FOREWORD AND ACKNOWLEDGEMENTS This primer is a part of the Multihazard Risk Management Series of publications that addresses terrorism risk in buildings. The objective of this primer is to introduce the building insurance, finance, and regulatory communities to the issue of terrorism risk management in buildings and the tools currently available to manage that risk. ACKNOWLEDGEMENTS Principal Authors: Frederick Krimgold, Virginia Tech David B. Hattis, Building Technology Inc. William I. Whiddon, Building Technology Inc. Contributors: Michael T. Chipley, UTD Incorporated Wesley W. Lyon, UTD Incorporated Michael J. W. Kaminskas, UTD Incorporated Mark Hester, UTD Incorporated Project Advisory Panel: Bernard M. Brown, Insurance Advisors, Inc. Mary Pat Denney, Freddie Mac Joseph Donovan, Carr America Dottie Harris, New York State Department of State Lawrence H. Mirel, DC Department of Insurance and Securities Regulation Matt S. Munter, EMG Corporation Technical Review: Deborah McKinnon, Mortgage Bankers Association Don Glitz, GMAC Commercial Mortgage FEMA Advisory Panel: Christopher Arnold, Building Systems Development Wade Belcher, General Services Administration Curt Betts, Army Corps of Engineers Jim Caulder, U.S. Air Force Ð Civil Engineer Support Agency Joseph Coughlin, FEMA Marcelle Habibion, Department of Veterans Affairs Joseph Hartman, Army Corps of Engineers Eve Hinman, Hinman Consulting Engineers Rick Jones, Naval Facilities Engineering Service Center Kurt Knight, Department of Veterans Affairs Howard Leikin, FEMA Eric Letvin, URS Corporation John Lynch, Naval Facilities Command (NAVFAC) Criteria Office Terry Pruitt, Department of Homeland Security Christopher Rojhan, Applied Technology Council Lloyd Siegel, Department of Veterans Affairs Project Officer: Milagros Kennett, FEMA, Building Sciences Technology Branch, Mitigation Division CONTENTS CHAPTER 1 Introduction .................................................................................... 1-1 Intervening in the Building Investment Process ........................... 1-2 Primer Organization ........................................................................ 1-4 Insurance ................................................................................... 1-4 Finance ................................................................................... .... 1-5 Regulation .................................................................................. 1-5 Due Diligence for Terrorism Vulnerability Assessment ......... 1-6 Guide to Expertise and Tools ................................................... 1-7 CHAPTER 2 Insurance and Terrorism Risk ........................................................... 2-1 Role of Insurance ............................................................................. 2-1 Terrorism Risk for Insurers ...................................................... 2-1 Building Insurance Industry ..................................................... 2-2 Actuaries ................................................................................... .. 2-4 Insurance Industry Infrastructure ............................................ 2-4 Insurance Product Lines ........................................................... 2-6 World Trade Center Insurance Experience ............................ 2-8 Property and Liability ............................................................... 2-8 Business Interruption ................................................................ 2-9 Workers' Compensation, Health, and Life ............................ 2-10 Insurance Losses ...................................................................... 2-11 Current Insurance Situation ......................................................... 2-11 Terrorism Risk Insurance Act of 2002 ................................... 2-12 Participation and Reimbursements ....................................... 2-13 Limitations ............................................................................... 2- 13 Insurance Risk Management Models ............................................ 2-14 Data Needs for Insurance .............................................................. 2-15 Lack of Actuarial Information ................................................ 2-16 Future Developments ..................................................................... 2-16 CHAPTER 3 Finance and Terrorism Risk .............................................................. 3-1 Terrorism Risk Threat to Lenders .................................................. 3-1 Building Finance Community .................................................. 3-1 Lenders Concerns ..................................................................... 3-2 Terrorism Impact ....................................................................... 3-2 Current Finance Situation ............................................................... 3-4 Lender Risk Management Models .................................................. 3-6 Future Developments ....................................................................... 3-7 CHAPTER 4 Building Regulation and Terrorism Risk ........................................... 4-1 Terrorism Risk for Regulators ......................................................... 4-1 Regulation of Terrorism Risk ................................................... 4-1 Balancing Stakeholder Interests .............................................. 4-1 Implications for Building Regulation Enforcement .............. 4-1 Current Building Regulation Situation .......................................... 4-3 Code Relation to Terrorist Threats .......................................... 4-3 Regulatory Activities Related to Terrorism Risk ..................... 4-4 Building Regulation Management Models .................................... 4-5 Future Developments ....................................................................... 4-6 CHAPTER 5 Due Diligence: Estimating Vulnerability ............................................ 5-1 Fundamental Changes ..................................................................... 5-1 Due Diligence Assessment of Vulnerability to Terrorist Attack .... 5-1 Mitigation of Vulnerability .............................................................. 5-2 Process Model for Terrorism Risk Reduction Used in Federal Facilities ............................................................................... 5-2 Protection Priority ............................................................................ 5-3 Threat Assessment ............................................................................ 5-4 Defining Threats ....................................................................... 5-5 Identifying Likely Threat Event Profiles and Tactics .............. 5-6 Assigning a Threat Rating .................................................... 5-10 Alternative: Assigning a Level of Protection Against Threat ...... 5-11 Vulnerability Assessment ............................................................... 5-12 Initial Vulnerability Estimate ......................................................... 5-13 Visual Inspection ..................................................................... 5-13 Design Documents Review ..................................................... 5-14 Organization and Management Procedures Review ............ 5-14 Assessment of Vulnerability to Expected Methods and Means of Attack ................................................................ 5-14 Vulnerability Estimate Screening .................................................. 5-15 ÔSiteÕ Questions ........................................................................ 5-16 ÔArchitecturalÕ Questions ........................................................ 5-17 ÔStructural and Building Envelope SystemsÕ Questions ....... 5-18 ÔUtility SystemsÕ Questions ..................................................... 5-19 ÔMechanical SystemsÕ Questions ............................................ 5-20 ÔPlumbing and Gas SystemsÕ Questions ................................. 5-21 ÔElectrical SystemsÕ Questions ................................................ 5-22 ÔFire Alarm SystemsÕ Questions .............................................. 5-23 ÔCommunications and Information Technology SystemsÕ Questions ................................................................................. 5-24 Additional Sources of Detailed Facility Information .................. 5-25 Vulnerability Reduction Cost Information and Estimates .......... 5-25 CHAPTER 6 Guide to Expertise and Tools ............................................................ 6-1 Terrorism Risk Insurance Act of 2002 ..................................... 6-1 Building Vulnerability Assessment Screening ......................... 6-1 General Glossary ....................................................................... 6-2 Chemical, Biological, and Radiological Glossary ................... 6-2 Acronyms ................................................................................... 6-2 Associations and Organizations ............................................... 6-2 Bibliography .............................................................................. 6-3 APPENDIX A Terrorism Risk Insurance Act of 2002 ............................................... A-1 APPENDIX B Building Vulnerability Assessment Screening .................................... B-1 APPENDIX C General Glossary .............................................................................. C-1 APPENDIX D Chemical, Biological, and Radiological Glossary .............................. D-1 APPENDIX E Acronyms ........................................................................................... E-1 APPENDIX F Associations and Organizations ......................................................... F-1 APPENDIX G Bibliography ..................................................................................... G-1 INTRODUCTION This primer, FEMA 429, Insurance, Finance, and Regulation Primer for Terrorism Risk Management in Buildings, is a part of the Multihazard Risk Management Series of publications that addresses terrorism risk in buildings. The objective of this primer is to introduce the building insurance, finance, and regulatory communities to the issue of terrorism risk management in buildings and the tools currently available to manage that risk. Insurance, finance and regulation are considered the 'change levers' of the built environment. They are the principal mechanisms for the evaluation and management of risk exposure in buildings. These change levers play a critical role in introducing and maintaining standards for risk management and public safety. CHANGE LEVERS FOR TERRORISM RISK REDUCTION Risk management in the built environment is a complex issue that involves a range of decision-makers in all phases and at all levels in the building development, design, construction, and management process. The traditional market mechanisms for estimating, pricing, and distributing risk are the insurance and finance industries. The established mechanism for defining society's acceptable risk levels in the physical environment is the public regulation of development, including zoning and building regulation. Risks related to hazards such as fire, earthquake, flood, asbestos, and lead paint have been dealt with through these mechanisms. These risks have been identified and assessed, and applicable actuarial data has been collected. Physical measures for risk reduction have been developed and defined. Residual risks have been quantified and mechanisms for risk transfer are in place. The process of understanding and managing of terrorism risk is at its very beginning. All of the mechanisms of the traditional building risk management process must be engaged to address the issue of terrorism risk. They must understand the threat, develop the measures for risk reduction, and motivate the implementation of appropriate risk reduction measures. The building design and management communities must develop the physical and operational solutions. But it is the change levers of finance, insurance, and regulation that can motivate and reward the implementation of those solutions. INTERVENING IN THE BUILDING INVESTMENT PROCESS It is necessary that guidance on the design, construction, and rehabilitation of buildings to reduce terrorism risk be made available to architects, engineers, and constructors. The other publications of the FEMA Multihazard Risk Management Series provide this guidance. However, architects, engineers, and constructors implement the programs and directives of their clientsÑ building developers and ownersÑwho must be aware of the opportunity and the benefits of in- vesting in terrorism risk reduction measures before they decide to make such investments. What motivates building owners to make invest ment decisions about their buildings? Most owners view their buildings as revenue generators, not as instruments of social policy. Owners invest in buildings in order to realize an economic return. How can owners be persuaded that investments to reduce their vulnerability to terrorist attack will make business sense? Figure 1-1 is a schematic representation of the building process as it addresses the issue of terrorism risk reduction. Buildings are the final product of this process. Designers and builders are key actors in the implementation of physical mitigation of risk, but Figure 1-1: Terrorism Risk Reduction Decision-Making building owners and change levers are the key decision-makers regarding management of risk in buildings. In order to introduce physical or operational change in buildings (to reduce terrorism risk), it is necessary to intervene at several points. Builders who actually construct the buildings must be guided by the plans and specifications developed by the design professionals (architects and engineers). The design professionals are, in turn, guided by the programs and demands of their clients, the owners. Building owners have functional, financial, and esthetic objectives that may or may not specifically include risk management. It is the change levers that are most sensitive to risk management needs and are in a position to effectively leverage owner interests that are communicated to designers and builders. It is of key importance that owners demand appropriate mitigation measures in design, that designers have the specific technical guidance to provide required mitigation measures, and that builders have the technical capability to implement appropriate designs. However, highest in this causative chain of decision-making are the change levers that influence the entire process that ultimately determines the end product. If investments cannot result directly in added profit in the form of increased rents or reduced operating costs, they will not be made, unless owners are induced or forced to make them by the change levers. The change levers must create an environment that demands and rewards investment in safety. Regulators force such changes through laws that mandate terrorist resistant building design and construction. Lenders induce such changes by requiring them as conditions of the loan to acquire or construct the building, or by adjusting interest rates or other terms of the loan. Insurers can motivate such changes by relating premiums to risk and rewarding effective mitigation In order to introduce these changes, it is necessary for the change levers to understand the character of terrorism risk, understand available risk reduction measures, and be able to evaluate related costs and benefits. This primer provides this information. PRIMER ORGANIZATION Insurance Chapter 2 of this primer provides information on terrorism risk management for the insurance industry. The insurance industry consists of three primary segments, each of which has a unique role in the assessment of terrorism risk, and therefore can benefit from familiarity with the information in this primer: . _ Direct insurers . _ Reinsurers . _ Agents/brokers The industry is supported by a complex infrastructure, each component of which will be able to use this information: . _ Overseers/regulators . _ Technical support . _ Think tanks (risk modelers) . _ Lobbying groups . _ Independent advisors and consultants The industry also segments itself by product lines. Some of these lines have a direct relationship to building safety features, and others may have an indirect relationship: . _ Property, liability, and business interruption . _ Workers' compensation . _ Health (and health maintenance organizations) . _ Life Buyers of insurance are represented by various associations such as the Risk and Insurance Management Society (RIMS), and the Apartment and Office Building Association (AOBA). Finance Chapter 3 of this primer provides information that will be of use to both commercial and multifamily lenders, including: . _ Loan originators . _ Loan servicers . _ Secondary markets . _ Bond markets Regulation Chapter 4 provides information on terrorism risk management for the building regulatory community. There are four categories of building regulation that have the potential to address terrorism risk reduction, and each has its own array of audiences: . _ Zoning and planning regulations . _ Property maintenance codes . _ Building rehabilitation codes _ Construction codes (building, mechanical, plumbing, electrical) All four categories of building regulation include extensive reference to voluntary standards that are developed by a wide array of organizations. These regulations are enforced by a variety of local and/or state agencies, each represented by trade associations, including: . _ Building officials and building departments . _ Fire marshals and fire prevention bureaus . _ Health departments . _ Planning and community development de- partments and agencies Due Diligence for Terrorism Vulnerability Assessment Chapter 5 provides information on due diligence for terrorism vulnerability assessment for individual buildings and facilities. Methods for threat assessment and vulnerability assessment are described and a framework for a qualitative terrorism risk 'vulnerability estimate' is presented. Guide to Expertise and Tools Chapter 6 provides reference to resources, including: . _ The Terrorism Risk Insurance Act of 2002 . _ Building Vulnerability Assessment Screening . _ A general glossary . _ A chemical, biological, and radiological glossary . _ A list of acronyms . _ A list of associations and organizations related to terrorism risk management . _ A bibliography INSURANCE AND TERRORISM RISK ROLE OF INSURANCE Insurance plays a critical role in society in the management of risk. Insurance provides a mechanism for spreading risk, which allows individuals to accept risks that would otherwise be unacceptable. Insurance also provides the service of pricing risk. On the basis of actuarial data and analysis insurers attempt to quantify risks and to set rates for the fi- nancing of risks. Property insurance has worked very well for a range of familiar hazards such as fire and windstorm. Not only has insurance served to transfer risks, it has also provided the database for identifying and reducing risks. Loss data has contributed to general understanding of perils and has led to the development of effective mitigation measures. Recognition of the effectiveness of those mitigation or risk reduction measures has been reflected in differential premiums that provide a direct incentive for mitigation investment. Risk based access to insurance and risk based pricing of insurance make it a very effective change lever strongly influencing building design and management practices. Terrorism Risk for Insurers Terrorism risk is new to the United States. The threat is not well defined. There is very limited experience or actuarial data. There is even less experience of the effectiveness of protective measures in buildings. The insurance industry is now struggling to digest this new threat. Traditional means of analysis are so far ineffective in providing the basis for pricing the risk. Lacking greater experience it is difficult to gauge the accuracy of terrorism risk perception on the part of key participants in the real estate industry. Potential buyers of terrorism risk coverage must have a reasonable basis for estimating their insurance needs. At the same time, those selling insurance must have a defensible basis for pricing terrorism risk coverage. In the absence of data or other means of determining premiums, and in light of the catastrophic loss potential of the risk, insurers left the market. In response to this crisis in the insurance market the federal government has taken extraordinary measures to provide temporary support for the insurance market. These measures are discussed later in this chapter. Insurance pricing and availability are also driven by market capacity and competition. Even without actuarially based rates the pricing mechanism of the market will come into play. Demand for terrorism risk insurance is driven in part by building owners' perception of their risk and in part by the risk perception of their lenders. Both owners and lenders rely on the insurance industry to price such risks. Evaluation of terrorism vulnerability in planned and existing commercial buildings can provide valuable input to the rating of relative risk for specific buildings. Criteria for the evaluation of relative terrorism risk in buildings can eventually contribute an important component of the ratemaking equation. Recognition by the insurance industry of effective risk reduction measures should provide guidance and incentive for investment in terrorism risk reduction. Some aspects of terrorism risk may be approached through community rating systems, such as that used in the National Flood Insurance Program, which reflect the target priority and the state of security organization of a community. Because of the relation- ship of terrorism risk to national security policy it may prove reasonable that the federal government role be extended. Building Insurance Industry The insurance industry consists of three primary segments, each of which has a unique role in the assessment of terrorism risk, and therefore can benefit from familiarity with the information in this primer: . _ Direct insurers . _ Reinsurers . _ Agents/brokers Direct insurers are the front line of the insurance industry. The direct insurer writes the policy, collects the premium and pays the claim to the insured. Direct insurers are now required by state insurance regulators to offer terrorism risk insurance. It is the responsibility of the direct insurer to set premium rates based on an analysis of exposure and risk. This rate structure must be reviewed and ultimately approved by the various state insurance commissioners in most state jurisdictions. Ideally, direct insurers need basic information on the frequency and severity of terrorist events and on the vulnerability of particular properties to terrorist attack in order to set specific premiums. They must also know the effectiveness of specific miti- gation measures in order to modify premium rates appropriately. Reinsurers provide insurance for direct insurers. That is, direct insurers are able to purchase reinsurance to cover some part of their exposure. Reinsurers are not regulated by state insurance commissioners and are not required to provide reinsurance for terrorism risk. Following the World Trade Center (WTC) attack most major reinsurers excluded terrorism risk from new treaties with direct insurers. This created a temporary crisis in insurance markets in that direct insurers were required to provide terrorism risk insurance but they were no longer able to transfer part of that risk to reinsurers. Ideally, reinsurers need information on the frequency and severity of expected terrorist attacks on a global scale. They also need to be able to evaluate the effectiveness of the property risk assessment methodologies of their clients, the direct insurers. Insurance agents and brokers are the key connection between insurance buyers and sellers. Agents typically represent the seller and brokers typically represent the buyers. Agents and brokers communicate directly with the policyholder or the building owner. It is necessary for agents and brokers to understand the specific exposure and insurance needs of the client as well and the policy conditions and exclusions of the insurer. In the case of terrorism risk this will require understanding of the physical and operational aspects of buildings that indicate vulnerability to terrorist attack. Actuaries Actuaries are the foundation of the insurance business, and they provide services for each of the primary segments of the industry. The actuary assesses the available loss data to quantify the risk as the basis for pricing risk and setting premiums. Actuarial data and analysis is the basis for the pricing of risk and evaluating the solvency of insurance companies. The key problem in the assessment of terrorism risk is the lack of actuarial data. There are very few examples of terrorist attack losses in the United States. It is very difficult to generalize or project expected losses on the basis of this documented experience. Terrorism is not a well-defined or stable phenomenon. Without actuarial data it is difficult to price the risk and it is difficult to defend proposed rates. Insurance Industry Infrastructure The industry is supported by a complex infrastructure, each component of which will be able to use this information: . _ Overseers/regulators (historically, insurance is regulated at state level by insurance commissioners) . _ Technical support: Insurance Services Office (ISO), National Workers Compensation Commission, Association for Cooperative Operations Research and Development (ACORD), and others . _ Think tanks (risk modelers) and risk control consultants: EQECAT, Risk Management