DHS-FEMA Region {___} {City, State} CLASS SCHEDULE COURSE CODE: L156 BUILDING DESIGN FOR HOMELAND SECURITY FOR CONTINUITY OF OPERATIONS (COOP) TRAIN-THE-TRAINER {Month Date – Month Date, Year} Course Manager Place {First and Last Name} {Location of Class} DAY 1 {Day of Week, Month Date, Year} 8:30 a.m. Welcome and Administrative {Course Manager} Announcements {Course Manager - Title} {Course Manger – Organization} Unit 1 (C): Introduction and Course Eric Letvin, P.E., Esq. CFM Overview Principal Engineer URS Corporation Linthicum, MD Or Scott Tezak Project Manager URS Corporation Boston, MA 10:15 Break 10:30 Unit 2 (C): Asset Value Assessment Wesley Lyon, PMP Senior Engineer Raytheon UTD Springfield, VA Or Phil Lehman, DVM Principal Scientist Raytheon UTD Springfield, VA Or Robert Cizmadia, CPP, FSO VP, Security Operations Sage Security Group Herndon VA July 19, 2007 11:45 Lunch 12:45 p.m. Unit 3 (C): Threat and Hazard Assessment Wesley Lyon, Phil Lehman, or Robert Cizmadia 2:00 Break 2:15 Unit 4 (C): Vulnerability Assessment Michael Kaminskas, P.E., BSCP Senior Engineer Raytheon UTD Springfield, VA DAY 1 {Day of Week, Month Date, Year} (continued) 3:30 p.m. Break 3:45 Unit 4 (C) Continued Michael Kaminskas 4:15 Unit 5 (C): Risk Assessment and Risk Eric Letvin or Scott Tezak Management 5:00 Adjourn DAY 2 {Day of Week, Month Date, Year} 8:30 a.m. Unit 6 (C): FEMA 452 Risk Assessment Michael Kaminskas Database 9:45 Break 10:00 Unit 7 (C): Explosive Blast Michael Kaminskas 12:00 p.m. Lunch 1:00 Unit 8 (C): Chemical, Biological, and Wesley Lyon, Phil Lehman, or Radiological (CBR) Measures Robert Cizmadia 2:45 Break 3:00 Unit 9 (C): Site and Layout Design Eric Letvin or Scott Tezak Guidance 5:00 Adjourn DAY 3 {Day of Week, Month Date, Year} 8:30 a.m. Unit 10 (C): Building Design Guidance Michael Kaminskas 9:45 Break 10:00 Unit 10 (C) (Continued) Michael Kaminskas 11:30 Lunch 12:30 p.m. Unit 11 (C): Electronic Security Systems Wesley Lyon, Phil Lehman, or Robert Cizmadia 1:30 Unit 12 (C): Case Study Preview (Goal: Brief building owner on prioritized recommendations and justifications for security work.) Michael Kaminskas 2:15 Break 2:30 Unit 12 (C): Presentation of Group Case Study Results and Discussion (10-minute presentation and 5-minute discussion per team) Students/All Instructors 3:30 Unit 13 (C): Train-the-Trainer Eric Letvin or Wesley Lyon 4:30 Unit 14 (C): Course Summary, Evaluation, and Graduation {Course Manager} 5:00 Course Adjourns Unit I (C): Introduction and Course Overview Unit I (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Introduction and Course Overview OBJECTIVES 1. Describe the goal, objectives, and agenda for the course 2. Describe and find material in the course reference manual and student activity handout SCOPE The following topics will be covered in this unit: 1. Welcome and Opening Remarks 2. Instructor Introductions 3. Administrative Information 4. Student Introductions 5. Course Overview 6. Course Materials 7. Activity: Refamiliarize with Case Study materials REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings 2. Case Study – Appendix C: COOP, Cooperville Information / Business Center This page intentionally left blank UNIT I (C) CASE STUDY ACTIVITY: CASE STUDY OVERVIEW (COOP Version) Requirements SQUARE FOOTAGE ANALYSIS – Does the CI/BC Building have sufficient space to accommodate the DAI essential functions? Criteria used to evaluate square footage (rules of thumb): Workstations in Business Center office areas average 100 square feet in floor space. Additional workstations or tables are available on a one-day’s notice. There is no formal Federal Government-wide standard for office space per person. However EPA and GSA recommend 225-230 usable square feet per person which includes all individual and shared space such as workstations, circulation, storage, filing space, and conference rooms. The minimum functional workstation footprint is 64 to 80 square feet (an 8 foot by 8 foot to 8 foot by 10 foot cubicle). A good approach is to use 100 square feet as the minimum space needed for each work station to allow for movement around office and filing/storage space for deployed equipment and files. a. Available Unclassified Square Footage for Personnel: ____________________________ (1) Shift Personnel Requiring Unclassified Square Footage: __________ (with no secure computer terminal co-located) NOTE: DAI configures their cubicles such that secure computer terminals are in secure space and the unclassified computer terminal required for these personnel are properly configured for placement in the same cubicle/workstation within the secure space. See Page SM I-C-8 for Alternate Facility Description Personnel Shift Configuration (2) Minimum Required Unclassified Square Footage for Personnel: ___________ (3) Maximum Required Unclassified Square Footage for Personnel: ___________ (4) Available Unclassified Square Footage per person: ______________________ b. Available Secure (Classified) Square Footage for Personnel: ______________________ (1) Shift Personnel Requiring Secure Square Footage: __________ (with unclassified computer terminal co-located) See Page SM I-C-8 for Alternate Facility Description Personnel Shift Configuration (2) Minimum Required Secure Square Footage for Personnel: ___________________ (3) Maximum Required Secure Square Footage for Personnel: ___________________ (4) Available Secure Square Footage per person: ______________________________ BACKGROUND INFORMATION The needed information from Appendix C, Case Study, is contained here to answer the square footage questions. Use only the Case Study data to answer the student activity questions. However, feel free to ask questions of the instructors based upon your experience. ESSENTIAL FUNCTIONS – NOTE: Table information is summarized in the last row of the table. Priority Essential Function Req Square Footage Req # Personnel Req # Computer Terminals (U) Unclassified (S) Secure Req # Telephones (U) Unclassified (S) Secure Req Cell Phone Coverage (Y or N) 1 Orchestrate national level 4 COOP (U) 2 (U) 2 Y 4 response to any loss of artificial intelligence production capability and loss of AI revenue Site Managers 10 Staff (U) 5 (S) 5 (S) 5 N required for payments to US citizens 2 Consult with and provide reports and other technical 4 COOP Site Fin (U) 2 (U) 2 Y 4 assistance to appropriate Federal agencies that may be impacted by loss of AI component availability and resultant revenue Sys Mgrs 12 Staff (U) 6 (S) 6 (S) 6 N flow 3 Process and post financial 36 (U) 18 (U) 18 N documents supporting monthly cash flow Priority Essential Function Req Square Footage Req # Personnel Req # Computer Terminals (U) Unclassified (S) Secure Req # Telephones (U) Unclassified (S) Secure Req Cell Phone Coverage (Y or N) to Agencies that distribute AI revenues to entitlement recipients 4 Operate personnel / payroll system to ensure all DAI 28 (U) 14 (U) 14 N personnel receive payments 5 Manage operations, security, safety, and health 20 (U) 10 (S) 2 (U) 10 (S) 2 Y-4 programs for all DAI personnel, programs, and operations 6 Manage Department-wide computer security functions 10 (U) 5 (S) 5 (S) 5 N 7 Provide liaison with state, local, and tribal officials on status of critical AI production, availability, and shortfalls. 26 (U) 13 (U) 13 Y 5 Summary of Essential Function Requirements Mgrs 8 Staff 142 (U) 75 (S) 18 (U) 59 (S) 18 17 ADDITIONAL INFORMATION – Consider during each student activity throughout course. FEMA 452 COOP questions – answered 1. Deployment Planning 2. Alternate Facility Description Information from other FEMA sources: 3. FEMA 452 Risk Assessment Database v3.0, Checklist Questions – Section 14 COOP Facility: Additional Concerns 4. Glossary of COOP terminology, FEMA Independent Study (IS) 546, Continuity of Operations (COOP) Awareness Course. 5. Alternate Facility Selection Factors, FEMA IS 547, Introduction to Continuity of Operations. 6. Components of an Effective Vital Records Program, FEMA IS 547. 7. FPC-65 Testing Requirements. 2. DEPLOYMENT PLANNING a. Minimum distance to alternate facility ____60____ miles. b. Required access to transportation: _____?____ Yes/No Privately Owned Vehicle _____?____ Yes/No Agency Arranged Transportation _____?____ Yes/No Mass Transit Types of Mass Transit at Primary Facility: ___Yes____ Yes/No Bus ___Yes____ Yes/No Rail ___Yes____ Yes/No Taxis Types of Mass Transit at Alternate Facility: ___Yes____ Yes/No Bus ___Yes____ Yes/No Rail ___Yes____ Yes/No Taxis 3. Alternate Facility Description: a. How soon after decision to deploy must site be available? ___12_____ # of hours b. Number of Persons to be supported overall (all shifts) ___150___ # people Shift ___A_____ Number of Persons on shift ___75_____ # people Shift ___B_____ Number of Persons on shift ___75_____ # people Shift _________ Number of Persons on shift __________ # people c. When this alternate facility is activated, how many hours per day and days per week will it operate? ____24____ # hours per day ____7_____ # days per week d. If people must stay overnight at the site, indicate the total billet requirement. ____150______ # billets per day Where will billets be located? There is sufficient hotel room space in the local area to handle part or all of the Emergency Relocation Group. Local colleges can be contacted for use of dormitory space, but this would be limited to the summer months per a preliminary inquiry. e. If necessary, the number of meals served on site per day? ____150___ # of meals per day How will meals will be provided, and for what meals (breakfast, lunch, dinner, and for which shift)? Local eateries are not 24 hour operations, thus the lunch meal on the night shift will need to be catered and, for consistency, the lunch meal on the day shift should also be catered. Breakfast and dinner for both shifts are at the discretion of the individual prior to starting shift and after ending shift. There are many caterers/delicatessens/restaurants in the local area that could provide a variety of delivered foods for one or both meals. f. Facility requirements for auxiliary power sources (generators) ___1,500 KVA___ power requirement (maximum) ___1,000 KVA___ critical load (on UPS) ___1250 eKW / 1563KVA___ generator capability/capacity ___26 hours___ duration (hours, days, weeks) (minimum) Based upon the refueling of the fuel tank(s) each day (24 hours). Recommend ensuring there are at least 3 fuel suppliers in different localities to ensure servicing of the fuel tank during any power outage contingency. g. Auxiliary power fuel requirement Estimating Rule of Thumb: 0.08 gallons / KW / hour ___100___ # gallons per hour (1250 KW x 0.08 gallons / KW / hour) ___22 hours___ duration capability (full tanks – hours, days, weeks) (with day tank 80% full) Increase fuel capacity with another tank or use a portable tank during the peak summer months when the maximum load is expected to occur. Alternately, during an exercise ensure this COOP site is fully functional and measure actual load to better understand consumption and duration capability. Adjust capacity requirements accordingly. h. Parking requirement ___0___ Unsecured stalls ___0___ Secured stalls _447 in front & 155 in rear_ Total stalls available (therefore no parking problem even if all Emergency Relocation Personnel bring a POV) i. Vehicle fuel requirement ___0___ # gallons per day (all vehicles to be refilled at local gas stations) j. Water requirement ___112.5 to 22,500___ # gallons per day Estimating Rules of Thumb: 2-quarts - 2 gallons per person per day for consumption/minimal washing 50 gallons / person / day for personal use (drinking, washing, flushing, food prep) 100 gallons / person / day for all building uses 150-160 gallons / person / day for water production Cooling Tower evaporates 3 gallons / minute / 100 tons of air conditioning or 4,320 gallons per day / 100 tons of air conditioning. Cooling Tower sumps for these size units contain 150-300 gallons. Thus without water supply, cooling towers can last about 50-100 minutes before they have insufficient water to operate properly (piping not filled) Estimated consumption using Rules of Thumb: 75 CI/BC employees + 150 Emergency Relocation Group personnel = 225 225 persons x 0.5 = 112.5 gallons / day minimum for consumption/minimal washing 225 persons x 100 = 22,500 gallons / day for all building uses Available water if water main shut off: Bottled water = 5 dispensers x 3 spare jugs x 5 gallons per jugs = 75 gallons, up to 100 gallons if each dispenser has a new jug. NOTE: Will have to arrange additional bottled water and reserves to supply COOP operation. k. Radio requirement None l. Satellite communication requirement A satellite link is needed for secure and non-secure worldwide communications as a backup to telephone landlines. This may already be in the ERG Office Go Kit. m. Other requirement None listed. 3. FEMA 452 Risk Assessment Database v3.0 Checklist Questions – Section 14 COOP Facility: Additional Concerns 14-1: Essential Functions: Have the essential functions been identified and prioritized to establish the planning parameters for the alternate operating facility? 14.2: Essential Functions: Have reliable processes and procedures been established to acquire resources necessary to continue essential functions and sustain operations until normal business activities can be reconstituted, which could be up to 30 days? 14-3: Communications: Does the alternate operating facility provide interoperable communications, including a means for secure communications, with all identified essential internal and external organizations, customers, and the public? 14-4: Communications: Have the internal and external communications capabilities at the alternate operating facility been validated quarterly? 14-5: Communications: Does the COOP facility have wireless / cell phone capability? Have wireless and cell phone providers been reviewed and compared to ensure the best service is provided? Are services available / compatible within the building to support essential functions and missions? 14-6: Test, Training, and Exercises: Has there been annual testing of primary and backup infrastructure systems and services at alternate operating facilities (e.g., power, water, fuel)? 14-7: Test, Training, and Exercises: Have physical security capabilities been tested / exercised annually and shown to able to be in place within 12 hours of COOP plan activation? 14-8: Planning Requirements: Is the alternate operating facility located in an area where power, telecommunications, and internet grids are distinct from those of the primary facility? 14-9: Planning Requirements: Is the distance between the primary facility and the alternate operating facility sufficient to allow it to continue essential agency functions? 14-10: Planning Requirements: Has the organization identified which essential services and functions that can be continued from remote locations (e.g., home facilities or other alternative workplaces) and those that need to be preformed at a designated department or agency operating facility? 14-11: Planning Requirements: Does the alternate facility have detailed site preparation and activation plans or have pre-positioned supplies and resources in order to achieve full operational capability within 12 hours of notification? 14-12: Planning Requirements: Is the COOP facility able to accommodate all emergency relocation group members in a safe and efficient manner? 14-13: Planning Requirements: Does the COOP facility contain the sufficient amount of phones, computers, and necessary equipment needed to sustain COOP operations? 14-14: Vital Records: Has the organization identified vital records needed to perform its essential functions during a COOP event? 14-15: Vital Records: Do emergence response group members have access to their vital records at the alternate facility? Are they available within 12 hours or less of a COOP plan activation. 14-16: Vital Records: Are periodic review / updates of the vital records program conducted to address any new security issues, identify problem areas, and identify additional vital records that may result from new agency programs or functions? 14-17: Vital Records: Are there separate COOP servers? Are they placed in a secure area? Are there backup procedures? 14-18: Vital Records: Has a risk assessment of vital records been performed to determine: a. Identify risks involved if vital records are retained in their current location and medium, and the difficulty reconstituting them if they are destroyed. b. If off site storage is necessary? c. Determine if alternative storage media is advisable? d. Determine if it is necessary to duplicate records to provide a vital records copy? 14-19: Human Capital: Is adequate Personal Protective Equipment available for all emergency response group members while on-site? 14-20: Human Capital: Are there sufficient quantities of Personal Protective Equipment for emergency response group members to sustain operations for 30 or more days? 14-21: Human Capital: Are medical facilities, proper caregivers, and first aid kits available for emergency response group members if and when needed? 14-22: Human Capital: Is there access to essential resources such as food, water, fuel, and municipal services at the facility? 14-23: Security: Does the site provide physical security that meets all requirements established by annual threat assessments and physical security surveys? 4. Glossary of COOP Terminology FEMA Independent Study (IS) 546 Continuity of Operations (COOP Awareness Course Alternate communications: Provide for the capability to perform essential functions, in conjunction with other agencies, until normal operations can be resumed. Continuity of Government Plans: Developed and implemented in the event of a catastrophic emergency to ensure that our government continues to exist and function. Continuity of Operations: A Federal initiative, required by Presidential Directive, to ensure that Executive Branch departments and agencies are able to continue their essential functions under a broad range of circumstances. Delegations of Authority: Formal documents that specify who is authorized to act on behalf of the agency or other key officials for specific purposes. Devolution: The capability to transfer statutory authority and responsibility for essential functions from an agency's primary operating staff and facilities to other employees and facilities. Essential Functions: Those functions that enable an organization to provide vital services, exercise civil authority, maintain the safety of the general public, and sustain the industrial or economic base during an emergency. Essential functions must continue with no or minimal disruption. Exercises: Events that allow participants to apply their skills and knowledge to improve operational readiness. Exercises also allow planners to evaluate the effectiveness of previously conducted tests, training, and exercises. Federal Preparedness Circular 65: Issued by FEMA to provide specific and detailed guidance regarding COOP capabilities. Full-Scale Exercise: Test the agency's total response capability for COOP situations. These exercises are as close to reality as possible, with personnel being deployed and systems and equipment being implemented. Functional Exercise: Simulate a function (e.g., alert, notification) within a real incident. Functional exercises test a single part of COOP activation to be tested independently of other responders. "Go Kit": A kit that should be assembled by each employee and his or her family and should include personal items and necessities, financial and legal documents, and the name and phone number of an out-of-area contact. Hands-On Training: Can provide practice in specialized skills (e.g., notification procedures), allow for practice of newly acquired skills, and help maintain proficiency at infrequently used skills. Multi-Year Strategy and Program Management Plan: The long-term plan for keeping the COOP up to date. Occupant Emergency Plans: Intended to ensure the safety of personnel in the event of an incident inside or immediately surrounding an agency's building. Orders of Succession: Provide for the orderly and predefined assumption of senior agency offices during an emergency in the event that any officials are unavailable to execute their legal duties. All orders of succession should include the conditions under which succession will take place, the method of notification, and limitation on delegations of authority by successors. Orientations: The first type of training conducted in an exercise program. Orientations are usually conducted as briefings and are a good way to introduce the general concepts of a COOP plan; announce staff assignments, roles, and responsibilities; present general procedures; and describe how the COOP plan will be tested and exercised and within what timeframes. Presidential Decision Directive 67: Issued by former President Bill Clinton, requiring all Federal departments and agencies to develop plans in response to all hazards and a full spectrum of threats. Reconstitution: The process by which surviving and/or replacement agency personnel resume normal agency operations from the original or replacement primary facility. Relocation: Involves the actual movement of essential functions, personnel, records, and equipment to the alternate operation facility. Relocation may also involve transferring communications capability to the alternate facility, ordering supplies and equipment that are not already in place at the alternate facility, and other planned activities, such as providing network access. Tabletop Exercise: A simulation activity in which a scenario is presented and participants in the exercise respond as if the scenario was really happening. Test: An evaluation of a capability against an established and measurable standard. Test, Training, and Exercise Program (TT&E): Includes measure to ensure that an agency's COOP program is capable of supporting the continued operation of its essential functions throughout the duration of a COOP situation. TT&E program should be a blend of test, training, and exercise events to ensure that it is comprehensive in that it includes all three components and reflects lessons learned from previous TT&E events. Training: Instruction in core competencies and skills and is the principal means by which individuals achieve a level of proficiency. Vital Records: Records that are vital to an agency and its operations. The records include emergency operating records and legal and financial records. 5. Alternate Facility Selection Factors FEMA Independent Study (IS) 547 Introduction to Continuity of Operations Factor Explanation Location Select a site that provides a risk-free environment, if possible, and is geographically dispersed from the primary work location. This will reduce the chance that the site will be affected by the same event that required COOP activation. Construction The alternate facility should be constructed so that it is relatively safe from the high-risk hazards in the area. Existence of an MOU/MOA The General Services Administration may have space available that is suitable for an alternate facility. Another option may be to enter into a Memorandum of Understanding (MOU) or Memorandum of Agreement (MOA) with another agency to share space during COOP activation. Space The alternate facility must have enough space to house the personnel, equipment, and systems required to support all of the organization's essential functions. Billeting and Site Transportation Billeting and site transportation should be available at or near the alternate facility. Sites that are accessible by public transportation and that provide billeting or are near hotels offer important advantages. Communication The site will need to support the agency's COOP information technology and communication requirements. The agency will need to acquire any capabilities not already in place. Security Security measures, such as controlled access, should be an inherent part of the alternate facility. Life Support Measures Access to life support measures—food, water, and other necessities— should be available onsite or nearby. Site Preparation Requirements The amount of time, effort, and cost required to make the facility suitable for the agency's needs is critical. The more "turnkey" the facility is, the better. Maintenance Consider the degree of maintenance required to keep the facility ready for COOP operations. Lower-maintenance facilities offer a distinct advantage in case of no-warning COOP activation. 6. Components of an Effective Vital Records Program FEMA Independent Study (IS) 547 Introduction to Continuity of Operations Component Description Vital Records Directive A directive from senior leadership that establishes the vital records program and assigns responsibility for vital records management. The directive should: Specify the purpose and scope of the program. Assign roles and responsibilities. Provide for staff training. Require periodic review and testing of the program. Appropriate Medium The determination of an appropriate medium for each type of vital record to enable the Emergency Relocation Group (ERG) to access the records within 12 hours, or less, as required, of activation. Agencies should strongly consider: Multiple redundant media for storage of vital records. Methods to facilitate the rapid recovery of records necessary to ensure business survival. Records Inventory A complete inventory of the records identified as vital to agency operations. The inventory should include: The location of the records. Complete access information. Risk Assessment An assessment that: Identifies the risks involved if the vital records are retained in their current locations and in their current media—and the difficulty of reconstituting them if they are destroyed. Determines the level of physical security and confidentiality of the records. Determines offsite storage—perhaps in a regional office or in commercial storage. Identifies whether alternate storage media are advisable. Determines whether duplication may be required for records that will be stored off site, are static, or are available in hardcopy only. Records Protection Methods The selection of appropriate protection methods for all vital records, including whether: Dispersal to other locations may be required. If records are to be dispersed, the site must have controlled access separately from the site where the records were created or used regularly. Special media protection methods are required. Update Procedures Procedures for routinely updating vital records so that they always contain the most current information. Recovery Strategy The identification of records recovery experts and vendors who can assist with the recovery of vital records in the event of damage or loss. Vital Records Packet A packet that includes: A list of key personnel and disaster staff including up-to-date telephone numbers or other contact information. A complete inventory of the vital records and their precise locations. Necessary keys and/or access codes for the records. The locations of alternate operating facilities. The packet should be reviewed periodically to ensure that the information is current. Training A training program for all staff involved in the vital records program. Training for vital records should focus on the vital records policies and procedures as well as personnel responsibilities. Review Program A strategy for periodic review of all vital records. The program should: Address new security issues that have been identified since the last review. Update information in the vital records as necessary. Identify additional vital records. Provide an opportunity to familiarize staff with the program. Testing Capabilities A testing strategy that evaluates capabilities for: Protecting classified and unclassified vital records and databases. Providing access to vital records from alternate facilities. Testing is required semiannually. 7. FPC-65 COOP Testing Requirements (Potential impact on alternate facility indicated by bold italics) Testing is an important part of COOP readiness. By testing, agency personnel can tell if the policies and procedures work as they should, when they should. Testing is critical for: Alert, notification, and activation procedures. Communications systems. Vital records and databases. Information technology systems. Major systems at the alternate facility (e.g., power, water). Reconstitution procedures. FPC-65 requires testing of certain aspects of the COOP plan. The agency test program must include: Quarterly testing of alert, notification, and activation procedures. Semiannual testing of plans for the recovery of vital classified and unclassified records and critical information systems, services, and data. Quarterly testing of communications capabilities. Annual testing of primary and backup infrastructure systems and services at alternate operating facilities (e.g., power). Unit II (C): Asset Value Assessment Unit II (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Asset Value Assessment OBJECTIVES 1. Identify the assets of a building or site that can be affected by a threat or hazard 2. Explain the components used to determine the value of an asset 3. Determine the critical assets of a building or site 4. Provide a numerical rating for the asset and justify the basis for the rating SCOPE The following topics will be covered in this unit: 1. The core functions and critical infrastructure listed on the threatvulnerability matrix 2. Various approaches to determine asset value – FEMA, Department of Defense, Department of Justice, and Veterans Affairs 3. A rating scale and how to use it to determine an asset value 4. Activity: For the assets identified in the Risk Matrix, use the information in the Case Study, review the asset value for each asset of interest, and provide rationale for the asset value rating given. REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, pages 1-10 to 1-14 2. FEMA 452, Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, pages 2-1 to 2-26 3. Case Study – Appendix C: COOP, Cooperville Information / Business Center Asset Value Rating Considerations (Impact or Consequences if asset is lost or damaged) 1. Criticality to the overall organization, agency, company, or government entity goals . Higher criticality means higher value o Number of users affected o Direct economic loss and cost to rebuild o Potential number of deaths from an attack 2. Criticality to the goals of the specific unit, location, branch, or office being assessed . Higher criticality means higher value o Number of users affected o Direct economic loss and cost to rebuild o Potential number of deaths from an attack . Example, the loss of the kitchen at a Veterans Affairs Hospital is important to that hospital, but the loss of that kitchen is not critical to the overall goals of the Department of Veterans Affairs. 3. Ease of replacement . Harder to replace (measured in months to years) means higher value . Easier to replace (measures in days) means lower value 4. Relative value of assets . Just like in fire protection assessment, the higher the cost of the items individually and in aggregate, the higher the value . For people performing functions, the number of critical personnel and the number of total personnel in the facility determine the relative rating; the higher the number of people the higher the value . Critical personnel may be harder to replace due to the time needed for education, training, and experience to meet functional needs; similar to ease of replacement but with much longer timelines 5. What are the consequences of destruction, failure, or loss of function of the asset in terms of fatalities and/ or injuries, property losses, and economic impacts? (Similar to criticality above) . Number of users affected . Direct economic loss and cost to rebuild . Potential number of deaths from an attack 6. What is the likelihood of cascading or subsequent consequences should the asset be destroyed or its function lost? . Interdependency – will loss of the asset have an effect upon other assets in the same or different Critical Infrastructure Sectors UNIT II (C) CASE STUDY ACTIVITY: ASSET VALUE RATINGS (COOP Version) Asset value is the degree of debilitating impact that would be caused by the incapacity or destruction of a building’s assets. Page 1-13 of FEMA 426 provides an Asset Value Scale (Table 1-1) to quantify asset value, as well as definitions of the ratings. Table 1-2 on page 1-14 of FEMA 426 provides a format to summarize the value of the major categories of a building’s assets. FEMA 452, pages 2-17 to 2-19 provide additional information. Requirements Refer to the Appendix C Case Study to determine answers to the following questions: The first question / answer below are provided as an example. The other questions have the pages identified where the answers may be found. Identifying Building Core Functions 1. What are Cooperville Information / Business Center’s (CI/BC) primary services or outputs? [Page C-5 to Page C-6] Information Division -- IT services support for over 20 private and government organizations/clients. CI/BC supports over 1,000 users and over 100 applications as a primary data center and as a disaster recovery backup site to include field technicians and help desk. Many clients depend on CI/BC’s ability to provide real time IT support, on a 24 x 7 basis. Others rely on the company’s IT backup services. Business Center – Provides day-to-day office space and office, telephone, and computer support to short-term clients, including Information Division requirements. 