Unit Objectives

Identifythe threats and hazards that may impact a 
building or site.

Defineeach threat and hazard using the FEMA 426 
methodology.

Providea numerical rating for the threat or hazard and 
justify the basis for the rating.

Definethe Design Basis Threat, Levels of Protection, and 
Layers of Defense.


Assessment Flow Chart

AssetValueAssessment(Section 1.1)
VulnerabilityAssessment(Section 1.3)
Risk Assessment(Section 1.4)
IdentifyMitigation Options(Chapters 2 and 3)
Threat/HazardAssessment(Section 1.2)
Cost AnalysisDecision(Risk Management)
(Section 1.5)
Analyze how mitigationoptions affect asset criticalityand ultimately riskAnalyze how mitigationoptions change vulnerabilityand ultimately risk
Text Box: FEMA 426, Figure 1-3: The Assessment Process Model, p. 1-5 
Text Box: From Patterns of Global Terrorism 2003 Department of State April 2004Nature of the ThreatInternational Casualties by Region 1998-2003International Attacks by Region 1998-2003International Attacks by Region 1998-2003International Attacks by Region 1998-2003

Nature of the Threat

Text Box: From Patterns of Global Terrorism 2003 Department of State April 2004Facilities Struck by International Attacks 
1998-2003
Total Anti-US Attacks 2003

Nature of the Threat


Text Box: From Terrorism 2000/2001 FBI Publication #0308
CBR Terrorist Incidents Since 1970

1984 
Botulinum1972 
Typhoid00959085807570November 1995Radioactive CesiumDecember 1995RicinJune 1996 
Uranium1992 CyanideMarch 1995 RicinApril 1995 
SarinApril-June 1995Cyanide, Phosgene, 
Pepper SprayFebruary 1997 
Chlorine14 Injured,
500 EvacuatedJune 1994 
Sarin7 Dead,
200 InjuredMay 1995 
PlagueApril 1997 
U2351984 
Salmonella200 Injured1985 
CyanideMarch 1998Cesium-1372001AnthraxMarch 1995 Sarin12 Dead, 5,500 Affected

Hazard

Hazard -A source of 

potential danger or 

adverse condition. 

..Natural Hazards 
are naturally-
occurring events 
such as floods, 
earthquakes, tornadoes, 
tsunami, coastal storms, 
landslides, hurricanes, 
and wildfires. 


FEMA

FEMA

FEMA

Technological accident

Terrorism act

Manmade Threats

Threats –Any indication, circumstance, or event with the 
potential to cause loss of, or damage to an asset. They 
can be technological accidents and terrorist attacks. 



Threat Overview

Text Box: Any indication, circumstance, or event with the potential to cause loss of, or damage to an asset
Threat Overview

•Improvised Explosive Device (Bomb)
•Armed Attack
•Chemical Agent
•Biological Agent
•Radiological Agent
•Cyberterrorism




Step 1: 

Selection of 

Primary 

Threats

Text Box: Criteria
Step 1: Selection of Primary Threats

Ranking
Text Box: FEMA 452, Adaptation of Table 1-5: Nominal Example to Select Primary Threats for a Specific Urban Multi-story Building, p. 1-21
Step 2: Determine the Threat Rating

FEMA 452 Table 1-6: Threat Rating, p. 1-24Key elementsKey elements
....Likelihood of a threat Likelihood of a threat 
(credible, verified, (credible, verified, 
exists, unlikely, exists, unlikely, 
unknown)unknown)
....If the use of the If the use of the 
weapon is considered weapon is considered 
imminent, expected, or imminent, expected, or 
probableprobable

Step 2: Determine the Threat Rating(continued)
FEMA 452 Table 1-6: Threat Rating, p. 1-24Key elementsKey elements
....Likelihood of a threat Likelihood of a threat 
(credible, verified, (credible, verified, 
exists, unlikely, exists, unlikely, 
unknown)unknown)
....If the use of the If the use of the 
weapon is considered weapon is considered 
imminent, expected, or imminent, expected, or 
probableprobable