Solutions (RMS), Applied Insurance Research (AIR), and others . _ Lobbying groups: American Insurance Association (AIA), National Association of Insurance Brokers (NAIB), Reinsurance Association of America (RAA), Risk and Insurance Management Society (RIMS), and others State insurance commissioners have a primary responsibility to ensure the solvency of insurance companies and their ability to pay claims when required. This means they have a strong interest in the quality of actuarial data and analysis used in rate setting and they review both the forms and the pricing. They are also concerned with ensuring access to insurance at reasonable rates. For this reason insurance regulators need to know how to evaluate rates proposed by insurers for terrorism risk cover. They also need to know the value of risk reduction measures (risk modifi- cation factors) that might be considered to qualify for premium reductions. Insurance regulation is concerned with the viability of insurance companies as a consumer protection issue. Regulators want to ensure that premiums are sufficient to pay insurance losses and that insurers remain in business. Insurers are required to project future risk and to show a plausible investment strategy. For the most part, insurance regulators do not set rates-compa-nies propose and regulators evaluate justification of rates. Insurance rating agencies are exempt from anti-trust so that data can be shared. The rating agencies analyze all available data. They are mathematicians and statisticians, not modelers. Technical support organizations help to translate research into new tools for the insurance industry. This includes the development of standard procedures and forms and guidance on rate making. Technical support organizations have a very important role in providing analysis and technical support for many direct insurers. Such technical service organizations provide a valuable channel for the processing of information and the development of insurance services. They can provide a valuable link in the development of insurance products and practice to deal with terrorism risk. Worthy of particular note are the services provided by the Insurance Services Office (ISO). Every year, ISO gathers information from insurance companies on hundreds of millions of policies including the premiums the companies collect and the losses they pay. ISO submits summaries of that information to insurance regulators, as required by law, to help the regulators evaluate the price of insurance in each state. ISO also uses the information in its database to prepare products and services that help insurers compete in the marketplace. They provide a wealth of related products and services, including standardized policy language, rating and underwriting rules, and site surveys of individual properties. Think tanks are risk management organizations staffed by scientists and engineers as well as insurance specialists who carry out and apply research on perils and vulnerability of insured properties. Over the past twenty years much progress has been made in developing refined understanding of complex perils including natural and environmental hazards. Loss estimation models have been developed that help the insurance industry deal with low frequency, high consequence events, like earthquakes. These re-search-based think tanks are currently working on the modeling of terrorism risk to provide loss estimates for rate setting and mitigation actions. Lobbying organizations that represent the insurance industry in public policy circles, and are also acutely interested in understanding the character of terrorism risk. As a highly regulated industry, insurance is very much subject to legislative and regulatory decisions. The Terrorism Risk Insurance Act of 2002 (discussed later in this chapter) is an example of a significant federal response to a crisis affecting the insurance industry. Future exposure to and management of terrorism risk is a major issue of public/private policy discussion. Insurance Product Lines The insurance industry segments itself by product lines, some of which have a direct relationship to building safety features, and others of which may have an indirect relationship: . _ Property, liability, and business interruption . _ Workers' compensation . _ Health (and health maintenance organizations) . _ Life Table 2-1: Relationship of Terrorist Threats to Particular Lines of Insurance Property/ Business Workers' Threat/Hazard Liability Interruption Compensation Health Life Armed attack _ _ Arson/incendiary _ Biological agent _ _ Chemical agent _ _ Conventional bomb _ Cyber-terrorism HAZMAT release _ _ _ Nuclear device _ Radiological agent _ Surveillance Unauthorized entry LEGEND: = Probable relationship _ = Potential relationship Various terrorist threats may cause losses that are covered by different insurance product lines. Some terrorist threats may cause losses that are not covered by any insurance. Table 2-1 suggests the relevance of recognized terrorist threats to the various lines of insurance. It is important to note that aside from bomb blast and arson most of the threats do not necessarily imply physical damage to buildings. World Trade Center Insurance Experience The strongest image of terrorist attack is the collapsing towers of the World Trade Center. Clearly, terrorism risk is a major concern for property and liability insurers. However, significant claims have resulted for many other lines of insurance as a result of terrorist attacks. September 11, 2001 is the costliest day in insurance history. Total losses are estimated to be three times the largest previous insurance loss in Hurricane Andrew ($18 billion in 1992). Insurance losses resulting from the World Trade Center attack fall into various categories: . _ Property losses to the WTC and surrounding buildings, in- curred by building owners. . _ Business income and rent loss due to the inability to use the destroyed facilities, incurred by building owners and tenants. . _ Workers compensation, life and health insurance losses re- sulting from the death and injury of victims, incurred by tenants. . _ Liability losses for claims due to inadequate fire prevention and evacuation procedures, incurred by building owners. . _ Financial losses associated with the mortgage notes of various lenders and investors in mortgage-backed securities. Terrorism risk insurance before the WTC attacks was included in "all-risk" policies at no added cost. Most policies include a standard "war exclusion" clause. Such exclusion clauses often refer to "declared" war by a "nation" or "sovereign state" but not to "ter- rorist action" or "terrorism." Reference to the attacks as an "act of war" was inadvertently threatening to commercial property owners and lenders as it may have activated the war exclusion and released insurers from damage claims. Property and Liability In the case of property and liability insurance coverage for the buildings damaged in the attack, the principal claimant is the building owner. The extent of the claim is dependent on several factors including the future rebuilding plans and the characterization of the incident. First, if the buildings are not rebuilt or repaired the insurer applies actual cash value rather than replacement cost. Actual cash value is defined as replacement cost minus physical depreciation. For older buildings like the WTC towers the loss recovery would be considerably less if they were not rebuilt. Most property policies are written on an "occurrence" basis. That is, the full limit applies for each occurrence with no maximum aggregate. In the case of the WTC there were two airplanes that struck two buildings at different times, but they were all part of one terrorist attack. The difference between one event and two is about $3.5 billion for the owner and the insurer. The specific definition of the terrorist event is of critical importance in terms of what is covered and what is excluded. Because terrorism risk is a new concern in the United States many of these definitions remain to be established and interpreted by the courts. Business Interruption Aside from physical damage or fire insurance there are other insurance questions that are closely associated with building performance and are of direct interest to building owners and tenants. Business interruption insurance, which covers lost business income and rental income, presents special problems for insurers, owners and lenders in the case of terrorist attack. Loss of income policies (generally included within a standard fire policy) are written by insurers either for a specified time period or on the basis of "actual loss sustained," which requires insurers and owners or tenants to agree on actual losses. The scale of destruction at the WTC was probably considerably greater than anything anticipated by insurers or insured. It is very unlikely that reconstruction will be completed within the coverage period of most business interruption policies. Problems also arise in the case of adjacent buildings. Usually, business loss is insurable if the building is first damaged by an in-surable peril. Without such damage there is no coverage. In the case of the WTC many adjacent, undamaged buildings were evacuated by order of civil authorities. Evacuation in response to civil authority can be an excluded peril or covered for a limited time period. Denial of access without physical building damage, as in the case of bio-terrorist attack or radiological attack, is currently excluded from insurance coverage. Workers' Compensation, Health, and Life Workers' compensation insurance as well as group and private life and health insurance cover injured and deceased workers. Building owners and tenants must provide statutorily required workers' compensation cover for employees. Lenders must, in accordance with standard loan documents, verify that building owners and management companies carry workers' compensation insurance. Most lenders and owners set up a single-purpose entity that holds the asset when a loan is made on a particular property. These entities typically do not have employees per se. Employees are usually legally employed in the owner's management company. Failure to carry sufficient workers' compensation coverage could affect all operations of the owner including the single purpose borrowing entity. Death and injury due to building failure resulting from terrorist attack can be a major financial concern for building owners, lenders and insurers, aside from the human cost. Life insurance claims have been a significant source of insurance loss due to terrorist attack. Group benefits are typically a multiple of salary and most people carry individual insurance as well. These losses are directly associated with building failure in either structural or mechanical systems. Large group insurers are now careful to avoid concentration of exposure by restricting coverage at any one site or building. Insurance Losses Liability Losses. Based on past litigation it is likely that building owners can be held liable for contributing to the loss of life by failure to provide appropriate protective measures or direction in the case of evacuation. Facilities management is on the front line in managing terrorism risk and response in commercial buildings. Standards of acceptable practice are not yet available. Financial Losses. Mortgage holders and investors are the subject of losses in the case of defaults caused by business failure resulting from terrorist attack. The WTC complex was controlled under a 99-year leasehold. A CMBS (commercial mortgage backed security) securitization was completed for part of the leasehold consideration paid to the owners of the WTC. Default insurance was not in place for the securitization. This means that investors in those securities could only indirectly depend on the traditional property and liability insurance to be collected by the leaseholder. Mortgage holders and investors in mortgage backed securities must be concerned with the vulnerability of the underlying asset. This vulnerability now includes terrorism risk. Terrorism risk evaluation and management is of particular importance for so- called Ôtrophy buildingsÕ or buildings in close proximity to likely terrorist targets. CURRENT INSURANCE SITUATION Following the WTC attack the major burden of the property and liability loss was passed on to the major international reinsurers. In response to this unprecedented loss the major reinsurers excluded terrorism risk from their renewal treaties. This action in turn led direct insurers to file for exclusions for terrorism risk. The unavailability of terrorism risk insurance at feasible prices led to an insurance ÔcrisisÕ that particularly affected large-scale real estate and lending investment in what were perceived to be target cities. Terrorism Risk Insurance Act of 2002 On November 26, 2002 the president signed into law a federal program that requires property and liability insurers in the United States to offer coverage for incidents of international terrorism, and reinsures a large percentage of that insured risk. PUBLIC LAW 107-297, the Terrorism Risk Insurance Act of 2002 (TRIA), produced some immediate effects on commercial insurance coverage and will continue as a significant feature of the domestic insurance market through 2005. See Appendix A for the full text of TRIA. The Act addresses only a defined category of terrorism losses. An act of terrorism must be certified as such by the Secretary of the Treasury and must have the following characteristics: . _ It must be a violent act or an act that is dangerous to human life, property, or infrastructure. . _ It must have resulted in damage within the United States, or on the premises of any U.S. Mission abroad. . _ It must have been committed by someone acting on behalf of a "foreign person or foreign interest, as part of an effort to coerce the civilian population of the United States or to influence the policy or affect the conduct of the U.S. Government by coercion." . _ It must produce property and casualty insurance losses in excess of $5 million. It is also important to note that chemical, biological, and radiological perils are excluded from terrorism risk cover. Acts that might otherwise meet these criteria but that occur in the course of a declared war cannot be certified as acts of terrorism under the Act, except with respect to workers' compensation claims. Participation and Reimbursements Participation in the program is mandatory for all insurers covering commercial lines property and casualty insurance, including excess insurance, workers' compensation and surety. Under TRIA, the federal government reimburses insurers for losses caused by terrorism, paying 90% of covered terrorism losses exceeding a deductible paid by the insurance companies. The deductible is prescribed by statute and phases in over several years based on an insurance company's earned premiums in the prior calendar year. The Act establishes a cap on annual liability of $100 billion for both the government and insurance industry. Coverage of claims is triggered when the Secretary of the Treasury, in concurrence with the Secretary of State and the Attorney General, certifies an event to be an "act of terrorism." A key element of terrorism is the involvement of a foreign interest, thus excluding acts of domestic terrorism, such as the Oklahoma City bombing. Also excluded from the definition of terrorism are acts committed in the course of war and losses under $5 million. Under TRIA, insurers are required to provide "clear and conspicuous" disclosure to policyholders of the premium charged for terrorism insurance. Existing terrorism exclusions are voided to the extent they would deny coverage for acts of terrorism as defined by the Act, unless the policyholder affirmatively declines terrorism coverage within 30 days of receiving the insurer's notice, or the policyholder fails to pay any additional premium required by the insurer. Limitations TRIA is an interim solution to the management of terrorism risk. The act establishes a temporary federal program that provides for a transparent system of shared public and private compensation for insured losses resulting from acts of terrorism in order to: 1. 1. Protect consumers by addressing market disruptions and ensure the continued widespread availability of property and casualty insurance for terrorism risk; and 2. 2. Allow for a transitional period for the private markets to stabilize, resume pricing of such insurance, and build capacity to absorb any future losses, while preserving state insurance regulation consumer protections. This law gives emphasis to the impact of terrorism risk on insurance and finance as well as on commercial building owners, and suggests the critical role that insurance, finance, and regulation will play in the adjustment to terrorism risk in the U.S. The law assumes that the private insurance market for terrorism risk coverage will stabilize over the next three years and that property and casualty insurers will develop reliable models for pricing such insurance. While there have been signs of market pricing mechanisms developing, it is not clear that a period of three years will provide adequate time to resolve the issues associated with such a complex phenomenon. So far, the anecdotal evidence is that many property owners are not buying terrorism insurance post-TRIA. INSURANCE RISK MANAGEMENT MODELS The major loss modeling organizations have been quick to develop probabilistic terrorism insurance models. These models have typically begun with the general format of the loss estimation models developed for natural hazards such as earthquakes and hurricanes. The most significant challenge in terrorism modeling is the characterization of the hazard. Unlike the case of earthquakes or hurricanes, we do not have clear definitions of the phenomenon and we do not have hundreds of years of fre-quency/severity data. Currently available terrorism insurance models cover the major recognized risk sources, including bomb blast, aircraft impact, and chemical, biological, nuclear, and radiological threats. Most models set priorities for targets in all major cities and states and then simulate attacks with various types of weapons. The models include modeling of impact on adjacent buildings based on comprehensive national building inventories. These models are intended to enable insurers and reinsurers to price and manage accumulated exposures to terrorism losses from multiple perils. The models claim to provide industry or portfolio-specific loss probability distributions, expected annual loss and scenario losses for workers' compensation and property exposures. The models are very good at estimating loss from defined scenario events such as a given size blast at a given location. The critical weakness of all models to date has been the credibility of the hazard characterization. Typically the modelers have assembled teams of experts with backgrounds in national defense and domestic security. The ability to properly portray all of the potential terrorist events and their impact is central to the efficacy of a terrorism model. So far, this ability has not been convincing for the insurance industry or the real estate industry. DATA NEEDS FOR INSURANCE TRIA requires insurers to include terrorism risk cover, and then disclose the cost of the added coverage as a percentage of the total premium. So far the reported costs for terrorism risk as a percentage of the total premium range from 0% to 80% with many averaging 9% to 11%. Most insurers charge 0% to 10% in order to avoid returning premiums to insureds at a later date when better information is available (and terrorism risk may be discounted). Some insurers are reportedly setting the level high, 20% to 50%, depending on how much terrorism risk coverage they want to write and the characteristics of the property (e.g., location, prominence, significance). Lack of Actuarial Information Actuaries are the key for insurance rate setting. Actuarial prediction of future losses is highly specialized and very influential. In the absence of data temporary solutions like TRIA will be necessary. Without actuarial data it is not possible to set actuarially sound rates for insurance cover. It is equally not possible for insurance regulators to evaluate rates proposed by insurers. However, for terrorism risk to be an insurable risk there must be data. Models may be helpful in the interim but real data will take time to collect and will unfortunately result from more terrorist attacks. FUTURE DEVELOPMENTS Actions such as improved building standards and operational mitigation could result in reduced terrorism risk exposure for the public, building owners, and the insurance industry. Tools for the evaluation of building vulnerability to known terrorist threats, such as those discussed in Chapter 5, will allow for the determination of relative risk between buildings and for development of a risk hierarchy based on the physical and operational characteristics of individual properties. Development of standards of practice will also provide a useful baseline for determination of liability related to terrorist attack. FINANCE AND TERRORISM RISK TERRORISM RISK THREAT TO LENDERS The building finance community distinguishes between two major areas of lending activity: single-family residential and commercial/multifam-ily. The residential sector is less affected by terrorism risk considerations. However, since the WTC attack federal officials have issued specific warnings for elevated terrorism risk in shopping malls, banks, and multifamily housing. Building Finance Community While many owners are unwilling to make the extra expenditure now required for terrorism risk insurance, lenders prefer to require adequate cover for all relevant perils. To date, apartment lenders have taken the most relaxed view because it is most difficult for apartment owners to pass through the added insurance costs to tenants. Exposed owners might perceive risk, but most owners do not voluntarily want to pay for the insurance. Commercial building owners and lenders take a stricter view. They issue temporary waivers, but require insurance when loan balances are over a certain threshold (e.g., $10 million) and for trophy properties or properties that are identified as having higher risk due to location, building tenant, or historic/national recognition. Each sector consists of its own array of financial interests: . _ Loan originators . _ Loan servicers . _ Secondary markets . _ Bond markets The commercial/multifamily sector includes: loan originators, loan servicers, life insurance companies, pension funds, the multifamily secondary market (Fannie Mae and Freddie Mac), Wall Street, and financial institutions as direct lenders. Lenders Concerns Building lenders and loan servicers are concerned about the adequacy of property insurance to cover potential loss of the asset and the potential default of the borrower. Lenders are also concerned with other types of insuranceÑworkersÕ compensation, liability, and business interruptionÑas they relate to the solvency of the borrower. Both assets and borrower solvency are threatened by terrorism risk. The terrorist acts of September 11, 2001 resulted in pervasive uncertainty in the insurance markets regarding insurance associated with future terrorist attacks. The commercial/multi- family real estate industry is very concerned about the availability of terrorism risk coverage as it relates to the asset value and financial health of borrowers. The Terrorism Risk Insurance Act of 2002 ensures the current availability of basic terrorism insurance, but significant questions remain as to the comprehensiveness of the coverage and whether a viable terrorism insurance market will develop in the future. Terrorism Impact The potential impact of terrorism risk for the real estate finance industry lies in six key areas: Loss of asset (collateral). The traditional approach to asset risk on the part of lenders is to require the borrower to purchase adequate insurance cover for all relevant perils. The terrorism risk exclusions following the WTC attack presented a major problem for lenders. Their profit is based on extending more loans but without insurance cover new loans also expand their credit risk. Default of borrower. The primary concern of the lender is the ability of the borrower to meet the conditions of the loan. Protection of the underlying asset is of key importance to maintaining the business operation of the borrower in addition to providing collateral for the loan. Terrorism risk includes modes of attack that will directly damage the building such as bomb blast and arson as well as those that may not physically damage the building such as biological, chemical, or radiological attack. Such Ônon-buildingÕ threats can destroy the borrowers ability to pay and can deny access to the asset for extended periods of time. Even without physical damage, asset value can be destroyed. Rating of securities. In the case of mortgage backed securities for both residential and commercial real estate the value of the security is influenced by the evaluation of rating agencies. These ratings take into account a range of risks, which will necessarily include terrorism risk. The exposure of the underlying assets to terrorist attack and the extent of related insurance coverage will influence securities ratings. Perception of portfolio risk affects rating of securities: securities based on a single asset in a "high risk" location will receive a lower rating. Securities based on multiple or dispersed assets are generally less negatively affected by terrorism risk. Aside from New York City and Washington DC, the cities of greatest concern for terrorism are Los Angeles, Se- attle, Chicago, Houston, and Atlanta. Retained risk. In the aftermath of the WTC attack and the terrorism risk exclusions, many lenders chose