2. What critical functions/activities take place at CI/BC? [Page C-31 to Page C-35] 3. Who are the building’s primary occupants and visitors? [Page C-5 to Page C-6] 4. What inputs from external organizations are required for CI/BC’s success? [Page C-5 to Page C-6 and Page C-17 to Page C-35] Identifying Building Assets and Quantifying Asset Value Ratings Use the following process to complete the following tables – CI/BC Critical Functions Asset Value Ratings and CI/BC Critical Infrastructure Asset Value Ratings Adjust your asset value ratings of CI/BC’s critical functions and critical infrastructure based upon the COOP needs of DAI. 1. Refer to Table 1-1 in FEMA 426 and the associated value descriptions for the ratings listed below • Very High (10) • High (8-9) • Medium High (7) • Medium (5-6) • Medium Low (4) • Low (2-3) • Very Low (1) 2. Consider the questions on page 1-11 in FEMA 426 as you rate CI/BC’s assets. 3. Refer to Table 1-2 in FEMA 426, Nominal Building Asset Value Assessment and use the descriptions of these asset categories as found in the Appendix C Case Study to focus the rating. Another approach is to use an asset value rating of 5 (mid-range) and do a pair-wise comparison to each asset category as the process continues, raising or lowering the rating from 5 as the team compares asset value inputs collected from the Appendix C Case Study. NOTE 1: The first two rows in both tables are completed as examples. Nominal ratings are provided in all other asset categories. 1. Confirm the team’s Asset Value Rating for each category [agree, raise, or lower the indicated rating] 2. Provide Rationale for each rating [whether changed or unchanged] 3. Enter asset value rating on the Risk Matrix NOTE 2: Consult Table 1-22, pages 1-46 to 1-92, in FEMA 426. Look at the content of the questions to understand the various infrastructure asset categories. For example, Utility Systems apply to all utilities outside the 3-foot drip line of the building (from the source to the building, but primarily on the site), while Mechanical, Plumbing, Gas, Electrical, Fire Alarm, Communications, and Information Technology Systems are inside the 3-foot drip line of the building. CI/BC Critical Functions Asset Value Ratings Asset Value Numeric Value Rationale 1. Administration Medium-Low 4 Redundancy and staff skills that can be replaced. Senior managers and financial systems in the same area increase value. Low to medium economic cost to replace. Can impair in the short term the core functions and processes. DAI COOP value is minimal as ERG is selfcontained, at least for the first 30 days. 2. Engineering/IT Technicians High 8 Staff skills require specialized expertise, but can be replaced. Key equipment and resources needed for 24/7 ops. High economic cost to replace. Can impact core functions and processes for extended period of time. DAI COOP value is high as this function ensures connectivity and communications. 3. Loading Dock/Warehouse Medium-Low 4 Asset Value Numeric Value Rationale 4. Data Center Very High 10 5. Communications High 9 6. Security Medium High 7 Asset Value Numeric Value Rationale 7. Housekeeping Very Low 1 CI/BC Critical Infrastructure Asset Value Ratings Asset Value Numeric Value Rationale 1. Site Medium-Low 4 CI/BC does not own building or site, but location is critical to access and support to clients. Cost is $10 - $20 per square foot which indicates other office complexes in area are competitive. Moderate consequences or minor impairment of core processes and functions if must move from site. DAI COOP value can be higher than CI/BC, due to CI/BC backup of DAI data. 2. Architectural Medium 5 Signage and business office information couple the building to other park tenants (geographically clustered, centralized). Nothing overly descriptive that requires the use of this building, but moderate to severe consequences or impairment if lost. Limited architectural flexibility either exterior or interior. DAI COOP value no different than CI/BC, as long as signage remains non-descript. Building layout will be as is. Asset Value Numeric Value Rationale 3. Structural Systems High 8 4. Envelope Systems Medium 5 5. Utility Systems Medium 5 Asset Value Numeric Value Rationale 6. Mechanical Systems High 8 7. Plumbing and Gas Systems Medium 6 8. Electrical Systems High 8 Asset Value Numeric Value Rationale 9. Fire Alarm Systems Medium 5 10. IT / Communications Systems High 9 Unit III (C): Threat/Hazard Assessment Unit III (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Threat/Hazard Assessment OBJECTIVES 1. Identify the threats and hazards that may impact a building or site 2. Define each threat and hazard using the FEMA 426 methodology 3. Provide a numerical rating for the threat or hazard and justify the basis for the rating 4. Define the Design Basis Threat, Levels of Protection, and Layers of Defense. SCOPE The following topics will be covered in this unit: 1. From what offices is threat and hazard information available? 2. The spectrum of event profiles for terrorism and technological hazards from FEMA 386-7. 3. The FEMA 426 approach to determine threat rating. 4. A rating scale and how to use it to determine a threat rating. 5. Activity: Identify the threat rating of the four threats selected for this course (Cyber Attack, Armed Attack, Vehicle Bomb, CBR Attack) against each identified asset using the Case Study and provide the rationale for these threat ratings. REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, pages 1-14 to 1-24 2. FEMA 452, Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, pages 1-1 to 1-30 3. Case Study – Appendix C: COOP, Cooperville Information / Business Center Threat/Hazard Rating Considerations (Likelihood of Attack or Occurrence) 1. Asset visibility to terrorists, proximity to technological hazards, or locality for natural hazard . Higher visibility, closer proximity to technological hazards, or location within specific locality for natural hazards raise threat rating o Iconic structure is considered highest visibility . Lower visibility, far from technological hazards, and not located where earthquake, wind, fire, or flood are known dangers would lower threat rating . List from FEMA 386-2 as potential hazards o Avalanche o Coastal Erosion o Coastal Storm o Dam Failure o Drought o Earthquake o Expansive Soils o Extreme Heat o Flood o Hailstorm o Hurricane o Land Subsidence o Landslide o Severe Winter Storm / Ice Storms, Heavy Snows, Transportation restricted o Tornado o Tsunami o Volcano o Wildfire o Windstorm o Added: Extended loss of water, sewage, or electric utilities o Added: Extended loss of garbage or debris collection 2. Usefulness of assets with cash value, with direct application to attacker’s goals, or with publicity value . Generally, higher the cash value, greater applicability to terrorist goals, and great publicity value, the higher the threat from criminals and terrorists and the higher the rating 3. Asset availability . If available at one location only – high threat rating) . If available everywhere – low threat rating 4. Number of local incidents in the past . The higher the number of incidents (all potential sources) the higher the threat rating 5. Number of incidents in the geographic area in the past . The higher the number of incidents (all potential sources) the higher the threat rating Unit Plan: III 6. Potential for future incidents -- subjective view of likelihood that can be adjusted for the following: . The higher the number of terrorist organizations operating with ability or desire to be in the vicinity the higher the threat rating . The higher the number of potential technological hazards sites nearby the higher the threat rating . The expected future occurrence of flood, wind, and seismic activity in the specific locality the higher the threat / hazard rating 7. Accessibility to asset (this is used as a threat input by many methodologies, but could be viewed as a vulnerability consideration as explained below) . The fewer layers of defense in place, the higher the threat rating – This is based upon the terrorist assessment of the building as a future successful target . DETER and DETECT measures as defined on page 1-9 of FEMA 426 are methods for reducing the threat . DENY measures as defined on page 1-9 of FEMA 426 are methods of hardening the site and building and would be described better as mitigation of vulnerability 8. Effectiveness of law enforcement (including counter intelligence) . Greater the effectiveness, the lower the threat rating – Detect 9. Cyber . Does function or infrastructure have any components using electronics, software, or data (information technology) or communications o If yes, then threat is high due to the ease of identifying / pinging these systems o If no, then threat is low o Level of threat is relative to the value of information contained or the consequences of change that would draw the terrorist or hacker to want to enter the system . Cyber experts go into much greater detail, but essentially are looking at a common vulnerability standard vice a threat rating UNIT III (C) CASE STUDY ACTIVITY: THREAT/HAZARD RATING (COOP Version) After assets that need to be protected are determined, the next step is to identify the threats and hazards that could harm the building and its inhabitants. Hazards are categorized into two groups: natural and manmade. For the sake of this course, the four primary threats selected are Cyber Attack, Armed Attack, Vehicle Bomb, and CBR Attack. Requirements Refer to the Appendix C Case Study data and complete the following worksheets. Each student as part of their assessment team will interpret the CI/BC threat information and should select and justify a threat/hazard rating number with rationale. For example: • Any function with key IT systems connected to the Internet should get high cyber threat values. • The threat of explosive blast should be looked upon as either as directly targeted or as collateral damage. Before giving a consistently low rating, consider your answer to Activity # 1 below as it would have been applied to the Murrah Building in Oklahoma City in 1995. • A CBR attack or nearby HazMat spill could impact the entire facility. Thus, to illustrate threat assessment, two activities were selected for their different methodology. • Activity # 1 uses the FEMA 452 Criteria that has its basis in the rating process developed by the US Marshals Service after the Murrah Building bombing in Oklahoma City. The US Marshals Service process was then used by GSA to begin assessing Federal buildings. This method tends to look at the building as a whole. • Activity # 2 uses the FEMA 426 methodology of applying a threat rating using specific or generic tactics in a given threat scenario against a specific asset, such as critical functions or critical infrastructure. Thus, this method tends to look at the various components of the building so as to focus limited resources to achieve maximum risk reduction by taking care of the most critical assets. Final Action: Transfer answers from the Activity # 2 Threat Ratings tables below to the Risk Matrix poster after team agreement on answer. Activity # 1: Determine the threat score for a 500-lb. vehicle bomb as applied to CI/BC Familiarize yourself with the process of determining the primary threats according to the FEMA 452 criteria (Table 1-4, page 1-21, FEMA 452 and provided on the next page (SM III-C-5) of this unit) by determining the threat score for a 500-lb. (TNT equivalent) vehicle bomb using the information on the next page and in the Appendix C Case Study. As shown in Table 1-5, page 1-22, FEMA 452, you can use this scoring methodology to determine your primary threats based upon the threats that achieve the highest scores. However note that the criteria actually intersperses Asset Value Rating, Threat Rating, and Vulnerability Rating as indicated below: • Access to Agent (Threat – capability of potential threat elements) • Knowledge/Expertise (Threat – capability of potential threat elements) • History of Threats/Actual Usage (Threat – rhetoric and actual use by potential threat elements) • Asset Visibility / Symbolic (Asset Value – but in eyes of potential threat elements as a target) • Asset Accessibility (Vulnerability) • Site Population / Capacity (Asset Value or Threat (Targeting)) • Level of Defense (Vulnerability) FEMA 452 Table 1-5 Excerpt Scenario Access to Agent Knowledge/ Expertise History of Threats Against Buildings Asset Visibility/ Symbolic Asset Accessibility Site Population/ Capacity Level of Defense Score Improvised Explosive Device (Bomb) 500 lb. Vehicle Bomb FEMA 452 Criteria, Table 1-4 Scenario Access to Agent Knowledge/ Expertise History of Threats Against Buildings Asset Visibility/ Symbolic Asset Accessibility Site Population/ Capacity Level of Defense 9-10 Readily available Basic knowledge/ open source Local incident Existence widely known/ iconic Open access, unrestricted parking > 5,000 Little or no defense against threats. No security design was taken into consideration and no mitigation measures adopted. 6-8 Easily producible Bachelor or technical school/open scientific or technical literature Regional/ State Existence locally known/ landmark Open access, restricted parking 1,001-5,000 Minimal defense against threats. Minimal security design was taken into consideration and minimal mitigation measures adopted. 3-5 Difficult to produce or acquire Advanced training/rare scientific or declassified literature National Existence published / well-known Controlled access, protected entry 251-1,000 Significant defense against threats. Significant security design was taken into consideration and substantial mitigation measures adopted. 1-2 Very difficult to produce or acquire Advanced degree or training/ classified information International Existence not well known/ no symbolic importance Remote location, secure perimeter, armed guards, tightly controlled access 1-250 Extensive defense against threats. Extensive security design was taken into consideration and extensive mitigation measures adopted. Activity # 2: Determine the Threat Ratings for Cooperville Information / Business Center This is the FEMA 426 method for determining the “Threat Rating.” The rating scale is a scale of 1 to 10, with 1 being a very low probability of a terrorist attack and 10 a very high probability. NOTE 1: In the previous student activity to determine Asset Value Rating, there was only one value of an asset – it did not change based upon threat or situation. The impact if the asset was damaged or lost is a view of its value. NOTE 2: In like manner, the Threat Rating will tend to be the same across all assets. Variances can occur across large buildings where all functions may not exist in all portions of the building or the targeting of the asset may be negligible – no history, no capability, no intent. Recommendation: For Cyber Attack against an asset that has no computer and no connection to the internet the Threat Rating should be based upon the asset having a computer internet connection. Then handle the lack of computer and/or lack of internet connection under the Vulnerability Rating. Then if the asset gets a future computer and/or future internet connection only the Vulnerability Rating need be adjusted. Activity # 2: In the Critical Functions and Critical Infrastructure Threat Ratings below, Armed Attack has threat ratings and rationale completed as an example. Review Armed Attack and adjust as the team sees fit and then complete the remainder of the Threat Ratings tables. CI/BC Critical Functions Threat Ratings Function Cyber Attack Armed Attack Vehicle Bomb CBR Attack 1. Administration 3 2. Engineering / IT Technicians 3 3. Loading Dock / Warehouse 3 Function Cyber Attack Armed Attack Vehicle Bomb CBR Attack 4. Data Center 3 5. Communications 3 6. Security 3 7. Housekeeping 3 Rationale 3 – Low threat based upon lack of intentions, history, or targeting in the local, regional, state, and national levels. Criminal activity notwithstanding is normally focused on more transient sites with easy get away access. CI/BC Critical Infrastructure Threat Ratings Infrastructure Cyber Attack Armed Attack Vehicle Bomb CBR Attack 1. Site 3 2. Architectural 3 3. Structural Systems 3 4. Envelope Systems 3 5. Utility Systems 5 6. Mechanical Systems 5 7. Plumbing and Gas Systems 3 8. Electrical Systems 3 Infrastructure Cyber Attack Armed Attack Vehicle Bomb CBR Attack 9. Fire Alarm Systems 3 10. IT / Communications Systems 3 Rationale 3 – Low threat based upon lack of intentions, history, or targeting of infrastructure on the local, regional, state, and national levels. 5 -- Medium threat on certain infrastructure systems (normally found outside the building envelope) that have been targeted and impacted by armed attack. Unit IV (C): Vulnerability Assessment Unit IV (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Vulnerability Assessment OBJECTIVES 1. Explain what constitutes a vulnerability. 2. Identify vulnerabilities using the Building Vulnerability Assessment Checklist. 3. Understand that an identified vulnerability may indicate that an asset is vulnerable to more than one threat or hazard and that mitigation measures may reduce vulnerability to one or more threats or hazards. 4. Provide a numerical rating for the vulnerability and justify the basis for the rating SCOPE The following topics will be covered in this unit: 1. Review of types of vulnerabilities, especially single-point vulnerabilities and tactics possible under threats/hazards for which there are no mitigation measures. 2. Various approaches and considerations to determine vulnerabilities – FEMA (primarily), with inputs from Departments of Defense, Justice, and Veterans Affairs. 3. A rating scale and how to use it to determine a vulnerability rating. 4. Activity: Determine the vulnerability rating, with rationale, for each asset-threat/hazard pair of interest, using the four threats selected for this course (Cyber Attack, Armed Attack, Vehicle Bomb, CBR Attack) as applied against the identified assets. Achieve team concurrence on answers. REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, pages 1-24 to 1-35 and pages 1-45 to 1 93 2. FEMA 452, Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, pages 3-1 to 3-20 3. Case Study – Appendix C: COOP, Cooperville Information / Business Center Vulnerability Rating Considerations (susceptibility to damage resulting from that attack tactic being used against that asset or hazard occurring that affects that asset) 1. Effectiveness of threat tactic / hazard against asset . The greater the predicted or modeled effectiveness the greater the vulnerability o Number of people injured or killed o Amount of building destroyed o Level of publicity expected to occur 2. Redundancy . Back-up facility or equipment that offsets the loss of the asset o Partial back-up: 10 to 90% o One full back-up: 100% o Additional back-up depending upon workload: 125%, 150%, 200% . The greater the redundancy the less the vulnerability; but too much redundancy can reduce reliability 3. Layers of Defense and depth of layers . DENY measures as defined on page 1-9 of FEMA 426 are methods of hardening the site and building and would be described better as mitigation of vulnerability . How far do the mitigation measures keep the threat away from the asset? o The more complete the Layers of Defense and the greater the depth (stand-off distance) of these layers the lower the vulnerability. 4. Cyber . Can a terrorist or hacker get any access to the function or infrastructure that has components of electronics, software, data (information technology), or communications o If none of these components, the vulnerability is very low o If components are all stand alone, the vulnerability is also very low, but probably greater than one .. Example: electric typewriters give off varying radio frequencies during operation that allows specific key strokes to be identified and, therefore, recreated o If components use wireless, radio frequency, cell phones, land lines, or hardwired internet or communications connections then vulnerability is based upon DETECT (anti-virus or access attempts), DETER (access protocols, physical security), DENY (firewalls, encryption, shielding), or other measures . Cyber experts have detailed and in-depth approaches to assessing vulnerability. A proposed industry standard is CVSS (Common Vulnerability Scoring System) which prioritizes vulnerabilities and indicates to system administrators the tasks they should expend available manpower upon. UNIT IV (C) CASE STUDY ACTIVITY: VULNERABILITY RATINGS (COOP Version) Vulnerability is any weakness that can be exploited by an aggressor or, in a non-terrorist threat environment, make an asset susceptible to hazard damage. Vulnerabilities may include: • Critical functions or systems that lack redundancy and if damaged would result in immediate organization disruption or loss of capability (“Single-Point Vulnerability”) • Redundant systems feeding into a single critical node • Critical components of redundant systems collocated • Inadequate capacity or endurance in post-attack environment Vulnerability rating requires identifying and rating the vulnerability of each asset-threat/hazard pair of interest. In-depth vulnerability assessment of a building evaluates specific design and architectural features and identifies all vulnerabilities of the building functions and building systems. Vulnerability Rating Activities 1. Complete the tables for Critical Functions and Critical Infrastructure Vulnerability Ratings. • Some ratings and rationale are provided as examples. • Adjust ratings as desired by team consensus and provide rationale for the provided or adjusted ratings as appropriate. • Refer to the Appendix C Case Study as needed. 2. Transfer the vulnerability ratings to the Risk Matrix poster after reaching team consensus on the answers. Vulnerability Rating Requirements Refer to the Appendix C Case Study and rate the vulnerability of the following assetthreat/ hazard pairs of interest. Transfer vulnerability ratings to the Risk Matrix and achieve team consensus on the answers. Some ratings and rationale are provided as examples. Adjust ratings as desired by team consensus and provide rationale for the provided or adjusted ratings as appropriate. CI/BC Critical Functions Vulnerability Ratings Function Cyber Attack Armed Attack Vehicle Bomb CBR Attack 1. Administration 4 8 8 8 2. Engineering/IT Technicians 4 6 8 8 3. Loading Dock/ Warehouse 2 8 8 8 4. Data Center 3 3 8 8 5. Communications 8 3 8 8 6. Security 4 6 8 8 7. Housekeeping 1 2 8 8 RATIONALE Cyber Attack is based upon the level of interaction the function has with the internet or other communications systems. High End: Do not expect much vulnerability at this level. CI/BC is an Information Company whose business it is to ensure security of its systems and products. A variety of firewalls and other security systems are in place to protect the company and its clients. The firewall solution is based on the Cisco PIX to provide highly resilient firewall protection. Other security systems include reporting and analysis tools and network detection devices, which help protect the company’s computers from hacking. If Engineering/IT Technicians included building operations and maintenance personnel whose systems are accessible from home through passwords and firewalls to monitor and adjust parameters of concern, this would be a high end vulnerability due to the current configuration of such software. This was not included in the Case Study, therefore, not given a high vulnerability rating. Communications set at the high end due to wireless networks that are less secure than wired networks and are more accessible to the terrorist. Middle: Administration, Engineering/IT Technicians, and Security are mid-range rated due to the use of systems connected to the internet that are required for their daily operations, but the level of mitigation capability is not as great as would be found in the Data Center. Low End: While not explained in the Case Study, the Loading Dock/Warehouse and Housekeeping are expected to have very little or no interaction with the internet or communications systems per se. Their main interaction may be through cell phone communications. The Loading Dock / Warehouse may have an internet link to identify dates, times, and access information for deliveries or for purchasing / warehousing items. The Data Center is also on the low end due to the security explanation given under High End above. Armed Attack High End: Middle: Low End: Vehicle Bomb High End: Middle: Low End: CBR Attack High End: Middle: Low End: CI/BC Critical Infrastructure Vulnerability Ratings Infrastructure Cyber Attack Armed Attack Vehicle Bomb CBR Attack 1. Site 8 2. Architectural 1 3. Structural Systems 1 4. Envelope Systems 1 5. Utility Systems 2 6. Mechanical Systems 8 7. Plumbing and Gas Systems 1 8. Electrical Systems 1 9. Fire Alarm Systems 1 10. IT/Communications Systems 8 RATIONALE Cyber Attack is based upon connectivity to the internet and communications systems. High End: Middle: Low End: Armed Attack High End: Middle: Low End: Vehicle Bomb High End: Middle: Low End: CBR Attack is also global, but takes into account the effect of the CBR agents on the equipment, its operation, and the accessibility of operations and maintenance personnel to ensure system operations. High End: As with Vehicle Bomb, a high end rating is appropriate for Site as there are no mitigation measures for a CBR attack. Vulnerability Ratings of 9 or 10 would also be justifiable. This tactic will deny access to the building and its critical functions and critical infrastructure based upon the type and persistency of agent. Likewise, the Mechanical Systems have no mitigation measures in place, specifically HVAC, warranting a high rating. As the IT/Communication Systems require 24/7 attention and they are linked to the HVAC system, IT/Comms warrants a high rating as their operation can be severely impacted during and after a CBR attack. Middle: Low End: Low end vulnerability rating is given to Architectural, Structural Systems, and Envelope Systems as the CBR attack will have little to no effect upon these systems performing their functions. Decontamination will be the main response. Utility Systems will also continue to function properly during and after a CBR attack, but these systems may require maintenance access which will be hampered by the persistency of any agents. Thus, a higher vulnerability rating is warranted. Similarly, Plumbing and Gas Systems, Electrical Systems, Fire Alarm Systems will generally continue to operate during and after a CBR attack. Maintenance can be delayed until decontamination is complete. This page intentionally left blank Unit V (C): Risk Assessment/Risk Management Unit V (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Risk Assessment / Risk Management OBJECTIVES 1. Explain what constitutes risk. 2. Provide a numerical rating for risk and justify the basis for the rating. 3. Evaluate risk using the Risk (Threat-Vulnerability) Matrix to capture assessment information. 4. Identify top risks for asset-threat/hazard pairs of interest that should receive measures to mitigate vulnerabilities and reduce risk. SCOPE The following topics will be covered in this unit: 1. Definition of risk and the various components to determine a risk rating. 2. The FEMA 426 approach to determining risk. 3. A rating scale and how to use it to determine a risk rating. One or more specific examples will be used to focus students on the following activity. 4. The relationships between high risk, the need for mitigation measures, and the need to identify a Design Basis Threat and Level of Protection. 5. Activity: Determine the risk rating for the asset-threat/hazard pairs of interest. Identify the high risk ratings for the Case Study. REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, pages 1-35 to 1-44 2. FEMA 452, Risk Assessment - A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, pages 4-1 to 4-9 3. Case Study – Appendix C: COOP, Cooperville Information / Business Center This page intentionally left blank UNIT V (C) CASE STUDY ACTIVITY: RISK RATINGS (COOP Version) One approach to conducting a risk assessment is to assemble the results of the asset value assessment, the threat/hazard assessment, and the vulnerability assessment, and determine a numeric value of risk for each asset-threat/hazard pair of interest using the following formula: Risk Rating = Asset Value Rating x Threat Rating x Vulnerability Rating Requirements 1. Use the following worksheet tables or the Risk Matrix poster to summarize the CI/BC asset value, threat/hazard, and vulnerability assessment ratings conducted in the previous three unit activities. Reach team consensus on answers. 2. Use the formula above to determine the risk rating for each asset-threat/hazard pair identified under Critical Functions and under Critical Infrastructure. 3. Transfer the ratings to the Risk Matrix poster and circle all high risk ratings in RED using a whiteboard marker. CI/BC Critical Functions Risk Ratings Function Cyber Attack Armed Attack Vehicle Bomb CBR Attack 1. Administration Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 2. Engineering/IT Technicians Risk Rating Asset Value Rating Threat Rating Vulnerability Rating Function Cyber Attack Armed Attack Vehicle Bomb CBR Attack 3. Loading Dock/ Warehouse Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 4. Data Center Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 5. Communications Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 6. Security Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 7. Housekeeping Risk Rating Asset Value Rating Threat Rating Vulnerability Rating CI/BC Critical Infrastructure Risk Ratings Infrastructure Cyber Attack Armed Attack Vehicle Bomb CBR Attack 1. Site Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 2. Architectural Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 3. Structural Systems Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 4. Envelope Systems Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 5. Utility Systems Risk Rating Asset Value Rating Threat Rating Vulnerability Rating Infrastructure Cyber Attack Armed Attack Vehicle Bomb CBR Attack 6. Mechanical Systems Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 7. Plumbing and Gas Systems Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 8. Electrical Systems Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 9. Fire Alarm Systems Risk Rating Asset Value Rating Threat Rating Vulnerability Rating 10. IT/Communications Systems Risk Rating Asset Value Rating Threat Rating Vulnerability Rating Unit VI (C): FEMA 452 Risk Assessment Database Unit VI (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE FEMA 452 Risk Assessment Database OBJECTIVES 1. Explain the database install process (Options 2 and 3). 2. Identify where to save photos, maps, drawings, plans, etc. to interface with the database. 3. Explain the information required for the database to function within each screen, how to move between screens, and switch between the assessment tool operating mode and the master database operating mode. 4. Explain the benefit and approaches to setting priorities on identified vulnerabilities. 5. Explain how to use the database to produce standard reports and search the database for specific information. SCOPE The following topics will be covered in this unit: 1. The installation of the FEMA 452 Risk Assessment Database (Options 2 and 3). 2. Inputting data into the database and linking associated information, such as GIS images, Miscellaneous files, and Photos. 