Critical Functions

Vulnerability Rating2658Threat Rating8888Asset ValueEngineeringVulnerability Rating2348Threat Rating5555Asset ValueAdministrationCBR attackVehicle 
bombArmed attack 
(single gunman)Cyber attackFunction
Text Box: FEMA 426, Adaptation of Table 1-20: Site Functional Pre-Assessment Screening Matrix, p. 1-38
Critical Infrastructure

Vulnerability Rating2343Threat Rating8888Asset ValueStructural SystemsVulnerability Rating2344Threat Rating4444Asset ValueSiteCBR attackVehicle 
bombArmed attack 
(single gunman)Cyber attackInfrastructure
Text Box: FEMA 426, Adaptation of Table 1-21: Site Infrastructure Systems Pre-Assessment Screening Matrix, p. 1-39
Threat Sources

IdentifyThreat Statements

IdentifyArea Threats

IdentifyFacility-Specific Threats 

IdentifyPotential Threat 

Element Attributes

FEMA 426, p. 1-14 to 1-15

Text Box: Seek information from local law enforcement, FBI, U.S. Department of Homeland Security, and Homeland Security Offices at the state level.
Design Basis Threat

The threat against which assets within a building must be 
protected and upon which the security engineering design 
of the building is based.



Levels of Protection

Layers of Defense Elements

..Deter
..Detect
..Deny
..Devalue


The strategy of Layers of Defense uses the elements and 
Levels of Protection to develop mitigation options to counter 
or defeat the tactics, weapons, and effects of an attack 
defined by the Design Basis Threat.

FEMA 426, p. 1-9


Levels of Protection

FEMA 426, p. 1-9

Text Box: Deter: The process of making the target inaccessible or difficult to defeat with the weapon or tactic selected. It is usually accomplished at the site perimeter using highly visible electronic security systems, fencing, barriers, lighting and se
Levels of Protection

FEMA 426, p. 1-9

Text Box: Deny: The process of minimizing or delaying the degree of site or building infrastructure damage or loss of life or protecting assets by designing or using infrastructure and equipment designed to withstand blast and chemical, biological, or rad
Levels of Protection

FEMA 426, Table 1-6: Classification Table Extracts, p. 1-26



Levels of Protection (continued)

FEMA 426, Table 1-6: Classification Table Extracts, p. 1-26



Levels of Protection

FEMA 426, Table 4-1, p. 4-9

DoD Minimum Antiterrorism (AT) Standards for New 
Buildings

FEMA 426, Table 4-1, p. 4-9

Levels of Protection (continued)
DoD 
Minimum 
Standards

Levels of Protection

Building Entrance LayoutStandard 12Windows, Skylights, and Glazed Doors 
Standard 11Exterior Masonry WallsStandard 10Building Overhangs 
Standard 9Structural Isolation 
Standard 8Progressive Collapse Avoidance 
Standard 7Parking Beneath Buildings or on RooftopsStandard 6Access Roads 
Standard 5Drive-Up/Drop-Off AreasStandard 4Unobstructed Space 
Standard 3Standard 2Minimum Stand-off Distances Standard 1UFC 4-010-01 APPENDIX BDoD MINIMUM ANTITERRORISM STANDARDS FOR NEW AND EXISTING BUILDINGSExterior Doors 

Levels of Protection

Text Box: Mass Notification 
Summary

Process 

..Identify each threat/hazard
..Define each threat/hazard
..Determine threat level for each threat/hazard


Threat Assessment Specialist Tasks

Critical Infrastructure and Critical Function Matrix

Determine the “Design Basis Threat”

Select the “Level of Protection”


Unit III Case Study Activity

Threat Ratings

Background

Hazards categories: natural and manmade

Case Study Threats: Cyber Attack, Armed Attack, Vehicle Bomb, and 
CBR Attack (latter two are main focus of course)

Result of assessment: “Threat Rating,”a subjective judgment of threat

Requirements

Refer to Case Study data

Complete worksheet tables:

..Critical Function Threat Rating
..Critical Infrastructure Threat Rating