to temporarily waive insurance requirements. This action was deemed necessary to continue real estate financing and to foster new construction in the economy. However, waiving the terrorism insurance requirement left the lenders exposed to an as yet undefined risk. Lenders have traditionally relied on the insurance industry to price and provide coverage for such risks. In this case the lack of consensus on terrorism risk pricing and the withdrawal of the reinsurance industry have left lenders in an awkward position. Even with TRIA, lenders remain concerned with risks related to domestic terrorism, attacks involving chemical, biological, or radiological materials and the designation of terrorism events by the Secretary of the Treasury. Cost of capital. One approach to dealing with increased risk has been to "cover" the risk with increased interest rates. This increase in the cost of capital is not desirable because it impacts the volume of lending and who receives a loan if terrorism is not covered or the cost is prohibitive. Regulation. Financial institutions and lending institutions are subject to regulation regarding standards for lending and management of risk, including terrorism risk. Banks and financial institutions must meet the regulatory standards of the Comptrol- ler of the Currency and the Securities and Exchange Commission. CURRENT FINANCE SITUATION Following the WTC attack and the withdrawal of the insurance industry from provision of terrorism risk cover, real estate finance institutions faced a serious dilemma. In the absence of available or reasonably priced reinsurance, investments and lending in major projects (those over $30 Ð $50 million) were delayed in what were believed to be the primary target cities of New York and Washington. Difficulty in acquiring insurance for recognized trophy buildings also impacted refinancing in some cases. The key concern for lenders is borrower insurance coverage, so they also have a keen interest in the TRIA. The continued health of the real estate sector of the economy requires adequate and affordable property and liability insurance coverage against ter- rorism risk. The enactment of TRIA is an important milestone for the real estate finance industry because it ensures the availability of basic insurance coverage. However, the real estate finance industry has several serious concerns with the federal program created under the statute: . _ Acts of domestic terrorism are not covered. . _ It is not clear whether or how carriers will cover terrorist acts with aggregate losses below $5 million that are not reinsured under TRIA. . _ Carriers are not required to notify lenders if a borrower rejects coverage under TRIA, either by affirmative statement or by failing to pay any premium for such coverage imposed by the carrier. _ Carriers are not required to offer terrorism coverage for nuclear, chemical or biological attacks if they do not typically offer property and liability insurance for nuclear, chemical and biological perils. Following TRIA, lenders have many borrowers out of compliance with loan insurance requirements. Lender and servicer procedures vary. Some large servicers have instituted a requirement for mandatory terrorism risk coverage. Following TRIA there have been limited reports of substantial premium increases, particularly in Manhattan and Washington DC. For the most part post-TRIA rate increases for required terrorism risk coverage have been in the 0% Ð 10% range, but some have been much higher. The terrorist threat is a dynamic phenomenon. Government and commercial response to the threat is also dynamic in ways independent of the underlying phenomenon. For these reasons change is inevitable. More experience is needed to understand the nature of the threat and more time is needed to understand the implications of market and policy responses to the threat. Key real estate finance industry associations suggest that several factors must be monitored over time: . _ The Department of the Treasury rule-making process for TRIA relating to the acceptance and rejection of terrorism risk insurance by owners, and the availability of insurance for acts of terrorism not covered by TRIA. . _ The declining financial strength ratings for some insurers that have produced difficulties for borrowers in obtaining coverage that complies with underlying loan documents. . _ The development of a useable insurance certificate that provides an accurate and comprehensive summary for lenders and servicers of the coverage afforded by the underlying insurance policy. What happens after TRIA? It is important to see if the insurance market for terrorism risk cover does in fact stabilize over the three year period stipulated in the Act. If the market does not find an acceptable means to price terrorism risk there may need to be a longer term federal role in this area. LENDER RISK MANAGEMENT MODELS As mentioned above the traditional practice of lenders has been to rely on required insurance purchase by borrowers of adequate cover for relevant perils. The breakdowns in terrorism insurance availability and risk pricing by insurers have necessitated the temporary intervention of the federal government pending the stabilization of the insurance market. Lenders are dependent on the insurance industry to transfer terrorism risk. In lieu of an insurance solution the real estate finance industry will have to consider alternative approaches to terrorism risk management. These may include addressing questions of risk identification and risk reduction directly. Tools for the assessment of terrorism vulnerability of specific buildings may be developed and introduced into the standard process of due diligence and property condition assessment, as discussed further in Chapter 5. Each sector of the real estate finance industry (originators, servicers, secondary markets, and bond markets) may assess its exposure to terrorism risk in a particular way. Useful analogies may be found in considering how these sectors address other building risks, such as natural disasters and environmental hazards. Each sector of the real estate finance industry should also consider terrorism risk in relation to the risks traditionally covered by the various lines of insurance. As standards for building siting, construction, and property management are developed to address terrorism risk reduction, it will become possible for both insurers and lenders to rate buildings in terms or their exposure to terrorism. FUTURE DEVELOPMENTS The real estate finance industry needs tools for the evaluation of building vulnerability and for the evaluation of physical and operational measures for risk reduction. These include: . _ Rapid screening methods for the evaluation of portfolios of properties . _ Detailed guidelines for due diligence on individual buildings . _ Legally accepted standards for risk reduction measures and management practices related to terrorism risk BUILDING REGULATION AND TERRORISM RISK TERRORISM RISK FOR REGULATORS Following the attack of September 11, 2001 the definition of building hazards in the United States has changed to include intentional attack. Protection of civilian population from acts of terrorism has become a major national priority. Though historically focused on fire safety, the building regulatory system does address natural disaster mitigation (floods, earthquakes, windstorms, snow storms), some man- made risks (e.g., HAZMAT storage), and specific societal goals (energy conservation, accessibility). The regulation of all these areas is supported by well-established and accepted reference standards, regulations, inspection and assessment techniques, plan review methods, and quality control. Regulation of Terrorism Risk For a similar regulation of building-related terrorism risks, it will have to be shown that the development and implementation of such tools will be cost-effective. Some jurisdictions require rigorous cost/benefit analyses to support regulatory change. These determinations will require an understanding by the regulatory authorities of the potential occurrences and damages related to terrorism risk. Balancing Stakeholder Interests The codes and standards development process, involves thorough review and balloting by all interested stakeholder groups. This consensus process provides for the balance of diverse commercial and social priorities. It has the advantage that once a regulation or standard is promulgated it is likely to be widely accepted and used. It is thus an effective change lever. However, the consensus process is time consuming. Implications for Building Regulation Enforcement Zoning and planning regulation define land use, building density, transportation systems, and utility systems. They are usually adopted by local governments, but state planners may provide guidance. For existing vulnerable properties, these regulations can address specific access- control measures. This will require a prioritization of hazards and buildings. For future developments, these regulations can, at the extreme, result in commercial development resembling military installations. How should such a decision be made when zoning and planning at the local level is the most political of the building regulatory processes? Property maintenance codes govern the use and maintenance of existing buildings. Housing codes and fire codes are two examples. They are developed by model code and consensus standards organizations and adopted as regulations by local gov- ernment agencies. These can be effective at addressing all building vulnerabilities. They will require extensive inspections, and enforcement will be burdensome unless targeted to highly prioritized vulnerabilities, and accompanied by financial incen- tives. Building rehabilitation codes address health, safety, and welfare in existing buildings that are undergoing voluntary improvements. These are a relatively new development. They have been enacted by some state or local government agencies. These can be effective at addressing vulnerabilities in existing buildings in which rehabilitation investments are otherwise being made. They should be carefully calibrated, since these codes all have the objective of "encouraging the reuse of existing buildings" rather than risk reduction. Construction codes (building, mechanical, plumbing, electrical) address health, safety, and welfare in new buildings. They are developed by model code organizations (ICC, NFPA) and adopted as regulations by state or local government agencies. Rarely does the federal government regulate construction requirements. Two recent examples of federal regulation are the Americans with Disabilities Act (ADA) enforced by the Dept. of Justice and the Fair Housing Act enforced by the Dept. of Housing and Urban Development. Construction codes can be effective at addressing the problem of vulnerability at its margin, that is, new buildings to be built. Unlike the preceding three categories of regulation, these may be the easiest to accomplish ("words on paper are cheap compared to bricks and mortar in place"). However, many jurisdictions may require cost/benefit analysis to justify even these regulations. CURRENT BUILDING REGULATION SITUATION Current codes are effective at mitigating the effects of fire and, as discussed above, natural disasters. They also regulate aspects of indoor air quality and the installation of mechanical, plumbing, electrical, and communication systems. Code Relation to Terrorist Threats Bomb blast is not addressed in the codes, but some of the earthquake and windstorm provisions in the building codes may have a beneficial effect on mitigation of this hazard. Code-regulated earthquake design requires the building's structural system to have toughness, ductility, and redundancy, all of which may also contribute to the mitigation of blast effects. Code-regulated hurricane design requires the fenestration to resist the effects of impact of windborne debris, which may also mitigate the hazards of glass in explosions. Progressive collapse, which is one of the effects of blast (but not the only one), is discussed in The American Society of Civil Engineers standard, ASCE 7 (the structural loads standard referenced in building codes). Some qualitative guidance is provided, but no design criteria are specified. ASCE 7 and the American Concrete Institute standard, ACI 318 (the reinforced concrete design standard reference in building codes) have references to structural integrity but not as a set of criteria for resisting progressive collapse. Chemical, biological, and radiological agents are not addressed in the codes, but certain details of the design of building heating, ventillating, and air conditioning (HVAC) systems, as regulated by mechanical codes, may mitigate the effects of these agents. Armed attack may be addressed to a limited extent insofar as the codes regulate the design and construction of correctional facilities, but the phenomena of incarceration and of terrorist attack are quite different in many respects. Regulatory Activities Related to Terrorism Risk The Federal Emergency Management Agency (FEMA) has published The World Trade Center Building Performance Study "to examine the damage caused by these events, collect dataÉ and identify studies that should be performed." The New York City Department of Buildings, soon after the WTC attack, initiated an effort to analyze the code as it relates to terrorist threat. In February 2003, the task force issued a report of findings and 21 specific recommendations for code, code administration, and code enforcement changes. The American National Standards Institute (ANSI) established a Homeland Security Standards Panel (HSSP) in February 2003, in response to The National Strategy for Homeland Security. The proposed mission of the HSSP is to catalog, promote, accelerate and coordinate the timely development of consensus standards within the national and international voluntary standards system intended to meet identified Homeland Security needs, and communicate the existence of such standards appropriately to governmental units and the private sector. The National Fire Protection Association (NFPA), a standards organization active in the field of fire safety, established a committee on Premises Security before 9/11. It plans to produce two standards by 2005: NFPA 730, Guide to Premises Security; and NFPA 731, Security System Installation Standard. The American Society for Testing and Materials (ASTM), a standards organization active in the field of materials, specifications, and test methods, many of which are referenced in building codes, is considering the creation of a Homeland Security Committee, or Subcommittee. The American Society of Heating, Refrigerating and Air-condi-tioning Engineers (ASHRAE), a standards organization active in the field of mechanical systems and indoor air quality in buildings, may initiate activities addressing chemical and biological agents in buildings. The American Society of Mechanical Engineers (ASME), a standards organization active in the field of boilers & pressure vessels, elevators, and other building equipment, has developed a program of seminars for engineers entitled "Strategic Responses to Terrorism," which cover a range of topics including biological and chemical terrorist attacks. The National Institute of Standards and Technology (NIST) is conducting an extensive review and analysis of the WTC collapse. It is anticipated that it will lead to code changes related to structural safety and fire safety in high-rise buildings. The General Services Administration (GSA) published PBS-PQ100.1, Facilities Standards for the Public Buildings Service, June 14,1996. Chapter 8, Security Design, contains building design criteria for blast resistance, progressive collapse, and chemical, biological and radiological attack. These criteria cover the design and construction of all GSA buildings, and will be applied to all government-leased buildings as well. The Department of Defense (DoD), has a similar standard to GSA's entitled Unified Facilities Criteria, DoD Minimum Antiterrorism Standards for Buildings, UFC 4-010-01, 31 July, 2002. BUILDING REGULATION MANAGEMENT MODELS The four categories of building regulations, zoning, property maintenance, building rehabilitation, and building construction, have the potential, between them, to address all the physical aspects of terrorism risk, including common terrorist tactics and delivery systems as well as terrorist attack devices. Development of a specific typology that allocates specific risks to the specific regulation requires additional analysis. Table 4-1 is a matrix that can be used to begin this analysis. In order to implement changes in the building regulatory system to address terrorism risk, it is important to recognize that there are four ways that regulatory change can take place: . _ Federal preemption . _ State mandate or preemption . _ Local prerogative . _ Model code and voluntary standards Initiation of changes in each of the four categories of building regulations must be carefully analyzed for political acceptability and the availability of resources. FUTURE DEVELOPMENTS Development of codes and standards to deal with terrorism risk in both new and existing buildings will require broad acceptance of the character of the risk and the effectiveness of the mitigation measures as well as some form of societal cost/benefit assessment. Table 4-1: Building Regulation Applicability to Terrorist Tactics and Threats/Hazards s c it caT nommoC gninoZ y t reporP ecnane tni aM baheR no it cur t snoC YREVILED KCATTA snopae w c it s i ll aB y r tne t rev oC l i aM e l c ihev gni voM snopaew f f o -dnatS e lc ihev yrano i tatS se il ppuS SCINAHCEM KCATTA enrobr iA s t ce f f e t salB enr obre taW SDRAZAH/STAERH T kcat ta demrA _ yrai dnecni /no s rA tnega l ac i g o l o iB tnega l a c imehC bmob l ano i tnevn oC ms iror re t -rebyC _ _ esae l er TAMZ AH _ ec i ved rae lcuN _ tnega l ac i g o l o idaR _ _ _ ecnal li evruS y r tne dez irohtuan U LEGEND: = Applicability to designated type of regulation. _ = Possible applicability. DUE DILIGENCE: ESTIMATING VULNERABILITY FUNDAMENTAL CHANGES Vulnerability assessment methodologies developed by DoD and other federal agencies are currently the best available resources for terrorism risk assessment. In order for these resources to be feasible and relevant in commercial buildings, they must be significantly simplified and civilianized. Bringing government experience and expertise regarding terrorism risk and building security to the commercial sector will involve two fundamental changes in the way buildings are designed, managed, and operated, and in the way that due diligence is used to evaluate existing buildings for acquisition or refinancing. First, businesses will need to carefully evaluate functional aspects of their operations in order to prioritize security requirements. Second, tradeoffs will be required in the level of security provided to ensure continued viability of business operations. Reducing vulnerability to terrorist threat will involve both physical measures to modify a facility and operational changes. Mitigation will consist mainly of measures to thwart tactics that terrorists might use in attacking organizations and facilities. DUE DILIGENCE ASSESSMENT OF VULNERABILITY TO TERRORIST ATTACK Due diligence procedures are employed to assess valuations for property acquisition or financing and to identify risks related to the deal. Such procedures may also be used as part of insurance underwriting. Due diligence often includes both detailed property inspection and rigorous audits of available financial and construction documentation. At the same time, due diligence is a highly specialized field requiring both expertise and extensive prior experience to render sound judgments and recommendations to decision makers. A Property Condition Assessment (PCA) is used (at levels of detail and rigor appropriate to the investment being considered) as part of due diligence to help make prudent investment decisions. The assessment consists of analysis and assessment of physical conditions of a property by an on-site inspection and review of available construction and operations documentation. Investigators use professional judgment to identify items needing further expert investigation and those that can be readily evaluated by inspection. Vulnerability to terrorist attack should become a distinct element of due diligence condition assessments in the future. Professionals conducting property condition assessments of vulnerability to terrorist attack must have competency in building systems, operations, and security disciplines. For terrorism risk and security concerns, a due diligence assessment should also include a property condition assessment investigation of operational procedures and the vulnerability of those procedures to terrorist attack. MITIGATION OF VULNERABILITY Strategies for reducing exposure to terrorism risk may be in the form of operational actions or construction projects (either new or existing building renovation). They could include reorganization of land uses, reorientation of roadways, security improvements to site entries, and improvements to the facility, including the existing structure and surrounding site area. For some strategies, the process may include the identification of multiple scenarios, or alternatives, for achieving the desired goal. PROCESS MODEL FOR TERRORISM RISK REDUCTION USED IN FEDERAL FACILITIES United States military services and government agencies have long been involved in assessing vulnerabilities and protecting facilities, especially for off-shore installations. Terrorism and terrorist attack have been a part of the assessment of threat and vulnerability of government facilities for several decades. While each government agency has used its own procedures, the general approach has been elaborated and presented in FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings. Figure 5-1: The Terrorism Risk Reduction Process Model The terrorism risk reduction process starts with establishment of protection priorities and proceeds to assessment of threats, both providing information to a vulnerability assessment. The vulnerability assessment in turn leads to identification of mitigation options and risk management decisions based on a comparative evaluation of risk, liabilities, and mitigation costs and benefits. PROTECTION PRIORITY The first step of the process to assess risk to terrorist attack is to identify the relative importance of the people, business activities, goods, and facilities involved in order to prioritize security actions. This applies to both new and existing facilities. Three actions are recommended in accordance with FEMA 426: _ Define and understand the core functions and processes of the business or institutional entity. ._ Identify critical business infrastructure: . _ Critical components (people, functions, and facilities) . _ Critical information systems and data . _ Life safety systems and safe haven areas . _ Security systems ._ Assign a relative protection priority, as simple as high, medium, or low, to the occupants, business functions, or physical components of the facility (note that FEMA 426 describes a 9-step scale of values for describing asset values; the 3-step variation presented here is a simplified process): . _ High Priority. Loss or damage of the facility would have grave consequences, such as loss of life, severe injuries, loss of primary services, or major loss of core processes and functions for an extended period of time. . _ Medium Priority. Loss or damage of the facility would have moderate to serious consequences, such as injuries, or impairment of core functions and processes. . _ Low Priority. Loss or damage of the facility would have minor consequences or impact, such as a slight impact on core functions and processes for a short period of time. THREAT ASSESSMENT Military experience indicates that the terrorist threat is from people with the intent to do harm, who are known to exist, have the capability for hostile action, and have expressed the intent to take hostile action. Threat assessment is a continual process of compiling and examining information concerning potential threats. Information should be gathered from all reliable sources. The assessment process consists of: _ Defining threats _ Identifying likely threat event profiles and tactics Defining Threats Defining threats involves analysis of information regarding terrorist existence, capability, history, intention, and targeting: . _ Existence is the assessment of who is hostile to the organization, or community of concern. . _ Capability is the assessment of what weapons have been used in carrying out past attacks. . _ History is the assessment of what the potential terrorist has done in the past and how many times. . _ Intention is the assessment of what the potential terrorist hopes to achieve. . _ Targeting is the assessment of the likelihood a terrorist (the specific one may not be known) is performing surveillance on the particular facility, nearby facilities, or facilities that have much in common with the particular organization. The Homeland Security Advisory System is a color-coded hierarchy of threat conditions. The threat level for a specific business facility could be similarly developed in coordination with local law enforcement, intelligence, and civil authorities. Table 5-1: Homeland Security Advisory System Related to Threat Analysis Factors sn o i t i dn o C ta e rhT s rot caF s is y lanAta e rh T ecn e t s i x E y t i l ibapaC y r o t s iH no itn e tn I gni t egraT e r ev e S )deR( hgiH )egnarO( _ d e tave l E )wolleY( _ d ed rauG )eulB( _ wo L )neerG( _ LEGEND: = Factor must be present. _ = Factor may or may not be present. Adapted from the Commonwealth of Kentucky Office of Homeland Security. Identifying Likely Threat Event Profiles and Tactics Identifying the