3. Navigation in the database to operate all functions. 4. Risk management capability using the database. 5. Activity: Students will follow the instruction unit. Option 1: Students install software prior to arriving at course with help of System Administrator as required and begin familiarization. This unit completes the familiarization. Option 2: In a demonstration / performance mode, follow the instruction unit, installing the databases, and navigating the databases following the instructor’s presentation. Option 3: Install the databases and navigate them outside the instruction unit at some time on Day 2. Unit VI (C): FEMA 452 Risk Assessment Database REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, Chapter 1 2. FEMA 452, Risk Assessment - A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, pages 4-1 to 4-10 3. FEMA 452 Risk Assessment Database CD with Install Wizard (latest version) Unit VI (C): FEMA 452 Risk Assessment Database UNIT VI (C) CASE STUDY ACTIVITY: FEMA 452 RISK ASSESSMENT DATABASE (COOP Version) To this point the assessment procedures have been done manually to understand the thought process. Once the process is understood, the need to be able to manage assessment information, especially from multiple assessments, becomes evident. This unit shows the features of the FEMA 452 Risk Assessment Database v3.0, 16 January 2007, in a demonstration/performance instruction approach or a presentation approach with software installation being done either before arriving at the course or sometime later on Day 2. Requirements Minimum hardware and software requirements: Pentium® 4 or equivalent Windows XP MS Access® 2002 256 MB of RAM recommended for all components Option 1: Students should have individual personal laptops that they have brought to the course. They have downloaded the database software either from the FEMA Risk Management Series web site or from a FEMA Floodmaps e-mail. They will work with their Systems Administrator as required to ensure the laptop meets the minimum hardware and software requirements listed above and that the software installation is successful. They students may begin familiarization with the software, but that will require some review of the User’s Guide. During the course, the instructor will use PowerPoint slides with database screen captures to illustrate the various features of the software. The database installation slides will be hidden as the laptops will already be loaded with the database and other files. Option 2: This option works best when the students are conversant in loading software on their laptop, have the necessary minimum requirements on their laptop, and have administrator rights for loading software. The instructor will provide a CD to each student as part of the course handouts. The CD contains the install wizard programs to install the database on the laptop. It also contains other files to illustrate the user interface, input, and functions of the database. As the instructor presents the instruction unit, the student will follow on their laptop so that at the end of the instruction block the student has an initial familiarization of the database features, how to use the database as a risk assessment/risk management tool, and has it loaded on the laptop for their personal use in the future. Unit VI (C): FEMA 452 Risk Assessment Database It the student does not have a laptop, they may look over the shoulder of someone who does have a laptop or just follow along the slide presentation which uses screen captures of the software throughout the processes demonstrated. Option 3: When few students have laptops, the laptop users do not have administrator rights, or laptop users have other restrictions on loading new software, the demonstration / performance approach becomes too time consuming and detracts from the learning experience of most of the students. In this case, presentation of the PowerPoint visuals without demonstration / performance is the approach to use. Then at an identified time on Day 2, those who want to load the software on their laptops can do so with the help of the instructors. The instruction unit flows more smoothly in this situation and software loading problems only impact those who are loading the software. Unit VII (C): Explosive Blast Unit VII (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Explosive Blast OBJECTIVES 1. Explain the basic physics involved during an explosive blast event, whether by terrorism or technological accident. 2. Explain building damage and personnel injuries resulting from the blast effects upon a building. 3. Perform an initial prediction of blast loading and effects based upon incident pressure. SCOPE The following topics will be covered in this unit: 1. Time-pressure regions of a blast event and how these change with distance from the blast. 2. Difference between incident pressure and reflected pressure. 3. Differences between peak pressure and peak impulse and how these differences affect building components. 4. Building damage and personnel injuries generated by blast wave effects. 5. Levels of protection used by the Department of Defense and the General Services Administration. 6. The nominal range-to-effect chart [minimum stand-off in feet versus weapon yield in pounds of TNT-equivalent] for an identified level of damage or injury. 7. The benefits of stand-off distance. 8. Approaches to predicting blast loads and effects, including one using incident pressure. 9. Activity: Use charts and tables presented to reinforce their proper application and determine required stand-off for the Case Study Design Basis Threat. REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, Chapter 4 2. Case Study – Appendix C: COOP, Cooperville Information / Business Center Unit VII (C): Explosive Blast This page intentionally left blank Unit VII (C): Explosive Blast UNIT VII (C) CASE STUDY ACTIVITY: STAND-OFF DISTANCE AND THE EFFECTS OF EXPLOSIVE BLAST (COOP Version) The requirements in this unit’s activity are intended to provide a check on learning about explosive blast and understand the impacts of the Case Study’s Design Basis Threat. Requirements 1. In the empty cells in the table below, identify whether the adjacent description defines incident pressure or reflected pressure. 2. Refer to Figure 4-5 in FEMA 426 (page 4-11) to answer the following questions regarding the explosives environment: • What is the minimum stand-off distance from explosion of a 100-pound (TNT equiv.) bomb to have a level of confidence that severe wounds from glass (without fragment retention film) will not occur? • What damage would be sustained at 400 foot stand-off from a 5,000-pound (TNT equiv.) explosion? 3. Refer to Figure 4-10 and Table 4-3 in FEMA 426 (pages 4-17 and 4-19, respectively) to answer the following questions regarding the explosives environment. • What is the minimum stand-off required to limit the incident pressure to under 0.5 psi for a 100-pound (TNT equiv.) bomb? • What incident pressure would be expected at 500 feet from a 500-pound (TNT equiv.) bomb and what is the approximate damage that can be expected? Definition Type of Pressure Characterized by an almost instantaneous rise from atmospheric pressure to peak overpressure. When blast wave impinges on a structure that is not parallel to the direction of the blast wave’s travel, the pressure wave is reflected and reinforced. Unit VII (C): Explosive Blast 4. Refer to Figure 4-5 (page 4-11) in FEMA 426 to answer the following questions. • For the Design Basis Threats of the selected Case Study being used in this course offering, determine the standoff distance for the damage or injury indicated: o ________ pounds TNT-equivalent Glass – Severe Wounds – ______ feet Potentially Lethal Injuries – ______ feet Threshold, Concrete Columns Fail – ______ feet o ________ pounds TNT-equivalent Glass – Severe Wounds – ______ feet Potentially Lethal Injuries – ______ feet Threshold, Concrete Columns Fail – ______ feet Unit VIII (C): Chemical, Biological, and Radiological (CBR) Measures Unit VIII (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Chemical, Biological, and Radiological (CBR) Measures OBJECTIVES 1. Explain the five possible protective actions for a building and its occupants. 2. Compare filtration system efficacy relative to the particles present in CBR agents. 3. Explain the key issues with CBR detection. 4. Identify the indications of CBR contamination. SCOPE The following topics will be covered in this unit: 1. The five protective actions for a building and its occupants: evacuation; sheltering in place; personal protective equipment; air filtration and pressurization; and exhausting and purging. 2. Air filtration and cleaning principles and its application. 3. CBR detection technology currently available. 4. Indications of CBR contamination that do not use technology. REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, Chapter 5 2. FEMA 426, Appendix C, Chemical, Biological, and Radiological Glossary 3. Case Study – Appendix C: COOP, Cooperville Information / Business Center Unit VIII (C): Chemical, Biological, and Radiological (CBR) Measures This page intentionally left blank Unit VIII (C): Chemical, Biological, and Radiological (CBR) Measures UNIT VIII (C) CASE STUDY ACTIVITY: CHEMICAL, BIOLOGICAL, AND RADIOLOGICAL (CBR) MEASURES (COOP Version) The requirements in this unit’s activity are intended to provide a check on learning about the nature of chemical, biological, and radiological agents and associated mitigation measures. Requirements 1. Identify the prevalent CBR threat(s) that exist and/or are identified as the Design Basis Threat in the selected Case Study. Design Basis Threat Chemical: Biological: Radiological: Other: Refer to Table 5-1 on page 5-12 of FEMA 426 and answer the following questions: 2. What size filtration unit (MERV) is required to filter out 80 percent of Legionella and dust particles (1 to 3 microns)? Unit VIII (C): Chemical, Biological, and Radiological (CBR) Measures 3. What range of MERV is required to remove 85 percent of smoke particles greater than 0.3 micron in size? 4. What mitigation measures can be used in HVAC systems to destroy bacteria and viruses? Unit IX (C): Site and Layout Design Guidance Unit IX (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Site and Layout Design Guidance OBJECTIVES 1. Identify site planning concerns that can create, reduce, or eliminate vulnerabilities and understand the concept of “Layers of Defense.” 2. Recognize protective issues for suburban site planning. 3. Compare the pros and cons of barrier mitigation measures that increase stand-off or promote the need for hardening of buildings at risks. 4. Understand the need for keeping up with the growing demand for security design. 5. Understand the benefits that can be derived from appropriate security design. 6. Understand the benefits of adopting a creative process to face current design challenges. 7. Understand the benefits of including aesthetic elements compatible with security and architecture characteristics of building and surrounding environment. 8. Apply these concepts to an existing site or building and identify mitigation measures needed to reduce vulnerabilities. SCOPE The following topics will be covered in this unit: 1. Land use considerations both outside and inside the property line. 2. Site planning issues to include site design, layout and form, vehicular and pedestrian circulation, and landscape and urban design. 3. Creating stand-off distance using perimeter controls, non-exclusive zones, and exclusive zones along with the design concepts and technology to consider. 4. Design considerations and mitigation measures for site security. Unit IX (C) REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, Chapter 2; Checklist at end of Chapter 1 2. FEMA 430, Primer for Incorporating Building Security Components in Architectural Design, pages XXX 3. FEMA 452, Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, pages 5-1 to 5-16 4. Case Study – Appendix C: COOP, Cooperville Information / Business Center UNIT IX (C) CASE STUDY ACTIVITY: SITE AND LAYOUT DESIGN GUIDANCE (COOP Version) In this student activity, the emphasis is identifying vulnerabilities in the site and layout design. The Building Vulnerability Assessment Checklist in FEMA 426 (Table 1-22, pages 1-46 to 1-93) provides a tool for vulnerability assessment of the proposed and existing sites and buildings. Requirements Assign sections of the checklist to group members who are most knowledgeable and qualified to perform an assessment of the assigned area. Refer to the Appendix C Case Study to determine answers to the questions. Then review results as a team to identify vulnerabilities and possible mitigation measures. Activity # 1: Complete the selected vulnerability checklist questions in the following Vulnerability Questions table. Note: There are 29 questions below (13 in Section 1, 5 in Section 2, and 11 in Section 5), so it is recommended that the team split up the questions among themselves taking 3-5 questions each and review the Appendix C Case Study for answers. Apportion the available time for gathering the answers and then provide each other the answers while performing the actions below. Activity # 2: Upon completion of the questions refer back to the vulnerability ratings determined in the Unit IV (C) Student Activity. Based on this more detailed analysis, decide if any vulnerability rating needs adjustment. Adjust the Risk Matrix poster accordingly for any changes in vulnerability rating. Activity # 3: Select mitigation measures to reduce vulnerability and associated risk from the site and layout perspective. Concentrate on the three highest risk ratings on the Risk Matrix poster as adjusted by Activity # 2. Use the Site and Layout Design Mitigation Measures table found at the end of this unit to capture this information. Activity # 4: Consider the mitigation measures of Activity #3 to be installed, estimate the new vulnerability ratings as if these measures were in place, and calculate the new risk ratings. Capture your information in the Site and Layout Design Mitigation Measures table. Section Vulnerability Question Guidance Observations 1 Site 1.1 What major structures surround the facility (site or building(s))? What critical infrastructure, government, military, or recreation facilities are in the local area that impact transportation, utilities, and collateral damage (attack at this facility impacting the other major structures or attack on the major structures impacting this facility)? Critical infrastructure to consider includes: Telecommunications infrastructure Facilities for broadcast TV, cable TV; cellular networks; newspaper offices, production, and distribution; radio stations; satellite base stations; telephone trunking and switching stations, including critical cable routes and major rights-of-way Electric power systems Power plants, especially nuclear facilities; transmission and distribution system components; fuel distribution, delivery, and storage Gas and oil facilities Hazardous material facilities, oil/gas pipelines, and storage facilities Banking and finance institutions Financial institutions (banks, credit unions) and the business district; note schedule business/financial district may follow; armored car services Transportation networks Airports: carriers, flight paths, and airport layout; location of air traffic control towers, runways, passenger terminals, and parking areas Bus Stations Pipelines: oil; gas Trains/Subways: rails and lines, railheads/rail yards, interchanges, tunnels, and cargo/passenger terminals; note hazardous material transported Traffic: interstate highways/roads/tunnels/ bridges carrying large volumes; points of congestion; note time of day and day of week Trucking: hazardous materials cargo loading/unloading facilities; truck terminals, weigh stations, and rest areas Waterways: dams; levees; berths and ports for cruise ships, ferries, Section Vulnerability Question Guidance Observations roll-on/roll-off cargo vessels, and container ships; international (foreign) flagged vessels (and cargo) Water supply systems Pipelines and process/treatment facilities, dams for water collection; wastewater treatment Government services Federal/state/local government offices – post offices, law enforcement stations, fire/rescue, town/city hall, local mayor’s/governor’s residences, judicial offices and courts, military installations (include type-active, Reserves, National Guard) Emergency services Backup facilities, communications centers, Emergency Operations Centers (EOCs), fire/Emergency Medical Service (EMS) facilities, Emergency Medical Centers (EMCs), law enforcement facilities The following are not critical infrastructure, but have collateral damage potential to consider: Agricultural facilities: chemical distribution, storage, and application sites; crop spraying services; farms and ranches; food processing, storage, and distribution facilities Commercial/manufacturing/ind ustrial facilities: apartment buildings; business/corporate centers; chemical plants (especially those with Section 302 Extremely Hazardous Substances); factories; fuel production, distribution, and storage facilities; hotels and convention centers; industrial plants; raw material production, distribution, and storage facilities; research facilities and laboratories; shipping, warehousing, transfer, and logistical centers Events and attractions: festivals and celebrations; open-air markets; parades; rallies, demonstrations, and marches; religious services; Section Vulnerability Question Guidance Observations scenic tours; theme parks Health care system components: family planning clinics; health department offices; hospitals; radiological material and medical waste transportation, storage, and disposal; research facilities and laboratories, walk-in clinics Political or symbolically significant sites: embassies, consulates, landmarks, monuments, political party and special interest groups offices, religious sites Public/private institutions: academic institutions, cultural centers, libraries, museums, research facilities and laboratories, schools Recreation facilities: auditoriums, casinos, concert halls and pavilions, parks, restaurants and clubs (frequented by potential target populations), sports arenas, stadiums, theaters, malls, and special interest group facilities; note congestion dates and times for shopping centers References: FEMA 386-7, FEMA SLG 101, DOJ NCJ181200 1.2 Does the terrain place the building in a depression or low area? Depressions or low areas can trap heavy vapors, inhibit natural decontamination by prevailing winds, and reduce the effectiveness of in-place sheltering. Reference: USAF Installation Force Protection Guide 1.4 Is a perimeter fence or other types of barrier controls in place? The intent is to channel pedestrian traffic onto a site with multiple buildings through known access control points. For a single building, the intent is to have a single visitor entrance. Reference: GSA PBS-P100 Section Vulnerability Question Guidance Observations 1.5 What are the site access points to the site or building? The goal is to have at least two access points – one for passenger vehicles and one for delivery trucks due to the different procedures needed for each. Having two access points also helps if one of the access points becomes unusable, then traffic can be routed through the other access point. Reference: USAF Installation Force Protection Guide 1.7 Is there vehicle and pedestrian access control at the perimeter of the site? Vehicle and pedestrian access control and inspection should occur as far from facilities as possible (preferably at the site perimeter) with the ability to regulate the flow of people and vehicles one at a time. Control on-site parking with identification checks, security personnel, and access control systems. Reference: FEMA 386-7 1.10 What are the existing types of vehicle anti-ram devices for the site or building? Are these devices at the property boundary or at the building? Passive barriers include bollards, walls, hardened fences (steel cable interlaced), trenches, ponds/basins, concrete planters, street furniture, plantings, trees, sculptures, and fountains. Active barriers include pop-up bollards, swing arm gates, and rotating plates and drums, etc. Reference: GSA PBS-P100 1.13 Does site circulation prevent high-speed approaches by vehicles? The intent is to use site circulation to minimize vehicle speeds and eliminate direct approaches to structures. Reference: GSA PBS-P100 Section Vulnerability Question Guidance Observations 1.14 Are there offsetting vehicle entrances from the direction of a vehicle’s approach to force a reduction of speed? Single or double 90-degree turns effectively reduce vehicle approach speed. Reference: GSA PBS-P100 1.16 Does adjacent surface parking on site maintain a minimum stand-off distance? The specific stand-off distance needed is based upon the design basis threat bomb size and the building construction. For initial screening, consider using 25 meters (82 feet) as a minimum with more distance needed for unreinforced masonry or wooden walls. Reference: GSA PBS-P100 1.19 Do site landscaping and street furniture provide hiding places? Minimize concealment opportunities by keeping landscape plantings (hedges, shrubbery, and large plants with heavy ground cover) and street furniture (bus shelters, benches, trash receptacles, mailboxes, newspaper vending machines) away from the building to permit observation of intruders and prevent hiding of packages. If mail or express boxes are used, the size of the openings should be restricted to prohibit the insertion of packages. Reference: GSA PBS-P100 Section Vulnerability Question Guidance Observations 1.20 Is the site lighting adequate from a security perspective in roadway access and parking areas? Security protection can be successfully addressed through adequate lighting. The type and design of lighting, including illumination levels, is critical. Illuminating Engineering Society of North America (IESNA) guidelines can be used. The site lighting should be coordinated with the CCTV system. Reference: GSA PBS-P100 1.21 Are line-of-sight perspectives from outside the secured boundary to the building and on the property along pedestrian and vehicle routes integrated with landscaping and green space? The goal is to prevent the observation of critical assets by persons outside the secure boundary of the site. For individual buildings in an urban environment, this could mean appropriate window treatments or no windows for portions of the building. Once on the site, the concern is to ensure observation by a general workforce aware of any pedestrians and vehicles outside normal circulation routes or attempting to approach the building unobserved. Reference: USAF Installation Force Protection Guide 1.23 Are all existing fire hydrants on the site accessible? Just as vehicle access points to the site must be able to transit emergency vehicles, so too must the emergency vehicles have access to the buildings and, in the case of fire trucks, the fire hydrants. Thus, security considerations must accommodate emergency response requirements. Reference: GSA PBS-P100 2 Architectural 2.2 Is it a mixed-tenant building? Separate high-risk tenants from low-risk tenants and from publicly accessible areas. Mixed uses may be accommodated through such Section Vulnerability Question Guidance Observations means as separating entryways, controlling access, and hardening shared partitions, as well as through special security operational countermeasures. Reference: GSA PBS-P100 2.3 Are pedestrian paths planned to concentrate activity to aid in detection? Site planning and landscape design can provide natural surveillance by concentrating pedestrian activity, limiting entrances/exits, and eliminating concealment opportunities. Also, prevent pedestrian access to parking areas other than via established entrances. Reference: GSA PBS-P100 2.4 Are there trash receptacles and mailboxes in close proximity to the building that can be used to hide explosive devices? The size of the trash receptacles and mailbox openings should be restricted to prohibit insertion of packages. Street furniture, such as newspaper vending machines, should be kept sufficient distance (10 meters or 33 feet) from the building, or brought inside to a secure area. References: USAF Installation Force Protection Guide and DoD UCF 4-010-01 2.15 Are critical assets (people, activities, building systems and components) located close to any main entrance, vehicle circulation, parking, maintenance area, loading dock, or interior parking? Critical building components include: Emergency generator, including fuel systems, day tank, fire sprinkler, and water supply; Normal fuel storage; Main switchgear; Telephone distribution and main switchgear; Fire pumps; Building control centers; Uninterruptible power supply (UPS) systems controlling critical functions; Main refrigeration and ventilation systems if critical to building operation; Elevator Section Vulnerability Question Guidance Observations Are the critical building systems and components hardened? machinery and controls; Shafts for stairs, elevators, and utilities; Critical distribution feeders for emergency power. Evacuation and rescue require emergency systems to remain operational during a disaster and they should be located away from attack locations. Primary and backup systems should be separated to reduce the risk of both being impacted by a single incident if collocated. Utility systems should be located at least 50 feet from loading docks, front entrances, and parking areas. One way to harden critical building systems and components is to enclose them within hardened walls, floors, and ceilings. Do not place them near high-risk areas where they can receive collateral damage. Reference: GSA PBS-100 2.16 Are high value or critical assets located as far into the interior of the building as possible and separated from the public areas of the building? Critical assets, such as people and activities, are more vulnerable to hazards when on an exterior building wall or adjacent to uncontrolled public areas inside the building. Reference: GSA PBS-100 5 Utility Systems 5.1 What is the source of domestic water? (utility, municipal, wells, lake, river, storage tank) Is there a secure alternate drinking water supply? Domestic water is critical for continued building operation. Although bottled water can satisfy requirements for drinking water and minimal sanitation, domestic water meets many other needs – flushing toilets, building heating and cooling system operation, cooling of emergency generators, humidification, etc. Reference: FEMA 386-7 5.4 Does the building or site have storage capacity for Operational facilities will require reliance on adequate domestic water supply. Storage capacity can Section Vulnerability Question Guidance Observations domestic water? How many gallons of storage capacity are available and how long will it allow operations to continue? meet short-term needs and use water trucks to replenish for extended outages. Reference: Physical Security Assessment for Department of Veterans Affairs Facilities. 5.5 What is the source of water for the fire suppression system? (local utility company lines, storage tanks with utility company backup, lake, or river) Are there alternate water supplies for fire suppression? The fire suppression system water may be supplied from the domestic water or it may have a separate source, separate storage, or nonpotable alternate sources. For a site with multiple buildings, the concern is that the supply should be adequate to fight the worst case situation according to the fire codes. Recent major construction may change that requirement. Reference: FEMA 386-7 5.10 What fuel supplies do the building rely upon for critical operation? Typically, natural gas, propane, or fuel oil is required for continued operation. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 5.11 How much fuel is stored on the site or at the building and how long can this quantity support critical operations? How is it stored? How is it secured? Fuel storage protection is essential for continued operation. Main fuel storage should be located away from loading docks, entrances, and parking. Access should be restricted and protected (e.g., locks on caps and seals). References: GSA PBS-P100 and Physical Security Assessment for the Department of Veterans Affairs Facilities Section Vulnerability Question Guidance Observations 5.12 Where is the fuel supply obtained? How is it delivered? The supply of fuel is dependent on the reliability of the supplier. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 5.14 What is the normal source of electrical service for the site or building? Utilities are the general source unless co-generation or a private energy provider is available. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 5.15 Is there a redundant electrical service source? Can the site or buildings be fed from more than one utility substation? The utility may have only one source of power from a single substation. There may be only single feeders from the main substation. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 5.18 What provisions for emergency power exist? What systems receive emergency power and have capacity requirements been tested? Is the emergency power collocated with the commercial electric service? Is there an exterior connection for emergency power? Besides installed generators to supply emergency power, portable generators or rental generators available under emergency contract can be quickly connected to a building with an exterior quick disconnect already installed. Testing under actual loading and operational conditions ensures the critical systems requiring emergency power receive it with a high assurance of reliability. Reference: GSA PBS-P100 Section Vulnerability Question Guidance Observations 5.19 By what means do the main telephone and data communications interface the site or building? Typically communication ducts or other conduits are available. Overhead service is more identifiable and vulnerable. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 5.21 Does the fire alarm system require communication with external sources? By what method is the alarm signal sent to the responding agency: telephone, radio, etc.? Is there an intermediary alarm monitoring center? Typically, the local fire department responds to an alarm that sounds at the station or is transmitted over phone lines by an auto dialer. An intermediary control center for fire, security, and/or building system alarms may receive the initial notification at an on-site or off-site location. This center may then determine the necessary response and inform the responding agency. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities Site and Layout Design Mitigation Measures (COOP Version) Asset-Threat/Hazard Pair Current Risk Rating Suggested Mitigation Measure Revised Risk Rating This page intentionally left blank Unit X (C): Building Design Guidance Unit X (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Building Design Guidance OBJECTIVES 1. Explain architectural considerations to mitigate impacts from blast effects and transmission of chemical, biological, and radiological agents from exterior and interior incidents. 2. Identify key elements of building structural and nonstructural systems for mitigation of blast effects. 3. Compare and contrast the benefit of building envelope, mechanical system, electrical system, fire protection system, and communications system mitigation measures, including synergies and conflicts. 4. Apply these concepts to an existing building or building conceptual design and identify mitigation measures needed to reduce vulnerabilities. SCOPE The following topics will be covered in this unit: 1. Architectural considerations, including building configuration, space design, and special situations. 2. Building structural and nonstructural considerations with emphasis on progressive collapse, loads and stresses, and good engineering practices. 3. Design issues for the building envelope, including wall design, window design, door design, and roof system design with approaches to define levels of protection. 4. Mechanical system design issues, including interfacing with operational procedures, emergency plans, and training. 5. Other building systems design consideration for electrical, fire protection, communications, electronic security, entry control, and physical security that mitigate the effects of a threat or hazard. 