By Doug Fitzgerald and Bill Embree
A vulnerability study is a necessary first step for designing security enhancements to a facility. The assessment should provide recommendations for improvements, enhancements, and procedures that will provide additional protection to the facility.
Recommendations in the assessment report should be general in nature but target specific areas of the facility. These recommendations may include physical barriers to the entrance and perimeter of the facility, landscaping, access controls to the site, buildings, and operating areas, monitoring for intrusion, and securing information.
Before initiating the final design of the security enhancements, the owner/ operator of the facility must determine the level and type of security needed. The security professional should be intimately familiar with the various types of technologies available for each application and present these alternatives to determine the final design basis.
Design Criteria
Communication between the owner/operator and the security designer is critical to developing a successful design. It is the designer's responsibility to provide comprehensive information to the owner and the owner/operator's responsibility to clearly communicate the operating philosophy, budget constraints and overall security objective.
The first step in developing the design is a presentation of various systems that satisfy the security objectives for each facility. The criteria necessary to review each alternative include the following:
- Reliability
- Flexibility
- Expandability
- Maintainability
- User Friendliness
- Cost Effectiveness
- Non-Proprietary Design
Implementing security enhancements will require modifications to the way staff work. Satisfying the above criteria will help promote acceptance by staff and, ultimately, adherence to the new operating procedures.
Reliability
Security designs can be divided into physical barriers and monitoring devices. Physical barriers include berms, walls, fences, doors, landscaping, and other designs and natural barriers. These systems must provide the intended protection without creating undue hardship to operations. For example, a controlled access gate or door that works intermittently will ultimately be left open by operators.
Monitoring equipment can be outfitted with alarms that indicate intrusion into an area or zone. Electronic monitoring equipment is susceptible to nuisance alarms and false alarms. Specifying equipment that is compatible with the environment within which it operates reduces this potential and supports a more keen awareness of real alarms, thereby producing the appropriate response.
Flexibility
There are three general issues to consider when designing flexibility into a security system: changes in threat, operational changes, and system or program changes. The initial threat identified to the system is based upon local crime statistics and operations logs. However, circumstances may change due to local or national events. The design of the entire system must allow changes to the operation for changing threats. Designed flexibility can be incorporated into the site layout plan for new facilities, or by modifying access routes or using open areas for existing operations.
Severely restricting security access can protect water operations and pipelines.
Demands on the operating system, changes in administrative procedures, or facility expansion may impact operational procedures. Security and operational procedures are integrated; therefore changes to one must be integrated into the other.
The overall system of water and wastewater treatment may comprise multiple facilities remotely located throughout the region or community. The security system should be designed to be responsive to the entire system as well as individual facilities. Change to the system is inevitable - replacement of equipment, new operational technology, and expansion. The design of the security system should easily accommodate these changes or modifications.
Expandability
Removing the stairs to a water tank is not a sufficient security measure, as the tank can be scaled using the electrical conduit.
As discussed above, production demands on an existing facility or the entire system may require expanded capacity. Additional capacity includes more equipment, controls, staff, and potentially expanded sites. The security system design should anticipate this inevitable change and include additional capacity. Physical barriers are relatively simple issues to modify as part of a facility expansion. However, if the security control and monitoring system cannot accept additional components for the expanded operation, then retrofit can become very expensive. This would require either replacement of the existing system or the addition of a redundant system.
Maintainability
As with any electronic or mechanical system, maintenance will be required. Maintenance repairs and preventative maintenance includes the physical work of the maintenance activity as well as inventory of spare parts. The design of the security network should be considered as part of the entire system. Standardization of technology applications and monitoring services would provide the governing authority economy of scale in this regard. Spare parts inventories could be reduced as well as training requirements for maintenance staff or the use of maintenance contracts.
User Friendliness
This is one of the most important design components. Operators may ignore, bypass or shut down the security system if it is too difficult to use. Ingress and egress controls create additional steps to gain entry. Minimizing the number of activities and the time required will promote acceptance by operating staff. Reliability as discussed above also contributes to user friendliness. Monitoring services or staff may ignore monitoring events or real alarms due to a high incidence of nuisance or false alarms.