likelihood of specific threats and tactics involves evaluation of attack intentions, hazard event profiles, and the expected effects of an attack on the facility and organization. Table 5-2, based on FEMA 426, presents general event profiles for a range of possible forms of terrorism attack. The profiles describe the mode, duration, and extent of the effects of an attack, as well as mitigating and exacerbating conditions that may exist. These and more specific descriptions can be used to identify threats of concern to individual organizations. (Potential threats are listed in alphabetical order in the table.) Table 5-2: Event Profiles For Terrorism and Technological Hazards ta erh T/d raza H edo M n oitacilppA n o itaru D d raza H ;stceff E f o tnetx E cima ny D/citat S dna gnitag itiM s n oit idn oC gnitabr ecax E m sirorr et irgA tr ev oc ylla r eneg ,tc eriD d o of f o n oita nimatnoc . s htn om ot sya D f o epyt yb s e iraV .tn edic nd o o F i nac ytiruc es etauq edan I f o noita r etluda etatilicaf n oitcudo rtniro seilppu s e sae s id r o/dna st sep f o d na sporc ot stn ega . kc ots evil stn ev e n oitan imat n oc ot detimileb ya m , setis noitubirt s id ete rc s id d na sts ep sa er e h w da e rp s yam s e sae s id on y ll.ya r en eG lediw tliub n o stceff e fo n oitcudo rtnid na d oof stn ega e sa esid dna st s ep . kcots evild na sporc ot .tn e mnorivn e kcattA d emrA r o tluas sa lacitcaT ot setunim ylla rene G eht n opu de sab ,s e iraV nac ytiruc es etauq edan I )smra llams (scit s illaB - et om e r m o rf gnipin s . syad ' srotart ep r ep dna tn etni ot s secca y sa e wolla s n opa ew ff o -dnat S - . n oitac ol .s e itilibapac t n emla ecn oc y sa e ,t egrat d ellep o rp t ekc o r ( dna ,sn opae w fo )s rat r o m ,s eda n erg f o n oitaitinidetc et edn u .kcatta na taerhT/drazaH edoM noita cilppA noitaruD draza H ;stceff E fo tnetxE ciman y D /c itatS dna gnitagitiM snoitidnoC gnitabrecaxE kca ttA yraidnecn I /nosr A ro erif fo n o itaitinI raen ro no nois o lpxe tcatn o c tcerid aiv tegrat aiv yletomer ro .elitcejorp o t setunim y llareneG .sru oh siegamad f o tne txE dna epy t yb denimreted ecived fo ytitnauq slaireta m dna tnarelecca / raen ro ta tneserp yll.tegrat areneg stceff E naht reht o citats ,secneuqesnoc gnidacsac larut cur ts latnemercni .cte ,eruliaf edulcnisrotcaf noitagitiM n oitceted erif ni-tliub smetsys n o it cetorp dna evitsiser-erif dna . seuqinhcet noitcurt snoc nac ytiruces etauqedan I ot ssecca y sae wolla tnemlaecnoc ysae ,tegrat ecived yraidnecnina fo noita itinidet cetednu dna .er-no N if a fo dna erif ht iw e cnailp moc sa llew sa sedoc gnidliub niatniam ot eruliaf noitcetorp erif gnitsixe yllaitnatsbus nac smetsys ssenevitceffe eht esaercni .nopaew erif a fo s tnegA lacigoloiB dilos ro diuqiL yam stnega lacigoloiB tnega eht no gnidnepeD ev oba esaeler f o edu titlA xarhtn A - eb nac s tnanimatn o c rof staerht elbaiv e sop eht dna desu tce ffa nac dnu org msilutoB - gnisu desrepsid ,sraey ot sru oh hcih w htiw ssenevitceffe sithgilnus ;noisrepsid sisollecurB - losorea/sreyarps tnega eht no gnidneped ,deyolped siti ynam ot evitcurtsed eugalP- tniop yb ro sro tareneg nisnoitidn oc eht dna eb nac noitanima tn oc ;se suriv dna airetcab xopllamS - sa hcus secruos enilro .s tsixe tih cihw dna dniw aiv daerps sdniw etared o m ot thgil aimeraluT - trevoc ,snoitinum .reta w eb nac noitcefn I tub stnega e srepsidlliw cigahrro meh lariV- gnivom dna ,st isoped r o namuh aiv daerps kaerb nac sdniw rehgih srevef . sreyarps .srotcev lam ina eht ;sdu o lclosorea pu snixoT - lacigoloroetem-orcim ,munilu toB( dna sgnidliub fo stceffe lacc o colyhpatS ,niciR ecneulfni nac niarret 2-T ,B nixotore tnE levart dna noitazilosorea )snixotocyM .stnega fo taerhT/drazaH edoM noitacilppA noitaruD dra zaH ;stce ffE f o tnetx E cimanyD /citat S dna gnitagitiM snoitidnoC gnitabrecaxE s tneg A lacimehC retsi lB -doo lB -yran om lup /gnul/gnikohC - gnitaticapa cnI -e vreN -sag raet /lortnoc toiR - gnitimoV - l osorea/diuqiL eb nac stnan imatnoc sreyarps gnisu desrepsid losorea rehto ro sdiuq il ;srotareneg /se lddup mor f gni ziropav .snoit inum ro ;sreniatnoc yam stnega slacimehC r of staerht elbaiv esop ,s keew o t sruoh tnega eh t no gnidneped ni snoitidnoc eht dna .s ts ixe ti h cihw eb nac noitanimatnoC laitini eh t f o tu o de irrac ,snosrep yb aera tegrat dna ,retaw ,selcihev .dni w eb yam slacimehC e siwrehto ro evisorroc fi emit rev o gn iga mad .detaidemer ton nac erutarepmet ri A fo noi taropave tceffa .slo sorea dnu orG stceffa erutarepmet .sdiuqil f o noitaropave egralne nac ytidimuH ,selcitrap losorea noitalahni gnicuder .drazah nac noitatipicerP esrepsid dna etulid daerps nac tub ,stnega .noi tanimatnoc nac dniW os la tub , sropav esrepsid eb o t era tegrat esuac .cimanyd -orcim ehT fo stceffe la cig oloroetem na c niarret dna sgnidliub n oitarud dna levart re tla .stnega fo n i gnidle ih S ni gniretlehs fo mr of eht elpoep tce torp nac ecalp mor f y treporp dna .st ceffe lufmrah bmoB lanoitnevnoC e lcihev yrano ita t S -elcihev gnivoM - liaM -ylppu S - nworhT -decalP - lennosreP - evisolpxe fo noitanote D ;tegrat raen ro no ecived ro ,elcihev ,nosrep ai v .elitcejorp lano itidda ;suoenatnatsnI yam secived yradn oces eht gninehtgnel ,desu eb eht fo noitarud emit k catta eht litnu drazah eb ot denimreted si etis .rael c si egamad fo tne txE dna epyt yb deni mreted .eviso lpxe fo yti tnauq cita ts yllareneg stceffE gnidacsac naht reht o , secneuqesnoc larutcurts latnemercn i .c te ,eruliaf sesaerced ygrenE a sa yllacimht iragol morf ecnatsid fo noitcnuf . tsalb fo taes ,niarreT , serutcurts ,noitatserof edi vorp nac ,.cte gnibrosba yb gnidleihs ygrene gni tce lfed r o/dna .sirbed dna gnitabrecax E esae edulcn i snoi tidnoc kcal ;tegra t ot s secca fo ;gnidleihs/sre irrab fo dna ;noitcurtsnoc r oop fo tnemlaecnoc fo e sae .eci ved msirorretrebyC gnisu kcatta cin ortcelE .syad ot setuniM tcerid on yllarene G na c y tiruces etauqedan I metsys retup mo c eno .rehtona tsn iaga tliub no s tceffe .tnemnorivne laci tirc ot ssecca eta tilicaf ,s metsys retupmoc eb o t meht gniwolla .s kcatta tcudnoc o t desu taerhT/draza H edoM noitacilpp A noitaru D drazaH ;stceffE fo tnetxE cimanyD /citatS dna gnitagitiM snoitidnoC gnitabrecaxE lairetaM suodra zaH r o ytilicaf de xif( esae leR )noitatropsnart - lairtsudn I cixoT dna slacimehC cinagrO( slairetaM ;enaxeholcyc :sropav ,snegonayc :sesag dicA negord yh ,enirolhc :sesag e saB ;edif lus laicep S ;ain omma ,enegsohp :sesac )ed yhedla mrof ro /dna ,d iuqil,diloS stnanimatnoc suoesag morf desaeler eb yam elibom ro de xif .sreniatnoc .syad o t sruoH eb yam s lacimehC esiwrehto ro evis orroc .emit revo gnigamad erif ro /dna noiso lpx E .tneuqesbus eb yam eb yam noitanimatnoC eht fo tuo deirrac ,sn osrep yb aera tnedicni dna ,retaw ,selcihev .dniw lacimehc htiw s A rehtaew ,snopaew yltceridlliw sn oitidnoc dra zah eht woh t ceffa .spoleved -orcim ehT f o s tceffe lac igoloroetem nac niarret dna sgnid liub noitarud dna levart retla nign idlei.stnega fo hS nigniretlehs fo mrof eht elpoep tcet orp nac ecalp morf ytreporp dna . stceffe -noN luf mrah dna erif h tiw ecnailpmoc sa llew sa sedoc gnidliub niatniam ot eruliaf noitce torp erif gnits ixe tnemniatn oc dna yllaitnatsbus nac serutaef egamad eht esaer cni suodrazah a m orf .e saeler slairetam eciveD raelcuN raelcun fo noitanote D ta ,dnuorgrednu ecived ro ria eht ni,ecafrus eh t .edutitla hgih ta dna hsa lf taeh/thgiL rof tsale vaw kcohs /tsalb raelcun ;sdnoces tuo llaf dna noitaidar r of tsisrep na c sdrazah .sraey eslup c itengamortcelE edutitla-hgih a morf rof stsalnoitanoted ylno stceffa dna sdn oces cinort cele detcetorpnu .smetsys dna taeh ,thgil la itinI a f o st ceffe tsalb ria ro dnuorg ,eca frusbus era dna citats era tsrub eht yb denimreted scitsiret carahc s 'ecived tu ollaf ;tnemyolpme dna evitcaoidar fo eb yam s tnanimatnoc no gnidneped ,cimanyd lacigoloroetem .snoitidnoc fo stceffe luf mraH decuder eb na c n oitaidar emit eht gniziminim yb , taeh ,thgi.erusopxe fo L ygrene tsalb dna yllacimhtirag olesaerced ecnatsid fo noit cnu f a sa .tsalb f o taes m orf ,noitatserof ,niarreT nac ,.cte ,serutcurts yb gnidleihs edivorp ro/dna gnibrosba dna n oitaidar gnit celfed .stnanimatnoc evitcaoidar stneg A lacigoloidaR ahplA-a teB -a m maG - s tnanimatnoc evitcaoidaR gnisu desrepsid eb nac losorea/ sre yarps tniop yb ro ,srotareneg sa hcus secruos enilr o trevoc ,snoitinum gnivo m dna ,stis oped .sre yarps ya m stnanima tnoC r of suodrazah niamer ,sraey ot sdn oces lairetam no gnidneped .de su eb lliw stceffe la itinI fo etis o t de zilacol no gnidneped ;kcatta lacigoloroetem tneuqe sbus ,snoitidnoc evitcaoidar fo r oivaheb eb yam s tnanimatnoc .cimanyd ,erusopxe fo no itaru D f o ecruos morf ecnatsid eht dna ,n oitaidar gnidleihs f o tnuo ma dna ecruo s neewteb enimreted tegrat .noita idar ot erusopxe taerhT/draza H edoM noitacilpp A noitaru D drazaH ;stceffE fo tnetxE cimanyD /citatS dna gnitagitiM snoitidnoC gnitabrecaxE ecnallievruS -cit suoc A cinor tcelE- fo noitcelloc ffo - dnatS gnisu noitamrofnilausiv hgih ro saremac .shtnom yllausU eh t yllausu si sihT na fo ssoleht o t edulerp tsi.tessa rorret A ,ngised gnid liuB senil gnikcolb ylla icepse gn iru sne dna thgis fo gn ippordsevae lausiV - citsu oca ,scitpo derewop gnisu noitamrofni senohporcim lanoitcerid dna ,sresaldna sdneps mae t ecnallievrus rof gnikool emit hcum scitcat dna se itilibarenluv .lufsseccus eb lliw taht dna sllaw roiretxe eht wolla ton od s wodniw ro noissimsnart dnuos nac ,noitcelloc cit su oca n oitamrofnicinort cele llec ,sretupmoc morf dleh-dnah dna ,senohp noitcelloc decal.soPidar ec ived a gnittup yb f o tni"gub" op eht ta doirep emit eht s isihT tseb eh t sedivorp taht sa taerht fo tnemsses sa fo gnitegrat setacidni ti .ytilica f eht .drazah siht etag itim .esu yrtnE de z irohtuanU decroF - rewop ro dnah fo esU ro ,snopaew ,s loo t ,sruoh ot setuniM eht nopu gnidneped ro lae ts ot silaog fI ro stessa lacisyhp yortsed lacisyhp dradna t S ngised gn idliub ytiruce s trevoC - a etaerc ot sevisolp xe r o gninepo de zis - nam ylbmessa na etarep o ,)rood dekcol a sa hcus( slaitnederc eslaf esu r o .gnidliub a retne o t .tnetni ,n oitamrofniesimorpmoc era st ceffe laitinieht yam egamad tub ,kciuq tnetni.gn fI itsalgnoleb snoitarepo tpursid o t si eht ,segat soh eka t ro a rof tsa lyam stceffe fiyllaicepse ,emit gnol .srucco htaed ro yrujni muminim eh t eb dluoh s .serusaem noitag roF itim ,stessa lacitirc erom ekil,serusae m lanoitidda n oisivelet tiucric des olc taht w olf ciffart ro tsap srotisiv slennahc ni sdia ,lortnoc ssecca .dra zah siht fo no itceted Assigning a Threat Rating The ultimate product of a threat assessment is the assignment of a threat rating to each hazard of concern to a particular organiza- tion. The threat rating, like protection priority, is based on expert judgment and may be as simple as high, medium, or low. . _ High Threat. Known terrorists or hazards, capable of causing loss of or damage to a facility exist. One or more vulnerabilities are present and the terrorists are known or reasonably suspected of having intent to attack the facility. . _ Medium Threat. Known terrorists or hazards that may be capable of causing loss of or damage to a facility exist. One or more vulnerabilities may be present. However, the terrorists are not believed to have intent to attack the facility. _ Low Threat. Few or no terrorists or hazards exist. Their capability of causing damage to a particular facility is doubtful. An organization may reasonably be concerned only with high threat ratings in the near term, but may want to consider ad- dressing medium threats over time. Alternative: Assigning a Level of Protection Against Threat In the absence of experience, assessing terrorist threat is the most difficult aspect of planning to resist terrorist attack. An effective alternative approach may be to select a level of desired protection for a business operation based on management deci-sion- making, and then proceed to a vulnerability assessment. The Department of Defense correlates levels of protection with potential damage and expected injuries. The GSA and Interagency Security Committee (ISC) also use the level of protection concept, though the definitions differ slightly. The following levels are based on DoD definitions: . _ High Protection. Facility superficially damaged; no perma- nent deformation of primary and secondary structural members or non-structural elements. Only superficial inju- ries are likely. . _ Medium Protection. Damaged, but repairable. Minor deformations of non-structural elements and secondary structural members and no permanent deformation in primary structural members. Some minor injuries, but fatalities are unlikely. . _ Very Low Protection. Heavily damaged, onset of structural collapse. Major deformation of primary and secondary structural members, but progressive collapse is unlikely. Collapse of non-structural elements. Majority of personnel suffer serious injuries. There are likely to be a limited number (10 percent to 25 percent) of fatalities. Note that the Ôvery lowÕ level is not the same as doing nothing. No action could result in catastrophic building failure and high loss of life. VULNERABILITY ASSESSMENT A terrorism vulnerability assessment evaluates any weaknesses that can be exploited by a terrorist. It evaluates the vulnerability of facilities across a broad range of identified threats/hazards and provides a basis for determining physical and operational mitigation measures for their protection. It applies both to new building programming and design and to existing building management and renovation over the service life of a structure. The useful product of a vulnerability assessment is the assignment of a vulnerability rating of all appropriate aspects of building operations and systems to the defined threats for the particular facility. As with protection priority and threat ratings, vulnerability can be cast as high, medium, or low. . _ High Vulnerability. One or more significant weaknesses have been identified that make the facility highly susceptible to a terrorist or hazard. . _ Medium Vulnerability. A weakness has been identified that makes the facility somewhat susceptible to a terrorist or hazard. . _ Low Vulnerability. A minor weakness has been identified that slightly increases the susceptibility of the facility to a terrorist or hazard. The Building Vulnerability Assessment Checklist, presented in abbreviated form in Appendix B, compiles a comprehensive list of questions to be addressed in assessing the vulnerability of facilities to terrorist attack. A subset of the checklist, discussed in the following section, is particularly useful in the initial screening of existing facilities to identify and prioritize terrorism risk reduction needs. Such an assessment can be integrated into a due diligence assessment associated with acquisition, refinancing, or insurance underwriting. INITIAL VULNERABILITY ESTIMATE Because of the uncertainty of the threat, many insurers, lenders, and owners need a quick, qualitative assessment of the vulnerability of existing buildings to terrorist attack. As experience is gained and more robust vulnerability assessment tools are developed, the rigor of data collection and analysis will increase. For now, the estimate of vulnerability to a simple qualitative scale (high, medium, or low as defined by the vulnerability ratings described above) may provide useful information. Answering even basic questions concerning vulnerability to terrorist attack may involve three means of data collection: . _ Visual inspection . _ Document review . _ Organization and management procedures review Visual Inspection A property condition assessment of vulnerability to terrorist attack includes an onsite visual inspection encompassing evaluation of the site and all facility systems including architectural, structural, building envelope, utility, mechanical, plumbing and gas, electrical, fire alarm, communications and information technology systems. Equipment operations and maintenance procedures and records and security systems, planning, and procedures should also be scrutinized. The investigation may need to go beyond the site to vulnerability of utility and other infrastructure systems. Design Documents Review The on-site inspection team should work with the property owner to obtain plans, specifications and related construction documents as necessary. Equipment operation and maintenance procedures and records as well as security procedures should also be scrutinized. All documents should be reviewed assessing concerns related to terrorism vulnerability. Organization and Management Procedures Review Because of the transitory nature of the terrorist threat and its uncertain duration, the most effective approaches to terrorism risk reduction in facilities may emphasize reorganization of operational functions and procedures rather than modification of physical systems. The vulnerability assessment team must scrutinize business and operational practices to identify opportunities to reduce exposure to attack. This will involve scrutinizing both owner and tenant operations at the building site. Assessment of Vulnerability to Expected Methods and Means of Attack Each building system and business procedure should be assessed on its vulnerability to a range of terrorist attack methods and means. Based on military experience, common terrorist tactics include the use of moving or stationary vehicles, covert entry, and/or disguise in mail or shipping materials to deliver destructive weapons. At present, terrorist attacks might include blast effects, airborne contamination, waterborne contamination, or some combination of attack mechanisms. For additional information, see FEMA 426 and FEMA 427, Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks. VULNERABILITY ESTIMATE SCREENING The following screening tool tables provide guidance for initial vulnerability assessment. The intention of this assessment is to distinguish facilities of high, medium, or low vulnerability to terrorist attack. The implication is that high vulnerability facilities should receive more detailed analysis. Specific strategies for risk reduction should be developed. These quick, qualitative 'vulnerability estimate' questions were selected from the Building Vulnerability Assessment Checklist in FEMA 426. Each question is characterized by how information concerning the question will likely be collected (visual inspection, design documentation, and/or review of organizational/ management procedures), and common terrorist attack tactics (delivery by moving, stationary vehicles, or covert entry, disguised in the mail or in supply materials; and blast pressure, airborne, or waterborne attack mechanisms). For this initial assessment, subjective ratings by qualified professionals familiar with the facility are appropriate. Assigning a "high, medium, or low" vulnerability rating to the responses to vulnerability questions for each building system will provide a solid preliminary basis for estimating the overall vulnerability of a particular facility to terrorist attack. The answers to the questions will also indicate areas of opportunity for mitigation actions to reduce terrorism risk. ÔSiteÕ Questions A vulnerability assessment of the ÔSiteÕ will look at surrounding structures, terrain, perimeter controls, traffic patterns and separations, landscaping elements and features, lines of site, etc. ÔSiteÕ questions focus primarily on visual inspection to develop ratings. The questions emphasize vulnerability to moving vehicle, stationary vehicle, and covert entry tactics. Vulnerability to blast is the primary concern addressed. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ArchitecturalÕ Questions Assessing ÔArchitecturalÕ vulnerability will investigate tenancy, services, public and private access, access controls, activity patterns, exposures, etc. ÔArchitecturalÕ questions focus equally on visual inspection and evaluation of organizational and management procedures to develop ratings. The questions emphasize vulnerability to moving vehicle, stationary vehicle, and covert entry tactics. Vulnerability to blast is the primary expressed concern. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ÔStructural and Building Envelope SystemsÕ Questions A vulnerability assessment of ÔStructural SystemsÕ will look at construction type, materials, detailing, collapse characteristics, critical elements, etc. An assessment of ÔBuilding EnvelopeÕ will involve investigating strength, fenestration, glazing characteristics and detailing, anchorage, etc. ÔStructural and Building Envelop SystemsÕ questions rely on review of construction documents and visual inspection to develop ratings. Vulnerability to blast is the primary concern. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ÔUtility SystemsÕ Questions A vulnerability assessment of ÔUtility SystemsÕ will look at the full range of source and supply systems serving the facility including water, fuel, and electricity supply; fire alarm and suppression, communications, etc. ÔUtility SystemsÕ questions rely equally on information obtained from visual inspection, review of construction documents, and organizational and management procedures to develop ratings. Vulnerability to waterborne contaminants is expressly considered. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ÔMechanical SystemsÕ Questions A vulnerability assessment of ÔMechanical SystemsÕ will investigate air supply and exhaust configurations, filtration, sensing and monitoring, system zoning and control, elevator management, etc. ÔMechanical SystemsÕ vulnerability questions and ratings rely primarily on information obtained from review of construction documents and visual inspection. Vulnerability to airborne contaminants is the primary consideration, including contamination from Chemical, Biological, and Radiological attack. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ÔPlumbing and Gas SystemsÕ Questions A vulnerability assessment of ÔPlumbing and Gas SystemsÕ will look at the liquid distribution systems serving the facility including water and fuel distribution, water heating, fuel storage, etc. ÔPlumbing and Gas SystemsÕ questions rely primarily on information from review of construction documents to develop ratings. Vulnerability to waterborne contaminants is expressly considered. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ÔElectrical SystemsÕ Questions A vulnerability assessment of ÔElectrical SystemsÕ will evaluate transformer and switchgear security, electricity distribution and accessibility, emergency systems, etc. ÔElectrical SystemsÕ questions primarily on information from visual inspection and review of construction documents to develop ratings. No particular attack mechanism is emphasized. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ÔFire Alarm SystemsÕ Questions A vulnerability assessment of ÔFire Alarm SystemsÕ will look at detection sensing and signaling, system configurations, accessibility of controls, redundancies, etc. ÔFire Alarm SystemsÕ questions rely both on information from review of construction documents and review of organizational and management procedures to develop ratings. No particular attack mechanism is emphasized. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ÔCommunications and Information Technology SystemsÕ Questions A vulnerability assessment of ÔCommunications and Information Technology SystemsÕ will evaluate distribution, power supplies, accessibility, control, notification, backups, etc. ÔCommunications and Information Technology SystemsÕ questions rely on information from visual inspection, review of construction documents, and review of organizational and management procedures to develop ratings. No particular attack mechanism is emphasized. LEGEND: _ = Determine high, medium, or low vulnerability rating. = Applicability of factor to question. ADDITIONAL SOURCES OF DETAILED FACILITY INFORMATION The foregoing questions provide a framework for a qualitative estimate of facility vulnerability to terrorist attack. A more detailed and quantitative evaluation will involve significantly more review of information in all areas, including additional information concerning 'Equipment Operations and Maintenance' (up to date drawings, manuals, and procedures, training, monitoring, etc.); 'Security Systems' (perimeter and interior sensing, monitoring, and control, security system documentation and training, etc.); and the 'Security Master Plan' (currency, responsibilities, etc.). Appendix B presents the complete list of detailed questions from FEMA 426 that should be considered in fully evaluating vulnerability to terrorist threats. The means of data collection that should be employed and the particular terrorist tactics and attack mechanisms addressed by each question are identified in the appendix so that specialized checklists can be created to assess vulnerability to terrorist tactics of particular concern to an individual organization. VULNERABILITY REDUCTION COST INFORMATION AND ESTIMATES Typically, a property condition assessment for due diligence would be followed by consideration of the anticipated costs and timing of needed upgrades of facility systems. Certainly, estimates of expected costs of mitigation of system vulnerability to terrorist attack will become important at some point in the decision-mak-ing process. However, an assessment using the questions described above does not include the level of information needed to project costs. The qualitative analysis described simply determines broad preliminary options for reducing terrorism risk in a particular existing facility and does not give insight to expected costs of risk reduction. At some point in the future, fully capable due dili-gence tools for assessing vulnerability to terrorist attack will very likely include such information and detail. For further discussion of costs related to blast mitigation, see FEMA 427, Chapter 8. GUIDE TO EXPERTISE AND TOOLS Terrorism risk management is a new and evolving field with inputs from a diverse range of disciplines and organizations. This chapter introduces several key documents and resources for further exploration in the field. Terrorism Risk Insurance Act of 2002 Appendix A presents the full text of the TRIA as signed into law on November 26, 2002. TRIA is the basis for the current Federal program to provide reinsurance cover for claims resulting from defined categories of terrorism-caused damage. The full text of the law provides the key definitions and detailed conditions of the program. Building Vulnerability Assessment Screening Appendix B provides a tool for the comprehensive assessment of terrorism vulnerability in buildings, including both qualitative and quantitative measures. This screening tool contains a list of vulnerability questions that provide the basis for systematic due diligence related to both physical and operational vulnerability assessment. The vulnerability questions presented in Appendix B correspond to those in the Building Vulnerability Assessment Checklist provided in FEMA 426. The FEMA 426 checklist includes further guidance and commentary related to the application of each question to assessments of building and building system vulnerability. Each question included in the Appendix B list is identified by type (either rapid estimation or detailed assessment), required methods of data collection, and common terrorist tactics (methods of delivery, and primary threat mechanisms). The appendix master list of questions can be re-sorted to create specialized lists of questions focused on a single parameter or multiple parameters. General Glossary Appendix C presents a general glossary of terrorism risk and building security related terms in common use within federal agencies and the research community. This glossary is intended to provide help in understanding the more specialized literature of the field and to assist in communication with specialized security consultants. The glossary includes terms related to physical security and to the organization and management of building security. Chemical, Biological, and Radiological Glossary Appendix D presents separate glossaries of chemical terms, biological terms, and radiological terms in common use within federal agencies and research communities. The specialized terminology of chemical, biological and radiological threats is new to many otherwise experienced in building security and condition assessment. This specialized glossary is intended to provide help in understanding CBR issues and in communicating with specialized consultants. Acronyms Appendix E lists acronyms for government and private sector agencies as well as technical terms frequently used in the building security field. The list is intended to facilitate use of background federal documents and to help in communication with public authorities concerned with various aspects of homeland security.. Associations and Organizations Appendix F provides a listing of associations and organizations which are active in various aspects of homeland security. Many of these organizations produce materials on the subject of terrorism risk management. These references may be of value for building owners and tenants in search of further information or guidance. URLs are provided to access organizational homepages. Bibliography Appendix G is a bibliography of publications on a range of topics related to terrorism vulnerability and risk management in buildings. These publications have been prepared by government agencies, trade associations, professional societies, and other technical information providers. These publications provide access to the currently available expertise on terrorism risk management. TERRORISM RISK INSURANCE ACT OF 2002 A BUILDING VULNERABILITY ASSESSMENT SCREENING B The following screening tool includes questions concerning vulnerability to terrorism that need to be addressed for new or existing buildings. The questions are intended to provide the basis for a vulnerability assessment of building design and operation of various component systems. Subsets of questions in the screening tool can be used either for a rapid vulnerability estimation or for a comprehensive detailed assessment of buildings. This screening tool includes all of the vulnerability questions from the Building Vulnerability Assessment Checklist in FEMA 426. The FEMA 426 checklist also presents extended guidance and observations regarding use of each question in assessing building vulnerability to terrorist attack. Both the FEMA 426 checklist and this screening tool are organized into 13 sections, listed below. A. Site B. Architectural C. Structural Systems D. Building Envelope E. Utility Systems F. Mechanical Systems (including Chemical, Biological, and Radiological Systems) G. Plumbing and Gas Systems H. Electrical Systems I. Fire Alarm Systems J. Communications and Information Technology Systems K. Equipment Operations and Maintenance L. Security Systems M. Security Master Plan The vulnerability questions presented in this screening tool are characterized by type (vulnerability estimate or detailed assessment), how information concerning the question will likely be collected (visual inspection, design documentation, and/or review of organizational/management procedures), and common terrorist attack tactics (delivery by moving, stationary vehicles, or covert entry, disguised in the mail or in supply materials; and blast pressure, airborne, or waterborne attack mechanisms). From the USAF Installation Force Protection Guide, tactics refer to the offensive strategies employed by aggressors, reflecting their capabilities and objectives. Some of the more common tactics include: . _ Moving vehicle. The moving vehicle attack is a suicide attack where an explosive-laden vehicle is driven into a facility, and detonated. . _ Stationary vehicle. This type of attack may be detonated by time delay or remote control. . _ Covert entry. The aggressor attempts to enter the facility covertly using false credentials. The aggressor may attempt to carry weapons or explosives into the facility. . _ Mail attack. Small bombs or incendiary devices are incorporated into envelopes or packages that are delivered to the targeted individual. . _ Supplies attack. Bombs or incendiary devices, generally larger than those found in mail bombs, are incorporated into various containers and delivered to facilities or installations. . _ Airborne contamination. The aggressor uses chemical or biological agents to contaminate the air supply of a facility or installation. . _ Waterborne contamination. The aggressor uses chemical, biological, or radiological agents to contaminate the water supply of a facility or installation." The table below arrays the compatibility of common tactics with a FEMA list of terrorist attack devices and methods. sedoM / sec iveD kcat tA AME F y rev il e D/ s c i t caT nommoC F A S U Moving vehicle Stationary vehicle Covert entry Mail Supplies Airborne contamination Waterborne contamination ms i ror re t -i rgA kca t t a demrA y ra idnecn i /n o s rA t nega l a c igo l o iB bmoB tnega lac imehC ms i ror re t -rebyC esae ler TAM Z A H bmob rae lcuN t nega lac i go l o idaR The following tables adapt the Ôcommon tactics/deliveryÕ described above by adding Ôblast effectsÕ as a category of terrorist attack Ômechanisms.Õ Table A: Site metI no itseu Q ytilibarenluV n oitaziretcarahC scitcaT tsirorreT epyT noitcelloC sdohteM yrevile D smsinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) a 1.eti S ?ytilicaf eht dnuorrus seru tcurts roja m tah W ? b 1.eti S ro ,yratilim ,tne mnre vog ,erutcur tsarfni lacitirc tah W tcapmitaht aera lacoleht ni era seitilicaf noitaercer kcat ta( egamad laretalloc dna ,seitilitu ,n oitatropsnart r o serutcurt s rojam rehto eht gnitcapmiytilic af s iht ta ?)ytilicaf sih t gn itcapmiserutcurt s rojam eht no kcatta ? c 1.eti S edistuo yleta idemmisesu dnaltnecajda eht era tah W ? ytilicaf sih t fo re temirep eht ? d 1.eti S sesu dnal eseht egnahc snalp tnempoleved erutu f o D ?rete mirep ytilicaf eht edistuo ? 2.eti S ro noisserped a nignidliub eht ecalp niarret eh t seo D ?aera w ol ? ? 3.eti S e calp gnikrap ena lbru c seod ,saera nabru ,esned n I a ot esolc ylbatpeccanu selcihev dekrap dellortnocnu ?ya w-f o - sthgir c ilbup ni y tilicaf 4.eti S slortn oc reirrab fo sepyt reht o ro ecnef re temirep a s I ?ecalp ni 5.eti S ?ytilicaf eh t ot s tniop ssecca etis eht era tah W 6.eti S no ciffart nairt sedep morf detarapes ciffart elcihev s I ?etis eht 7.eti S eh t ta lortnoc ssecca nairtsedep dna elcihev ereht s I ?et is eht fo retemirep a 8.eti S edistu o ro enilbruc eh t ta noit cep sni rof ecaps ereht s I ?retemirep detcetorp eht b 8.eti S noitcepsn ieht morf e cnats id muminim eht sitah W ?gnidliub eht o t noitacol 9.eti S ytilicaf ro etis eht ot ssecca laitnet op yna ereht s I ?ffonur retaw ro shtap ytilitu hgu orht a 0 1.eti S secived mar- itna elcihev fo sep yt gnits ixe eht era tah W ?ytilicaf eht r of b 0 1.eti S eht ta ro yradnuob y treporp eh t ta secived eseh t er A ?gnid liub 1 1.eti S ecnatsid ffodnats enoz reffub maritna eht sitah W ?gnikrap ro selcihe v deneercsnu ot gnidliub eht morf Table B: Architectural (continued) met I noitseuQ ytilibarenluV n oitaziretcarahC scitcaT tsir orreT epyT noitcelloC sdohteM yrevileD smsinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) 31.hcrA elpoep fo sweiv detcurtsbonu evah setuor noitalucric oD ?stniop ssecca dellor tnoc gnihcaorppa 41.hcrA snaem yb lennosrep de zirohtua ot det imilssecca fo or s I ?smsinahcem gnikcolf o a51.hcrA s me tsys gnidliub ,seitivitca ,elpoep( stessa lacitirc erA ,e cnartne niam yna ot esolc detacol)stnen opmoc dna gnida ol ,aera e cnanetniam ,gnikrap ,noitalucric elcihev ?gnikrap roiretn iro ,kc od b51.hcrA stnenop m oc dna smetsys gn idliub lacitirc eht erA ?denedrah ? 61.hcrA eht otn iraf sa deta co lstessa lacitirc ro eulav-hg ih erA m orf de tarapes dna e lbissop sa gnidliub eht fo r oire tni ?gnid liub eht fo saera cilbup eht ? 71.hcrA ?stessa lacitirc morf ya wa ytivitca rotis iv hgih s I a81.hcrA deipucco era taht secaps nideta co lstessa lacitirc erA ?yad rep sruoh 42 b81.hcrA ot elbisiv era yeht erehw saera ni detacolstessa erA ?n osrep eno naht ero m 91.hcrA saera gnippihs dna gniviecer dna skcod gnidaolerA yt ilitu ,s moor ytilitu morf n oitcerid yna ni detarapes ,lacirtcele gnidulcni secnartne ecivres dna , snia m erif ,s me tsys mrala /n oitceted erif ,atad/enohpel et ,sniam gnitaeh dna gnilooc ,sniam retaw noisserppus ?.cte a02.hcrA niam ytilicaf morf yawa detacol sm oorlia m erA ,seitilitu ,secivre s lacitirc gniniatn oc saera ,se cnartne ?stessa tnatropmi dna ,smet sys noitubirtsid b02.hcrA ?kcod gnidaoleh t raen de tacol mo orlia m eht s I 12.hcrA rof elbalia va ecaps etauqeda e vah moorliam eht seoD na ro f dna segakcap gn imocni enimaxe ot tnempiuqe ?reniatnoc lasopsid e visolpxe 22.hcrA laiceps h tiw ,deifitnedi egu fer fo saera erA ?sserge ot nevig n oitaredisnoc Table C: Structural Systems met I noitseuQ ytilibarenluV n oitaziret carahC scitcaT tsir orreT epyT noitcelloC sdohteM yre vileD smsinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) a1.s yScurtS ?noitcurtsnoc fo epy t tah W b1.s yScurtS ?leets gnicrofnier & etercnoc fo epy t tah W c1.s yScurtS ?leets fo epy t tah W d1.s yScurtS ?noitadnuof fo epy t tah W a2.s yScurtS niatnoc serutcurts etercnoc decrofnier eh t o D evitagen dna evitis op(tnemecr ofnier lee ts cirtemmys dna s maeb ,sllaw ,sbals foor ,sbals r oolf lla ni)secaf dna tfilpu ,dnuober ot de tcejbus eb yam taht sredrig ?serusserp noitcus b2.s yScurtS eht fo yticapac eht poleved ylluf secilps paleh t o D ? tnemecro fnier c2.s yScurtS ?dereggats seitiunitnocsi d rehto dna secilps pal er A d2.s yScurtS ?sliated elitcud ssessop snoitcennoc eh t o D e2.s yScurtS dna seit gnidulcni ,tnemecrofnie r raeh s laiceps s I citsale -tsop egralwolla o t elbaliava ,spurrits ?r oivaheb a3.s yScurtS ?snoitcennoc tnemom snoitcennoc emarf leets eht er A b3.s yScurtS ylbanosaer taht os deziminim gnicaps nmuloc eht s I dna sdaolngised eht t siser lliw srebme m dezis ?metsys eht fo ycnadnuder eht esaercni c3.s yScurtS ? sthgieh r oolf-ot-roolf eh t era tah W 4.s yScurtS ?eruliaf ot elbarenlu v stnemele la citirc er A 5.s yScurtS fo level elba tpeccanu na re ffus erut curts eh t lliW tsalb(taerht de talutsop eh t m orf gn itluser ega mad ?)tcapmi nopaew r o gnida ol a6.s yScurtS ?espalloc evissergorp ot elbarenluv erutcurts eht s I b6.s yScurtS a fo lavomer eht gn inia tsus fo elbapac ytilicaf eht s I gn idliub eht ta edarg evoba roolf eno rof nmuloc ?espa lloc evissergorp tuoht iw retemirep Table C: Structural Systems (continued) met I noitseuQ ytilibarenlu V n oitaziret carahC scitcaT tsir orreT epyT noitcell oC sdohteM yre vileD smsinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) c6.s yScurtS na ni noi solpxe lanretni na fo tneve eht n I eht seod aera r oolf dnuorg c ilbup dellortn ocnu fo ssol eht ot eud espa lloc evissergorp tne verp ngised ?n mu loc yramirp eno d6.s yScurtS a edivorp seru taef larutcurts r o larutce tih cra o D ?snmuloc lanretni eht ot ffodnats hcn i-6 muminim e6.s yScurtS secaps lanretni deneercsnu eht ni snmul oc eht er A ,sroo lf owt ot lauqe htgnel decarbnu na rof dengised fo slevel owt era ereht erehw sroolf eerht ro ?gnikrap 7.s yScurtS eh t ni shtap daol tnadnuder e tauqeda ereht er A ?erutcurts 8.s yScurtS sn mu loc yb de troppus sredrig refsnart ereht er A fo roiretxe eht ta ro secaps cilbup deneercsnu nihtiw ?gnidliub eht 9.s yScurtS ot egamad timil ngised kcod gnidaol eh t lli W eht ot ecrof evis olpxe tnev dna saera tnecajda ?gnidliub eht fo roiretxe 01.s yScurtS dna deviecer era segakcap erehw , smoorliam er A secaps liater deneercsnu dna ,n oitcepsni rof denepo no tsalb a fo s tceffe eh t etagi tim ot dengised ?srebmem gnicarb laretal ro lacitre v yramirp Table D:Building Envelope met I noitseuQ ytilibarenlu V noitaziretcarahC scitcaT tsir orreT epyT noitce lloC sdohteM yrevile D smsinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) 1.vnEgdl B ro iretxe eht fo level noitcetorp detamitse ro dengised eht si tahW ? taerht eviso lpxe de talutsop eht tsn iaga sllaw ? a 2.vnEgdl B ?yab larutcurt s rep sgn inepo noitar tsenef % 0 4 naht sselereht s I b 2.vnEgdl B ot decnalab edaa f roiretxe eht no ng ised metsys wodn iw eht s I na gniwollof gnizalg gniylf fo stceffe suodrazah eht etagitim ,sllaw gnitr oppus ot egarohcna , semarf ,gnizalg( ? tneve ev isolpxe ). cte c 2.vnEgdl B noitacilppa na niatnoc etib hcni-1/2 a htiw s me tsys gnizalg eht oD ?enocilis larutcurts fo d 2.vnEgdl B rettahs itna na htiw detce torp tisi ro detanimal gnizalg eht s I ?mlif e 2.vnEgdl B kc iht lim -7 a fo mu minim a ti s i,desu si mlif re ttah s -itna na f I ?mlif kc iht lim -4 deru tcafunam yllaiceps ro ,mlif a 3.vnEgdl B eht poleved ylluf gnimar f wodniw dna ,egarohcna ,slla w eht oD ?detceles lairetam gnizalg eht fo yticapac b 3.vnEgdl B morf snoitcaer cimanyd eht gnidnatshti w fo e lbapac sllaw eht erA ?swodn iw eht c 3.vnEgdl B ytilicaf eht fo sllaw eht ot dehca tta n iamer egarohcna eht lliW ?eruliaf tuohtiw tneve evisolpxe na gnirud d 3.vnEgdl B larutcurts eht ot ro kc olb pu-kcab ot de tcennoc edaaf eht s I ?emarf e 3.vnEgdl B ?decrofnier sllaw yrn osa m gniraeb-non erA a 4.vnEgdl B ?gnizalg cit sillab niatnoc ytilicaf eht seoD b 4.vnEgdl B -telluB 257 LU fo stnemer iuqer eht teem gnizalg citsillab eht seoD ?gnizalG tnatsiseR c 4.vnEgdl B ?gnizalg - ytiruces niatnoc ytilicaf eht seoD d 4.vnEgdl B ro 3321F MTSA fo stnemeriuqe r eht teem gnizalg -yt iruces eht seoD ?la iretaM gn izalG tnatsiseR yralgruB ,279 L U e 4.vnEgdl B gnizalg tnatsiser yrtne decr of gniniatnoc seilbmessa w odniw eht oD ?885 F MTSA f o stnemeriuqe r eht tee m )gnizalg eh t gnidu lcxe( 5.vnEgdl B des opxe dna stnev la cinahce m sa h cus , sgninepo wodn iw- non oD eht r of deriuqer n oitcetorp f o level emas eht edivorp ,smune lp ?llaw r oire txe Table E: Utility Systems metI noitseuQ ytilibarenluV noitaziretcarahC sc itcaT tsirorreT epyT noit ce lloC sd ohteM yrevile D sms inahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) a1.s yS litU ,lapicinum ,ytilitu(?reta w citse mod fo ecruos eht sitah W )knat egarots ,rev ir ,ekal,sllew ? b1.s yS litU ?ylppus retaw gniknird etanretla eruces a ereht sI 2.s yS litU ?y lppus re taw eht rof stniop yrtne elpitlum ereht er A 3.s yS litU ?noitacol eruces a niylppus re taw gnimocnieht sI a4.s yS litU citsemod rof yticapac egarots evah ytilicaf eht seo D ?retaw b4.s yS litU sn oitarepo wolla ti lliw gnol woh dna snollag ynam woH ?eunitnoc ot a5.s yS litU no isserppus erif eh t rof reta w fo ecruos eht sitah W h tiw skna t egar ots ,senilynapmoc yt ilitu lacol( ? metsys )re vir ro ,ekal,pukcab ynapmoc ytilitu b5.s yS litU ?noisserppus erif rof seilppus reta w etanretla ereht er A 6.s yS litU , tnailpmoc -edo c ,etauqeda metsys noisserppus erif eht sI ?)noitacoleruces( detcetorp dna a7.s yS litU e vah )sresir( slortnoc ro ire tniepipdnats /relknirps eht o D ?noitarapes tnatsiser-tsal-erb dna if b7.s yS litU etauqeda snoitcennoc epipdnats dna relknirps eht er A ?tnadnuder dna c7.s yS litU sno itcennoc ylppus reta w dna tnardyh erif ereht er A ? snoitcenn oc epipdnats/relknirp s eht raen a8.s yS litU ,cirtcele eno ,.g.e(spmup re taw erif tnadnuder ereht er A ?)leseid eno b8.s yS litU ?reh t o hcae morf trapa detacolspmup eht er A a9.s yS litU ?elbissecca smetsys rewes er A b9.s yS litU ?deruces r o detce torp yeht er A 01.s yS litU lac itirc r of nopu yler ytilicaf eht od seilppus leuf tah W ?n oitarepo a 11.s yS litU ytilicaf eht ta ro etis eht no derots sileuf hcum woH lacitirc troppus ytitnauq siht nac gnolwoh dna ?sn oitarepo Table E: Utility Systems (continued) metI noitseuQ ytilibarenluV noitaziretcarahC sc itcaT tsirorreT epyT noit ce lloC sd ohteM yrevile D sms inahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) b 11.s yS litU ?derots )leuf( tisiwoH c 11.s yS litU ?deruces )leuf( tisiwoH a 21.s yS litU ?deniatb o ylppus leuf eht siereh W b 21.s yS litU ?dereviled )leuf( tisiwoH a 31.s yS litU ?leuf fo secruos etanretla ereht er A a 31.s yS litU ?leuf fo secruos etanretla ereht er A b 31.s yS litU ?desu eb sleuf etanretla naC 41.s yS litU eh t rof ec ivre s lacirtcele f o ecru os la mron eht sitah W ?ytilicaf a 51.s yS litU ?ecruos ecivres lacirtcele tnadnuder a ereht sI b 51.s yS litU y tilitu eno naht er om morf de f eb seitilicaf eht naC ?noitatsbus 61.s yS litU rof evah ytilicaf eht seod stniop yrtne ecivres yam woH ?yticirtcele 71.s yS litU ?eruces gnidliub eht o t ec ivres cirtcele gnimocnieht sI a 81.s yS litU tahW ?tsixe rewop ycnegreme rof snoisivorp tah W yticapac evah dna rewop ycnegre me evie cer s metsys ?detset neeb stne mer iuqer b 81.s yS litU laicrem moc eht htiw detacol-oc re wop ycnegreme eht sI ?ecivres cirtcele c 81.s yS litU ?rew op ycnegreme rof noitcennoc roiretxe na ereht sI 91.s yS litU atad dna enohpelet nia m eht se od snaem tahw yB ?ytilicaf eht ecafretni snoitacinu mmoc 02.s yS litU eht rof snoitacol tnadnuder ro elpitlum ereht er A ?ecivres noitac inummoc dna en ohpe let a 12.s yS litU h t iw noitac inumm oc eriuqer metsys mrala erif eht seo D ?se cruos lanre txe b 12.s yS litU eht ot tnes langis mrala eht sid ohtem tahw yB ?cte ,o idar ,enohpele t :ycnega gnidnopser c 12.s yS litU ?re tne c gniro t inom mrala yraidemretni na ereht sI 22.s yS litU tcerid r o ,dnu orgrednu ,dnuorgevoba senilefilytilit u er A ?deirub Table F: Mechanical Systems (Including Chemical, Biological, and Radiologica l Systems) (continued) metI noit seuQ ytilibarenluV noitaz ire tcarahC scitcaT tsir orreT ep yT noit celloC sdohteM yrevile D smsinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) b 31.syShceM ?saera eruces niyeh t erA c 31.syShceM ?detu or gniriw lortnoc eh t si w oH 41.syShceM snalp troppu s sme tsys gnildna h ria fo lor tnoc eht seoD ?ecalp ni gniretlehs rof 51.syShceM eht no detaco ltnempiuqe detnuom-f oor sierehW )fo or fo retnec ta ,retemirep raen(?f oor 61.syShceM ?sreirrab er if lla ta dellatsnisrepma d erif erA 71.syShceM ?ytirge tnirieh t n iatniam srood erif dna slla w erif oD 81.syShceM ro tavele dna ytilibapac llacer e vah srotavele oD ? ytilibapac egasse m ycnegre me Table G: Plumbing and Gas Systems me t I no it seu Qy t il ibarenluV no i taz i re t carahC s c it caT t s iror reT epyT noi t ce l loC sd oh t eMyrev i l eD sms inahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) 1 . saGbmulP ?no itubi r t s id re tawfo doht e meht s itahW 2 . saGbmulP , gni taeh(, ?n o i tubir t s idsag fo doht e meht s itahW ) s secorp , lac idem, gni k ooc 3 . saGbmulP ?n o i tubir t s idgnipipniameh t ot y cnadnuder ereht s I a4 . saGbmulP ? re ta wc it semod gni taeh fo doht e meht s itahW b4 . saGbmulP ?desu s i ) s ( l euf tahW a5 . saGbmulP , gni taeh( ?de taco lsknat egar o t s sag era erehW ) s secorp , lac idem, gni k ooc b5 . saGbmulP no itubi r t s id eht ot depip ) s knat sag( yeht era woH )dnuorg wol eb ro evoba( ?me t sy s 6 . saGbmulP ? sesag lac i t ir c fo se ilppus evreser ereht erA Table H: Electrical Systems met I n oitseuQ ytilibarenluV noitazire tcarahC sc itcaT tsirorreT ep yT noitcelloC sdohteM yrevile D s msinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) a1.syStcel E detacolsraeghct iws ro sremrofsnar t yna ereht er A gnidliub eht morf elbissecca ro gnidliub eht edis tuo ?roiretxe b1.syStcel E ot elbarenluv )sraeghctiws ro sremrofsnart(yeht er A ?ssecca cilbup c1.syStcel E ?deruces )sraeghctiws ro sremrofsnart(yeht er A 2.syStcelE ni gnithg il ytilicaf lanretxe eht fo tnetxe eh t si tah W desu sya wyrtne lamr on ta dna saera ecivres dna ytilitu ?stnapuc co gnidliub eh t yb 3.syStcelE era ereh w dna deruces smoor lacirtcele eht era wo H gn itrats ,saera k sir rehgih rehto ot evitaler detacol yeht ecivres eht ta moor noitubirtsidlacirtcel e niam eht htiw ?ecnartne a4.syStcel E rehto htiw detac ol-oc s metsys lacirtcele lacitirc er A ?sme tsys gnidliub b4.syStcel E fo edistuo saera nidetac ol s metsys lacirtcele lacitirc er A ?saera la cirtcele deru ces c4.syStcel E morf yletarapes detacol gniriw metsys ytiruce s sI ?smets ys ecivres rehto dna lac irtcele 5.syStcelE hcnarb gnivres slenap noitubirt sid lacirtcele era wo H ?sn oitacol eruces ni yeht era ro deruces stiucric a6.syStcel E nihtiw saera lla rof t sixe re wop pukcab ycnegreme se o D ? ylno saera lacitirc rof r o ytilicaf eht b6.syStcel E ?detubir tsid rew op ycnegreme eht si wo H c6.syStcel E eht morf tnednepednimetsys rewop ycnegreme eht sI ?saera la citir c niylralucitrap ,e civres la cirtcele la mron a7.syStcel E ?detubir tsid gniriw metsys lac irtcele yra mirp eht si wo H b7.syStcel E ?seitilitu r ojam reh to ht iw detacol-oc t isI c7.syStcel E ?saera lacitirc o t noitubirts id f o ycnadnuder ereht sI Table I: Fire Alarm Systems met I n oitseuQ ytilibarenlu V noi tazire tcarahC sc itcaT tsirorreT ep yT noitcelloC sdohteM yrevile D s msinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) a 1.mral AeriF r o dezilartnec metsys mrala erif y tilicaf eht sI ?dezilacol b 1.mral AeriF dna yllacol ht ob ,deta icnunna s mrala era wo H ?yl lartnec c 1.mral AeriF ni detacol smetsys lortnoc dna s tnemu cod laci tirc er A ?noi tacol e lb issec ca tey eruces a a 2.mral AeriF ?detacol slenap mrala erif eht era ereh W b 2.mral AeriF ?lennosrep de zirohtuanu ot ssecca wolla yeht er A a 3.mral AeriF de targetni ro enola- dnats mets ys mrala erif eht sI dna ytiruce s sa hcus sn oitcnuf rehto hti w ?sme tsy s tnemegana m gnidliub ro latnemn orivne b 3.mral AeriF ?ecafretni eh t si tah W 4.mral AeriF -erif evah stnen opm oc metsys mrala erif yek o D dna ?noitarapes tnatsiser- tsalb 5.mral AeriF ?gnitroper mrala erif sesimerp-ffo tnadnuder ereht sI Table J: Communications and IT Systems met I n oitseuQ ytilibarenluV noitazire tcarahC sc itcaT tsirorreT ep yT noitcelloC sdohteM yrevile D s msinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) a1.T ImmoC dna moor noitubirtsid enohpelet niam eh t si ereh W ?saera ksir rehgih ot no italer niti s iereh w b1.T ImmoC ?eruces moor noitubir t sid enohpelet niam eht sI a2.T ImmoC S PU na evah metsys enohpelet eht se o D ?)ylppus rewop elbitpurretninu ( b2.T ImmoC lano itarepo ,gnitar re wop ,epyt )spu(sti si tah W ,enil- no ,yret tab( ?no itacoldna ,dao lrednu noitarud )deretlif a3.T ImmoC stes olc gniriw smetsys no itacinu mmoc era ereh W )mrala ,langis ,atad ,eciov(?detaco l b3.T ImmoC htiw deta col- oc )ste solc noita cinu mmoc(yeht er A ?seitilitu rehto c3.T ImmoC ?saera eruces ni)ste solc noita cinu mmoc(yeht er A 4.T ImmoC ?detubirtsid gniriw me t sys snoitacinu mmoc si wo H )saera cilbup elbissecca ,sre sir dna se sahc eruces( 5.T ImmoC smets ys snoitacinum moc tnadnuder ereht er A ?elbaliava a6.T ImmoC ,sretnec atad ,ytilicaf noitubirtsid niam eht era ereh W ?detac ol srevre s dna ,s llawer if ,sretu or b6.T ImmoC )TI (etaidemretni ro/dna yradnoces eht era ereh W ?seitilicaf noitubirtsid 7.T ImmoC aera ediw( NAW eht era ereh w dna epy t tah W ?snoitcennoc )kro wten a8.T ImmoC SPU eht fo no itacoldna ,gnitar rewop ,epy t tah W ,enil-no ,yret tab( ?)ylppus rewop elbitpurretninu ( )deretlif b8.T ImmoC ?rewop ycnegreme o t detcenn oc osla S PU eht er A 9.T ImmoC dna gn ilba c )kr owten aera lacol( N AL fo epy t tah W tibagiG , 5 )taC(yr ogetaC(?desu siygo lopot lacis yhp )gniR nekoT , tenreht E ,tenrehtE 01.T ImmoC rieht era tahw ,smetsys sseleriw/oidar dellatsniro F oidar( FR(?detacolye h t era erehw dna sepyt hgih yrev( FHV ,)y cneuqerf hgih(FH ,)ycneuqerf )evaw muide m( WM ,)ycneuqerf Table J: Communications and IT Systems (continued) met I n oitseuQ ytilibarenluV noitazire tcarahC sc itcaT tsirorreT ep yT noitcelloC sdohteM yrevile D s msinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) 11.T ImmoC )re tupmoc -ygo lonhceT noitamrofn I(TI eh t o D ,ytirgetni ,ytilaitnedifnoc fo s tnemeriuqer teem smets ys ?ytilibalia va dna 21.T ImmoC ?etis gnirorrim/yrevocer retsas id eh t si ereh W 31.T ImmoC tahw