6. Activity: Select mitigation measures that reduce vulnerability and associated risk from the building perspective for the highest risk pairs (asset - threat/hazard) identified in Unit V (C). REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, pages 3-1 to 3-46 and 3-48 to 3-52; Checklist at end of Chapter 1 2. FEMA 427, Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks 3. FEMA 430, Primer for Incorporating Building Security Components in Architectural Design 4. FEMA 452, Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, pages 5-1 to 5-16 5. Case Study – Appendix C: COOP, Cooperville Information / Business Center UNIT X (C) CASE STUDY ACTIVITY: BUILDING DESIGN GUIDANCE (COOP Version) In this student activity, the emphasis is identifying vulnerabilities in the building design. The Building Vulnerability Assessment Checklist in FEMA 426 (Table 1-22, pages 1-46 to 1-93) provides a tool for vulnerability assessment of the proposed and existing sites and buildings. Requirements Assign sections of the checklist to group members who are most knowledgeable and qualified to perform an assessment of the assigned area. Refer to the Appendix C Case Study to determine answers to the questions. Then review results as a team to identify vulnerabilities and possible mitigation measures. Activity # 1: Complete the selected vulnerability checklist questions in the following Vulnerability Questions table. Note: There are 25 questions below (9 in Section 2, 4 in Section 3, 1 in Section 4, 3 in Section 6, 3 in Section 8, 3 in Section 9, and 2 in Section 10), so it is recommended that the team split up the questions among themselves taking 3-5 questions each and review the Appendix C Case Study for answers. Apportion the available time for gathering the answers and then provide each other the answers while performing the actions below. Activity # 2: Upon completion of the questions refer back to the vulnerability ratings determined in the Unit IV (C) Student Activity. Based on this more detailed analysis, decide if any vulnerability rating needs adjustment. Adjust the Risk Matrix poster accordingly for any changes in vulnerability rating. Activity # 3: Select mitigation measures to reduce vulnerability and associated risk from the building perspective. Concentrate on the three highest risk ratings on the Risk Matrix poster as adjusted by Activity # 2. Use the Building Design Mitigation Measures table found at the end of this unit to capture this information. Activity # 4: Consider the mitigation measures of Activity #3 to be installed, estimate the new vulnerability ratings as if these measures were in place, and calculate the new risk ratings. Capture your information in the Building Design Mitigation Measures table. Section Vulnerability Question Guidance Observations 2 Architectural 2.7 Is access control provided through main entrance points for employees and visitors? (lobby receptionist, signin, staff escorts, issue of visitor badges, checking forms of personal identification, electronic access control systems) Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 2.9 Is access to elevators distinguished as to those that are designated only for employees and visitors? Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 2.10 Do public and employee entrances include space for possible future installation of access control and screening equipment? These include walk-through metal detectors and x-ray devices, identification check, electronic access card, search stations, and turnstiles. Reference: GSA PBS-P100 2.15 Are critical assets (people, activities, building systems and components) located close to any main entrance, vehicle circulation, parking, maintenance area, loading dock, or interior parking? Are the critical building systems and components Critical building components include: Emergency generator including fuel systems, day tank, fire sprinkler, and water supply; Normal fuel storage; Main switchgear; Telephone distribution and main switchgear; Fire pumps; Building control centers; Uninterruptible Power Supply (UPS) systems controlling critical functions; Main refrigeration and ventilation systems if critical to building operation; Elevator machinery and controls; Shafts for stairs, elevators, and utilities; Critical Section Vulnerability Question Guidance Observations hardened? distribution feeders for emergency power. Evacuation and rescue require emergency systems to remain operational during a disaster and they should be located away from potential attack locations. Primary and backup systems should be separated to reduce the risk of both being impacted by a single incident if collocated. Utility systems should be located at least 50 feet from loading docks, front entrances, and parking areas. One way to harden critical building systems and components is to enclose them within hardened walls, floors, and ceilings. Do not place them near high-risk areas where they can receive collateral damage. Reference: GSA PBS-P100 2.16 Are high-value or critical assets located as far into the interior of the building as possible and separated from the public areas of the building? Critical assets, such as people and activities, are more vulnerable to hazards when on an exterior building wall or adjacent to uncontrolled public areas inside the building. Reference: GSA PBS-P100 2.19 Are loading docks and receiving and shipping areas separated in any direction from utility rooms, utility mains, and service entrances, including electrical, telephone/data, fire detection/alarm systems, fire suppression water mains, cooling and heating mains, etc.? Loading docks should be designed to keep vehicles from driving into or parking under the building. If loading docks are in close proximity to critical equipment, consider hardening the equipment and service against explosive blast. Consider a 50-foot separation distance in all directions. Reference: GSA PBS-P100 Section Vulnerability Question Guidance Observations 2.20 Are mailrooms located away from building main entrances, areas containing critical services, utilities, distribution systems, and important assets? Is the mailroom located near the loading dock? The mailroom should be located at the perimeter of the building with an outside wall or window designed for pressure relief. By separating the mailroom and the loading dock, the collateral damage of an incident at one has less impact upon the other. However, this may be the preferred mailroom location. Off-site screening stations or a separate delivery processing building on site may be costeffective, particularly if several buildings may share one mailroom. A separate delivery processing building reduces risk and simplifies protection measures. Reference: GSA PBS-P100 2.23 Are stairwells required for emergency egress located as remotely as possible from high-risk areas where blast events might occur? Are stairways maintained with positive pressure or are there other smoke control systems? Consider designing stairs so that they discharge into other than lobbies, parking, or loading areas. Maintaining positive pressure from a clean source of air (may require special filtering) aids in egress by keeping smoke, heat, toxic fumes, etc. out of the stairway. Pressurize exit stairways in accordance with the National Model Building Code. Reference: GSA PBS-P100 and CDC/NIOSH, Pub 2002-139 2.26 Are emergency systems located away from highrisk areas? The intent is to keep the emergency systems out of harm’s way, such that one incident takes out all capability – both the regular systems and their backups. Reference: FEMA 386-7 Section Vulnerability Question Guidance Observations 3 Structural Systems 3.1 What type of construction? What type of concrete and reinforcing steel? What type of steel? What type of foundation? The type of construction provides an indication of the robustness to abnormal loading and load reversals. A reinforced concrete moment-resisting frame provides greater ductility and redundancy than a flat-slab or flat-plate construction. The ductility of steel frame with metal deck depends on the connection details and pretensioned or post-tensioned construction provides little capacity for abnormal loading patterns and load reversals. The resistance of load-bearing wall structures varies to a great extent, depending on whether the walls are reinforced or unreinforced. A rapid screening process developed by FEMA for assessing structural hazards identifies the following types of construction with a structural score ranging from 1.0 to 8.5. A higher score indicates a greater capacity to sustain load reversals. Wood buildings of all types - 4.5 to 8.5 Steel moment-resisting frames - 3.5 to 4.5 Braced steel frames - 2.5 to 3.0 Light metal buildings - 5.5 to 6.5 Steel frames with cast-in-place concrete shear walls - 3.5 to 4.5 Steel frames with unreinforced masonry infill walls - 1.5 to 3.0 Concrete moment-resisting frames - 2.0 to 4.0 Concrete shear wall buildings - 3.0 to 4.0 Concrete frames with unreinforced masonry infill walls - 1.5 to 3.0 Tilt-up buildings - 2.0 to 3.5 Precast concrete frame buildings - 1.5 to 2.5 Reinforced masonry - 3.0 to 4.0 Unreinforced masonry - 1.0 to 2.5 References: FEMA 154 and Section Vulnerability Question Guidance Observations Physical Security Assessment for the Department of Veterans Affairs Facilities 3.5 Will the structure suffer an unacceptable level of damage resulting from the postulated threat (blast loading or weapon impact)? The extent of damage to the structure and exterior wall systems from the bomb threat may be related to a protection level. The following is for new buildings: Level of Protection Below Antiterrorism Standards - Severe damage. Frame collapse/massive destruction. Little left standing. Doors and windows fail and result in lethal hazards. Majority of personnel suffer fatalities. Very Low Level Protection - Heavy damage. Onset of structural collapse. Major deformation of primary and secondary structural members, but progressive collapse is unlikely. Collapse of non-structural elements. Glazing will break and is likely to be propelled into the building, resulting in serious glazing fragment injuries, but fragments will be reduced. Doors may be propelled into rooms, presenting serious hazards. Majority of personnel suffer serious injuries. There are likely to be a limited number (10 percent to 25 percent) of fatalities. Low Level of Protection - Moderate damage, unrepairable. Major deformation of nonstructural elements and secondary structural members and minor deformation of primary structural members, but progressive collapse is unlikely. Glazing will break, but fall within 1 meter of the wall or otherwise not present a significant fragment hazard. Doors may fail, but they will rebound out of their frames, presenting minimal hazards. Majority of personnel suffer Section Vulnerability Question Guidance Observations significant injuries. There may be a few (<10 percent) fatalities. Medium Level Protection - Minor damage, repairable. Minor deformations of non-structural elements and secondary structural members and no permanent deformation in primary structural members. Glazing will break, but will remain in the window frame. Doors will stay in frames, but will not be reusable. Some minor injuries, but fatalities are unlikely. High Level Protection - Minimal damage, repairable. No permanent deformation of primary and secondary structural members or non-structural elements. Glazing will not break. Doors will be reusable. Only superficial injuries are likely. Reference: DoD UFC 4-010-01 3.6 Is the structure vulnerable to progressive collapse? Is the building capable of sustaining the removal of a column for one floor above grade at the building perimeter without progressive collapse? In the event of an internal explosion in an uncontrolled public ground floor area, does the design prevent progressive collapse due to the loss of one primary column? Do architectural or structural features Design to mitigate progressive collapse is an independent analysis to determine a system’s ability to resist structural collapse upon the loss of a major structural element or the system’s ability to resist the loss of a major structural element. Design to mitigate progressive collapse may be based on the methods outlined in ASCE 7-98 (now 7-02). Designers may apply static and/or dynamic methods of analysis to meet this requirement and ultimate load capacities may be assumed in the analyses. Combine structural upgrades for retrofits to existing buildings, such as seismic and progressive collapse, into a single project due to the economic synergies and other cross benefits. Existing facilities may be retrofitted to withstand the design level threat or to accept the loss of a column for one floor above grade at the building perimeter without progressive collapse. Note that collapse of floors or roof Section Vulnerability Question Guidance Observations provide a minimum 6inch stand-off to the internal columns (primary vertical load carrying members)? Are the columns in the unscreened internal spaces designed for an unbraced length equal to two floors, or three floors where there are two levels of parking? must not be permitted. Reference: GSA PBS-P100 3.10 Will the loading dock design limit damage to adjacent areas and vent explosive force to the exterior of the building? Design the floor of the loading dock for blast resistance if the area below is occupied or contains critical utilities. Reference: GSA PBS-P100 4 Building Envelope 4.2 Is there less than 40 percent fenestration per structural bay? Is the window system design on the exterior façade balanced to mitigate the hazardous effects of flying glazing following an explosive event? (glazing, frames, anchorage to supporting walls, etc.) Do the glazing systems with a ½-inch (¾-inch is better) bite contain an application of structural silicone? Is the glazing laminated The performance of the glass will similarly depend on the materials. Glazing may be single pane or double pane, monolithic or laminated, annealed, heat strengthened or fully tempered. The percent fenestration is a balance between protection level, cost, the architectural look of the building within its surroundings, and building codes. One goal is to keep fenestration to below 40 percent of the building envelope vertical surface area, but the process must balance differing requirements. A blast engineer may prefer no windows; an architect may favor window curtain walls; building codes require so much fenestration per square footage of floor area; fire codes require a prescribed window opening area if the window is a designated escape route; and the building owner has Section Vulnerability Question Guidance Observations or is it protected with an anti-shatter (fragment retention) film? If an anti-shatter film is used, is it a minimum of a 7-mil thick film, or specially manufactured 4-mil thick film? cost concerns. Ideally, an owner would want 100 percent of the glazed area to provide the design protection level against the postulated explosive threat (design basis threat– weapon size at the expected standoff distance). However, economics and geometry may allow 80 percent to 90 percent due to the statistical differences in the manufacturing process for glass or the angle of incidence of the blast wave upon upper story windows (4th floor and higher). Reference: GSA PBS-P100 6 Mechanical Systems (HVAC and CBR) 6.1 Where are the air intakes and exhaust louvers for the building? (low, high, or midpoint of the building structure) Are the intakes and exhausts accessible to the public? Air intakes should be located on the roof or as high as possible. Otherwise secure within CPTEDcompliant fencing or enclosure. The fencing or enclosure should have a sloped roof to prevent the throwing of anything into the enclosure near the intakes. Reference: GSA PBS-P100 states that air intakes should be on the fourth floor or higher and, on buildings with three floors or less, they should be on the roof or as high as practical. Locating intakes high on a wall is preferred over a roof location. Reference: DoD UFC 4-010-01 states that, for all new inhabited buildings covered by FEMA 426, all air intakes should be located at least 3 meters (10 feet) above the ground. Reference: CDC/NIOSH, Pub 2002-139 states: “An extension height of 12 feet (3.7 m) will place the intake out of reach of individuals without some assistance. Also, the entrance to the intake should be covered with a sloped metal mesh to reduce the Section Vulnerability Question Guidance Observations threat of objects being tossed into the intake. A minimum slope of 45° is generally adequate. Extension height should be increased where existing platforms or building features (i.e., loading docks, retaining walls) might provide access to the outdoor air intakes.” Reference: LBNL Pub 51959: Exhausts are also a concern during an outdoor release, especially if exhaust fans are not in continuous operation, due to wind effects and chimney effects (air movement due to differential temperature). 6.3 Are there multiple air intake locations? Single air intakes may feed several air handling units. Indicate if the air intakes are localized or separated. Installing low-leakage dampers is one way to provide the system separation when necessary. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 6.4 What are the types of air filtration? Include the efficiency and number of filter modules for each of the main air handling systems. Is there any collective protection for chemical, biological, and radiological contamination designed into the building? MERV – Minimum Efficiency Reporting Value HEPA – High Efficiency Particulate Air Activated charcoal for gases Ultraviolet C for biologicals Consider mix of approaches for optimum protection and costeffectiveness. Reference: CDC/NIOSH Pub 2002-139 Section Vulnerability Question Guidance Observations 8 Electrical Systems 8.1 Are there any transformers or switchgears located outside the building or accessible from the building exterior? Are they vulnerable to public access? Are they secured? Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 8.4 Are critical electrical systems collocated with other building systems? Are critical electrical systems located in areas outside of secured electrical areas? Is security system wiring located separately from electrical and other service systems? Collocation concerns include rooms, ceilings, raceways, conduits, panels, and risers. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 8.6 Does emergency backup power exist for all areas within the building or for critical areas only? How is the emergency power distributed? Is the emergency power system independent from the normal electrical service, particularly in critical areas? There should be no single critical node that allows both the normal electrical service and the emergency backup power to be affected by a single incident. Automatic transfer switches and interconnecting switchgear are the initial concerns. Emergency and normal electrical equipment should be installed separately, at different locations, and as far apart as possible. Reference: GSA PBS-P100 Section Vulnerability Question Guidance Observations 9 Fire Alarm Systems 9.1 Is the building fire alarm system centralized or localized? How are alarms made known, both locally and centrally? Are critical documents and control systems located in a secure yet accessible location? Fire alarm systems must first warn building occupants to evacuate for life safety. Then they must inform the responding agency to dispatch fire equipment and personnel. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 9.2 Where are the fire alarm panels located? Do they allow access to unauthorized personnel? Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 9.3 Is the fire alarm system standalone or integrated with other functions such as security and environmental or building management systems? What is the interface? Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities Section Vulnerability Question Guidance Observations 10 Communications and IT Systems 10.5 Are there redundant communications systems available? Critical areas should be supplied with multiple or redundant means of communications. Power outage phones can provide redundancy as they connect directly to the local commercial telephone switch off site and not through the building telephone switch in the main telephone distribution room. A base radio communication system with antenna can be installed in stairwells, and portable sets distributed to floors. References: GSA PBS-P100 and FEMA 386-7 10.15 Is there a mass notification system that reaches all building occupants? (public address, pager, cell phone, computer override, etc.) Will one or more of these systems be operational under hazard conditions? (UPS, emergency power) Depending upon building size, a mass notification system will provide warning and alert information, along with actions to take before and after an incident if there is redundancy and power. Reference: DoD UFC 4-010-01 Building Design Mitigation Measures (COOP Version) Asset-Threat/Hazard Pair Current Risk Rating Suggested Mitigation Measure Revised Risk Rating Unit XI (C): Electronic Security Systems Unit XI (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Electronic Security Systems OBJECTIVES 1. Explain the basic concepts of electronic security system components, their capabilities, and their interaction with other systems. 2. Describe the electronic security system concepts and practices that warrant special attention to enhance public safety. 3. Use the assessment process to identify electronic security system requirements that can mitigate vulnerabilities. 4. Justify selection of electronic security systems to mitigate vulnerabilities. SCOPE The following topics will be covered in this unit: 1. Perimeter layout and zoning of sensors. 2. Intrusion detection systems and sensor technologies. 3. Entry-control systems and electronic entry control technologies. 4. Closed circuit television and data-transmission media. 5. Control centers and building management systems. 6. Definitions of the degree of security and control. REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings: a. Pages 3-46 to 3-50 b. Appendix D c. Security Systems and Security Master Plan sections of Building Vulnerability Checklist, pages 1-81 and 1-92 2. Case Study – Appendix C: COOP, Cooperville Information / Business Center This page intentionally left blank UNIT XI (C) CASE STUDY ACTIVITY: ELECTRONIC SECURITY SYSTEMS (COOP Version) In this unit, the emphasis will be upon the various components and technology available for use in electronic security systems. The Building Vulnerability Assessment Checklist in FEMA 426 can be used as a screening tool for preliminary building design vulnerability assessment or for assessment of an existing building and site. Requirements Refer to the Appendix C Case Study to determine answers to the questions. Then review results as a team to identify vulnerabilities and possible mitigation measures. Activity # 1: Complete the selected vulnerability checklist questions in the following Vulnerability Questions table. Activity # 2: Upon completion of the questions refer back to the vulnerability ratings determined in the Unit IV (C) Student Activity. Based on this more detailed analysis, decide if any vulnerability rating needs adjustment. Adjust the Risk Matrix poster accordingly for any changes in vulnerability rating. Activity # 3: Select mitigation measures to reduce vulnerability and associated risk from the site, layout, and building perspectives. Concentrate on the three highest risk ratings on the Risk Matrix poster as adjusted by Activity # 2. Use the Electronic Security System Mitigation Measures table found at the end of this unit to capture this information. Activity # 4: Consider the mitigation measures of Activity #3 to be installed, estimate the new vulnerability ratings as if these measures were in place, and calculate the new risk ratings. Capture your information in the Electronic Security System Mitigation Measures table. Section Vulnerability Question Guidance Answers/ Observations 12 Security Systems Perimeter Systems 12.1 Are black/white or color CCTV (closed circuit television) cameras used? Are they monitored and recorded 24 hours/7 days a week? By whom? Security technology is frequently considered to complement or supplement security personnel forces and to provide a wider area of coverage. Typically, these physical security elements provide the first line of defense in deterring, detecting, and responding to threats and reducing vulnerabilities. They must be viewed as an integral component of the overall security program. Their design, engineering, installation, operation, and management must be able to meet daily security Section Vulnerability Question Guidance Answers/ Observations Are they analog or digital by design? What is the number of fixed, wireless, and pan-tilt-zoom cameras used? Who are the manufacturers of the CCTV cameras? What is the age of the CCTV cameras in use? challenges from a cost-effective and efficiency perspective. During and after an incident, the system, or its backups, should be functional per the planned design. Consider color CCTV cameras to view and record activity at the perimeter of the building, particularly at primary entrances and exits. A mix of monochrome cameras should be considered for areas that lack adequate illumination for color cameras. Reference: GSA PBS P-100 12.2 Are the cameras programmed to respond automatically to perimeter building alarm events? Do they have builtin video motion capabilities? The efficiency of monitoring multiple screens decreases as the number of screens increases. Tying the alarm system or motion sensors to a CCTV camera and a monitoring screen improves the manmachine interface by drawing attention to a specific screen and its associated camera. Adjustment may be required after installation due to initial false alarms, usually caused by wind or small animals. Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities 12.4 Are panic/duress alarm buttons or sensors used, where are they located, and are they hardwired or portable? Call buttons should be provided at key public contact areas and as needed in offices of managers and directors, in garages and parking lots, and other highrisk locations by assessment. Reference: GSA PBS P-100 Section Vulnerability Question Guidance Answers/ Observations 12.5 Are intercom call boxes used in parking areas or along the building perimeter? See Item 12.4. 12.7 Who monitors the CCTV system? Reference: DOC CIAO Vulnerability Assessment Framework 1.1 12.9 Are the perimeter cameras supported by an uninterruptible power supply, battery, or building emergency power? Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities Electronic Security System Mitigation Measures (COOP Version) Asset-Threat/Hazard Pair Current Risk Rating Suggested Mitigation Measure Revised Risk Rating Unit XII (C): Case Study Unit XII (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Case Study OBJECTIVES 1. Explain building security design issues to a building owner for consideration prior to a renovation or new construction. 2. Explain the identification process to arrive at the high-risk assetthreat/ hazard pairs of interest. 3. Justify the recommended mitigation measures, explaining the benefits in reducing the risk for the high-risk situations of interest. SCOPE The following topics will be covered in this unit: 1. Activity: Preparation and presentation of the highest risks identified by the groups, the vulnerabilities identified for these risks, and recommended mitigation measures to reduce vulnerability and risk. a. The top three risks will be prioritized as well as the top three recommended mitigation measures with rationale and justification. This includes any consideration for changes to the Risk Matrix from knowledge gained in Units IX, X, and XI. b. Identify all requirement gaps that need to be provided for Cooperville Information / Business Center to be a fully functional COOP facility supporting the U.S. Department of Artificial Intelligence. REFERENCES 1. FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings a. Pages 2-50 to 2-58 b. Pages 3-50 to 3-52 c. Chapter 5 d. Appendix D e. FEMA 452, Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, pages 5-1 to 5-18 f. Case Study – Appendix C: COOP, Cooperville Information / Business Center This page intentionally left blank UNIT XII (C) CASE STUDY ACTIVITY: FINALIZATION AND PRESENTATION OF GROUP RESULTS (COOP Version) In this activity, students work with their groups to finalize their assessments, decide on high priority risk concerns, determine appropriate mitigation measures, identify COOP requirements gaps, and present findings to the class. The student presenter(s) will decide on the number of asset-threat/hazard pairs to present and the mitigation measures to apply. Of great importance is the rationale for the selection of these high risk asset-threat/hazard pairs and the rationale for the recommended mitigation measures. No Cost / Low Cost recommended mitigation measures are always welcome as procedural changes can derive significant benefit. In light of limited resources that building owners / decision makers have to work with, the presenter(s) will identify the top three asset-threat/hazard pairs that their assessment identified and the top three mitigation measures that they would recommend to have funded using those limited resources. Since this facility is also being assessed for COOP capability to support the Federal Agency, identify any requirements that are not currently present in the CI/BC building. Requirements Activity #1: Based on findings from the previous activities and understanding of course content, complete the Assessment Team Briefing Summary table on the next page. One entry is provided as an example. Add at least three additional entries. Identify the top three risks and the top three mitigation measures. Activity #2: Complete the COOP Requirements Gaps table for all COOP requirements gaps identified and recommendations to satisfy / correct them. This table is at the end of this Student Manual Unit. Activity #3: Select one or two presenters from the assessment team to brief the team’s conclusions and recommendations with rationale and justifications. The presentation should be 5-7 minutes in length. Ensure points in activities above are covered. Risk #1: Function(s) / Infrastructure: ______________________________ Risk Ratings: ______________________________ Risk #2: Function(s) / Infrastructure: ______________________________ Risk Ratings: ______________________________ Risk #3: Function(s) / Infrastructure: ______________________________ Risk Ratings: ______________________________ Assessment Team Briefing Summary Prioritized Asset- Threat/Hazard Pair Requirements to Mitigate Rationale Design basis threats include Protect building and internal Priority #: __________ functions and infrastructure car bomb and truck bomb, from explosive blast. with truck bomb more Envelope Systems / Vehicle difficult to mitigate Bomb Priority #: __________ • Apply known standards, 1. Use planters, plinth walls, such as GSA Level II landscaping and / or Blast/Setback Standards or reconfiguration of parking to DoD Standards 1,8, 9 and increase standoff. 10 / Recommendation 17 • Note that known standards Priority #: __________ are based upon a design 2. Harden glazing with basis threat that may or Fragment Retention Film on may not equate to design windows or replace with basis threat selected for laminated glass as this is the the assessment weakest exterior component. • Increasing stand-off will reduce blast pressure and Priority #: __________ hardening will reduce 3. Harden walls by installing blast pressure damage. vermiculite between wythes so Enclosing the overhang they function as a single will significantly reduce system. reflective blast pressure on the first floor front side. Prioritized Asset- Threat/Hazard Pair Requirements to Mitigate Rationale Priority #: __________ • Fragment retention film 4. Reduce reflective blast can be selected to reduce pressure by approaching summer heat gain to property manager about reduce air conditioning closing in overhang area. load. • Vermiculite can add to insulation factor of walls to reduce heating and cooling load on the building. Prioritized Asset- Threat/Hazard Pair Requirements to Mitigate Rationale COOP Requirements Gaps COOP Requirement Gap Action to Correct This page intentionally left blank Course Title: Building Design for Homeland Security COOP T –t-T Unit XIII (C): Train-the-Trainer Unit XIII (C) COURSE TITLE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer UNIT TITLE Train-the-Trainer OBJECTIVES 1. Discuss basic adult learning principles as they apply to participants in Building Design for Homeland Security. 