loss Would Prove Relatively Insignificant

II. THREAT ASSESSMENT

CRIMINAL

NATURAL

ACCIDENTS

II. THREAT ASSESSMENT PROCESS

CRIMINAL* Possible Crimes

- Burglary & Robbery- Larceny & Arson- Assault & Theft- Bribery & Extortion- Terrorism & Sabotage- Vandalism- Drug / Alcohol Abuse

* Review Internal Loss Data

* Review Internal Crime Data (National & Local)

NATURAL DISASTERS

- Floods

- Tornadoes- Hurricanes- Blizzards- Earthquakes

ACCIDENTS- Hazardous Materials- Fire- Explosion- Industrial Safety- Negligence Exposure (The Contractor)

II. THREAT ASSESSMENT LIST AND CLASSIFY

PROBABILITY OF OCCURANCE*Probable: Expect Event to Occur

*Possible: Circumstances Expected for that Event

*Unlikely: Possible But Unlikely

SEVERITY OF OCCURANCE*Devastating: Disastrous Event

*Moderate: Survivable

*Insignificant: Relatively Inconsequential

III. SECURITY MASTER PLANNING

Vulnerability Analysis

*Develop Analysis Group- Facilitator- Crime Specialist- Resource Specialist (Site Manager)- Computer Systems

Specialist- Structural / Architectural

Facilities Specialist- Plant Engineering

Specialist

*Establish Assets and Threats to Specific Facility

* Prioritize Results


Vulnerability Analysis - Process

*Correlate Assets and Threats*Develop Team Analysis

- Operational Management

- Facility Engineering- Data Processing Management- Administration Issues

* Develop Contrived Scenarios



*Facility Infrastructure Vulnerability Examples: - Site Access: Improper Vehicular Access Travel Lane Capacity

Planned Roadway Access BlockadeAdjacent Rail-Line BlockagePoor Vehicular & Pedestrian Monitoring Control

SystemPoor General Site Access Control (Passive / Active

Monitoring)

- Building Envelope:

Building Stand-Off DistancesBuilding Envelope Resistance to Blast/Forced EntryDoor & Window Resistance to Forced Entry &

Ballistics Intrusion



*Facility Infrastructure Vulnerability Examples:

- Building Envelope (Cont.):

Visual Exposure of Personnel From Uncontrolled AreasBuilding Access by Vehicles (Parking, Deliveries, Waiting Areas)

- Public / Employee Building Access Control:

Perimeter Door Access ControlStaff Identification SystemVisitor Identification / Holding Area ControlEmployee / Maintenance Personnel Internal Access Control



*Facility Infrastructure Vulnerability Examples (Cont.):

- Power: Commercial Substation AttackEmergency Power Fuel Line Attack

Internal Power line Sabotage

- HVAC: Chem / Bio Air Born Contaminants

Internal Chem / Bio Release

Water Contaminant Intro. to HVAC Supply System

Power Fluctuations (Brown Out)




- HVAC (Cont.): Power Failure (Re-Start Time)

Maintenance Sabotage

Poor Maintenance Personnel TrainingParts Manufacturer Reliability




- Domestic Water Supply:Introduction of ContaminantsUpstream Line Disruption natural accidental intentional disruption




- Telephone / Data Lines:Attack or Human Error on External

Lines

Internal Employee / Maintenance Sabotage

- Natural Gas: Attack or Human Error on External

Lines Explosive Sabotage

IV. SELECTION OF COUNTERMEASURES

Process1. Define Defensive Strategy

-Least Dangerous Events – Most Likely to Occur

- Most Dangerous Events – Least Likely to Occur

2. Define Priorities3. Define Requirements- Regulatory and Legal (National Guidelines)

Vital Asset – Probable Devastating Threat. Primary, Secondary, Tertiary

Important Asset – Unlikely and Moderate Threat. Primary Assets

4. Select Countermeasures- Electronic (Active) Monitoring

and Surveillance

- Physical (Passive) Barriers

- Policy and Procedure Initiatives

- Security Personnel (Staffing and Training)

IV. SELECTION OF COUNTERMEASURESApplications - Electronic

Access Control- Employee and Visitor Access ID

Badge Software. (Palm, Retinal, Visual Guard ID

Verification, and Proximity Readers)

- Vehicle Access Control Software(Vehicle Bar Code, Proximity, Driver

ID Readers)

- Vehicle Arrest Systems. Sally Port Configuration (Delta Barriers & Gates).