dna etis egarots elif/epat pu-k cab eh t si ereh W ,tluav ,efas (?tnemnorivne efas fo epyt eh t si eh t ninoitaregirfer tnadnuder ereht sI)dnuorgrednu ?e tis)egaro ts TI pukcab( 41.T ImmoC )snoitacinum moc etilletas( MOCTAS yna ereht er A eraps ,rewop ycnegreme ,SP U ,re wop ,noitac ol(?skn il )ytilibapac/yticap ac a51.T ImmoC lla seh caer taht metsys n oitacifiton ssa m a ereht sI ,enohp llec ,regap ,sserdda cilbup( ?stnapucco gn idliub ).cte ,edirrevo retupm oc b51.T ImmoC lan oitarepo eb smets ys eseht fo erom ro eno lliW )re wop y cnegreme ,SPU(?snoitidn oc drazah rednu a61.T ImmoC etanretla detangised rieht dna sretnec lor tnoc o D rof ytilibapac decuder ro tnelaviuqe evah snoitacol ycnegreme(?.cte ,noitacifiton ssam ,atad ,eciov )noitamotua gnidliub ,smrala erif ,ytiru ces ,snoitarepo b61.T ImmoC pukcab ot ssecca evah osla snoitacoletanretla eh t o D ?re wop ycnegreme gnidulcni,smets ys Table L: Security Systems met I noitseuQ ytilibaren luV noitazire tcarahC sc itcaT tsirorreT ep yT noitcelloC sdohteM yrevile D s msinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) a1.mirePce S )noisivelet tiucric de solc(VTCC roloc ro etihw/kcalb er A ?desu saremac b1.mirePce S a syad 7 /sruoh 4 2 dedr ocer dna der otinom yeht er A ?moh w yB ?keew c1.mirePce S ?ngised yb latigid ro golana yeht er A d1.mirePce S -tlit-nap dna sseleriw ,dexif fo rebmun eht era tah W ?desu sarema c mooz e1.mirePce S ?saremac VTCC eht fo sreru tcafunam eht era oh W f1.mirePce S ?esu nisaremac VTCC eht fo ega eh t si tah W a2.mirePce S yllacita motua dnopser ot de mmargorp sare mac eht er A ?s tneve mrala gnidliub retemirep ot b2.mirePce S ?se itilibapac noitom oediv ni- tliub evah yeht o D 3.mirePceS yeh t era dna desu era sgnisu oh aremac fo ep yt tah W ot eru sopxe t sniaga tcet orp ot ngised nila tnemn orivne ?stnemele rehtaew dloc dna taeh 4.mirePceS erehw ,desu srosnes ro snottub mrala sserud /cinap er A ?e lbatr op ro deriwdrah yeht era dna detac ol yeht era 5.mirePceS ro saera gnikrap nidesu sexob llac mocretni er A ?retemirep gnidliub eht gnola 6.mirePceS timsnart o t desu aidem noissimsnart eh t si tah W ,eriw en ohpele t ,enil eriw ,rebif :slangis oediv aremac ?sseleriw , laixaoc 7.mirePceS ?mets ys VTCC eht sr otinom oh W a8.mirePce S eh t gnirud h tob segami oediv f o ytilauq eh t si tah W ?ssen krad fo sru oh dna yad b8.mirePce S ?desu sro tanimulliaremac derarfni er A 9.mirePceS na yb detroppus saremac rete mirep eht er A gnid liub r o ,yrettab ,ylppus re wop elbitpurre tninu ?re w op ycnegreme 01.mirePce S :desu era srosnes S D I roiretxe fo ep yt tah W citatsib ,derarfnievitca ,citpo rebif ,citengam ortcele ssalg ,ecnef ,dnu org ,cirtce leotohp ,cimsies ,e vaworcim pullor dna elbuod ,elgnis ,)kc ohs/noitarbiv(kaer b .sehc tiws ro s tcatnoc citengam rood Table L: Security Systems (continued) met I noitseuQ yt ilibarenluV noitazire tcarahC sc itcaT tsirorreT ep yT noitcelloC sdohteM yrevile D s msinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) c23.retn IceS no isurtn ifo gnirotinom ruoh-42 etis - ffo ereh t s I ?smetsys noitceted 33.retn IceS nietauqeda moor lor tno c dna elosn oc y tiruces eh t s I etauqeda evah ,no isnapxe rof mo or edivorp ,e zis .g.eria ,gnitaeh ,gnithgil , c/a (slortnoc tnemnorivne ylla cimonogre si dna ),cte ,re wop pukcab ,noitalucric ?dengised 43.retn IceS aera eruces a nimoor ytiruces eht fo noitacoleh t s I nislortnoc ssecca detcir tser dna dellortn oc ,detimilht iw ?ecalp a53.retn IceS ytiruces dna ytilicaf hcihw yb snae m eht era tahW elbatr op :rehtona eno htiw etacinummo c nac lenn osrep s tnatsissa atad lanosrep ,enohp llec ,regap ,oidar ?)cte ,)s' AD P( b53.retn IceS dna e seht h tiw decneirepxe neeb evah smelborp tahW ?smetsys ytiruces cin ortcele rehto 63.retn IceS gnitroper tnedicniy tiruces dezire tupmoc a ereh t s I ytiruce s kcart dna stroper eraperp ot desu metsys ?snrettap dna sdnert tnedicni 73.retn IceS a esu o t ssecca e vah ecrof ytiruces tneserp eht seoD ? metsys ruot draug deziretupmo c a83.retn IceS ?ytilicaf eht ni sefas ro stluav erA b83.retn IceS ?detacolyeht era erehW 9 3.scoDceS detareneg neeb sgniward tliub-sa me tsy s ytiruces erA ?weiver r of ydaer dna 0 4.scoDceS sdradnats gniward dna ngised mets ys y tiruces e vaH ?depoleved neeb 1 4.scoDceS ?denifed aire tirc noitce les tnempiuqe ytiru ces erA 2 4.scoDceS ni era ro depoleved neeb evah snalp ycnegn itnoc tahW y cnadnuder retnec lortn oc y tiruces h tiw laed ot ecalp ?sn oitarepo pukcab dna 3 4.scoDceS noita cificeps noitcurtsnoc mets ys y tiruces e vaH ?dezidradnat s dna deraperp neeb stnemucod 4 4.scoDceS tliub-sa edulcni ot stnemucod metsys ytiruces lla erA ?tnerru c sgniward Table L: Security Systems (continued) met I noitseuQ ytilibarenluV n oita ziretcarahC scitcaT tsirorreT ep yT noitcelloC sdoh teM yre vileD s msinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) 5 4.scoDceS y tiruces gnisu nidenimreted neeb snoitacifilauq eva H , sreenigne dna srengised metsys ,stnatlusnoc ? srotcar tnoc dna ,srodne v noita llatsni 6 4.scoDceS ,dezilartnec ,dezilartnece d smetsys ytiruces erA ro kro wten TI gnitsixe rev o etarep o dna ,detargetni ?noitarep o fo dohtem eno ladnat s 7 4.scoDceS ?elbaliava era slaunam smetsys y tiruces tahW 8 4.scoDceS rof tsixe stnemeerga ecivres ro ecnanetniam tahW ?sme tsys ytiruce s Table M: Security Master Plan met I noitseuQ yt ilibarenluV noi tazire tcarahC sc itcaT tsirorreT ep yT noitcelloC sdohteM yrevile D s msinahceM Vulnerability estimate Detailed assessment Visual inspection Document review Org/Mgmt procedure Moving vehicle Stationary vehicle Covert entry Mail Supplies Blast effects Airborne (contamination) Waterborne (contamination) a 1.nal PceS ?ytilicaf siht rof tsixe nalp ytiruces nettir w a seoD b 1.nal PceS t sal dna nettir w nalp ytiruces lait ini eht saw nehW ?desi ver c 1.nal PceS eht gniwei ver dna gniraperp rof elbisnopser s i ohW ?nalp ytiruces 2.nal PceS dna detacinu mmoc neeb nalp ytiruces eht saH dna lennosrep tnemeganam yek ot detani mess id ?s tnemtraped 3.nal PceS derapmoc ro dekra mhcneb neeb nalp ytiruces eht saH ?seititne lanoitarepo dna snoitazinagro detaler tsniaga 4.nal PceS detaulave dna det set neeb reve nalp ytiruces eht saH dna ycnei ciffe lan oitarepo dna tifeneb-ts oc a morf ?e vitcepsrep ssenevitceffe 5.nal PceS ytiru ces mre t gnol-troh s ,noisiv ,noissim enifed ti seoD ?sevi tcejbo dna slaog margorp 6.nal PceS denifed yletauqeda sk sir ,seitilibarenluv ,staerht erA de zitir oirp dna desserdda serusaemretnuoc y tiruces dna fo yti libaborp dna y tilacitirc rieh t ot tnaveler ?ecnerrucco 7.nal PceS neeb eludehcs noitatne melpmi ytiruces a saH ?snoitu los ytiruces dednemmocer sserdda ot dehsilbatse 8.nal PceS neeb stegdub latipac dna gn itarepo y tiruces e vaH eht troppus ot dehsilba tse dna de vorppa ,desserdda ?nalp 9.nal PceS ere w sdradnats/senilediu g yrtsudni ro yrotaluger tahW ?nalp ytiruces eht fo noitaraperp eht ni dewollof 0 1.nal PceS ytiruces gnit sixe sserdda nalp ytiruces eht seoD ,lan oitarepo ,evitartsinimda na m orf sn oitidnoc ?evitcepsrep s metsys ytiruce s lacinhcet dna laireganam 1 1.nal PceS ,elpoep f o noitcetorp eht sserdda nalp ytiruces eht seoD ?noi tamrofni dna , stessa ,ytreporp 2 1.nal PceS rojam gn iwollof eht sserdda nalp ytiruces eht seoD ,esnopser ,ecnallievrus ,l ortnoc ssecca :stnenopmoc ,lacigol oib tsniaga noitce torp dna gninedrah gnidliub ?skcat ta krowten- rebyc dna lacigoloidar ,lacimehc GENERAL GLOSSARY A Access Control. Any combination of barriers, gates, electronic security equipment, and/or guards that can deny entry to unauthorized personnel or vehicles. Access Control Point. A station at an entrance to a building or a portion of a building where identification is checked and people and hand-carried items are searched. Access Controls. Procedures and controls that limit or detect access to minimum essential infrastructure resource elements (people, technology, applications, data and/or facilities), thereby protecting these resources against loss of integrity, confidentiality accountability and/or availability. Access Control System. Also referred to as an electronic entry control system; an electronic system that controls entry and egress from a building or area. Access Control System Elements. Detection measures used to control vehicle or personnel entry into a protected area. Access control system elements include locks, electronic entry control systems, and guards. Access Group. A software configuration of an access control system that group together access points or authorized users for easier arrangement and maintenance of the system. Access Road. Any roadway such as a maintenance, delivery, service, emergency, or other special limited use road that is necessary for the operation of a building or structure. Accountability. The explicit assignment of responsibilities for oversight of areas of control to executives, managers, staff, owners, providers, and users of minimum essential infrastructure resource elements. Acoustic Eavesdropping. The use of listening devices to monitor voice communications or other audibly transmitted information with the objective to compromise information. Active Vehicle Barrier. An impediment placed at an access control point which may be manually or automatically deployed in response to detection of a threat. Aerosol. Fine liquid or solid particles suspended in a gas, for example, fog or smoke. Aggressor. Any person seeking to compromise a function or structure. Airborne Contamination. Chemical or biological agents introduced into and fouling the source of supply breathing or conditioning air. Airlock. A building entry configuration with which airflow from the outside can be prevented from entering a toxic-free area. An airlock uses two doors, only one of which can be opened at a time, and a blower system to maintain positive air pressures and purge contaminated air from the airlock before the second door is opened. Alarm Assessment. Verification and evaluation of an alarm alert through the use of closed circuit television or human observation. Systems used for alarm assessment are designed to respond rapidly, automatically, and predictably to the receipt of alarms at the security center. Alarm Printers. Alarm printers provide a hard-copy of all alarm events and system activity, as well as limited backup in case the visual display fails. Alarm Priority. A hierarchy of alarms by order of importance. This is often used in larger systems to give priority to alarm with greater importance. Annunciation. A visual, audible, or other indication by a security system of a condition. Antiterrorism. Defensive measures used to reduce the vulnerability of individuals, forces, and property to terrorist acts. Area Commander. A military commander with authority in a specific geographical area or military installation. Area Lighting. Lighting which illuminates a large exterior area. Areas of Potential Compromise. Categories where losses can occur that will impact either a department or agencyÕs minimum essential infrastructure and its ability to conduct core functions and activities. Assessment. The evaluation and interpretation of measurements and other information to provide a basis for decision-making. Assessment System Elements. Detection measures used to assist guards in visual verification of intrusion detection system alarms and access control system functions and to assist in visual detection by guards. Assessment system elements include closed- circuit television and protective lighting. Asset. A resource of value requiring protection. An asset can be tangible such as people, buildings, facilities, equipment, activities, operations, and information; or intangible, such as processes or a companyÕs information and reputation. Asset Value. The degree of debilitating impact that would be caused by the incapacity or destruction of an asset. Asset Protection. Security program designed to protect personnel, facilities, and equipment, in all locations and situations, accomplished through planned and integrated application of combating terrorism, physical security, operations security, personal protective services, and supported by intelligence, counterintelligence, and other security programs. Attack. A hostile action resulting in the destruction, injury or death to the civilian population, or damage or destruction to public and private property. Audible Alarm Devices. An alarm device which produces an audible announcement (bell, horn, siren, etc.) of an alarm condition. B Balanced Magnetic Switch. A door position switch utilizing a reed switch held in a balanced or center position by interacting magnetic fields when not in alarm condition. Ballistics Attack. Attack in which small arms (such as pistols, submachine guns, shotguns, and rifles) are fired from a distance and rely on the flight of the projectile to damage the target. Barbed Tape or Concertina. A coiled tape or coil of wires with wire barbs or blades deployed as an obstacle to human trespass or entry into an area. Barbed Wire. A double strand of wire with four-point barbs equally spaced along the wire deployed as an obstacle to human trespass or entry into an area. Barcode. Black bars printed on white paper or tape that can be easily read with an optical scanner. Biological Agents. Living organisms or the materials derived from them that cause disease in or harm to humans, animals, or plants or cause deterioration of material. Biological agents may be used as liquid droplets, aerosols, or dry powders. Biometrics. The use of physical characteristics of the human body as a unique identification method. Biometric Reader. A device that gathers and analyzes biometric features. Blast Curtains. Heavy curtains made of blast resistant materials that could protect the occupants of a room from flying debris. Blast-Resistant Glazing. Window opening glazing that is resistant to blast effects because of the interrelated function of the frame and glazing material properties frequently dependent upon tempered glass, polycarbonate, or laminated glazing. Blast Vulnerability Envelope. The geographical area in which an explosive device will cause damage to assets. Bollard. A vehicle barrier consisting of a cylinder, usually made of steel and sometimes filled with concrete, placed on end in the ground and spaced about 3 feet apart to prevent vehicles from passing, but allowing entrance of pedestrians and bicycles. Boundary Penetration Sensors. Interior intrusion detection sensors which detect an attempt by individuals to penetrate or enter a building. Building Hardening. Enhanced construction that reduces vulnerability to external blast and ballistic attack. Building Separation. The distance between closest points on the exterior walls of adjacent buildings or structures. Business Continuity Program. An ongoing process supported by senior management and funded to insure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and recovery plans, and ensure continuity services through personnel training, plan testing and maintenance. C Cable Barrier. Cable or wire rope anchored to and suspended off the ground or attached to chain link fence to act as a barrier to moving vehicles. Capacitance Sensor. A device that detects an intruder approaching or touching a metal object by sensing a change in capacitance between the object and the ground. Card Reader. A device that gathers or reads information when a card is presented as an identification method. Chemical Agent. A chemical substance that is intended to kill, seriously injure, or incapacitate people through physiological effects. Generally separated by severity of effect: lethal, blister, and incapacitating. Clear Zone. An area that is clear of visual obstructions and landscape materials that could conceal a threat or perpetrator. Closed Circuit Television (CCTV). An electronic system of cameras, control equipment, recorders, and related apparatus used for surveillance or alarm assessment. CCTV Pan-Tilt-Zoom Camera (PTZ). A CCTV camera that can move side to side, up and down, and zoom in or out. CCTV Pan-Tilt-Zoom Control. The method of controlling the PTZ functions of a camera. CCTV Pan-Tilt-Zoom Controller. The operator interface for performing PTZ control. CCTV Switcher. A piece of equipment capable of presenting any of multiple video images to various monitors, recorders, and so forth. Chimney Effect. Air movement in a building between floors caused by differential air temperature (differences in density), between the air inside and outside the building. It occurs in vertical shafts, such as elevator, stairwell, and conduit/wiring/piping chase. Hotter air inside the building will rise and be replaced by infiltration with colder outside air through the lower portions of the building. Conversely, reversing the temperature will reverse the flow (down the chimney). Also know as stack effect. Collateral Damage. Injury or damage to assets that are not the primary target of an attack. Combating Terrorism. The full range of federal programs and activities applied against terrorism, domestically and abroad, regardless of the source or motive. Community. A political entity which has the authority to adopt and enforce laws and ordinances for the area under its jurisdiction. In most cases, the community is an incorporated town, city, township, village, or unincorporated area of a county. However, each State defines its own political subdivisions and forms of government. Components and Cladding. Elements of the building envelope that do not qualify as part of the main wind-force resisting system. Confidentiality. The protection of sensitive information from unauthorized disclosure and sensitive facilities from physical, technical or electronic penetration or exploitation. Consequence Management. Measures to protect public health and safety, restore essential government services, and provide emergency relief to governments, businesses, and individuals affected by the consequences of terrorism. state and local governments exercise primary authority to respond to the consequences of terrorism. Contamination. The undesirable deposition of a chemical, biological, or radiological material on the surface of structures, areas, objects, or people. Continuity of Services and Operations. Controls to ensure that, when unexpected events occur, departmental/agency minimum essential infrastructure services and operations, including computer operations, continue without interruption or are promptly resumed and critical and sensitive date are protected through adequate contingency and business recovery plans and exercises. Control Center. A centrally located room or facility staffed by personnel charged with the over sight of specific situations and/or equipment. Controlled Area. An area into which access is controlled or limited. It is that portion of a restricted area usually near or surrounding a limited or exclusion area. Correlates with exclusion zone. Controlled Lighting. Lighting illumination of specific areas or sections. Controlled Perimeter. A physical boundary at which vehicle and personnel access is controlled at the perimeter of a site. Access control at a controlled perimeter should demonstrate the capability to search individuals and vehicles. Conventional Construction. Building construction that is not specifically designed to resist weapons, explosives, or chemical, biological and radiological effects. Conventional construction is designed only to resist common loadings and environmental effects such as wind, seismic, and snow loads. Coordinate. To advance systematically an exchange of information among principals who have or may have a need to know certain information in order to carry out their role in a response. Counterintelligence. Information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons; or international terrorist activities, excluding personnel, physical, document, and communications security programs. Counterterrorism. Offensive measures taken to prevent, deter, and respond to terrorism. Covert Entry. Attempts to enter a facility by using false credentials or stealth. Crash Bar. A mechanical egress device located on the interior side of a door that unlocks the door when pressure is applied in the direction of egress. Crime Prevention Through Environmental Design (CPTED). A crime prevention strategy based on evidence that the design and form of the built environment can influence human behavior. CPTED usually involves the use of three principles: natural surveillance (by placing physical features, activities, and people to maximize visibility); natural access control (through the judicial placement of entrances, exits, fencing, landscaping, and lighting); and territorial reinforcement (using buildings, fences, pavement, signs, and landscaping to express ownership). Crisis Management. The measures taken to identify, acquire, and plan the use of resources needed to anticipate, prevent, and/or resolve a threat or act of terrorism. Critical Assets. Those assets essential to the minimum operations of the organization, and to ensure the health and safety of the general public. Critical Infrastructure. Primary infrastructure systems (utilities, telecommunications, transportation, etc.) whose incapacity would have a debilitating impact on the organizationÕs ability to function. D Damage Assessment. The process used to appraise or determine the number of injuries and deaths, damage to public and private property, and the status of key facilities and services such as hospitals and other health care facilities, fire and police stations, communications networks, water and sanitation systems, utilities, and transportation networks resulting from a man-made or natural disaster. Data Gathering Panel. A local processing unit that retrieves, processes, stores, and / or acts on information in the field. Data Transmission Equipment. A path for transmitting data between two or more components (such as a sensor and alarm reporting system, a card reader and controller, a CCTV camera and monitor, or a transmitter and receiver). Decontamination. The reduction or removal of a chemical, biological, or radiological material from the surface of a structure, area, object, or person. Defense Layer. Building design or exterior perimeter barriers intended to delay attempted forced entry. Defensive Measures. Protective measures which delay or prevent attack on an asset or which shield the asset from weapons, explosives, and CBR effects. Defensive measures include site work and building design. Delay Rating. A measure of the effectiveness of penetration protection of a defense layer. Design Basis Threat. The threat (tactics, and associated weapons, tools, or explosives) against which assets within a building must be protected and upon which the security engineering design of the building is based. Design Constraint. Anything which restricts the design options for a protective system or which creates additional problems for which the design must compensate. Design Opportunity. Anything which enhances protection, reduces requirements for protective measures, or solves a design problem. Design Team. A group of individuals from various engineering and architectural disciplines responsible for the protective system design. Detection Layer. A ring of intrusion detection sensors located on or adjacent to a defensive layer or between two defensive layers. Detection Measures. Protective measures which detect intruders, weapons, or explosives; assist in assessing the validity of detection; control access to protected areas; and communicate the appropriate information to the response force. Detection measures include detection system, assessment system, and access control system elements. Detection System Elements. Detection measures which detect the presence of intruders, weapons, or explosives. Detection system elements include intrusion detection systems, weapons and explosives detectors, and guards. Disaster. An occurrence of a natural catastrophe, technological accident or human- caused event that has resulted in severe property damage, deaths, and/or multiple injuries. Disaster Field Office (DFO). The office established in or near the designated area of a Presidentially declared major disaster to support federal and state response and recovery operations. Disaster Recovery Center (DRC). Places established in the area of a Presidentially declared major disaster, as soon as practicable, to provide victims the opportunity to apply in person for assistance and/or obtain information relating to that assistance. Domestic Terrorism. The unlawful use, or threatened use, of force or violence by a group or individual based and operating entirely within the United States or Puerto Rico without foreign direction committed against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof in furtherance of political or social objectives. Door Position Switch. A switch that changes state based on whether or not a door is closed. Typically, a switch mounted in a frame that is actuated by a magnet in a door. Door Strike, Electronic. An electro-mechanical lock that releases a door plunger to unlock the door. Typically, an electronic door strike is mounted in place of or near a normal door strike plate. Dose Rate (Radiation). A general term indicating the quantity (total or accumulated) of ionizing radiation or energy absorbed by a person or animal per unit of time. Dosimeter. An instrument for measuring and registering total accumulated exposure to ionizing radiation. Dual Technology Sensors. Sensors that combine two different technologies in one unit. Duress Alarm Devices. Also known as panic buttons, these devices are designated specifically to initiate a panic alarm. E Effective Standoff Distance. A standoff distance at which the required level of protection can be shown to be achieved through analysis or can be achieved through building hardening or other mitigating construction or retrofit. Electromagnetic Pulse (EMP). A sharp pulse of energy radiated instantaneously by a nuclear detonation