2. Explain the key functions of instructional delivery as they apply to Building Design for Homeland Security. 3. Describe the key steps of instructional preparation as they apply to Building Design for Homeland Security. SCOPE The following topics will be covered in this unit: 1. Learning styles and preferences, characteristics of adult learners, adult learning assumptions (experience, motivation, active participation and variety) 2. Adult training methodologies used in Building Design for Homeland Security 3. Steps for instructional preparation, preparing the environment, preparing yourself, expecting the unexpected REFERENCES No references are required for this unit. Course Title: Building Design for Homeland Security COOP T-t-T Unit XIII (C): Train-the-Trainer This page intentionally left blank Preparing To Train Adults Instructional Skills Prepared for: Federal Emergency Management Agency Emergency Management Institute Revised January 2007 Contents General Information This section identifies the purpose, objectives, and contents of this reading 1 packet. How Adults Learn Adults differ in interests, intelligence, life experiences, ability to concentrate, ability to remember, sense of well-being, imagination, and 2 self-confidence. This section provides a basis for understanding adult learning by describing the unique physical, emotional, and intellectual characteristics of adult learners. Adult Learning: Strategies for Success 11 By following the strategies presented in this section, you will increase the likelihood of motivating adult participants and ensuring that learning occurs. Learners as Individuals Every time you train, you will be faced with the different learning styles and preferences of the participants. This section will prepare you to identify 19 learners’ preferences and take steps to accommodate their differing needs. It includes a discussion about how to handle events that fail to show respect for individual learners. Job Aids and Self Inventories 10 Adult Learning Characteristics (Job Aid #1) 18 Instructor Effectiveness Inventory 24 Accommodating Individual Learners (Job Aid #2) 27 Learning Preference Inventory 35 Strategies for Addressing Insensitive Events (Job Aid #3) 36 Reading Assessment General Information Purpose The purpose of this reading packet is to teach you how to apply adult learning principles when instructing courses. It takes into consideration the unique characteristics including the learning styles and cultural backgrounds of your participants. As an instructor, you have probably asked yourself some or all of the following questions about adult learners: • Can participants learn equally well? • What motivates participants to learn? • How do I know when learning has occurred? • What instructional methods can I use to help participants learn the best? • How can I accommodate the different learning styles and preferences of the participants when instructing? The reading materials will address these questions. You will read about adult learning characteristics, adult learning principles, and learning styles and preferences. You will have several opportunities to practice applying the information presented by completing a series of practical exercises. Objectives After reading this packet, you will be able to: • Discuss key adult learning characteristics. • Explain the differences between training and learning. • Use the principles of adult learning when instructing. • Identify your own learning style. • Accommodate different learning preferences when instructing. Contents How Adults Learn provides a basis for understanding adult learning by describing the physical, emotional, and intellectual characteristics of adult learners. Adult Learning: Strategies for Success explains how to design and deliver effective training by following adult learning principles. These principles address the different physical, emotional, and intellectual characteristics that affect how adults learn. Learners as Individuals summarizes the different learning preferences of adult learners and provides guidelines for accommodating learning preferences during training. While reading this section, you will complete the Learning Preferences Inventory that allows you to identify your own unique learning style. How Adults Learn Overview Adults differ in interests, intelligence, life experiences, ability to concentrate, ability to remember, imagination, and sense of well being and self-confidence. Each of these factors influences how well and how fast a person learns and what you, as an instructor, must do to train adults effectively. This section provides a basis for understanding adult learning by describing the unique physical, emotional, and intellectual characteristics of adult learners. It also presents the differences between training and learning, and it prepares you for identifying when successful learning has occurred. Highlights When you complete this section, you will be able to: • Describe the characteristics of adult learners. • Explain the differences between training and learning. Contents 3 Exercise: Self-Assessment of Adult Learning 4 Adult Learning Characteristics 8 Training is Different from Learning 9 Exercise: Has Learning Occurred? 10 Job Aid #1: Adult Learning Characteristics Exercise: Self-Assessment of Adult Learning Instructions: This short exercise will help you assess your current understanding of adult learning. True or False: • Adults can learn equally well at every age . True . False throughout their lifespan. • The greatest amount of vision loss in adults . True . False occurs after the age of 60 years. • All adults experience a decline in their . True . False physical and sensory abilities as they grow older. • Learning is an internal process that one’s . True . False physical, emotional, and intellectual framework will affect. • Adults engage in learning because they . True . False believe that it will help them cope with problems in later life. Their time perspective is one of postponed application. • Adults benefit little from individualized . True . False attention and reinforcement. • Studies have shown that most adults have a . True . False higher level of retention in learning when they read information rather than hear information. • Adults rely heavily on the vicarious . True . False experiences of their instructors and textbooks. • Most adults have preferred methods for . True ( False learning new knowledge and skills. • Adults learn best when the learning ( True ( False environment is informal and unstructured. • Adults respond well to traditional, ( True ( False lecture-format learning. • Like children, adults progress through ( True ( False developmental stages that impact their readiness to learn. . Adult Learning Characteristics Social science and practical experience tell us that the characteristics of adult learners fall into three distinct categories: • Physical characteristics • Emotional characteristics • Intellectual characteristics Let’s examine the physical characteristics of adult learners first. Physical traits such as lifelong learning abilities and physiological changes due to aging directly impact an adult’s learning experiences. Physical Characteristics Lifelong Learning Unfortunately, many people still believe “you can’t teach an old dog new tricks.” This old adage is simply not true. Adults can learn throughout their lifespan, but they show a decline in the rate of learning with age. However, this decrease in the speed of learning occurs primarily in adults who get out of the practice of learning. Those who stay in practice can learn most things as well at 60 years of age as they could at 20, and they learn some things better. New Dog Tricks Physiological Changes Although adults can learn throughout their lifetime, they do experience a decline in their physical and sensory abilities as they grow older. Sometimes this affects their learning. For example, all adults experience: • Vision Loss. Beyond the age of 20 years, every person shows some decline in visual acuity. The greatest amount of vision loss occurs between the ages of 40 and 55 years. • Hearing Loss. People reach their peak hearing performance before age 15, and then there is a consistent decline until age 65. Hearing loss in adults can have a marked influence on their level of self-confidence and can increase feelings of isolation. • Less Tolerance of Cold and Heat. Adults show a lower tolerance for learning environments that are too warm or too cold. • Fatigue. As adults get older, they tire more easily. Not all physiological changes in adults are in the direction of decline. For example, although muscular strength, vigor, and speed of reaction tend to decline with age, other skills such as skill reliability and accuracy improve with practice. In addition to the physical characteristics of adults that affect learning, there are emotional traits as well that help determine the success of adult learning experiences. Emotional Characteristics Independent Self-Concept Adults see themselves as responsible, selfdirecting, and independent, and they want others to see them the same way. Adult learners tend to avoid, resist, and resent placement in situations where they are not treated like adults (e.g., being told what to do and what not to do, talked down to, embarrassed, punished, judged). Often, adults fail to learn under conditions that are inconsistent with their feelings, thoughts, or actions. Self-Motivated In addition to having an independent selfconcept, adults are also self-motivating. That is, adults want to learn when they have a need to do so. They want to know how the skill and/or knowledge will help them. Studies show that adults prepare themselves to learn by determining the benefits of learning, as well as the disadvantages of not learning. PLUMBING MADE EASY Reinforcement Although adult learners are self-directed, they do benefit from, and respond positively to, reinforcement from their instructors and peers. Established Emotional Frameworks Another unique characteristic of adult learners is that they have established emotional frameworks that are part of their values, attitudes, and tendencies. Adult learning involves changing behaviors and possibly changing parts of this emotional framework. Change can be disorienting and anxiety provoking. An adult’s ability to change, and therefore to learn, is directly proportional to the degree of emotional safety he or she feels. HIGH LOW HIGH Immediate Application Adults tell children that most of their learning will become useful to them in later life. Therefore, their time perspective of learning is one of postponed application. Adults, on the other hand, engage in learning largely in response to current life problems, pressures, and needs. They believe that learning will improve their ability to deal with issues they face now. Hence, their time perspective of learning is one of immediate application. Finally, with physical and emotional characteristics, there also are intellectual traits that directly influence learning in adults. Intellectual Characteristics Accumulated Experience Adults enter educational activities with more life experiences than children. Having lived longer, adults have accumulated a much greater volume of experiences from which to draw. Adults also have different kinds of experiences than children. Adults, therefore, are a rich resource for one another’s learning. They enjoy sharing experiences with other learners, and they tend to be less dependent on their instructors and textbooks. Previous Learning In addition to having a greater amount of accumulated experience than children, adult learners also possess a large bank of previous learning that can be both an asset and a liability. Previous learning can be beneficial because adults learn best when they are able to link new knowledge and skills with what they have learned previously. The linkage allows the adult learners to draw upon existing knowledge and skills and decreases anxiety about learning new areas. EXPERIENCE SCHOOL BOOKS PAST JOBS PARENTS SENSES Previous learning, however, can also be a hindrance to learning. If the new knowledge and skills to be acquired contradict the learner’s existing knowledge and skills, then the learner: • May dismiss or reject the new knowledge and skills and stick with what he or she knows and can do. • May experience interference from the existing knowledge and skills as he or she tries to learn the new knowledge and skills. In this case, the adult learner needs to “unlearn” previous learning before acquiring the new knowledge or skill. Active Learning Another intellectual trait of adults that impacts learning is their need to participate actively in the instructional process. Adults learn by reading, listening, and watching, but they learn better when they are active participants in the learning process. Studies show that 3 days after learning new information, adults retain1: 10% of What They Read 20% of What They Hear • 30% of What They See 1• 50% of What They See and Hear 11 + • 70% of What They Say • 90% of What They Say as They Do It Studies also show that adults have unique learning preferences, as the next section describes. Learning Preferences Most adults have preferred methods for learning new knowledge and skills. Adult learners respond better when the presentation of new material utilizes a variety of instructional methods. This appeals to their different senses. The section that begins on page 20 covers learning preferences in detail. Adult learners respond better when the new material utilizes a variety of instructional methods. 1Sharon Fisher, Adult Learning, Amherst, MA: Human Resource Development Press, Inc., 1988. Let me explain what I’m doing…. Training is Different from Learning Too often, educators and trainers make the mistake of believing that successful learning has occurred simply because they have communicated certain information or demonstrated skills to their participants. Training, however, does not always result in learning. There are specific criteria you can use to determine whether learning has actually occurred. Training Versus Learning The term training applies to any manner of imparting information or skills that others may learn. In comparison, learning is the acquisition and mastery of such knowledge or skills. In other words, learning is an end product of successful training. As an instructor, it is your job to eliminate barriers to learning so that learning will be observable, applicable, and verifiable. Training . Learning Training does not always result in learning for many reasons, including: • During training, learners can become inattentive, thus failing to acquire and master the knowledge and skills necessary for learning. • The instructor’s style and techniques do not match the learners’ preferences. • The knowledge and skills being taught may be too complex for the audience, who may become bored, confused, or frustrated. • The learners see no direct value in learning the material. • Training may be all theory and no practice. Learning is an end product of successful training. To prove that learning has occurred, you should use the following criteria: • There is an observable change in behavior. Both the learner and the instructor observe a change in behavior. • The learner applies the knowledge and skills in practice exercises. • Valid and reliable testing verifies the acquisition and mastery of knowledge and skills. LEARNING MUST BE: 5 OBSERVABLE 5 APPLICABLE 5 VERIFIABLE As an instructor, it is your job to eliminate barriers to learning so that learning will be observable, applicable, and verifiable. Exercise: Has Learning Occurred? Instructions: Read each of the following learning situations and determine whether or not learning has really taken place. Explain (in the appropriate space) how you know that learning has or has not occurred. Learning Situation #1: A group views a video about blast effects. Has learning occurred? Yes _____ No _____ If yes, explain how you know learning has occurred. If no, explain how you know that learning has not occurred. Learning Situation #2: In training, Bill Baker encounters the Threat-Vulnerability Matrix for the first time. From the lecture he becomes familiar with the matrix, but in a practical exercise, he cannot determine the risk rating for each asset-threat/hazard pair. Has learning occurred? Yes _____ No _____ If yes, explain how you know learning has occurred. If no, explain how you know that learning has not occurred. Answer Key: #1-No, there was not an observable change in behavior because the learner did not practice applying the knowledge from the video. #2-No, the learner was unable to apply the new knowledge during a practical exercise. Job Aid #1: Adult Learning Characteristics The following summarizes the characteristics of adult learners. Use this checklist as a guide when preparing training presentations. 5 Adults, when older, may not be able to hear or see as well as they could when they were younger. 5 Adults are less inclined to be impulsive; they require time to think through problems. 5 Adults see themselves as capable of self-direction. 5 Adults need to have a part in determining what they learn. 5 Adults must want to learn before learning takes place. 5 Adults have values, attitudes, and tendencies that influence their willingness to learn. 5 Adults need individual attention and reinforcement to achieve personal goals. 5 Adults possess a large volume of previous learning that influences learning. 5 Adults learn by doing. 5 Adults may not respond well to lectures. 5 Adults must have training methods adapted to their needs. 5 Adults prefer a variety of training methods. 5 Adults learn best in an informal environment. 5 Adults need to transfer new learning to their situations. 5 Adults learn by sharing experiences. 5 Adults stimulate each other. 5 Adults want practical knowledge and skills. 5 Adults prefer specific usable information rather than theoretical information. 5 Adults have other responsibilities that may distract them or call them away from class. Adult Learning: Strategies for Success Overview The unique adult learning characteristics you read about in the previous section point out the need for some specific strategies to use when designing and delivering training to adults. By following the strategies this section introduces, you will increase the likelihood of motivating adult participants and ensuring that learning occurs. Highlights When you complete this section, you will be able to use specific strategies effectively for addressing adult learning characteristics when training. Contents 12 Exercise: How Adult Learning Characteristics Impact Training 13 Training Strategies That Address Adult Learning Characteristics 17 Exercise: Applying Training Strategies to Past Experiences 18 Instructor Effectiveness Inventory Exercise: How Adult Learning Characteristics Impact Training Instructions: For training to be successful, you must understand how adult learning characteristics impact the way you plan and deliver your training. Review the adult learning characteristics in the left-hand column, and, for each characteristic, select the most appropriate training strategy from the right-hand column. When you finish this matching exercise, check your answers against the answer key on bottom of this page. Adult Learning Characteristic _____ Adults can learn by reading, listening, and watching, but they learn best if they participate actively in the learning process. _____ Most adults have preferred methods for learning new knowledge and skills. _____ Adults engage in learning in order to help them cope with current issues and problems. They seek learning that they can apply immediately. _____ Adults have a large bank of previous learning that can be both an asset and a liability to learning. _____ Adults enter training with a large volume of life experiences from which to draw. _____ Adults perceive themselves as independent and capable of selfdirection. They desire others to see them the same way. _____ All adult learners experience a decline in sensory abilities (e.g., hearing, vision, physical conditioning). Training Strategy a. Plan your training so that you measure successful learning in terms of accuracy and reliability, rather than speed and volume. b. Provide learners with opportunities to identify what they want and need to learn; to plan and to carry out their own learning activities; and to evaluate their own progress toward self-selected goals. c. Plan training activities around your participants’ issues and concerns about what they will be doing in their jobs. d. Maximize learning by doing. e. Provide job aids to assist in “unlearning” previous information that is interfering with new learning. f. Match the instructional methods you select to your participants’ learning preferences. g. Use the learners’ life experiences to introduce and discuss new concepts. SM XIII-C-16 Training Strategies That Address Adult Learning Characteristics There are many specific strategies you can use in training to address the physical, emotional, and intellectual factors of adult learning that was covered previously. Using these strategies will enable you to maximize the participants’ learning by: • Creating an environment that optimizes learning. • Making the learning applicable to adults’ past learning and present situation. • Actively involving the learners in the training process. Strategies to Address Physical Characteristics Lifelong Learning To help adults learn well at any age, you should create a learning environment that meets the needs and abilities of your adult learners. Creating this environment involves: • Developing your activities so that you measure successful learning in terms of accuracy and reliability rather than speed and volume. • Providing learning exercises that require analysis and processing rather than impulsive, “quick-on your-feet” responses. The Reality We realize that learning conditions may be less than perfect when you are teaching. Recognizing the importance of the physical environment will allow you to do as much as is within your control, given your particular conditions. Physiological Changes The following techniques will provide a learning environment that minimizes the extent to which learners’ physical conditioning and health interfere with learning: • Provide good lighting without glare. • Provide sound amplification with good acoustics. • Provide conditions that minimize fatigue and anxiety. • Allow adult learners to take breaks. • Provide healthful food during breaks. • Use job aids and memoryenhancement devices to help learners retain information. Strategies to Address Emotional Characteristics Independent Self-Concept In order to respect adults’ independent self-concepts, you need to provide your learners with opportunities to identify what they want and need to learn; to plan and to carry out their own learning activities; and to evaluate their own progress toward self-selected goals. Follow these strategies to accomplish this objective: • Assume the role of “learning resource” rather than the more traditional role of teacher. • Allow adult learners to direct their own learning as much as possible. • Treat adult learners as adults. Avoid “talking down” to adult learners. Instead, use content and style appropriate to their developmental level. • Avoid putting adult learners in situations where they will feel embarrassed. MY GOALS: I need to learn… I want to learn… My plan is to… " Reinforcement Adults respond positively to reinforcement. So, as an instructor, you should: • Respond to the verbal and nonverbal feelings that adult learners express. • Provide meaningful reinforcement to adult learners. Learners must perceive the reinforcement as positive from their frames of reference. • Provide opportunities for peer feedback and reinforcement. Reinforcement from other adult learners can be as powerful as the reinforcement that instructors provide. SM XIII-C-18 Self-Motivated Adults are self-motivated learners. Follow these strategies to address this adult learning characteristic: • Make sure that adult learners get an opportunity to explore why they need to learn the knowledge or skills the training will present. • Make learning activities relevant to the participants’ learning objectives. • Explain the possible benefits to gain by learning the knowledge or skills to be presented. • Provide opportunities to apply and try out new learning as part of training. Instructors can motivate adult learners by convincing them of benefits. However, to stay motivated, adult learners need a chance to see the benefits for themselves. Established Emotional Frameworks Because adult learners have established values, attitudes, and tendencies, and because learning involves changing parts of this framework, you should: • Provide a learning environment that is non-threatening. • Avoid making adult learners change too many behaviors all at once. Have them learn one new behavior and master it before attempting to learn another new behavior. • Allow adult learners to hang on to established values, attitudes, and tendencies, unless these get in the way of learning. Immediate Time Perspective • Adults engage in learning largely in response to current life problems, pressures, and needs. Therefore, you should: • Plan your training activities around your learners’ issues and concerns. • Make the training problem-centered, not subject matter-centered. • Emphasize your function as one of helping learners look at problems and try new approaches. • Don’t tell your learners what would be “good for them.” Strategies to Address Intellectual Characteristics Accumulated Experience To draw upon the adults’ extensive life experiences, you should: • Use instructional techniques that tap the learners’ experience, such as group discussion, case studies, role playing, demonstrations, group interviews, and skill practice exercises. • Use your learners’ life experiences to introduce and discuss new concepts. Previous Learning Help your learners build bridges between existing learning and new learning by: • Using analogies and common examples when instructing. • Allowing learners to explore what they know about an area before providing instruction. • Giving learners credit for what they know or are able to do. • Using learners who have mastered areas to assist other learners. • Providing job aids or helping learners develop their own job aids to assist in “unlearning” previous learning that is interfering with new learning. Active Learning Involve your adult learners in the learning process. Some suggested strategies are: • Pair lectures or reading assignments with activities such as discussions, exercises, practice activities, role plays, and job simulations. • Maximize “learning by doing.” SM XIII-C-20 Exercise: Applying Training Strategies to Past Experiences The purpose of this exercise is to help you validate the training strategies that this section just discussed by applying them to your own past experiences as an adult learner. Follow the instructions below to complete this exercise. 1. Think of one training session you attended in the past that was ineffective for you as an adult learner. Jot down the ineffective elements in the appropriate space below. Write the strategies that were used during the training across from each element. INEFFECTIVE TRAINING Ineffective Elements Strategies Ignored 2. Think of one training session you attended in the past that was effective for you as an adult learner. Jot down the effective elements in the appropriate space below. Write the strategies that were used during the training across from each element. EFFECTIVE TRAINING Effective Elements Strategies Used Instructor Effectiveness Inventory Instructions: Evaluate yourself as an instructor by answering the following questions in preparation for an effective training session. Answering “no” to any of these questions indicates a need to adjust your training strategy to meet the needs of your learners. If you have never instructed, just read this job aid; do not check the boxes. DO YOU AS AN INSTRUCTOR: YES NO Provide a learning environment that minimizes the extent to which the learners’ physical conditioning and health interfere with learning? . . Provide breaks for learners? . . Use job aids and other memory-enhancement devices? . . Allow your learners to identify what they want and need to learn? . . Allow your learners to set their own goals? . . Relate the material to the learners’ goals? . . Treat learners like adults? . . Focus on “real world” problems? . . Repeatedly reinforce skills and knowledge through various learning methods and participant practice? . . Provide a learning environment that is non-threatening? . . Provide meaningful reinforcement to learners? . . Provide learning activities that relate to the learners’ experience? . . Involve participants in the learning process and minimize passive learning? . . Allow for useful debate and exchange of ideas? . . Identify and accommodate for participants’ learning preferences? . . Use a variety of instructional methods? . . Inform your learners of what you expect of them at the end of training? . . Learners as Individuals Overview Each time you lead a training course, you will face the different learning styles and preferences of your participants. Some participants may learn better through visual stimulation, while others may better acquire knowledge through auditory means. Some participants may prefer to learn with background sound, such as classical music, while others need complete silence to concentrate. Some participants will prefer to study with others, while some may be more productive working on their own. This section will prepare you to identify your learners’ preferences and will take steps to accommodate their different learning styles. Highlights When you complete this section, you will be able to: • Identify your own learning style. • Identify others’ learning preferences and strategize ways to accommodate them when instructing. Contents 20 Learning Styles and Preferences 24 Job Aid #2: Accommodating Individual Learners 27 Learning Preference Inventory 35 Job Aid #3: Strategies for Addressing Insensitive Events Learning Styles and Preferences Most adults have preferred methods for learning new knowledge and skills. Adult learners respond better when an instructor presents new material through a variety of instructional methods. This appeals to their different senses. Adult learners may have preferences about any or all of the following factors. Physical Factors Learners have different preferences regarding their physical environment, including: • Noise Level: Some learners can block out surrounding noises and function effectively despite noisy distractions. Other learners can adjust only to selected sounds and require that nearly all noisy distractions be eliminated. Still others prefer specific background sounds while studying. • Lighting: Room illumination also appears to affect the learning process. Some learners can function with ease only when the learning setting is well lit. However, other QUIET PLEASE learners may consider that same degree of lighting to be excessive. If the lighting is incorrect for the learner, it can reduce concentration by over stimulating the learner or by lulling the learner to sleep. • Room Temperature: Room temperature is another environmental factor that can affect one’s ability to learn. Some learners require a warm environment before they can study, while other learners may find the amount of warmth that relaxes certain learners actually makes them uncomfortable. Some learners function best in a cool room, while other learners are not at their best unless they are in a warm setting. • Room Setting: The structure of the room setting can also affect one’s ability to learn. Some learners prefer an informal setting such as a lounge area or their own living room. Other learners concentrate best when they are studying at a desk in a more formal setting. • Time of Day: The final preference area in the physical dimension is the time of day. Each of us develops our own internal clock, making us more alert at certain times of the day. Therefore, some learners concentrate and learn best in the morning. Other learners are most productive in the afternoon or evening. · £ • ¨ Â ¥ Besides having preferences