Cost Effectiveness
This is obviously important for the implementation of the project. All operations have limited budgets and therefore the implementation of the security system must meet budgetary constraints. It is not uncommon for each facility to use different security systems or monitoring services. This situation requires a governing authority to carry larger inventories or manage multiple security contracts. Implementation of security enhancements can lose efficiency with multiple construction bidding processes and contract management.
Non-Proprietary Design
Non-proprietary designs provide flexibility to the operator and the overall system. Such a design uses standard components from manufacturers that are compatible with the communication system. The owner/operator can expand, upgrade, trade out or replace components without being locked into a restrictive agreement.
Design Approach
As discussed above, the threat assessment identifies the anticipated most likely threat. The final threat determination will dictate the level of security and countermeasures. It also directly impacts the cost of implementation.
Protection against vandalism requires intrusion detection and delay methods to protect the asset. The designed delay allows local law enforcement to respond to the detection alarm and deter the intruder before damage is incurred. This design might use perimeter barriers around the asset, tamper-resistant locks and hardened doors and windows.
A terrorist threat may include a car bomb or biological attack, requiring more time consuming and expensive countermeasures. Designs to protect against this threat include building hardening, stand-off distances from the perimeter to the asset, additional monitoring technology and operational procedures modification. Building hardening includes adding engineered reinforced structure to the existing building, and specially designed windows and doors for blast protection. A standard stand-off distance is 150 feet to the structure. This distance helps to dissipate the destructive force of an explosion.
Biological attack could include contamination of the water resource. This would have to be done from within the facility and require considerable time to load the biological agent into the water.
Changes to operating procedures would require restricted access to only those staff who have clearance to critical operating areas, monitoring of all access activities through ingress/egress controls and additional intruder sensing and alarms. The implementation of these designs will be costly and a drastic modification to operating procedures would be required. Severe consequences would be necessary for staff non-adherence to these new operating procedures to insure against bypassing the security system.
Communication is Key
Communicating throughout the process is key to designing an effective security system. Prior to the design, the security designer and owner/operator will have already decided on the design philosophy and technology alternative. The security designer must keep the owner/operator aware of available options and alternatives. Expandability and upgrade options must be proposed to the owner/operator in order to keep them informed during this phase of the process. Changes to the design during this phase may impact the design fee and capital costs of the project, but the cost would be far less than retrofitting the system after installation.
Visualization of the proposed design can provide additional benefit to the owner/operator prior to implementing the final design and construction documents. Visualization includes 3D CADD renderings and may include animation, allowing the owner/operator to review a model of the facility or security enhancements before they are constructed. The tool is useful for previewing control room layouts, entrance facilities, site barricades, landscaping, or new facility development.
It can be advantageous to the owner/operator to use a security designer with full-service capabilities. Full service implies multidiscipline architecture and engineering, drafting, specifications and construction documents. It is possible that some designers may be able to offer the owner/operator construction services as well. This service would help expedite construction and installation of the design.
Conclusion
The primary theme throughout the design approach is communication. Review of alternative concepts is conducted at the outset of the design phase. The designer should also communicate options, upgrades and other detail alternatives throughout the detailed design. Computer 3D renderings can be used to visualize the final design throughout the design phase. In all cases the owner/operator should be offered the opportunity to review the system and make changes as desired before reaching the construction phase. Complete communication throughout the design phase will help achieve the best final design desired by the owner/operator.
About the Authors
W. Douglas Fitzgerald is a senior vice president and director of security and technology services for HDR, one of the U.S.'s largest employee-owned firms providing architecture, engineering, consulting and project development services. He is a nationally recognized leader in the design and integration of security systems with more than 20 years of experience, including anti- and counter-terrorism protection for government facilities around the world. William B. Embree is the operations manager of security and technology services for HDR. He is a mechanical engineer with experience in site assessment for a wide range of public works projects including wastewater and solid waste.