which may affect or damage electronic components and equipment. EMP can also be generated in lesser intensity by non-nuclear means in specific frequency ranges to perform the same disruptive function. Electronic Emanations. Electro-magnetic emissions from computers, communications, electronics, wiring and related equipment. Electronic-Emanations Eavesdropping. Use of electronic-emana-tion surveillance equipment from outside a facility or its restricted area to monitor electronic emanations from computers, communications, and related equipment. Electronic Entry Control Systems. Electronic devices which automatically verify authorization for a person to enter or exit a controlled area. Electronic Security System. An integrated system which encompasses interior and exterior sensors, closed-circuit television systems for assessment of alarm conditions, electronic entry control systems, data transmission media, and alarm reporting systems for monitoring, control, and display of various alarm and system information. Emergency. Any natural or man-caused situation that results in or may result in substantial injury or harm to the population or substantial damage to or loss of property. Emergency Alert System. A communications system of broadcast stations and interconnecting facilities authorized by the Federal Communication Commission. The system provides the President and other national, state, and local officials the means to broadcast emergency information to the public before, during, and after disasters. Emergency Environmental Health Services. Services required to correct or improve damaging environmental health effects on humans, including inspection for food contamination, inspection for water contamination, and vector control; providing for sewage and solid waste inspection and disposal; cleanup and disposal of hazardous materials; and sanitation inspection for emergency shelter facilities. Emergency Medical Services. Services including personnel, facilities, and equipment required to ensure proper medical care for the sick and injured from the time of injury to the time of final disposition, including medical disposition within a hospital, temporary medical facility, or special care facility, release from site, or declared dead. Further, emergency medical services specifically include those services immediately required to ensure proper medical care and specialized treatment for patients in a hospital and coordination of related hospital services. Emergency Mortuary Services. Services required to assure adequate death investigation, identification, and disposition of bodies; removal, temporary storage, and transportation of bodies to temporary morgue facilities; notification of next of kin; and coordination of mortuary services and burial of unclaimed bodies. Emergency Operations Center. The protected site from which state and local civil government officials coordinate, monitor, and direct emergency response activities during an emergency. Emergency Operations Plan. A document that: describes how people and property will be protected in disaster and disaster threat situations; details who is responsible for carrying out specific actions; identifies the personnel, equipment, facilities, supplies, and other resources available for use in the disaster; and outlines how all actions will be coordinated. Emergency Planning Zones. Areas around a facility for which planning is needed to ensure prompt and effective actions are taken to protect the health and safety of the public if an accident or disaster occurs. In the Radiological Emergency Preparedness Program the two EPZÕs are: Plume Exposure Pathway (10-mile EPZ). A circular geographic zone (with a 10-mile radius centered at the nuclear power plant) for which plans are developed to protect the public against exposure to radiation emanating from a radioactive plume caused as a result of an accident at the nuclear power plant. Ingestion Pathway (50-mile EPZ). A circular geographic zone (with a 50-mile radius centered at the nuclear power plant) for which plans are developed to protect the public from the ingestion of water or ford contaminated as a result of a nuclear power plant accident. In Chemical Stockpile Emergency Preparedness Program, the EPZ is divided into three concentric circular zones: Immediate Response Zone (IRZ). A circular zone ranging from 10 to 15 kilometers (6 to 9 miles) from the potential chemical event source, depending on the stockpile location on-post. Emergency response plans developed for the IRZ must provide for the most rapid and effective protective actions possible, since the IRZ will have the highest concentration of agent and the least amount of warning time. Protective Action Zone (PAZ). An area that extends beyond the IRZ to approximately 16 to 50 kilometers (10 to 30 miles) from the stockpile location. The PAZ is that area where public protective actions may still be necessary in case of an accidental release of chemical agent, but where the available warning and response time is such that most people could evacuate. However, other responses (e.g., sheltering) may be appropriate for institutions and special populations that could not evacuate within the available time. Precautionary Zone (PZ). The outermost portion of the EPZ for CSEPP, extending from the PAZ outer boundary to a distance where the risk of adverse impacts to humans is negligible. Because of the increased warning and re- sponse time available for implementation of response actions in the PZ, detailed local emergency planning is not required, although consequence management planning may be appropriate. Emergency Public Information. Information which is disseminated primarily in anticipation of an emergency or at the actual time of an emergency and in addition to providing information, frequently directs actions, instructs, and transmits direct orders. Emergency Response Team (ERT). An interagency team, consisting of the lead representative from each federal department or agency assigned primary responsibility for an ESF and key members of the FCOÕs staff, formed to assist the FCO in carrying out his/her coordination responsibilities. Emergency Response Team Advance Element (ERT-A). For federal disaster response and recovery activities under the Stafford Act, the portion of the ERT that is first deployed to the field to respond to a disaster incident. The ERT-A is the nucleus of the full ERT. Emergency Response Team National (ERT-N). An ERT that has been established and rostered for deployment to catastrophic disasters where the resources of the FEMA Region have been, or are expected to be, overwhelmed. Three ERT-Ns have been established. Emergency Support Function (ESF). In the Federal Response Plan (FRP), a functional area of response activity established to facilitate the delivery of federal assistance required during the immediate response phase of a disaster to save lives, protect property and public health, and to maintain public safety. ESFs represent those types of federal assistance which the state will most likely need because of the impact of a catastrophic or significant disaster on its own resources and response capabilities, or because of the specialized or unique nature of the assistance required. ESF missions are designed to supplement state and local response efforts. Emergency Support Team (EST). An interagency group operating from FEMA headquarters. The EST oversees the national-level response support effort under the FRP and coordinates activities with the ESF primary and support agencies in supporting federal requirements in the field. Entity-Wide Security. Planning and management that provides a framework and continuing cycle of activity for managing risk, developing security policies, assigning responsibilities, and monitoring the adequacy of the entityÕs physical and cyber secu- rity controls. Entry Control Point. A continuously or intermittently manned station at which entry to sensitive or restricted areas is controlled. Entry-Control Stations. Entry-control stations should be provided at main perimeter entrances where security personnel are present. Entry-control stations should be located as close as practical to the perimeter entrance to permit personnel inside the station to maintain constant surveillance over the entrance and its approaches. Equipment Closet. A room where field control equipment such as data gathering panels and power supplies are typically located. Evacuation. Organized, phased, and supervised dispersal of people from dangerous or potentially dangerous areas. Evacuation, Spontaneous. Residents or citizens in the threatened areas observe an emergency event or receive unofficial word of an actual or perceived threat and without receiving instructions to do so, elect to evacuate the area. Their movement, means, and direction of travel is unorganized and unsupervised. Evacuation, Voluntary. This is a warning to persons within a designated area that a threat to life and property exists or is likely to exist in the immediate future. Individuals issued this type of waning or order are NOT required to evacuate, however it would be to their advantage to do so. Evacuation, Mandatory or Directed. This is a warning to persons within the designated area that an imminent threat to life and property exists and individuals MUST evacuate in accordance with the instructions of local officials. Evacuees. All persons removed or moving from areas threatened or struck by a disaster. Exclusion Area. A restricted area containing a security interest. Uncontrolled movement permits direct access to the item. See controlled area and limited area. Exclusive Zone. An area around an asset which has controlled entry with highly restrictive access. See controlled area. Explosives Disposal Container. A small container into which small quantities of explosives may be placed to contain their blast pressures and fragments if the explosive detonates. F Facial Recognition. A biometric technology that is based on features of the human face. Federal Coordinating Officer (FCO). The person appointed by the FEMA Director to coordinate federal assistance in a Presidentially declared emergency or major disaster. Federal On-Scene Commander. The FBI official designated upon JOC activation to ensure appropriate coordination of the overall U.S. Government response with federal, state and local authori-ties, until such time as the Attorney General transfers the LFA role to FEMA. Federal Response Plan (FRP). The FRP establishes a process and structure for the systematic, coordinated, and effective delivery of federal assistance to address the consequences of any major disaster or emergency. Fence Protection. An intrusion detection technology that detects a person crossing a fence by various methods such as climbing, crawling, cutting, etc. Fence Sensors. Exterior intrusion detection sensors which detect aggressors as they attempt to climb over, cut through, or otherwise disturb a fence. Fiber Optics. A method of data transfer by passing bursts of light through a strand of glass or clear plastic. Field Assessment Team (FAsT). A small team of pre-identified technical experts that conduct an assessment of response needs (not a PDA) immediately following a disaster. Field of View. The visible area in a video picture. First Responder. Local police, fire, and emergency medical personnel who first arrive on the scene of an incident and take action to save lives, protect property, and meet basic human needs. Flash Flood. Follows a situation in which rainfall is so intense and severe and runoff so rapid that it precludes recording and relating it to stream stages and other information in time to forecast a flood condition. Flood. A general and temporary condition of partial or complete inundation of normally dry land areas from overflow of inland or tidal waters, unusual or rapid accumulation or runoff of surface waters, or mudslides/mudflows caused by accumulation of water. Forced Entry. Entry to a denied area achieved through force to create an opening in fence, walls, doors, etc., or to overpower guards. Fragment Retention Film. A thin, optically clear film applied to glass to minimize the spread of glass fragments when the glass is shattered. Frame Rate. In digital video, a measurement of the rate of change in a series of pictures, often measured in frames per second (fps). Frangible Construction. Building components which are designed to fail to vent blast pressures from an enclosure in a controlled manner and direction. G Glare Security-Lighting. Illumination projected from a secure perimeter into the surrounding area making it possible to see potential intruders at a considerable distance while making it difficult to observe activities within the secure perimeter. Glass-Break Detector. Intrusion detection sensors that are designed to detect breaking glass either through vibration or acoustics. Glazing. A material installed in a sash, ventilator, or panes such as glass, plastic, etc., including material such as thin granite installed in a curtain wall. GovernorÕs Authorized Representative. The person empowered by the Governor to execute, on behalf of the State, all necessary documents for disaster assistance. Grid Wire Sensors. Intrusion detection sensors that use a grid of wires to cover a wall or fence. An alarm is sounded if the wires are cut. H Hand Geometry. A biometric technology that is based on characteristics of the human hand. Hazard. A source of potential danger or adverse condition. Hazard Mitigation. Any action taken to reduce or eliminate the long-term risk to human life and property from hazards. The term is sometimes used in a stricter sense to mean cost-effective measures to reduce the potential for damage to a facility or facilities from a disaster event. Hazardous Material. Any substance or material that when involved in an accident and released insufficient quantities, poses a risk to peopleÕs health, safety, and/or property. These substances and materials include explosives, radioactive materials, flammable liquids or solids, combustible liquids or solids, poisons, oxidizers, toxins, and corrosive materials. High-Hazard Areas. Geographic locations that for planning purposes have been determined through historical experience and vulnerability analysis to be likely to experience the effects of a specific hazard (e.g., hurricane, earthquake, hazardous materials accident, etc.) resulting in vast property damage and loss of life. High-Risk Target. Any material resource or facility that, because of mission sensitivity, ease of access, isolation, and symbolic value, may be an especially attractive or accessible terrorist target. Human-Caused Hazard. Human caused hazards are technological hazards and terrorism. These are distinct from natural hazards primarily in that they originate from human activity. Within the military services, the term threat is typically used for human-caused hazard. See definitions of technological hazards and terrorism for further information. Hurricane. A tropical cyclone, formed in the atmosphere over warm ocean areas, in which wind speeds reach 74 miles per hour or more and blow in a large spiral around a relatively calm center or Ôeye.Õ Circulation is counter-clockwise in the Northern Hemisphere and clockwise in the Southern Hemisphere. Impact Analysis. A management level analysis which identifies the impacts of losing the entityÕs resources. The analysis measures the effect of resource loss and escalating losses over time in order to provide the entity with reliable data upon which to base decisions on hazard mitigation and continuity planning. Incident Command System. A standardized organizational structure used to command, control, and coordinate the use of resources and personnel that have responded to the scene of an emergency. The concepts and principles for ICS include common terminology, modular organization, integrated communication, unified command structure, consolidated action plan, manageable span of control, designated incident facilities, and comprehensive resource management. Insider Compromise. A person authorized access to a facility (an insider) compromises assets by taking advantage of that accessibility. Intercom Door/Gate Station. Part of an intercom system where communication is typically initiated, usually located at a door or gate. Intercom Master Station. Part of an intercom system that monitors one or more intercom door/gate stations; typically, where initial communication is received. Intercom Switcher. Part of an intercom system that controls the flow of communications between various stations. Intercom System. An electronic system that allows simplex, half-duplex, or full- duplex audio communications. International Terrorism. Violent acts or acts dangerous to human life that are a violation of the criminal laws of the United States or any state, or that would be a criminal violation if committed within the jurisdiction of the United States or any state. These acts appear to be intended to intimidate or coerce a civilian population, influence the policy of a government by intimidation or coercion, or affect the conduct of a government by assassination or kidnapping. International terrorist acts occur outside the United States, or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to coerce or intimidate, or the locale in which their perpetrators operate or seek asylum. Intrusion Detection Sensors. Devices that initiate alarm signals by sensing the stimulus, change, or condition for which they were designed. Intrusion Detection System. The combination of components, including sensors, control units, transmission lines, and monitor units, integrated to operate in a specified manner. Isolated Fenced Perimeters. Fenced perimeters with 100 feet or more of space outside the fence that is clear of obstruction making approach obvious. J Jersey Barrier. A protective concrete barrier initially and still used as a highway divider and now functions as an expedient method for traffic speed control at entrance gates and to keep vehicles away from buildings. Joint Information Center (JIC). A central point of contact for all news media near the scene of a large-scale disaster. News media representatives are kept informed of activities and events by public information officials who represent all participating federal, state, and local agencies that are collocated at the JIC. Joint Interagency Intelligence Support Element (JIISE). An interagency intelligence component designed to fuse intelligence information from the various agencies participating in a response to a WMD threat or incident within an FBI JOC. The JIISE is an expanded version of the investigative/intelligence component which is part of the standardized FBI command post structure. The JIISE manages five functions including: security, collections management, current intelligence, exploitation, and dissemination. Joint Information System (JIS). Under the FRP, connection of public affairs personnel, decision-makers, and news centers by electronic mail, fax, and telephone when a single federal/state/ local JIC is not a viable option. Joint Operations Center. Established by the LFA under the operational control of the Federal OSC, as the focal point for management and direction of on-site activities, coordination/es-tablishment of state requirements/priorities, and coordination of the overall federal response. Jurisdiction. Typically counties and cities within a state, but states may elect to define differently in order to facilitate their assessment process. L Laminated Glass. A flat lite of uniform thickness consisting of two monolithic glass plies bonded together with an interlayer material as defined in Specification C1172. Many different interlayer materials are used in laminated glass. Landscaping. The use of plantings (shrubs and trees), with or without landforms and/or large boulders, to act as a perimeter barrier against defined threats. Laser Card. A card technology that use a laser reflected off of a card for uniquely identifying the card. Layers of Protection. A traditional approach in security engineering using concentric circles extending out from an area to be protected as demarcation points for different security strategies. Lead Agency. The federal department or agency assigned lead responsibility under U.S. law to manage and coordinate the federal response in a specific functional area. Lead Federal Agency (LFA). The agency designated by the President to lead and coordinate the overall federal response is referred to as the LFA and is determined by the type of emergency. In general, an LFA establishes operational structures and procedures to assemble and work with agencies providing direct support to the LFA in order to provide an initial assessment of the situation, develop an action plan, monitor and update operational priorities, and ensure each agency exercises its concurrent and distinct authorities under U.S. law and supports the LFA in carrying out the PresidentÕs relevant policy. Specific responsibili-ties of an LFA vary according to the agencyÕs unique statutory authorities. Level of Protection. The degree to which an asset is protected against injury or damage from an attack. Liaison. An agency official sent to another agency to facilitate interagency communications and coordination. Limited Area. A restricted area within close proximity of a security interest. Uncontrolled movement may permit access to the item. Escorts and other internal restrictions may prevent access to the item. See controlled area and exclusion area. Line of Sight. Direct observation between two points with the naked eye or hand-held optics. Line-of-Sight Sensor. A pair of devices used as an intrusion detection sensor that monitor any movement through the field between the sensors. Line Supervision. A data integrity strategy that monitors the communications link for connectivity and tampering. In intrusion detection system sensors, line supervision is often referred to as two-state, three-state, or four-state in respect to the number of conditions monitored. The frequency of sampling the link also plays a big part in the supervision of the line. Local Government. Any county, city, village, town, district, or political subdivision of any state, and Indian tribe or authorized tribal organization, or Alaska Native village or organization, including any rural community or unincorporated town or village or any other public entity. M Magnetic Lock. An electro-magnetic lock that unlocks a door when power is removed. Magnetic Stripe. A card technology that use a magnetic stripe on the card to encode data used for unique identification of the card. Mail-Bomb Delivery. Bombs or incendiary devices delivered to the target in letters or packages. Man-Trap. An access control strategy that use a pair of interlocking doors to prevent tailgating. Only one door can be unlocked at a time. Mass Care. The actions that are taken to protect evacuees and other disaster victims from the effects of the disaster. Activities include providing temporary shelter, food, medical care, clothing, and other essential life support needs to those people that have been displaced from their homes because of a disaster or threatened disaster. Mass Notification. Capability to provide real-time information to all building occupants or personnel in the immediate vicinity of a building during emergency situations. Microwave Motion Sensors. Intrusion detection sensors that uses microwave energy to sense movement within the sensors field of view. These sensors work similar to radar by using the Doppler effect to measure a shift in frequency. Military Installations. Army, Navy, Air Force, and Marine Corps bases, posts, stations, and annexes (both contractor and Government operated), hospitals, terminals, and other special mission facilities, as well as those used primarily for military purposes. Minimum Essential Infrastructure Resource Elements. The broad categories of resources, all or portions of which constitute the minimal essential infrastructure necessary for a department, agency or organization to conduct its core mission(s). Minimum Measures. Protective measures that can be applied to all buildings regardless of the identified threat. These measures offer defense or detection opportunities for minimal cost, facilitate future upgrades, and may deter acts of aggression. Mitigation. Those actions taken to reduce the exposure to and impact of an attack or disaster. Motion Detector. Intrusion detection sensor that changes state based on movement in the sensors field of view. Moving Vehicle Bomb. An explosive-laden car or truck driven into or near a building and detonated. Mutual Aid Agreement. A pre-arranged agreement developed between two or more entities to render assistance to the parties of the agreement. N Natural Hazard. Naturally occurring events such as floods, earthquakes, tornadoes, tsunami, coastal storms, landslides, and wildfires that strike populated areas. A natural event is a hazard when it has the potential to harm people or property (FEMA 3862, Understanding Your Risks). The risks of natural hazards may be increased or decreased as a result of human activity. However, they are not inherently human-induced. Protective Barriers. Natural protective barriers are mountains and deserts, cliffs and ditches, water obstacles, or other terrain features that are difficult to traverse. Non-Exclusive Zone. An area around an asset that has controlled entry but shared or less restrictive access than an exclusive zone. Non-Persistent Agent. An agent that, upon release, loses its ability to cause casualties after 10 to 15 minutes. It has a high evaporation rate, is lighter than air, and will disperse rapidly. It is considered to be a short-term hazard; however, in small, unventilated areas, the agent will be more persistent. Nuclear, Biological or Chemical Weapons. Also called Weapons of Mass Destruction (WMD). Weapons that are characterized by their