about their physical learning environment, adults also have a variety of emotional needs that impact their ability to learn. Emotional Factors . • Social Needs: Individuals have different social needs when learning. Learning can occur when learners work alone, with someone else, or with a small group. The learning task may influence this preference. For example, your learners may prefer to work alone when learning theoretical material, but prefer to work with someone else when applying the theory to a real problem. Even though your learners will probably engage in learning both alone and with others, they may prefer one arrangement over the other. • Motivation: In addition to having different social preferences, adults also have unique motivational needs. Motivation is a necessary ingredient for learning. ÌÌÌÌÌÌÌÌÌ EMPLOYEE OF THE MONTH ÌÌÌÌÌÌÌÌÌ Extrinsic motivation may come from external sources such as clients and fellow employees. Motivation can also be intrinsic, or in other words, come from inside ourselves. Learners usually need a combination of extrinsic and intrinsic motivation. However, individual learners may have a strong preference for one source of motivation above the other. When motivation is extrinsic, we depend on receiving external reinforcement. External reinforcement may include anything we like or want. The same external reinforcement I’m proud of myself! It’s just what I wanted. Intrinsic motivation is another way of saying self-motivation. When we are intrinsically motivated, we are not looking for some external source of reinforcement. Rather, we are reinforcing ourselves. An example of internal reinforcement is feeling good about one’s self after mastering a new skill: “I conducted that training course even more smoothly than the last one!” Adults also differ in intellectual factors known as learning styles, which describe how they acquire and retain information. Some adults learn best by hearing information, others by seeing information, and still others by touching and doing. Intellectual Factors Adults have different learning styles, including: • Auditory: Some adults may be auditory learners. Auditory learners are those who can easily differentiate among sounds and can reproduce symbols, letters, or words by hearing them. Learners who favor auditory learning must be able to remember what they just heard. Some adults learn best by hearing information, others by seeing information, and still others by touching and doing. While auditory learning can enhance learning for some people, it can also frustrate learning for others. Some learners prefer to read words rather than hear them spoken. Reading allows the learner to set the pace and review passages with ease. • Visual: Adults can also be visual learners who learn best by seeing an image or conjuring up an image in their mind. These learners prefer instructional materials that include many maps, pictures, symbols, graphs, and lists. • Kinesthetic: Finally, adults who are kinesthetic learners learn best through their tactile sense or through experience—in other words, by touching or doing. For example, kinesthetic learners find it easier to remember things that they have written down over things that they have heard. A kinesthetic learner is the one who underlines in bold or takes notes while reading. All learning is ultimately kinesthetic. Learners’ preferences relate to the timing of the kinesthetic experience and the amount of kinesthetic experiences needed. Strong kinesthetic learners need practice exercises early in the learning process. Other learners prefer to engage in kinesthetic experiences only after they have mastered new learning through auditory or visual means. All learning is ultimately kinesthetic. As instructors, you must be able to identify the unique learning styles and preferences of your participants and accommodate these differences with a variety of instructional techniques, methods, and media. The following job aid summarizes individual learning styles and suggests strategies for accommodating your learners’ styles. Job Aid #2: Accommodating Individual Learners This table summarizes individual learning preferences and provides strategies for accommodating your learners’ unique learning styles, whenever it is possible to do so. IF YOUR LEARNERS PREFER: THEN: PHYSICAL FACTORS • Background noise while studying • Play soft music during your instruction. • Encourage your learners to study in open places like lounges, rather than quiet libraries. • A quiet learning setting • Encourage your learners to use ear plugs or a special audiotape with “white noise” when studying. (White noise is nonspecific noise that can block out other noise.) • Arrange for periods of quiet time. • A brightly lit learning setting • Select learning environments with a lot of windows or other sources of direct light. • A darker learning setting • Select darker learning environments without a lot of windows or direct light. • Encourage these learners to move away from the windows and other sources of direct light. • Encourage these learners to wear tinted glasses to cut down on the amount of light or glare. • A warm learning climate • Encourage learners to sit near the heating source and bring extra clothing. Job Aid #2: Accommodating Individual Learners (Continued) IF YOUR LEARNERS PREFER: THEN: PHYSICAL FACTORS (Continued) • A cool learning climate • Encourage learners to move away from the heating source and wear cool clothing. • Adjust the room temperature by opening windows, lowering the thermostat setting, or bringing in fans. • Studying in the morning • Arrange your lesson plans so that: - You cover the more difficult areas in the morning when learners have the most energy. - Learners work on the easiest areas in the afternoon. • Studying in the afternoon • Arrange your lesson plans so that: - Learners work on the easiest areas in the morning. - You save the more difficult areas for the afternoon when learners have the most energy. EMOTIONAL FACTORS • Learning alone • Prepare a lot of individualized learning activities for your group. Job Aid #2: Accommodating Individual Learners (Continued) IF YOUR LEARNERS PREFER: THEN: EMOTIONAL FACTORS (Continued) • Learning with others • Prepare a lot of group activities for your learners. • Extrinsic motivation • Provide a lot of individualized attention and positive reinforcement to your learners. • Have peers provide feedback to one another. • Intrinsic motivation • Continue to provide reinforcement, but to a lesser degree than with extrinsically motivated learners. INTELLECTUAL FACTORS • Auditory learning • Encourage learners to talk through steps in an activity. • Encourage oral reporting. • Use tape-recorded instruction and other audio equipment. • Visual learning • Provide visual directions and demonstrations. • Use maps, graphs, charts, and other visual aids. • Kinesthetic learning • Encourage your learners to take notes while they read, listen, or watch. • Employ role-playing and simulation exercises. • Let learners assist you in creating learning aids. Learning Preference Inventory Instructions: Read each statement below. Indicate your level of disagreement or agreement with each statement by circling a number to the right of the statement. Strongly Disagree 1 Disagree 2 Neither Disagree Nor Agree 3 Agree 4 Strongly Agree 5 1. When I read, I like to have a lot of light. 1 2 2. I learn well by hearing how to do something; i.e., from a tape, a record, or a lecture. 1 2 3. I would rather study in a library than in a lounge. 1 2 4. I find it difficult to study when there is music in the background. 1 2 5. I feel that I am self-motivated. 1 2 6. I work or study well in the evening. 1 2 7. I have trouble concentrating when I am working or studying with other people. 1 2 8. I like to draw or use diagrams when I learn. 1 2 3 3 4 4 5 5 3 3 4 4 5 5 3 3 3 4 4 4 5 5 5 3 4 5 Learning Preference Inventory (Continued) Strongly Disagree 1 Disagree 2 Neither Disagree Nor Agree 3 Agree 4 Strongly Agree 5 9. I am comfortable at times when those around me say it’s too warm. 1 2 3 4 5 10. I like my family or friends to know that I do a good job at work. 1 2 3 4 5 11. I enjoy learning new things about my work. 1 2 3 4 5 12. It’s difficult for me to concentrate when I am cold. 1 2 3 4 5 13. Noise and background conversations and/or music really bother me when I have to concentrate. 1 2 3 4 5 14. I work or study well in the afternoon. 1 2 3 4 5 15. I prefer to work or study alone. 1 2 3 4 5 16. I have trouble studying when I sit on a soft chair or couch or lie on the floor. 1 2 3 4 5 17. When I work, I like to turn on all the lights. 1 2 3 4 5 18. I like my instructors or supervisors to recognize my efforts. 1 2 3 4 5 19. I learn well by trying to do things myself, with my own hands. 1 2 3 4 5 Learning Preference Inventory (Continued) Strongly Disagree 1 Disagree 2 Neither Disagree Nor Agree 3 Agree 4 Strongly Agree 5 20. I concentrate best when I am sitting up at a desk. 1 2 3 4 5 21. I would rather be warm than cold. 1 2 3 4 5 22. I prefer working in bright light. 1 2 3 4 5 23. The things that I remember best are the things that I hear. 1 2 3 4 5 24. I learn best by doing on the job. 1 2 3 4 5 25. I get a lot of satisfaction from doing the best I can. 1 2 3 4 5 26. I work better when I know that my work will be checked. 1 2 3 4 5 27. I learn well by seeing how to do something; i.e., looking at a diagram or picture, or watching someone else do it. 1 2 3 4 5 28. I get less done when I work with someone else. 1 2 3 4 5 29. I work or study well in the morning. 1 2 3 4 5 30. I find it difficult to block out noise when I am trying to work. 1 2 3 4 5 Scoring Your Learning Preference Inventory Instructions: Take your scores from the Learning Preference Inventory and enter each item score where indicated on this score sheet. Add the item scores under each category to get an idea of your learning preferences. Physical Preferences: Learning Setting Noise Level Item # Score 4 _____ 13 _____ 30 _____ Total Score _____ • Total scores of 10 or more indicate that noises bother you when you are trying to learn. • Total scores of 9 or less indicate that noises do not bother you when you are trying to learn Lighting Item # Score 1 _____ 17 _____ 22 _____ Total Score _____ • Total scores of 10 or more indicate that you prefer to learn in bright lighting. • Total scores of 9 or less indicate that you do not prefer to learn in bright lighting. Physical Preferences: Learning Setting (Continued) Temperature Item # 9 Score 12 21 Total Score • Total scores of 10 or more indicate that you prefer to learn in warmer temperatures. • Total scores of 9 or less indicate that you prefer to learn in cooler temperatures. • Total scores of 10 or more indicate that you prefer a formal learning setting. • Total scores of 9 or less indicate that you prefer an informal learning setting. Structure Item # Score 3 16 20 Total Score Physical Preferences: Time of Day Item # Score Morning Score 29 _____ Afternoon Score 14 _____ Evening Score 6 _____ Total Score _____ • Total scores of 4 or 5 indicate a preference for learning at that time of day. • You may have more than one time preference for learning, or time may not make a difference to you. Emotional Preferences: Social Needs Alone or With Others Item # Score 7 _____ 15 _____ 28 _____ Total Score _____ • Total scores of 10 or more indicate that you prefer to learn alone. • Total scores of 9 or less indicate that you prefer to learn with other people. Emotional Preferences: Motivation Extrinsic Motivation Item # Score 10 18 26 Total Score • Total scores of 10 or more indicate that external reinforcements may be important to you. • Total scores of 9 or less indicate that external reinforcements may not be very important to you. Intrinsic Motivation Item # 5 11 25 Total Score Score • Total scores of 10 or more indicate that you seem to be self-motivated. • Total scores of 9 or less indicate that you may not be self-motivated. Intellectual Preferences: Learning Styles Auditory Learning Visual Learning Kinesthetic Learning Item # Score 2 23 Auditory Total Item # Score 8 27 Visual Total Item # Score 19 24 Kinesthetic Total • In each area (auditory, visual, kinesthetic), total scores of 7 or more indicate a preference for that type of learning. • You may prefer more than one type of learning, or types of learning may not make a difference to you. Job Aid #3: Strategies for Addressing Insensitive Events Listed below are examples of events that may occur during training that add to personal biases and stereotypes and that fail to show respect for differences in people. Also included are possible strategies for responding appropriately to these events in the training room. It is critical that, as an instructor, you are aware of these events and that you are prepared to respond appropriately. Refer to this when preparing for training. POSSIBLE EVENT STRATEGY Telling jokes about gender, ethnicity, or a profession. • Do not publicly denounce the person telling the joke. • As soon as the person has finished telling the joke, announce that these types of jokes are inappropriate and illegal and will not be tolerated. Praising or negatively reinforcing only some participants. • Be aware of your own biases, and concentrate on recognizing all participants equally. • Avoid negative reinforcement (e.g., punishing, sarcasm, putting down participants) altogether. Failing to prepare for a participant with special needs. • Apologize to the participant. • Ask the participant how you can be of assistance. • In the future, be aware of who your course participants are so you can prepare for those with special needs. Making sexual remarks. • Inform the offender(s) that making sexual remarks is illegal and will not be tolerated in the training room. • If a participant has been offended by the remarks, ask the offender to apologize. Reading Assessment Instructions: Place your answers to the following questions on the answer sheet on page 40. When you finish this assessment, check your answers against the answer key on page 42. 1. Which of the following combinations of training methods is most consistent with adult learning principles? a. Lectures and reading assignments b. Reading assignments, demonstrations, and tests c. Reading assignments, group discussions, and practical exercises d. Lectures and case studies In questions 2 through 5, match the descriptions on the left with the correct learning style on the right. 2. I get a lot of satisfaction from doing the best I can. a. Visual Learning b. External reinforcement 3. I learn well by seeing how to do something. c. Internal reinforcement 4. I work better when I know my work will be checked. d. Social needs e. Auditory learning 5. I learn well from videos and lectures. 6. John has felt unprepared in responding to questions from COOP facility managers about their mitigation options. In response, he has searched DOD and DHS websites for best practices. Which adult learning characteristic is being illustrated in this scenario? a. Active learning. Adults learn best when they are active participants in the learning process. b. Immediate application. Adults engage in learning to help them deal with issues they face now. c. Accumulated experience. Adults bring more life experiences to the learning environment than children. d. Reinforcement. Adult learners benefit from, and respond to, reinforcement. Reading Assessment (cont’d) 7. Tom is conducting Building Design for Homeland Security. During his workshop, a participant cracks a joke about a particular ethnic group. What is the most appropriate way for Tom to handle this event? a. At the next break, take the person aside and tell him or her that these types of jokes are inappropriate and illegal. b. As soon as the person has finished telling the joke, announce that these types of jokes are inappropriate and illegal and will not be tolerated. c. Laugh now, but tell the person about your discomfort later in private. d. Use the situation as an opportunity to discuss cultural sensitivity with the entire class. 8. With the Y axis labeled Emotional Safety, what should the X axis be labeled? HIGH LOW HIGH a. Practice b. Number of instructors c. Learning d. Number of course participants Reading Assessment (cont’d) 9. Select the method from which adults will retain the most information after 3 days. a. Information they speak b. Information they hear c. Information they read d. Information they see 10. You involve your participants in the learning process by combining reading assignments with job simulations. This is an example of which adult intellectual characteristic? a. Accumulated experience b. Active learning c. Previous learning d. Physiological changes 11. One can learn more effectively by: a. Engaging in the class and in small group activities. b. Listening to lecture and taking notes. c. Working alone and asking the presenter questions. d. Expecting to be entertained during training. 12. During the morning session, you notice that course participants seem very tired. After lunch, you decide to address the fact that they have a low energy level. What learning activity should you select? a. Video b. Lecture c. Group exercise d. Power Point presentation Reading Assessment (cont’d) 13. A participant who draws diagrams and pictures to understand information, and who learns new skills best by watching others, is most likely a: a. Visual learner b. Auditory learner c. Social learner d. Self motivated learner For questions 15 through 20, review the adult learning characteristic on the left and determine the most appropriate training strategy from the right. 14. Adults can learn by reading, a. Provide learners with opportunities to listening, and watching, but they identify what they want and need to learn best if they participate learn; to plan and to carry out their own actively in the learning process. learning activities; and to evaluate their own progress toward self-selected goals. 15. Most adults have preferred methods for learning new knowledge and skills. b. Plan training activities around your participants’ issues and concerns. 16. Adults engage in learning in order to help them cope with c. Maximize learning by doing. current issues and problems. They seek learning that they can apply immediately. d. Provide job aids to assist in “unlearning” previous information that is interfering with new learning. 17. Adults have a large bank of previous learning that can be both an asset and a liability to learning. e. Match the instructional methods you select to your participants’ learning preferences. 18. Adults enter training with a large volume of life experiences from f. Use the learners’ life experiences to which to draw. introduce and discuss new concepts. 19. Adults perceive themselves as independent and capable of selfdirection. They desire others to see them in the same way. 1. ______ 2. ______ 3. ______ 4. ______ 5. ______ 6. ______ 7. ______ 8. ______ 9. ______ 10.______ 11.______ 12.______ 13.______ 14.______ 15.______ 16.______ 17.______ 18.______ 19.______ READING ASSESSMENT ANSWER SHEET Reading Assessment ANSWER KEY 1. c 2. c 3. a 4. b 5. e 6. b 7. b 8. c 9. a 10. b 11. a 12. c 13. a 14. c 15. e 16. b 17. d 18. f 19. a This page intentionally left blank Course Title: Building Design for Homeland Security COOP T –t-T Unit XIV (C): Course Wrap-Up Unit XIV (C) COURSE TITLE UNIT TITLE OBJECTIVES SCOPE Building Design for Homeland Security for Continuity of Operations (COOP) Train-the-Trainer Course Wrap-Up 1. Reflect upon the reasons for attending the course provided during Unit 1 Introductions (any Case Study version) and the conduct of course. a. Expectations met? b. Likes and dislikes? c. Value? 2. Provide written feedback to the Course Director and Instructors through course evaluation forms and verbal comments related to the course specifically or building design for Homeland Security in general. This feedback is critical to improving the course. The following topics will be covered in this unit: 1. Discussion of general issues and concerns. 2. Course evaluations – forms and verbal comments. 3. Distribution of course certificates. REFERENCES No references are required for this unit. SM XIV-C-1 Course Title: Building Design for Homeland Security COOP T-t-T Unit XIV (C): Course Wrap-Up This page intentionally left blank SM XIV-C-2 APPENDIX C: COOP CASE STUDY U.S. DEPARTMENT OF ARTIFICIAL INTELLIGENCE (DAI) COOP SITE ASSESSMENT OF COOPERVILLE INFORMATION / BUSINESS CENTER (CI/BC) INTRODUCTION TO DAI The mission of the U.S. Department of Artificial Intelligence (DAI) is to keep abreast of critical US and foreign artificial intelligence technology (software and hardware) and the manufacturing capability (plants and skilled personnel) employed to use this technology in support of the national economic and foreign policy strategy. Artificial intelligence (AI) is used extensively by the military and transportation industries in the U.S. and its allies. Revenues from licensing of production and use of AI technology funds the MedicUS program for senior citizens. AI technology use and production in non-allied countries would be detrimental to the interests of the United States. The primary DAI facility/office performing the essential functions of interest in this assessment is located northeast of COOP City at the DAI Building. Current Relationship between DAI and CI/BC and Reason for COOP Alternate Facility Assessment CI/BC is a backup site for mirroring all critical computer information from DAI using dedicated fiber optic systems with encryption and supervision. The CI/BC facility is of interest as a Continuity of Operations (COOP) alternate facility. Due to the loss of an alternate facility that was being shared with another Federal Government agency, CI/BC is being assessed as a replacement for that alternate facility no longer available. Essential DAI Functions in Priority Order with Personnel, Information Technology, and Communications Minimum Requirements 1. Orchestrate the national level response to any loss of artificial intelligence production capability and loss of AI revenue required for payments to citizens of the United States. Personnel: 4 COOP Site Managers and 10 Staff Equipment -- Managers: Unclassified computer terminals, landline telephones, and cell phones Equipment -- Staff: Unclassified and classified computer terminals and secure telephone capability 2. Consult with and provide reports and other technical assistance to appropriate Federal agencies that may be impacted by loss of AI component availability and resultant revenue flow. Personnel: 12 Staff Equipment -- Staff: Unclassified and classified computer terminals and secure telephone capability. 3. Process and post financial documents supporting monthly cash flow to Agencies that distribute AI revenues to entitlement recipients. Personnel: 4 COOP Financial Systems Managers and 36 Staff Equipment -- Managers: Unclassified computer terminals, landline telephones, and cell phones Equipment -- Staff: Unclassified computer terminals and landline telephones 4. Operate the personnel/payroll system to ensure all DAI personnel receive payments. Personnel: 28 Staff Equipment -- Staff: Unclassified computer terminals and landline telephones 5. Manage operations, security, safety, and health programs for all DAI personnel, programs, and operations. Personnel: 20 Staff Equipment -- Staff: Unclassified computer terminals and landline telephones, except for security (4 personnel) that also require classified computer terminals, secure telephone capability, and cell phones 6. Manage the Department-wide computer security functions. Personnel: 10 Staff Equipment -- Staff: Unclassified and classified computer terminals and secure telephone capability 7. Provide liaison with state, local, and tribal officials on the status of critical AI production, availability, and shortfalls. Personnel: 26 Staff Equipment -- Staff: Unclassified computer terminals, landline telephones, and 5 cell phones for team use A satellite link is needed for secure and non-secure worldwide communications as a backup to telephone landlines (secure and unclassified) and cell phones. DAI Emergency Relocation Group and Support for Other Personnel DAI has a little over 4,000 personnel, with 250 identified as primary or backup relocation team members at the DAI Building. The core of the Emergency Relocation Group is 150 personnel that work in 12 hour shifts to continue the critical functions for 24 hours per day and 7 days per week. Primary and backup relocation team members maintain personal Go kits at their places of residence and an office-specific Go kit at their normal duty location. DAI has a plan for assisting the families of Emergency Relocation Group personnel as well as employees on travel if an incident affects more than just the DAI Building. In case of pandemic flu outbreak, the primary and backup Emergency Relocation Group personnel and their families have received preventive flu shots and supplemental shots, when available, based upon the identified strain. The COOP plan may be activated as a preventive measure by relocating some or all primary Emergency Relocation Group personnel to the alternate site and leaving the remaining primary and backup Emergency Relocation Group personnel at the primary site to use geographic separation to reduce the risk of widespread infection on essential functions. DAI also has a communications contact plan for employees to get information upon activation of the COOP plan and to report their status if not at the primary or alternate facility. A web site is also set up for two-way information flow between employees and Human Resources/supervisors. This communication plan includes either using a recorded message on primary facility phone numbers directing callers to an alternate facility number or automatic redirection of those numbers to the phone numbers at the alternate facility, once the alternate facility is functional. General DAI COOP Alternate Facility Requirements The minimum distance required between the primary and alternate facility is 60 miles. The alternate facility must be available within 12 hours of the decision to activate. A SCIF (Sensitive Compartmented Information Facility) is needed due to the military requirements of artificial intelligence and other national security uses. To the highest security clearance for the classification of materials, the SCIF requires classified computer terminals, secure phones, secure fax, and one or more safes. Safes are not required if the SCIF is manned 24 hours a day. The Secure Room in the Computer Center is SCIF rated. The Secure Office and Secure Conference Room in the Business Center are constructed to SCIF requirements and can be approved for DAI use. Supplies to sustain the Emergency Relocation Group in its previous Alternate Facility location required 2,400 cubic feet of storage. This does not include computers or communications equipment. It does include health-related supplies needed for a pandemic outbreak and supplies needed to sustain 30 days of operations. There is no formal Federal Government-wide standard for office space per person. However EPA and GSA recommend 225-230 usable square feet per person which includes all individual and shared space such as workstations, circulation, storage, filing space, and conference rooms. The minimum functional workstation space is 100 square feet, with the workstation footprint itself being between 64 and 80 square feet and the remaining square footage for storage and movement. Geographic Relationship between Primary Facility and Alternate Facility Being Assessed Driving distance: 78 miles, 1.75 hours There are more than sufficient taxi companies at the primary and alternate facility locations to support using public mass transportation as the means to move between the two facilities. Bus schedules: 5 daily itineraries, between 01:30 am to 12:00 pm, taking 2 hours and 55 minutes the nearest terminals to each building. Charter buses companies are also available. Train schedules: 20 daily itineraries, taking at most 45 minutes between the nearest stations. Figure 1. Transportation Links between DAI Building and CI/BC INTRODUCTION TO CI/BC The Cooperville Information / Business Center (CI/BC) is a state-of-the art information technology (IT) services company located in a major metropolitan city in a typical suburban business office park. CI/BC also has a Business Center that is available on a daily basis to individuals and companies for workstation/office space, office equipment, computer, meeting space, and any other business support required on a temporary basis. The company’s information mission is to provide information technology and services support to include hosting servers, databases, applications, and other hardware and software; develop, install, and maintain software applications; provide field support IT technicians; and provide 24-hour help desk support. The company’s Business Center mission is to provide temporary office support on a short term basis to business travelers or companies who need additional space, including some space at higher security levels. The Business Center’s standard hours are 6:00 am to 6:00 pm, but up to 24 hour support can be provided with advance notice. Figure 2. Cooperville Information / Business Center (CI/BC) The Information Division of CI/BC has over 20 clients and supports approximately 1,000 users and 100 applications as a primary data center and as a disaster recovery backup site. CI/BC clients include local, regional, and Federal government offices and commercial entities. Many clients depend on CI/BC’s ability to provide real time IT support, on a 24 x 7 basis. Others rely on the company’s IT backup services. Major clients and support contracts include: • Fortune 500 companies • National and regional banks and credit unions • A major airline • Large prime defense contractors • Government agencies, including one classified client • U.S. Department of Artificial Intelligence CI/BC is certified to provide IT support and storage to government clients at Top Secret levels, using dedicated classified equipment and networks. CI/BC’s technology ranges from leading edge mainframe and desktop computers and optical mass storage devices to wired and wireless networks. CI/BC has over 75 employees and approximately 40 employees are in the building at shift change with about 25 at any other time. Work schedules are flexible and employees have their own access capability as explained under security later. Visitors to the Information Division (usually less than 5 at a time) sign-in with the receptionist who contacts the person being visited. The staff person being visited provides escort for the information visitors in the building. Visitor access to Information Division areas is through the mezzanine and then down to the first floor. Business Center users are usually restricted to the first floor office area, unless special needs are coordinated. The Business Center has two employees on shift with overlap during normal hours and can provide additional staff as needed during and after normal hours. The main receptionist is one of these people. The Business Center personnel have no security clearances, but Information Division personnel provide support when clearances are required and verified. The CI/BC building is strategically located near many of CI/BC’s clients and management does not want to move from the facility or location. CI/BC has contracts for its services with all its clients. It also has contingency contractual agreements (similar to a Memorandum of Agreement (MOA)) with some clients in case there is an emergency need for additional computer support, Business Center office space, or both. An MOA is an agreement or acknowledgment among parties outlining the terms and details of an agreement between parties, including each parties requirements and responsibilities. Impact of COOP operations upon CI/BC day-to-day functions There will be no disruption of Information Division daily operations. However, the Business Center will have to alter operations based upon DAI COOP requirements. Fortunately, the Business Center does not allow any long-term commitment of its facilities. It has normally functioned on a day-today basis with a first-come, first-served approach. This is covered in each contingency contractual agreement and CI/BC is willing to give DAI first priority. GENERAL SITE DATA AT COOP ALTERNATE FACILITY The Cooperville Information / Business Center is located approximately 15 miles outside of a major urban city in the suburbs, and adjacent to a major interstate highway. There are several commercial iconic properties, one military installation, and several government offices within a 5-mile radius of the CI/BC building. 