Intrusion Monitoring - Entry and Perimeter Detection

(Subsurface, Vibration, Motion, and Infrared Detection)

- Perimeter Lighting - Door Position Detection. (Alarmed Release Delay, Electronic

Lockdown)

CCTV - Full Operation at Low Light Levels - Pan, Tilt, Zoom Capability - Event Recording

Duress - Emergency Alert Devices


Applications – Electronic (Cont.)Security Communication

- Radio Dispatch System

- Private Intercom System / LAN - Public Address Group Communication

- Telephone / Internet WAN

Life Safety- Fire and Toxic Substance Detection

Process Supervision- Infrastructure Monitoring- Process System Monitoring

- Vehicle Access Control Software(Vehicle Bar Code, Proximity, Driver ID Readers)


Computer Security - Virus Detection Programs

- File Encryption

- System Sweeps

- Distributed System Architecture

Screening - Walk Thru Metal Detection

- Large Package Inspection

- Mail Inspection


Applications – Physical DesignEnvironmental Site Enhancements

- Eliminate Straight Drive Aisles at Building (Reduce Vehicle Speed)- Ditch/Berm Grading Mote - Landscape Deterrents- Maximize Building Location Setback (Government Standards)

Building Configuration- Configure Building Elements Remoting Sensitive Areas from Perimeter wall. Elevate as High as Functionally Feasible.

- Fire and Toxic Substance Detection

Process Supervision- Infrastructure Monitoring- Process System Monitoring

- Vehicle Access Control Software(Vehicle Bar Code, Proximity, Driver ID Readers)


Building Envelope - Blast Resistant Structural

System. Develop to Deter Progressive Collapse

- Blast Resistant Skin

- Forced Entry, Ballistic Entry, and Blast Resistant Doors

- FEBR Windows at First Levels, Ballistic only Above.

- Roof Mounted Air Intake


App’s – Physical Design (Cont.)Locking Mechanisms

- Electromagnetic Remote Operated Locks

- Forced Entry Locks

- Carefully Articulated Door Hardware

Internal Compartmentalization- Design Layout to Limit Unnecessary

Access to Operation Sensitive Areas

Building Infrastructure - RedundancyRedundancy is Paramount. is Paramount. - Separate Power Feeds from Different

Grids - Emergency Power Generation - UPS for Critical Systems - Back-Up Battery System for UPS

Assurance - On-Site Storage Tanks for Emergency

Conditions(Determine Emergency Duration)

Domestic and HVAC Water (and/or Well as Allowed)

Diesel Fuel for GeneratorsFire Water as RequiredSanitary Tank


App’s – Policy & ProceduresAccounting

- Audits for Fraud- Inventory Control

Drug and Alcohol Abuse- Termination Guidelines

- Assistance Guidelines

Disaster Avoidance and Recovery- Mitigation Strategy- Delegation of Authority- Implementation- Training Exercises

Facility Access - Access Levels

- Credentials

Security Management - Operating Philosophy

- Security Plan Updates

Personnel - Background Investigations

- Debriefing

- Heightened Security Awareness


App’s – Security PersonnelManagement Philosophy- Legal Requirements vs. Necessary Service

Security Training

Community RelationsOperations - Command Center - Mobile Patrols - Fixed Posts - Investigations

Post Orders Law Enforcement

Liaisons

V. SYSTEM AND FACILITY DESIGN

Design Criteria

Conceptual Design

Preliminary Design

Final Design

Importance of Consensus Importance of Consensus Throughout the ProcessThroughout the Process

WHY?

Documents

Presentation to: THEAMERICAN WATER WORKS ASSOCIATION OUR RESOURCES / OUR LIFE A STRATEGY FOR FACILITY PROTECTION By: Mark A. Graves, AIA DMJMH+N