5-Mile Radius Figure 3. CI/BC Corporate Business Park 5-Mile Radius Regional Information of Interest to DAI The nearest nuclear power plant is 63.4 miles from the CI/BC building. Equipment rental, U.S. Postal Service, freight services (air, motor transport, Fed-Ex, UPS, DHL, etc.), department or general merchandize stores, building or electrical materials, and financial services (banking) are all available within a 10 mile radius of the CI/BC building. There are multiple gas stations within 0.5 miles of CI/BC as well as gas stations along all routes between CI/BC and lodging / dining. There is no specific Federal vehicle requirement for the DAI Emergency Relocation Group as privately owned vehicles have the only fuel requirement. Appendix C: COOP Case Study Figure 4. Lodging and Dining near Cooperville Information / Business Center There are various levels of dining available at and near the lodging within 10 miles of CI/BC. Many of these open at 06:00 am and close at 11:00 pm. There are caterers available that will deliver food at any time day or night, weekday or weekend. Lodging costs range from $40 per day to $250 per day, depending upon hotel/motel chain and amenities. Some hotels have shuttle buses that may be available for use to get personnel from hotel to CI/BC and back, vice the need for taxis. Some local colleges within 25 miles have dormitories; however they have year round classes that result in a waiting list for rooms during fall and spring semesters. The summer semester usually has available rooms. Local Imagery Appendix C: COOP Case Study Figure 5. CI/BC Business Park Perimeter and Surrounding Buildings Business Park Perimeter and Surrounding Buildings The office building is part of a corporate business park. CI/BC does not control the front parking area, signage, or other general site conditions such as stormwater drainage, lighting, or vehicle and pedestrian traffic flow and movement. Front parking spots are approximately 44 feet from the CI/BC lobby and there are a total of 447 spaces in the front lot and a total of 155 spaces in the rear parking behind the building. The business park is responsible for grounds maintenance, including cutting the grass, planting flowers, trimming trees, sweeping the parking lot, and towing unauthorized vehicles. Trash service is the responsibility of tenants. CI/BC has a large dumpster located at the rear of the loading dock area approximately 50 feet from the building. CI/BC receives mail and packages at the front office lobby desk. Large packages and equipment are delivered to the rear loading dock. There is no separate mail room, but there is an internal administrative space with copiers, printers, supplies, and staff mailboxes. The front desk receptionist is responsible for sorting and screening all mail. The business park is adjacent to a major interstate highway and there are a number of storage tanks, manufacturing and production facilities, and other commercial properties across the interstate. Site Imagery The CI/BC office space has client and staff parking in the front and a rear parking and loading dock area for supply trucks, vendors, and trash. The front parking area is unrestricted, but the back parking area is enclosed with chain link fencing on the perimeter of the property. There is no gate or means to prevent vehicles from transiting around the rear of the business park. Figure 6. CI/BC Office Location Hazardous Material (HazMat) Sites There are a significant number of hazardous waste sites in near proximity to the CI/BC building. The vast majority are small generators such as gas stations, dry cleaning, and other commercial businesses. Large generators include the petroleum storage and production facility located across the interstate. Figure 7. HazMat Sites Near the CI/BC Building The prevailing weather pattern in the summer and fall is from the south Atlantic and the Gulf of Mexico. Warm, moist air brings thunderstorms and higher humidity. In the fall, cooler air from the north and west returns. Winter weather blasts across the state from the northern or central part of the continent. With no other weather activity, the prevailing wind is normally from the west-northwest. Emergency Response Capabilities The local emergency response capabilities include primary police, fire, and medical facilities approximately 8 to 10 miles away. There are multiple means of ingress and egress to the CI/BC building complex and the site is served by fire mains with a hydrant located approximately 200 feet from the CI/BC office. There are also a number of medical and dental clinics near the office for medical and dental treatment that does not require emergency response. Figure 8. Emergency Response Capabilities Near the CI/BC Building Building Layout by Function Appendix C: COOP Case Study Figure 9. CI/BC Functions and Building Layout The square footage (SF) uses of the facility are as follows: First Floor MEP (Mechanical, Electrical, Plumbing) systems, includes loading dock -- 3,580 SF Storage -- 620 SF Information Division Computers and Communications -- 3,200 SF Information Division Secure Space -- 600 SF Business Center Office Space -- 11,000 SF Includes Main Conference Room -- 1,100 SF which can be partitioned in half Includes Secure Office Space -- 745 SF Includes Secure Conference Rooms -- 930 SF Mezzanine Management and Staff -- 1,050 square feet Information Division -- 1,250 square feet Business Center -- 1,000 square feet Potential Blast Effects – Nominal Car Bomb The nominal range to effects chart radius of influence of a nominal car bomb detonation at the front entrance indicates that the building would experience significant damage, but likely not suffer progressive collapse. The front façade of the building is approximately 75 percent glass and has an 8-foot overhang. The north half of the south façade is also 75% glass and has an 8-foot overhang. There is no glass on the rest of the south façade or in the rear of the building. The terrain slopes upward from the parking lot to the main entrance, and is landscaped with flower beds and trees. Key staff would probably be killed and administrative functions destroyed as they are along the mezzanine windows facing the front parking lot, but the Computer Center and Communications Center functions would likely survive relatively intact. The Business Center rooms with windows facing the front parking lot would see significant additional damage. Potential Blast Effects Red Ring (20 ft) – Structural Damage Orange Ring (100 ft) – Probable Lethal Injuries Yellow Ring (150 ft) – Severe Injuries from Glass Figure 10. Car Bomb Blast Effects (Front Entrance Parking) Potential Blast Effects – Nominal Truck Bomb Detonated Nearby A tractor-trailer truck bomb detonation on the interstate would also significantly damage the CI/BC building, primarily glass breakage and potentially some structural damage. If the truck bomb were to detonate near the tank farm, the ensuing explosion, fire, and plume could have significant impact on the CI/BC building. Potential Blast Effects Red Ring (100 ft) – Structural Damage Orange Ring (500 ft) – Probable Lethal Injuries Yellow Ring (1,000 ft) – Severe Injuries from Glass Figure 11. Truck Bomb Blast Effects (Interstate Highway) Potential Blast Effects – Nominal Truck Bomb Detonated On Site A delivery truck bomb detonation at the rear of the CI/BC building at the loading dock would result in significant structural damage and potentially progressive collapse. The Computer Center, Communications Center, and other critical functions could be destroyed. Critical infrastructure that could be destroyed includes the mechanical and electrical room. Potential Blast Effects Red Ring (35 ft) – Structural Damage Orange Ring (190 ft) – Probable Lethal Injuries Yellow Ring (350 ft) – Severe Injuries from Glass Figure 12. Truck Bomb Blast Effects (Loading Dock) BUILDING DATA The CI/BC building was built in the 1990s using conventional construction techniques. The building has a 19,000-square foot main floor for offices, computers, and MEP. There is a 3,300-square foot mezzanine (a second floor over the front part of the office). Appendix C: COOP Case Study Occupancy B, S-1 Construction Type 2C No. of Floors 1 floor and mezzanine, high bay in rear Total Height 20 feet (first floor finished level to bottom of high bay roof joists) High Rise Code No Fire Suppression Fully sprinklered, wet pipe Floor Area First Floor 19,157 sf Mezzanine 3,380 sf Total 22,537 sf Number of Exits 6 Exits from Mezzanine 3 Occupancy Load First Floor 102 occupants Mezzanine 31 occupants Restrooms 5 total First Floor 2ea Male Water Closets 4 total Urinals 2 total Lavatories 2 total First Floor 2ea Female Water Closets 6 total Lavatories 4 total Mezzanine 1ea Unisex Water Closets 1 total Lavatories 1 total Area Separation No Fire Alarm System Yes Monitored Sprinkler Yes Fence 4 feet high, rear only, to keep people from falling down a steep incline Applicable Codes Building 1996 BOCA National Building Code w/ 2000 VUSBC amendments Electric 1996 VUSBC, 1996 NEC Plumbing 1995 IPC w/1996 supplement Mechanical 1996 International Mechanical Code Fire 1996 BOCA National Fire Prevention Code Accessible 1996 BOCA, 1992 CABO/ANSI 117.1 BOCA – Building Officials and Code Administrators International, Inc USBC – Uniform Statewide Building Code NEC – National Electric Code IPC – International Plumbing Code CABO/ANSI 117.1 – Uniform Federal Accessibility Standards BUILDING STRUCTURE The exterior walls are made of concrete masonry units (CMUs) with a brick veneer on the outside. Steel framework supports the structure, and exposed columns are enclosed in gypsum wallboard. The interior walls are gypsum wallboard on metal studs. The roof is a metal deck on steel joists with 4-inch concrete, waterproofing, insulation and gravel on top. It is slightly angled to allow water to drain. The roof overhangs the front entrance by 8 feet. This provides a covered area for employees to stay dry on rainy days. Cylindrical columns consisting of steel columns with brick façade support the overhang. Windows are double glazed, ¼-inch thick annealed glass. With a loading dock on the west side, it is possible for vehicles to park right next to the building. Normal parking for employees is in front; the closest row is 44 feet from the nearest point on the building. The company does not have a mail room; incoming mail is normally processed by the receptionist just inside the front door. Large packages shipped to the company (computers, etc.) are delivered to the loading dock in the rear and handled by the Computer Center staff. MECHANICAL SYSTEMS Heating for the CI/BC building is provided by a combination of natural gas and electricity. This provides a regulated environment for the sensitive computer and communications equipment, and a comfortable environment for employees and users of the Business Center. HVAC Supply The main heater sends hot air into the heating, ventilation, and air conditioning (HVAC) room, next to the mechanical and electrical (M&E) room. From here it is distributed throughout the building. Offices, restrooms and the employee’s lounge are directly heated by this warm air. The Computer Center and the Communications Center use Digital Environmental Managers (DEMs) to direct the warm air where it is needed, add or remove humidity from the air, or even cool some areas while warming others. Appendix C: COOP Case Study Figure 13. HVAC Supply The air used to heat or cool the CI/BC building is filtered in the HVAC room using standard industrial grade MERV 8 filters. Outside make-up air is brought in through a vent in the wall located at ground level. The vent is alarmed to prevent intruder access. A screened exhaust duct is on the roof. Airflow throughout the building is through a series of ducts hidden in the ceiling of each area. The ducts are divided in half to allow them to serve as supply and return headers. The divider is insulated to minimize heat transfer from one side to the other. The Computer Center has two additional air cooling units located in the Computer Center and uses the main chilled water supply. The Computer Center maintains a slight net positive pressure compared to the main office areas. HVAC Return The return air for the main office space has sufficient room inside the ductwork and mechanical room area to incorporate additional filters and equipment. Appendix C: COOP Case Study Figure 14. HVAC Return Chilled Water Distribution (Cooling) Cooling (or heat removal) is done by chillers in the M&E room. Three Trane 100-ton chillers are available; normally only two are needed to cover most cooling loads, except for very excessive summer conditions when three chillers are sometimes needed. The chillers remove heat from the chilled water system, and use the condenser water system to send the waste heat to two rooftop cooling towers. The chilled water is then routed from the chillers to air handlers for the majority of the building; cooling for the Computer Center and the Communications Center is done by directing chilled water to the DEMs. Chiller operation along with chilled water and condenser water flow are managed from a single control unit in the M&E room. A single chilled water pump provides adequate flow for all cooling situations; a backup pump is available at the push of a button. The same is true for the condenser water pumps. The DEMs in the Computer Center and the Communications Center use airflow to transfer heat from electronic equipment to the chilled water, and return cool air to the equipment. Humidity is raised or lowered as necessary for each area of the room. The DEMs operate without the need for frequent monitoring by technicians; parameters and flow rates are controlled from a central station based on the needs of individual pieces of equipment. Appendix C: COOP Case Study Figure 15. Chilled Water System Air Intake The air intake is exposed and of typical louver construction. Figure 16. Air Intake Natural Gas Natural gas enters the building through a high-pressure meter, and a pressure regulator and low-pressure meter under the loading dock staircase. The piping goes through the overhead to the M&E room at the building’s southwest corner. Branches split off for two gas powered space heaters in the high-bay area by the loading dock. The main gas line goes to the main heater in the M&E room. Figure 17. Loading Dock Area Appendix C: COOP Case Study Figure 18. Gas Meters Under Loading Dock Stairs FIRE PROTECTION AND LIFE SAFETY A key concern for CI/BC is fire. The building has been designed to meet the latest National Fire Protection and Life Safety Codes at the time of construction. Sprinklers are located throughout the building, along with hand-held portable fire extinguishers. There are six exits that can be used for evacuation. The fire protection and life safety systems consist of a “wet-pipe” single stage sprinkler system throughout the building, ceiling mounted automatic fire and smoke detectors connected to the central business park fire annunciator panel located in the next building and HVAC fire and smoke dampers in the M&E room air handling unit (AHU). There are no manual fire pull stations which is allowed under local codes where the building is fully sprinklered, the system is monitored, and the fire annunciator panel alerts the fire department. The sprinkler system header is continuously pressurized, with water being held back by the temperature actuated valve on the sprinkler head. Each sprinkler head is individually activated by heat; any valve reaching 130º F would open. This system would allow a kitchen or office space fire to be suppressed, without unnecessarily dousing critical computer equipment with water. However, the sprinkler heads are exposed in the overhead of each room, and can be accidentally activated if bumped by a ladder, pole, etc. None of the ingress or egress doors have the new generation illuminating markings, only the standard door or ceiling mounted exit signs and emergency lighting. Should a fire occur, other than the fire detector flashing lights, there is no mass notification system specifically for fire. Egress stairwells are limited to the two stairwells on opposite ends of the mezzanine toward the front of the building. These are open stairwells without any specific fire protection design incorporated and are part of the steel construction of the mezzanine. A third stairwell of like construction leads from the mezzanine to the Computer Center on the first floor. The water to the fire protection system within the building and the fire hydrants in the office park comes from the local municipal distribution mains which is also the source for all water uses in the building – rest rooms, kitchen/break room, HVAC equipment, etc. There is only one water supply line to the CI/BC building. Per request from employees, four bottled water dispensers are throughout the building, with an average of 3 water bottles (5 gallons each) in reserve at any given time for each dispenser. There are two similar dispensers in the Business Center. Sprinkler Head Appendix C: COOP Case Study Figure 19. Sprinkler Head There are 20 hand-held dry chemical fire extinguishers located throughout the building, 5 on the mezzanine level, and 15 on the first floor. Filled with monoammonium phosphate under approximately 200-250 pounds pressure, these extinguishers are designed to combat Class A, B, and C fires. The fire extinguishers are visually inspected to make sure pressure is in the allowable band on a monthly basis by a local company. The Computer Center and the Communications Center are equipped like the rest of the building. CI/BC has a long-term plan to install a clean agent suppression system in the electronic spaces, but construction has not yet started. The Security Officer maintains the fire evacuation and response plan, has posted fire evacuation routes in key office hallways and break areas, and has a key to the building section that has the main fire panel. The main fire panel is located in the lobby area of the next building section, which is open to unrestricted access during normal business hours. In the event of a fire, the panel alerts the local fire department and the security company using dedicated telephone lines. ELECTRICAL SYSTEMS Main power for the CI/BC office is provided by the Hazardville Electric Power Company through two transformers outside the building. Two sets of buried transmission lines deliver 12,470 volt (12.47KV) power to the building from a nearby substation. Transformers The two 12.47KV feeders lead to two separate transformers outside the building, one near the north side, and the other near the south side. The two pad-mounted transformers are rated at 3,000KVA total (1,500KVA each) and they reduce the 12.47KV power to 480/277 volts for distribution around the building. Both transformers are continuously on line, and feed separate loads. Neither is generally loaded above 50 percent, and a tie breaker allows either transformer to support all building loads, except during the peak cooling days when three chillers may be operating. Figure 20. One of Two Transformers On Site Diesel Generator Backup power for CI/BC is provided by a single diesel generator, located in a shed in the rear parking lot. Specs for this Detroit Diesel Model 1250DS-4 Spectrum unit follow: Model 12V4000 Engine Model 7M4052 Generator 4-Cycle Voltage 480/277 VAC Turbocharged, Intercooled 3 Phase/60 Hz V-12 Cylinder Configuration 1250 eKW/1563KVA 2975 Cubic Inch Displacement 1879 Amps 1800 RPM Sustained Short Circuit Current up to Max Power 1380 bKW/1850 BHP 300 % of Rated for 10 Seconds Exhaust Temperature 402º C/755º F Brushless, Rotating-Field Water Cooled, Electric Start Pilot Excited 100 GPH Fuel Consumed at 100 % Load 76 GPH Fuel Consumed at 75 % Load 1 Year Limited Warranty 52 GPH Fuel Consumed at 50 % Load The backup generator is equipped with a 250-gallon “day” tank, normally kept at least 80 percent full. The day tank draws fuel from a 2,000-gallon main fuel tank, buried under the parking lot near the diesel generator shed. A small electric pump is used to fill the day tank when necessary. Note that a rule of thumb for generator fuel consumption is 0.08 gallon/KW load/hour. The day tank’s level is measured using a sight glass. The level of the main fuel tank is measured with a probe each quarter by a visiting Detroit Diesel representative, who also starts the engine to run unloaded for about 20 minutes. Fuel is delivered by truck from a local supplier, who normally responds the day after being called. The diesel generator is configured to automatically start upon loss of commercial power to the CCB. This happens about twice a year due to electrical storms or utility maintenance in the neighborhood. An automatic bus transfer switch aligns the generator to the CCB as soon as the generator is ready to support the bus loads. This normally takes less than 5 seconds. In addition, a manually operated tie breaker is available to supply backup power to the SB via the CCB; however, the SB cannot receive backup power by itself. The backup diesel generator has never had to support CI/BC’s power demands for longer than about 2 hours, and never with more than one chiller operating. It has never been tested for an extended period under a heavy load. An uninterruptible power supply (UPS) is located inside the building’s “high-bay” area. Rated at 1000KVA, it is designed to support all loads on the CCB for up to 60 minutes. The diesel generator has never taken more than 30 seconds to start and assume the bus loads. If the diesel generator did not start on a loss of commercial power, 60 minutes would be ample time for CI/BC personnel to conduct an orderly shutdown of Computer Center equipment. The batteries to support the UPS are in a small room next to the UPS room. The only instrumentation in the room is a thermometer. The 50 lead-acid batteries are inspected semi-annually by the manufacturer’s representative. A capacity test discharge was conducted when the batteries were installed 2 years ago. The 60-minute endurance was calculated from that test. Electrical Loads CI/BC’s electrical loads are divided between two main electrical buses, the CCB and the SB. They are located in separate “closets” of the building. A tie breaker allows the buses to be connected, so they can be powered by a single main transformer, or to allow SB loads to be carried by the backup diesel generator. The system is monitored by a digital energy management system, which provides indications, alarms, and instructions. Critical systems, such as those supporting fire alarms, security alarms, CCTV system, telephone system, etc. are connected to the CCB. The chillers, pumps, cooling towers, fans, etc., are all powered from the Support Bus (SB). The DEMs (Digital Environmental Managers in the Computer Center) and all of the building thermostats receive power from the Computer Center Bus (CCB). Figure 21. Electrical “One-Line” Diagram Mechanical and Electrical Room Typical of many commercial office buildings, the mechanical and electrical systems share common utility penetrations and floor space. There are no redundant utility service entrances into the building, except for the separate electrical feeds from each transformer. Figure 22. Mechanical and Electrical Room INFORMATION OPERATIONS The Computer Center is the heart of CI/BC’s information operations. The rest of CI/BC Information Division exists to support the Computer Center. The Business Center receives support from the Computer Center in both unclassified and classified formats. Each workstation in the Business Center has LAN connections that allow rapid reconfiguration to connect to different servers and systems based upon the authorization and needs of the Business Center users. Multiple LAN connections are available in each office and conference room to accommodate any room configuration. Workstations in Business Center office areas average 100 square feet in floor space. Additional workstations or tables are available on a one-day’s notice. Computer Center Figure 23. Computer Center Hardware The Computer Center is composed of several interconnected systems and one independent system for classified data processing. The systems run VMS, Unix, or Windows. Although the equipment list changes almost monthly as systems are upgraded and new clients’ needs are being met, as of April 2003, the computers included the following: • One 4-processor Silicon Graphics Power Challenge • Three dual-processor Silicon Graphics Origin 200 servers • One dual-processor Silicon Graphics Octane • Five Microway Dec Alpha 500 MHz systems (four Unix, one VMS) • Three DEC Alpha 600 5/266 systems • Two IBM RISC 6000/560 systems with 160 and 128 Megabytes (MB) of memory • One Stardent 3000 with 128 MB of memory, triple scalar and vector processors • One DEC Alpha-based (RISC) Model 3000/400 VMS workstation • One DEC VAX station 4000/90 system with 128 MB of memory • Sixteen Windows based workstations All computers have access to large-capacity disk storage units, with shared mounting of major disk units throughout the complex. The VMS systems are configured as a VAX cluster; the Unix systems have common user accounts and files. The major systems are reachable from throughout the center and also through an Ethernet. The networks interface to the company-wide network and through it to the Internet. Because some customers rely on CI/BC to support their data storage needs, the Computer Center also contains a massive data storage “jukebox.” A StoreAll Model 5500 provides fully automated storage, using robot arms to provide rapid retrieval. Its capabilities include: • 3.0 Terabyte Total Capacity • 2.5 Megabyte Per Second (MBps) Transfer Rate • 500 CD Per Hour Change Rate • 10,000 CD Storage Rack Client data are backed up as requested by the clients, as frequently as once per day, except for one Federal client that uses CI/BC as a real-time mirror site similar to those of credit card companies. The Back-O-Matic digital backup system manages the backup process, selecting which data are backed up on which day. All backups are done to CD; these are stored in the StoreAll Model 5500. CI/BC maintains an off-site storage location for clients that require backup data to be stored at a separate site. Classified backup data for certain government clients are stored in a special fireproof safe in the Secure Space. Backup procedures for CI/BC’s computer operating systems, digital telephones, and other company systems are similar as for their clients. Most of CI/BC’s computer systems can be used to backup another system. For those systems without in-house backups, replacement sources are identified. In most cases, replacement hardware can be delivered and set up within 2 days. COMMUNICATIONS Data CI/BC has two T1 lines and one T3 line connected at the demark to ATT’s high performance backbone network. The ATT fiber connectivity provides more than enough bandwidth for CI/BC’s current needs and planned future expansion. Telecom and Network Connections • Two T1 lines (1.544 MBps) • One T3 (45 MBps) • Frame Relay • Narrowband ISDN (64/128 KBps) Figure 24. Telecom and Network Cabling Appendix C: COOP Case Study Figure 25. Telecom and Network Equipment The Cisco powered network features multiple 7500 VXR+ routers. Border Gateway Protocol (BGP) reroutes traffic between the routers and to the Internet. A variety of switches in the Communications Center and at client sites are used to ensure connectivity. Some clients use Hot Standby Routing Protocol (HSRP), which provides additional redundancy. A variety of firewalls and other security systems are in place to protect the company and its clients. The firewall solution is based on the Cisco PIX to provide highly resilient firewall protection. Other security systems include reporting and analysis tools and network detection devices, which help protect the company’s computers from hacking. Communications to support CI/BC’s classified government clients cannot be discussed in detail. Nevertheless, they use leased lines for point-to-point connectivity, and they are robust, with diversity and redundancy built in. Voice Although CI/BC does not provide voice communications services to its information customers, the need to communicate with them quickly and reliably is important. Therefore, the company has invested in NEC DS2000 telephone systems, which come with 8-slot cabinets that can handle 32 lines from 48 stations. The system’s digital processor provides reliability, speed, and features to keep CI/BC staff members in touch with their customers. This same system supports the Business Center workstations in the offices and conference rooms. The voice connections in offices and conference rooms are co-located with the LAN connections allowing any room configuration desired. There is excellent cell phone coverage within the CI/BC building and for a 20 mile radius around it. PHYSICAL SECURITY Much of the company’s guidance for security comes from the National Industrial Security Program Operating Manual (NISPOM), the government’s guide to protecting contractor facilities. The NISPOM is promulgated by the Defense Security Service (DSS) and is available on the World Wide Web at: http://www.dss.mil/isec/nispom_0195.htm. CI/BC’s Security Officer uses a layered approach to physical security. The outermost physical security layer is provided by a contract security firm and the Defense Protective Service (DPS). The contract security firm periodically patrols the parking lots in marked vehicles. The security officers are not armed, but they carry cellular phones to contact the local police. These officers do not have security clearances, and are not allowed to enter the Information Division spaces and Business Center secure spaces of the CI/BC building if no employees are present. The DPS officers patrol the entire National Capital Region (NCR) and are tasked to respond to emergencies at Defense Department or contractor facilities. DPS officers are armed and have law enforcement authority. They are allowed to enter the CI/BC building, but normally do not as part of their rounds. Security Lighting and Closed Circuit Television (CCTV) The parking lot behind the CI/BC office is well lit and monitored by older generation analog CCTV cameras using telephone wires that are connected to video displays in the CI/BC Security Officer’s office and recorded on standard VHS tape. The CCTVs are commercial grade black and white with a 180-degree field of view that the security officer can control via the display panel. The front parking lot is lit, but not monitored. Figure 26. Security Lighting Door and Window Alarms, Proximity Card and Badge Readers, Motion Sensors CI/BC’s middle layer of security is the building envelope. The building is monitored by door and window alarms, which connect to ADT, the nationwide alarm company. Unauthorized opening of any door or window will immediately notify ADT via telephone. ADT will normally call the CI/BC Security Office prior to contacting the police and DPS. CI/BC employees have proximity cards and electronic badges to allow them to enter the front and loading dock doors without activating the alarm. Visitors are buzzed in the outer door into the reception area by the receptionist. The reception area is rectangular with the receptionist desk at one end, the reception area in the center, and the straight-line access path between outer and inner doors at the other. There is room for a metal detector and a small x-ray machine, but none are currently installed. Escorts provide visitors access past the reception area using their employee proximity cards and electronic badges. Business Center users are similarly buzzed in by the receptionist but do not need special access to the general Business Center spaces. Business Center users needing access to secure Business Center spaces are provided single day proximity cards and electronic badges activated by the receptionist. Figure 27. Proximity Card Reader and Alarm Sticker Appendix C: COOP Case Study Figure 28. Electronic Badge Reader Figure 29. Motion Sensor The innermost layer of physical security involves the Computer Center and the Communications Center. Equipped with locked doors, these two rooms meet the government’s requirements for handling classified material. Only authorized employees possess the necessary proximity cards and PINs to gain access. The Information Division offices on the mezzanine are similarly controlled and the internal stairwell to the Computer Center is behind the Information Division access door. Unauthorized access to these spaces will sound sirens, flash lights, and notify the CI/BC Security Officer and DPS. The access doors are not manned or monitored with cameras. The crawl spaces created by the raised floor in the Computer Center are barricaded by a wire fence in the three locations where it can be accessed from other parts of the building. Other secure areas inside the building are equipped with keyed door locks for access, i.e. the Mechanical and Electrical Room, telecom closets, and the like. EMERGENCY RESPONSE Emergency Operations Center In the event of an emergency, CI/BC senior management uses the large conference room as an Emergency Operations Center. The room is equipped with network and telephone connections and cell phones are able to receive a signal. Figure 30. Large Conference Room/Emergency Operations Center The nearest fire station is approximately 2½ miles north of the CI/BC building. Seven other fire stations are within 5 miles of the site. Firefighters are trained as Emergency Medical Technicians (EMTs) and Hazardous Material Technicians. Many are also skilled in technical rescue (high places, confined spaces, etc.). Ambulances are also dispatched from these stations. Emergency response time for emergencies is estimated to be 8-10 minutes. Fire hydrants are available in the office park. The nearest hospital with an emergency room is 5 miles away. Other emergency response information includes: • Exit signs: Located above each exit. • Battery operated emergency lights: Strategically placed throughout the building. • Emergency exits: Normally closed and locked doors have “panic bars” for use in emergencies. • Announcing system: The telephone system has a building-wide announcing feature that can be activated by pressing one button at any phone. This provides a form of mass notification capability. • Evacuation plan and escape ladders for the mezzanine: None. • Emergency stairway: Emergency stairways from mezzanine are located on opposite ends of the non-Information Division spaces. NATURAL AND TECHNOLOGICAL HAZARDS Natural Disaster Hazards The county’s Local Emergency Planning Committee provided the following information regarding natural disasters: • The state experiences an average of 7 tornadoes/hurricanes per year. • The state experiences 80-100 days per year with one or more lightning strikes. Seismic Risk The following was obtained from the United States Geological Survey web site: The CI/BC building and the DAI Building are in the old Seismic Zone 1 which has a value of 0.075 (0.075g or 7.5%g) per the 1994 Uniform Building Code. Damage at 7.5% g acceleration is approximately: Damage negligible in buildings of good design and construction; slight to moderate in well-built ordinary structures; considerable damage in poorly built or badly designed structures; some chimneys broken. Noticed by persons driving motor cars. Updated information is that the CI/BC building is in a zone of 8%-10%g acceleration with a 2% probability of exceedance in 50 years. The 2 percent probability of exceedance in 50 years means a 2,500-year return period. Previously 10 percent probability of exceedance in 50 years (return period of 475 years) was the most common standard used in the industry for assessing seismic risk, and was also the basis for most building codes for seismic design. The 10% probability of exceedance for the CI/BC building location was 3%g acceleration, a much lower g value, but a higher probability of occurrence The return period is the period of time that the event is not expected to occur more than once. The 50-year period is the expected design life of a building. Appendix C: COOP Case Study Figure 31. Seismic 2% Probability of Exceedance in 50 Years Appendix C: COOP Case Study Figure 32. Probability of Earthquake with Magnitude Greater Than 4.75 within 100 Years and 50 Kilometers The figure above relates to the previous information in that an earthquake with a Richter magnitude greater than 4.75 has a probability of 0.03 within 100 years and 50 kilometers or 3 occurrences in 100 years. A 4.75 magnitude earthquake has an effective peak ground acceleration of approximately 1.5%g. Overall, the CI/BC building is in an area of low seismic as is the DAI Building. However, the DAI Building has about twice the probability of being hit by a 4.75 or greater magnitude earthquake than the CI/BC building. Flood Risk Flood information was obtained from the Federal Emergency Management Agency flood maps web site. Like seismic, the site of the CI/BC building is at very low risk of flooding with the closest flooding some 2 km away. Figure 33. 100 Year Flood Plain Technological Disasters Hazards CI/BC is surrounded by a number of commercial activities and key national critical infrastructure to include Hazardous Material (HazMat) facilities, HazMat being transported on the roads and rails, a nearby fuel tank farm, and an airport. HazMat Facilities There are two large manufacturing plants with large quantities of hazardous materials stored on site within 2 miles of the CI/BC building, one to the north and the other to the southwest. In addition, there are more than a dozen Tier II HazMat facilities within 3 miles of the building (in all directions). The prevailing weather pattern for the area in the summer and fall is from the south Atlantic and the Gulf of Mexico. Warm, moist air brings thunderstorms and higher humidity. In the fall, cooler air from the north and west returns. Winter weather blasts across the state from the northern or central part of the continent. With no other weather activity, the prevailing wind is normally from the south in the summer and from the north-northwest in the winter. None of the nearby facilities were contacted during this analysis. There is no information available regarding accidents or incidents involving these facilities. Highway Movement of HazMat A major interstate highway is located within ¼ mile of the CI/BC building. Approximately 5,000 trucks per day pass the CI/BC office on the nearby interstate highway. About 30 percent of these trucks (1,500 trucks/day) carry placards indicating that HazMat is aboard, but only about 5 percent (250 trucks/day) carry sufficient HazMat to warrant placarding. Approximately 50 percent of the HazMat passing the CI/BC office is Class 3 (flammable and combustible liquids). Class 2 (gases) and Class 8 (corrosives) each constitute about 15 percent. Approximately 10 percent of the trucks carry more than one class of HazMat. Figure 34. HazMat Truck on Nearby Interstate Highway The State Police Department inspects 5-10 percent of the HazMat carrying trucks on interstate highways. Approximately 476 incidents involving the transportation of HazMat occur each year in the county in which CI/BC is located. Most of these involve flammable gas and liquids. Only one HazMat incident took place on a highway within 2 miles of CI/BC in the period 1995 to 2002. Rail Movement of HazMat CSX Transportation and Norfolk-Southern Railway maintain a transportation corridor approximately ½ mile from CI/BC. There appear to be no restrictions on the material carried along these rail lines. Neither company was available for interviews. Nevertheless, rail traffic has been informally monitored in this area. It is estimated that approximately 10,000 railcars of HazMat move through this area each year. Hazardous materials range from liquid petroleum products to chlorine to anhydrous ammonia. There are no recent records of any HazMat spills or incidents involving rail transportation in the county in which CI/BC is located. Liquid Fuels A leg of the Piedmont Petroleum Pipeline (PPP) runs underneath the office park in the vicinity of the CI/BC building. Part of Piedmont’s regional network, this portion of the pipeline normally carries a variety of refined products, including commercial and military jet fuels, diesel and three grades of gasoline, home heating fuels, etc. Four buried pipes carry approximately 20 million gallons per day. There is no available information regarding any pipeline ruptures or incidents in the vicinity of CI/BC. Fuel Tank Farm Connected to the pipeline, less than 1 mile from CI/BC, is a 20-million gallon capacity fuel farm. Operated by the Shellexxico Company, this tank farm stores a variety of petroleum products, primarily gasoline. Although representatives of Shellexxico were unavailable for an interview, their operations appear to conform to industry standards. Thirteen tank trucks were observed leaving the tank farm in a 1- hour period, indicating a calculated movement rate of approximately 300 trucks per day (about 3 million gallons of fuel). Appendix C: COOP Case Study Figure 35. Shellexxico Tank Farm Based on terrain elevation data, the ground level of the tank farm is 49 feet higher than the ground level at CI/BC. Only some of the fuel tanks are bermed, but leaking fuel is not likely to reach CI/BC’s office park; the interstate highway between the two is 16 feet lower than the tank farm and the office park is about 5 feet higher than the same interstate. Figure 36. Computerized Elevation Looking Northwest Appendix C: COOP Case Study Figure 37. Computerized Elevation Looking Northeast Figure 38. Topography Map of Local Area (elevation also in meters) Air Traffic Two airports are in the vicinity of CI/BC. One is a major international airport approximately 8 miles away. The other is a small, but busy general aviation airport less than 2 miles away. The office park in which CI/BC is located is in direct line with one of the approach and departure paths of this regional airport. The website for the regional airport indicates it is capable of handling business jets, and providing jet fuel and high octane aviation gasoline and other services. The international airport is tower controlled and handles approximately 100,000 flights per year. THREAT ANALYSIS The following information was obtained from the regional office of the FBI and the State Police. Terrorist Threat Since September 11, 2001, the terrorist threat in the area has been Yellow or Orange. Yellow has been the norm, except for the anniversary of the 9/11 attacks and during the recent war in Iraq. Yellow Definition: Elevated risk of terrorist attack, but a specific region of the United States or target has not been identified. Orange Definition: Credible intelligence indicates that there is a high risk of a local terrorist attack, but a specific target has not been identified. The elevated and high threat condition is not due to any specific information or threat to the area in which the CI/BC office is located, but rather due to the proximity to the metropolitan area, nearby military installations, etc. There is no known threat to CI/BC or any of its officers or employees. There are no known threats to any of the companies within the office park. Nearby commercial entities that are likely terrorist targets include the Shellexxico tank farm, two rail lines, the busy interstate highway, and the transformer substation. Although CI/BC is probably not a primary target, there is a military installation within 10 miles, two large prime contractors and one Federal agency office in the business park. There would be potential collateral damage or targeting of CI/BC as an alternate if those organizations were targeted and attacked. Intelligence Threat The CI/BC Security Officer maintains close coordination with government security officers and law enforcement agents as part of his normal duties. All CI/BC employees hold security clearances, Secret or higher, except administrative and Business Office staff. This makes the cleared personnel potential targets for foreign intelligence services. Although there has been no known case of a CI/BC employee being approached by a foreign intelligence agent, this is certainly a possibility. The company follows counterintelligence guidance and procedures from the Defense Security Service and the Defense Intelligence Agency (DIA) regarding: • Risk management of classified programs in industry • Threat awareness • Deterrence of illegal technology transfers • Facilitating the prevention of economic espionage in defense contractor facilities Criminal Threat Gangs and Drugs There are several gangs operating in the metropolitan area and they have been responsible for a number of gang related murders. Drug activity continues to be a problem in the metropolitan area, but less so in the suburbs. There has not been any gang or drug activity near the CI/BC building. Violent Crime The 2002 Crime Index, which is composed of murder, forcible rape, robbery, aggravated assault, burglary, larceny-theft, and motor vehicle theft, was relatively unchanged from 2001 figures. In 2002, a woman waiting at a bus stop near CI/BC’s office complex was assaulted; there have been no other reported crimes in the “neighborhood.” Year 2000 Area Crime Comparison (Rates per 100,000 population) Crime County State United States Murder 1.30 5.7 5.5 Rape 10.74 22.8 32.0 Robbery 41.32 88.9 144.9 Aggravated Assault 40.02 164.3 323.6 Burglary 155.95 429.9 728.4 Larceny 1950.84 2064.8 2457.3 Vehicle Theft 197.27 251.6 414.2 Other Crimes Employee Fraud and Identity Theft have become a growing problem in the state in which CI/BC is located. County crime statistics indicate these problems are prevalent nearby, and a nearby business lost $11,000 to “trusted employees” in 2001, but there have been no indications of such problems at CI/BC. DESIGN BASIS THREAT The senior management of CI/BC reviewed the site, building, and threat information collected, and determined the Design Basis Threat to be: Explosive Blast: Car Bomb - approximately 250 lb. TNT equivalent. Truck Bomb - approximately 5,000 lb. TNT equivalent. Chemical: Large quantity gasoline spill and fire toxic plume from the adjacent tank farm, small quantity (tanker truck and rail car size) spills of HazMat materials (chlorine). Biological: Anthrax delivered by mail or in packages, smallpox distributed by spray mechanism mounted on truck or aircraft around metropolitan area. Radiological: Small “dirty” bomb detonation within the 10-mile radius of the CI/BC building. Criminal Activity/Armed Attack: High powered rifle or handgun exterior shooting (sniper attack or direct assault on key staff, damage to infrastructure [i.e., transformers, chillers, etc.]). Cyber Attack: Focus on IT and building systems infrastructure (SCADA, alarms, etc.) accessible via internet access. Computer Center and Communications Center supporting infrastructure (e.g., firewalls, routers, main distribution rooms, backup tapes storage, etc.) location, redundancy, and power supply meet National Institute of Standards and Technology (NIST) and industry standards for physical access and protection. The analysis is not to include information assurance assessment activities (e.g., password, network monitoring, host and intrusion detection, etc.). LEVEL OF PROTECTION Based on the Design Basis Threat and after reviewing the General Services Administration (GSA) and Department of Defense (DoD) standards, senior management selected the preliminary Levels of Protection most applicable to CI/BC, with the guidance that adoption of any recommendations would be to the most stringent standard and would be in compliance with life safety codes. After the vulnerability and risk assessments were complete and mitigation options developed, final selection of mitigation options would be made by senior management and determined on a benefit/cost and risk reduction basis. The Levels of Protection to be used as the basis for the vulnerability and risk assessments are: Interagency Security Committee (ISC) Level II A Level II facility has between 11 and 150 employees and from 2,500 to 80,000 square feet. 1. Perimeter Security a. Security control for parking (surface lots, adjacent structures, underground garages under the Lessor's control) is solely limited to the assignment (marked "reserved") of authorized Government parking spaces and vehicles. b. Adequate lighting, with emergency power backup, for the exterior of the building is required. Parking areas shall also be adequately lighted. c. 24-hour CCTV surveillance cameras with time-lapse video recording may be required as deemed necessary by a Security Specialist. d. Application of shatter-resistant material shall be applied on exterior windows. 2. Entry Security a. Security Guards may be required, as deemed necessary by a Security Specialist. b. Intrusion Detection System (IDS) with central monitoring capability may be required, as deemed necessary by a Security Specialist, for the building exterior. c. Peepholes in exterior doors may be required, as deemed necessary by a Security Specialist, when an IDS is not appropriate. d. An intercom system, used in conjunction with a peephole, may be required as deemed necessary by a Security Specialist. e. Entry control with CCTV and door strikes may be required to allow employees to view and communicate remotely with visitors before allowing access, as deemed necessary by a Security Specialist. f. Exterior entrances shall have high security locks. 3. Interior Security a. A visitor control/screening system is not required for this level. b. Utility areas shall be secured and only authorized personnel shall have access. c. Emergency power sources to critical systems (i.e., alarm systems, radio communications, computer facilities, CCTV monitoring, fire detection, entry control devices, etc.) are required. d. The following requirements pertain to the added protection of the building environment from airborne chemical, biological, or radiological attacks. (1) Access to mechanical areas and building roofs shall be strictly controlled. (2) Access to building information, including mechanical, electrical, vertical transport, fire and life safety, security system plans and schematics, computer automation systems, and emergency operations procedures shall be required. Such information shall be released to authorized personnel only. Names and locations of Government tenants shall not be disclosed within any publicly accessed document or record. (3) Procedures (should airborne hazards be suspected or found) are required for the notification of the lessor's building manager, building security guard desk, local emergency personnel, or other Government emergency personnel, for the possible shutdown of air handling units serving any possibly affected areas. 4. Administrative Procedures a. Building managers and owners are required to cooperate with and participate in the development and implementation of Government Occupant Emergency Plans (OEPs). b. Conduct background security checks and/or establish security control procedures for contract service personnel as deemed necessary. c. The Government reserves the right, at its own expense and manpower, to temporarily upgrade security during heightened security conditions due to emergency situations such as terrorist attacks, natural disaster and civil unrest. The measures shall be in accordance with the latest version of the Homeland Security Advisory System. 5. Blast/Setback Standards a. The following blast/setback standards shall be met: 1. For Level II, a 20 foot setback1 guideline with appropriate window glazing, as prescribed by WINGARD 3.15 or later or WINLAC 4.3 software, to achieve a glazing performance condition of 3b2 and a façade protection level of "medium"3 given a blast load standard of 4 psi/28 psi-msec is required. 1 Setback refers to the distance from the face of the building's exterior to the protected/defended perimeter (i.e., any potential point of explosion). This would mean the distance from the building to the curb or other boundary protected by bollards, planters, or other street furniture. Such potential points of explosion may be, but not limited to, such areas that could be accessible by any motorized vehicle (i.e., street, alley, sidewalk, driveway, parking lot). 2 Glazing Performance Condition 3b provides for a high protection level and a low hazard level. For a blast of 4psi/28psi-msec, the glazing cracks and fragments enter the space and land on the floor not further than 10 feet from the window. 3 A "Medium Level Protection" to the facade will result in moderate, but repairable damage. The facility or protected space will sustain a significant degree of damage, but the structure should be reusable. Some casualties may occur and assets may be damaged. Building elements other than major structural members may require replacement. DoD Standards CI/BC senior management evaluated the DoD standards and determined that they would attempt to meet the intent and objective of as many of the recommendations as possible. Of particular concern are blast, CBR, and associated operations/locations of functions and equipment such as mail rooms, dumpsters, loading docks, and emergency shut down. The DoD level of protection selected is “low,” and the building category is “Primary Gathering Building.” UFC 4-010-01 APPENDIX B DoD MINIMUM ANTITERRORISM STANDARDS FOR NEW AND EXISTING BUILDINGS Standard 1 Stand-off Distances Standard 2 Unobstructed Space Standard 3 Drive-Up/Drop-Off Areas Standard 4 Access Roads Standard 5 Parking Beneath Buildings or on Rooftops Standard 6 Progressive Collapse Avoidance Standard 7 Structural Isolation Standard 8 Building Overhangs Appendix C: COOP Case Study Standard 9 Exterior Masonry Walls Standard 10 Windows and Skylights Standard 11 Building Entrance Layout Standard 12 Exterior Doors Standard 13 Mail Rooms Standard 14 Roof Access Standard 15 Overhead Mounted Architectural Features Standard 16 Air Intakes Standard 17 Mail Room Ventilation Standard 18 Emergency Air Distribution Shutoff Standard 19 Utility Distribution and Installation Standard 20 Equipment Bracing Standard 21 Under Building Access Standard 22 Mass Notification Recommendation 1 Vehicle Access Points Recommendation 2 High-Speed Vehicle Approach Recommendation 3 Vantage Points Recommendation 4 Drive-Up/Drop-Off Recommendation 5 Building Location Recommendation 6 Railroad Location Recommendation 7 Access Control for Family Housing Recommendation 8 Stand-off for Family Housing Recommendation 9 Minimize Secondary Debris Recommendation 10 Building Separation Appendix C: COOP Case Study Recommendation 11 Structural Redundancy Recommendation 12 Internal Circulation Recommendation 13 Visitor Control Recommendation 14 Asset Location Recommendation 15 Room Layout Recommendation 16 External Hallways Recommendation 17 Windows Level of Protection Potential Structural Damage Potential Door and Glazing Hazards Potential Injury Low Moderate damage – Building damage will not be economically repairable. Progressive collapse will not occur. Space in and around damaged area will be unusable. Glazing will fracture, potentially come out of the frame, but at a reduced velocity, does not present a significant injury hazard. (Very low hazard rating) Doors may fail, but they will rebound out of their frames, presenting minimal hazards. Majority of personnel in damaged area suffer minor to moderate injuries with the potential for a few serious injuries, but fatalities are unlikely. Personnel in areas outside damaged areas will potentially experience minor to moderate injuries. Location Building Category Stand-off Distance or Separation Requirements Applicable Level of Protection Conventional Construction Stand-off Distance Minimum Stand-off Distance Applicable Explosive Weight Controlled Perimeter or Parking and Roadways without a Controlled Perimeter Primary Gathering Building Low 45 m 148 ft 25 m 82 ft Car Bomb NOTE: The DoD Applicable Level of Protection for a Primary Gathering Building is Low as shown in the above table. The CI/BC management has selected this Level of Protection for CI/BC employees even though they are not DoD personnel. CI/BC management has selected an Applicable Explosive Weight of approximately 250 pounds (TNT equivalent) as a representative car bomb based upon the threat analysis. Figure 39. DoD Stand-off Distance INDEX Bomb Blast Effects Car Bomb....................................... C-14 Truck Bomb...........................C-15, C-16 Building Data Applicable Codes ..............C-17, C-18, C-24, C-42, C-52 Fire Systems.................................... C-17 Occupancy....................................... C-17 Building Layout Square Footages.............................. C-13 Building Systems and Equipment Electrical Systems • Buses – Computer Center & Support........................C-28, C-29 • Diesel Generator..........C-28, C-29 • Electrical Loads.C-27, C-28, C-29 • Generator Fuel Supply.......... C-28 • Transformers.....C-27, C-29, C-30 • Uninterruptible Power Supply (UPS)...........................C-28, C-29 Fire Protection and Life Safety • Bottled Water........................ C-25 • Clean Agent Suppression System.................................. C-26 • Stairwells.and Exits C-17, C-24, C-25, C-39, C-40, C-41 • Emergency Lighting....C-25, C-40 • Fire Extinguishers ..........................C-24, C-26, C-29 • Fire Alarm System ..........................C-17, C-25, C-29 • Main Fire Panel...........C-24, C-26 • Manual Pull Stations............. C-24 • Mass Notification Systems ....................................C-25, C-41 • Water Sprinkler System ...........................C-17, C-24, C-26 Mechanical and Electrical Room ...........................................C-24, C-30 Mechanical Systems • Air Intake....................C-19, C-22 • Chillers....C-20, C-27, C-28, C-29 • Chilled Water Distribution (Cooling)...........C-19, C-20, C-21 • Digital Environmental Managers (DEMs).............C-18, C-20, C-29 • Filters.................................... C-19 • Fire and Smoke Dampers...... C-24 • HVAC Return.............C-19, C-20 • HVAC Supply.............C-18, C-19 • Natural Gas.......C-18, C-23, C-24 • Restrooms.........C-17, C-18, C-25 Structure and Envelope................... C-18 • Columns................................ C-18 • Walls................................. C-18 • Windows / Glazing / Fenestration.......C-14, C-15, C-18 Communications Data................................................. C-32 Satellite........................................... C-2 Telecom and Network Connections and Equipment..........................C-33, C-34 Telephones and Lines.....C-1, C-2, C-26, C-29, C-32, C-36, C-37, C-40, C-41 Computer Center Data Backup....................C-1, C-5, C-32 Hardware......................................... C-31 Information Operations.........C-31, C-32 Computer Equipment outside Computer Center....C-1, C-2, C-3, C-5, C-6 Cooperville Information / Business Center Impact of COOP operations on CI/BC........................................... C-6 Introduction to CI/BC..................... C-5 Relationship: DAI & CI/BC.......... C-1 Design Basis Threat........................... C-52 • Biological • Chemical • Criminal Activity/Armed Attack • Cyber Attack • Explosive Blast • Radiological Emergency Response Emergency Response Center.......... C-40 Evacuation Plans...................C-26, C-41 Local Capabilities..................C-12, C-40 Firewalls............................................... C-34 General Regional / Site Data Business Park and Surrounding Buildings...................................... C-9 • Mail and Package Delivery • Parking • Tenant Services COOP Alternate Facility Site.......... C-7 Of Interest to DAI........................... C-7 • Banking • Dining • Equipment Rental • Freight/Shipping Services • Gas Stations • Lodging • Nuclear Plant • Shopping • US Postal Service Geographic Relationship Primary versus Proposed Alternate Facility...................................C-3, C-4 Transportation available between facilities..................................C-3, C-4 Hazardous Materials (HazMat) Generators, Large and Small ...........................C-11, C-45, C-47, C-48 Prevailing Wind Patterns ...............................................C-11, C-46 Transported............................C-46, C-47 Hazards Air Traffic....................................... C-50 Earthquake (Seismic)..C-42, C-43, C-44 Flood............................................... C-45 HazMat....C-45, C-46, C-47, C-48, C-49 Hurricanes....................................... C-42 Lightning......................................... C-42 Tornadoes........................................ C-42 Level of Protection.............................. C-52 DoD Standards..C-55, C-56, C-57, C-58 ISC Level II...............C-53, C-54, C-55 Mail Room...................................C-9, C-18 Physical Security Alarms...................................C-29, C-37 Access Control .........C-6, C-19, C-26, C-37, C-38, C-39 Closed Circuit Television (CCTV) ...............................................C-29, C-36 Contracted Security Firm................ C-35 Defense Protective Service............. C-35 Defense Security Service......C-35, C-51 Security Lighting............................ C-36 Sensors...................................C-37, C-38 Secure Rooms / SCIFs .........................C-3, C-13, C-32, C-35, C-37 Stand-Off.....................................C-9, C-18 Threats Criminal.................................C-51, C-52 Intelligence............................C-50, C-51 Terrorist...........................................C-50 U.S. Department of Artificial Intelligence Alternate Facility Requirements..... C-3 Emergency Relocation Group......... C-2 Essential Functions......................... C-1 Introduction to DAI.........................C-1 Relationship: DAI & CI/BC.......... C-1 Support for Other Personnel........... C-2 Utilities Cell Phone.............................C-35, C-40 Data................................................. C-32 Electricity..........C-18, C-27, C-29, C-30 Fire Mains and Hydrants .....................................C-12, C-25, C-40 Natural Gas..................C-18, C-23, C-24 Telephone..............................C-26, C-37 Water............................................... C-25 Workstations.............C-3, C-5, C-31, C-35 Figures / Graphics 1. Transportation Links between DAI Building and CI/BC.................. C-4 2. Cooperville Information / Business Center (CI/BC).......................... C-5 3. CI/BC Corporate Business Park 5-Mile Radius............................C-7 4. Lodging and Dining near Cooperville Information / Business Center........................................ C-8 5. CI/BC Business Park Perimeter and Surrounding Buildings.............. C-9 6. CI/BC Office Location.............. C-10 7. HazMat Sites Near the CI/BC Building.................................... C-11 8. Emergency Response Capabilities Near the CI/BC Building.......... C-12 9. CI/BC Functions and Building Layout....................................... C-13 10. Car Bomb Blast Effects (Front Entrance Parking)......................C-14 11. Truck Bomb Blast Effects (Interstate Highway)...................................C-15 12. Truck Bomb Blast Effects (Loading Dock).........................................C-16 13. HVAC Supply........................... C-19 14. HVAC Return........................... C-20 15. Chilled Water System............... C-21 16. Air Intake.................................. C-22 17. Loading Dock Area................... C-23 18. Gas Meters Under Loading Dock Stairs......................................... C-24 19. Sprinkler Head.......................... C-26 20. One of Two Transformers On Site...................................... C-27 21. Electrical “One-Line” Diagram C-29 22. Mechanical and Electrical Room......................................... C-30 23. Computer Center....................... C-31 24. Telecom and Network Cabling...................................... C-33 25. Telecom and Network Equipment................................. C-34 26. Security Lighting...................... C-36 27. Proximity Card Reader and Alarm Sticker....................................... C37 28. Electronic Badge Reader........... C-38 29. Motion Sensor........................... C-38 30. Large Conference Room/Emergency Operations Center..................... C-40 31. Seismic 2% Probability of Exceedance in 50 Years............ C-43 32. Probability of Earthquake with Magnitude Greater Than 4.75 within 100 Years and 50 Kilometers.... C-44 33. 100 Year Flood Plain................ C-45 34. HazMat Truck on Nearby Interstate Highway.................................... C-46 35. Shellexxico Tank Farm............. C-48 36. Computerized Elevation Looking Northwest..................................C-48 37. Computerized Elevation Looking Northeast................................... C-49 38. Topography Map of Local Area (elevation also in meters).......... C-49 39. DoD Stand-off Distances.......... C-58