capability to produce mass casualties. Nuclear Detonation. An explosion resulting from fission and/or fusion reactions in nuclear material, such as that from a nuclear weapon. O On-Scene Coordinator (OSC). The federal official pre-desig-nated by the EPA and U.S. Coast Guard to coordinate and direct response and removals under the National Oil and Hazardous Substances Pollution Contingency Plan. Open System Architecture. A term borrowed from the IT industry to claim that systems are capable of interfacing with other systems from any vendor, which also uses open system architecture. The opposite would be a proprietary system. Operator Interface. The part of a security management system that provides that user interface to humans. Organizational Areas of Control. Controls consist of the policies, procedures, practices and organization structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. P Passive Infrared Motion Sensors. Devices that detect a change in the thermal energy pattern caused by a moving intruder and ini-tiate an alarm when the change in energy satisfies the detectorÕs alarm-criteria. Passive Vehicle Barrier. A vehicle barrier which is permanently deployed and does not require response to be effective. Patch Panel. A concentrated termination point that separates backbone cabling from devices cabling for easy maintenance and troubleshooting. Perimeter Barrier. A fence, wall, vehicle barrier, landform, or line of vegetation applied along an exterior perimeter used to obscure vision, hinder personnel access, or hinder or prevent vehicle access. Persistent Agent. An agent that, upon release, retains its casualty-producing effects for an extended period of time, usually anywhere from 30 minutes to several days. A persistent agent usually has a low evaporation rate and its vapor is heavier than air; therefore, its vapor cloud tends to hug the ground. It is considered to be a long-term hazard. Although inhalation hazards are still a concern, extreme caution should be taken to avoid skin contact as well. Physical Security. The part of security concerned with measures/ concepts designed to safeguard personnel; to prevent unauthorized access to equipment, installations, materiel, and documents; and to safeguard them against espionage, sabotage, damage, and theft. Planter Barrier. A passive vehicle barrier, usually constructed of concrete and filled with dirt (and flowers for aesthetics). Planters, along with bollards, are the usual street furniture used to keep vehicles away from existing buildings. Overall size and the depth of installation below grade determine the vehicle stopping capability of the individual planter. Plume. Airborne material spreading from a particular source; the dispersal of particles, gases, vapors, and aerosols into the atmosphere. Polycarbonate Glazing. A plastic glazing material with enhanced resistance to ballistics or blast effects. Predetonation Screen. A fence which causes an anti-tank round to detonate or prevents it from arming before it reaches its target. Preliminary Damage Assessment. A mechanism used to determine the impact and magnitude of damage and the resulting unmet needs of individuals, businesses, the public sector, and the community as a whole. Information collected is used by the State as a basis for the GovernorÕs request for a Presidential declaration, and by FEMA to document the recommendation made to the President in response to the GovernorÕs request. PDAs are made by at least one state and one federal representative. A local government representative familiar with the extent and location of damage in the community often participates; other state and federal agencies and voluntary relief organizations also may be asked to participate, as needed. Preparedness. Establishing the plans, training, exercises, and resources necessary to enhance mitigation of and achieve readiness for response to, and recovery from all hazards, disasters, and emergencies including WMD incidents. Pressure Mat. A mat that generates an alarm when pressure is applied to any part of the matÕs surface, as when someone steps on the mat. Pressure mats can be used to detect an intruder approaching a protected object, or they can be placed by doors and windows to detect entry. Primary Asset. An asset which is the ultimate target for compromise by an aggressor. Primary Gathering Building. Inhabited buildings routinely occupied by 50 or more personnel. This designation applies to the entire portion of a building that meets the population density requirements for an inhabited building. Probability of Detection. A measure of an intrusion detection sensorÕs performance in detecting an intruder within its detection zone. Probability of Intercept. The probability that an act of aggression will be detected and that a response force will intercept the aggressor before the asset can be compromised. Progressive Collapse. A chain reaction failure of building members to an extent disproportionate to the original localized damage. Such damage may result in upper floors of a building collapsing onto lower floors. Protective Barriers. Define the physical limits of a site, activity, or area by restricting, channeling, or impeding access and forming a continuous obstacle around the object. Protective Measures. Elements of a protective system which protect an asset against a threat. Protective measures are divided into defensive and detection measures. Protective System. An integration of all of the protective measures required to protect an asset against the range of threats applicable to the asset. Proximity Sensors. Intrusion detection sensors that change state based on the close distance or contact of a human to the sensor. These sensors often measure the change in capacitance as a human body enters the measured field. Public Information Officer. A federal, state, or local government official responsible for preparing and coordinating the dissemination of emergency public information. R Radiation. High-energy particles or gamma rays that are emitted by an atom as the substance undergoes radioactive decay. Par- ticles can be either charged alpha or beta particles or neutral neutron or gamma rays. Radiation Sickness. The symptoms characterizing the sickness known as radiation injury, resulting from excessive exposure of the whole body to ionizing radiation. Radiological Monitoring. The process of locating and measuring radiation by means of survey instruments that can detect and measure (as exposure rates) ionizing radiation. Recovery. The long-term activities beyond the initial crisis period and emergency response phase of disaster operations that focus on returning all systems in the community to a normal status or to reconstitute these systems to a new condition that is less vulnerable. Regional Operating Center (ROC). The temporary operations facility for the coordination of federal response and recovery activities located at the FEMA Regional Office (or Federal Regional Center) and led by the FEMA Regional Director or Deputy Director until the DFO becomes operational. Once the ERT-A is deployed, the ROC performs a support role for federal staff at the disaster scene. Report Printers. A separate, dedicated printer attached to the electronic security systems used for generating reports using information stored by the central computer. Request-To-Exit Device. Passive infrared motion sensors or push buttons that are used to signal an electronic entry system that egress is imminent or to unlock a door. Resolution. The level to which video details can be determined in a CCTV scene is referred to as resolving ability or resolution. Resource Management. Those actions taken by a government to: identify sources and obtain resources needed to support disaster response activities; coordinate the supply, allocation, distribution, and delivery of resources so that they arrive where and when most needed; and maintain accountability for the resources used. Response. Executing the plan and resources identified to perform those duties and services to preserve and protect life and property as well as provide services to the surviving population. Response Force. The people who respond to an act of aggression. Depending on the nature of the threat, the response force could consist of guards, special reaction teams, military or civilian police, an explosives ordnance disposal team, or a fire department. Response Time. The length of time from the instant an attack is detected to the instant a security force arrives onsite. Restricted Area. Any area with access controls that is subject to these special restrictions or controls for security reasons. See also controlled area, limited area, exclusion area, and exclusion zone. Retinal Pattern. A biometric technology that is based on features of the human eye. RF Data Transmission. A communication link using radio frequency to send or receive data. Risk. The potential for loss of, or damage to, an asset. It is measured based upon the value of the asset in relation to the threats and vulnerabilities associated with it. Rotating Drum or Rotating Plate Vehicle Barrier. An active vehicle barrier used at vehicle entrances to controlled areas based on a drum or plate rotating into the path of the vehicle when signaled. Routinely Occupied. For the purposes of these standards, an established or predictable pattern of activity within a building that terrorists could recognize and exploit. RS-232 Data. IEEE Recommended Standard 232; a point-to-point serial data protocol with a maximum effective distance of 50 feet. RS-422 Data. IEEE Recommended Standard 422; a point-to-point serial data protocol with a maximum effective distance of 4000 feet. RS-485 Data. IEEE Recommended Standard 485; a multi-drop serial data protocol with a maximum effective distance of 4000 feet. S Sacrificial Roof or Wall. Walls or roofs that can be lost in a blast without damage to the primary asset. Safe Haven. Secure areas within the interior of the facility. A safe haven should be designed such that it requires more time to penetrate by aggressors than it takes for the response force to reach the protected area to rescue the occupants. It may be a haven from a physical attack or air-isolated haven from CBR contamination. Scramble Keypad. A keypad that uses keys on which the numbers change pattern with each use to enhance security by preventing eavesdropping observation of the entered numbers. Secondary Asset. An asset which supports a primary asset and whose compromise would indirectly affect the operation of the primary asset. Secondary Hazard. A threat whose potential would be realized as the result of a triggering event that of itself would constitute an emergency. For example, dam failure might be a secondary hazard associated with earthquakes. Secure/Access Mode. The state of an area monitored by an intrusion detection system in regards to how alarm conditions are reported. Security Analysis. The method of studying the nature of and the relationship between assets, threats, and vulnerabilities. Security Console. Specialized furniture, racking, and related apparatus used to house the security equipment required in a control center. Security Engineering. The process of identifying practical, risk managed short and long-term solutions to reduce and/or mitigate dynamic man-made hazards by integrating multiple factors, including construction, equipment, manpower, and procedures. Security Engineering Design Process. The process through which assets requiring protection are identified, the threat to and vulnerability of those assets is determined, and a protective system is designed to protect the assets. Security Management System Database. In a Security Management System, a database that is transferred to various nodes or panels throughout the system for faster data processing and protection against communication link downtime. Security Management System Distributed Processing. In a Security Management System, a method of data processing at various nodes or panels throughout the system for faster data processing and protection against communication link downtime. Segregation of Duties. Policies, procedures, and an organizational structure established so that one individual cannot control key aspects of physical and/or computer-related operations and thereby conduct unauthorized actions or gain unauthorized access to minimum essential infrastructure resource elements. Semi-Isolated Fenced Perimeters. Fence lines where approach areas are clear of obstruction for 60 to 100 feet outside of the fence where there is little reason for the general public or other personnel seldom have reason to be in the area. Senior FEMA Official (SFO). The official appointed by the Director of FEMA, or his representative, that is responsible for deploying to the JOC to: (1) serve as the senior interagency consequence management representative on the Command Group; and (2) manage and coordinate activities taken by the Consequence Management Group. Serial Interface. An integration strategy for data transfer where components are connected in series. Shielded Wire. Wire with a conductive wrap used to mitigate electromagnetic emanations. Situational Crime Prevention. A crime prevention strategy based on reducing the opportunities for crime by increasing the effort required to commit a crime, increasing the risks associated with committing the crime, and reducing the target appeal or vulnerability (whether property or person). This opportunity reduction is achieved by management and use policies such as procedures and training, as well as physical approaches such as alteration of the built environment. Smart Card. A newer card technology that allows data to be written, stored, and read on a card typically used for identification and/or access. Software Level Integration. An integration strategy that use software to interface systems. An example of this would be digital video displayed in the same computer application window and linked to events of a security management system. Specific Threat. Known or postulated aggressor activity focused on targeting a particular asset. Standoff Distance. A distance maintained between a building or portion thereof and the potential location for an explosive detonation or other threat. Standoff Weapons. Weapons such as anti-tank weapons and mortars that are launched from a distance at a target. State Coordinating Officer. The person appointed by the Governor to coordinate State, Commonwealth, or Territorial response and recovery activities with FRP- related activities of the Federal Government, in cooperation with the FCO. State Liaison. A FEMA official assigned to a particular state, who handles initial coordination with the State in the early stages of an emergency. Stationary Vehicle Bomb. An explosive-laden car or truck stopped or parked near a building. Storm Surge. A dome of sea water created by the strong winds and low barometric pressure in a hurricane that causes severe coastal flooding as the hurricane strikes land. Strain-Sensitive Cable. Strain-sensitive cables are transducers that are uniformly sensitive along their entire length and generate an analog voltage when subject to mechanical distortions or stress resulting from fence motion. They are typically attached to a chain-link fence about halfway between the bottom and top of the fence fabric with plastic ties. Structural Protective Barriers. Man-made devices (such as fences, walls, floors, roofs, grills, bars, roadblocks, signs, or other construction) used to restrict, channel, or impede access. Superstructure. The supporting elements of a building above the foundation. Supplies-Bomb Delivery. Bombs or incendiary devices concealed and delivered to supply or material handling points such as loading docks. System Events. Events that occur normally in the operation of a security management system. Examples include access control operations and changes of state in intrusion detection sensors. System Software. Controls that limit and monitor access to the powerful programs and sensitive files that: (1) control the computer hardware; and (2) secure applications supported by the system. T Tactics. The specific methods of achieving the aggressorÕs goals to injure personnel, destroy assets, or steal materiel or information. Tamper Switch. Intrusion detection sensor that monitors an equipment enclosure for breach. Tangle-Foot Wire. Barbed wire or tape suspended on short metal or wooden pickets outside a perimeter fence to create an obstacle to approach. Taut-Wire Sensor. An intrusion detection sensor utilizing a column of uniformly spaced horizontal wires, securely anchored at each end and stretched taut. Each wire is attached to a sensor to indicate movement of the wire. Technical Assistance. The provisioning of direct assistance to states and local jurisdictions to improve capabilities for program development, planning, and operational performances related to responses to WMD terrorist incidents. Technological Hazard. Incidents that can arise from human activities such as manufacture, transportation, storage, and use of hazardous materials. For the sake of simplicity, it is assumed that technological emergencies are accidental and that their consequences are unintended. TEMPEST. An unclassified short name referring to investigations and studies of compromising emanations. It is sometimes used synonymously for the term Ôcompromising emanations;Õ e.g., TEMPEST tests, TEMPEST inspections. Terrorism. The unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives. Thermally Tempered Glass. Glass which is heat-treated to have a higher tensile strength and resistance to blast pressures, although a greater susceptibility to airborne debris. Threat. Any indication, circumstance, or event with the potential to cause loss of, or damage to an asset. Threat Analysis. A continual process of compiling and examining all available information concerning potential threats and hu-man-caused hazards. A common method to evaluate terrorist groups is to review the factors of existence, capability, intentions, history, and targeting. Time/Date Stamp. Data inserted into a CCTV video signal with the time and date of the video as it was created. TNT Equivalent Weight. The weight of TNT (trinitrotoluene) that has an equivalent energetic output to that of a different weight of another explosive compound. Tornado. A local atmospheric storm, generally of short duration, formed by winds rotating at very high speeds, usually in a counter-clockwise direction. The vortex, up to several hundred yards wide, is visible to the observer as a whirlpool-like column of winds rotating about a hollow cavity or funnel. Winds may reach 300 miles per hour or higher. Toxicity. A measure of the harmful effects produced by a given amount of a toxin on a living organism. Toxic-Free Area. An area within a facility in which the air supply is free of toxic chemical or biological agents. Triple-Standard Concertina (TSC) Wire. This type of fence uses three rolls of stacked concertina. One roll will be stacked on top of two rolls that run parallel to each other while resting on the ground, forming a pyramid. Tsunami. Sea waves produced by an undersea earthquake. Such sea waves can reach a height of 80 feet and can devastate coastal cities and low-lying coastal areas. Twisted Pair Wire. Wire that uses pairs of wires twisted together to mitigate electromagnetic interference. Two-Person Rule. A security strategy that requires two people to be present in or gain access to a secured area to prevent unobserved access by any individual. U Unobstructed Space. Space around an inhabited building without obstruction large enough to conceal explosive devices 150 mm (6 inches) or greater in height. Unshielded Wire. Wire that does not have a conductive wrap. V Vault. A reinforced room for securing items. Vertical Rod. Typical door hardware often used with a crash bar to lock a door by inserting rods vertically from the door into the doorframe. Vibration Sensors. Intrusion detection sensor that change state when vibration is present. Video Intercom System. An intercom system that also incorporates a small CCTV system for verification. Video Motion Detection. Motion detection technology that looks for changes in the pixels of a video image. Video Multiplexer. A device used to connect multiple video signals to a single location for viewing and/or recording. Visual Displays. A display or monitor used to inform the operator visually of the status of the electronic security system. Visual Surveillance. The aggressor uses ocular and photographic devices (such as binoculars and cameras with telephoto lenses) to monitor facility or installation operations or to see assets. Voice Recognition. A biometric technology that is based on nuances of the human voice. Volumetric Motion Sensors. Interior intrusion detection sensors which are designed to sense aggressor motion within a protected space. Vulnerability. Any weakness in an asset or mitigation measure than can be exploited by an aggressor (potential threat element), adversary or competitor. It refers to the organizationÕs susceptibility to injury. W Warning. The alerting of emergency response personnel and the public to the threat of extraordinary danger and the related effects that specific hazards may cause. Watch. Indication in a defined area, that conditions are favorable for the specified type of severe weather (e.g., flash flood watch, severe thunderstorm watch, tornado watch, tropical storm watch). Waterborne Contamination. Chemical, biological, or radiological introduced into and fouling a water supply. Weapons-Grade Material. Nuclear material considered most suitable for a nuclear weapon. It usually connotes uranium enriched to above 90% uranium-235 or plutonium with greater than about 90% plutonium-239. Weapons of Mass Destruction. Any explosive, incendiary, or poison gas, bomb, grenade, rocket having a propellant charge of more than 4 ounces, or a missile having an explosive incendiary charge of more than 0.25 ounce, or mine or device similar to the above; poison gas; weapon involving a disease organism; or weapon that is designed to release radiation or radioactivity at a level dangerous to human life. Any device, material, or substance used in a manner, in a quantity or type, or under circumstances evidencing an intent to cause death or serious injury to persons, or significant damage to property. Weigand Protocol. A security industry standard data protocol for card readers. Z Zoom. The ability of a CCTV camera to close and focus or open and widen the field of view. CBR GLOSSARY D GLOSSARY OF CHEMICAL TERMS A Acetylcholinesterase. An enzyme that hydrolyzes the neurotransmitter acetylcholine. The action of this enzyme is inhibited by nerve agents. Aerosol. Fine liquid or solid particles suspended in a gas; for example, fog or smoke. Atropine. A compound used as an antidote for nerve agents. Casualty (toxic) agents. Produce incapacitation, serious injury, or death. They can be used to incapacitate or kill victims. These agents are the choking, blister, nerve, and blood agents. Blister Agents. Substances that cause blistering of the skin. Exposure is through liquid or vapor contact with any exposed tissue (eyes, skin, lungs). Examples are distilled mustard (HD), nitrogen mustard (HN), lewisite (L), mus- tard/lewisite (HL), and phenodichloroarsine (PD). Blood Agents. Substances that injure a person by interfering with cell respiration (the exchange of oxygen and carbon dioxide between blood and tissues). Examples are arsine (SA), cyanogens chloride (CK), hydrogen chlo- ride, and hydrogen cyanide (AC). Choking/Lung/Pulmonary Agents. Substances that cause physical injury to the lungs. Exposure is through inhalation. In extreme cases, membranes swell and lungs become filled with liquid. Death results from lack of oxygen; hence, the victim is "choked." Examples are chlorine (CL), diphosgene (DP), cyanide, nitrogen oxide (NO), perflurorisobutylene (PHIB), phosgene (CG), red phos- phorous (RP), sulfur trioxide-chlorosulfonic acid (FS), Teflon and perflurorisobutylene (PHIB), titanium tetrachloride (FM) and zinc oxide (HC). Nerve Agents. Substances that interfere with the central nervous system. Exposure is primarily through contact with the liquid (skin and eyes) and secondarily through inhalation of the vapor. Three distinct symptoms associ- ated with nerve agents are: pin-point pupils, an extreme headache, and severe tightness in the chest. Also see G-se-ries and V-series nerve agents. Chemical agent. A chemical substance that is intended for use in military operations to kill, seriously injure, or incapacitate people through its physiological effects. Excluded from consideration are riot control agents, and smoke and flame materials. The agent may appear as a vapor, aerosol, or liquid; it can be either a casualty/toxic agent or an incapacitating agent. Cutaneous. Pertaining to the skin. D Decontamination. The process of making any person, object, or area safe by absorbing, destroying, neutralizing, making harmless, or removing the hazardous material. G G-series nerve agents. Chemical agents of moderate to high toxicity developed in the 1930s. Examples are tabun (GA), sarin (GB), soman (GD), phosphonofluoridic acid, ethyl-, 1methylethyl ester (GE) and cyclohexyl sarin (GF). I Incapacitating agents. Produce temporary physiological and/or mental effects via action on the central nervous system. Effects may persist for hours or days, but victims usually do not require medical treatment. However, such treatment speeds recovery. Vomiting agents. Produce nausea and vomiting effects, can also cause coughing, sneezing, pain in the nose and throat, nasal discharge, and tears. Examples are adamsite (DM), diphenylchloroarsine (DA), and diphenylcyanoarsine (DC). Tear (riot control) agents. Produce irritating or disabling effects that rapidly disappear within minutes after exposure ceases. Examples are bromobenzylcyanide (CA), chloroacetophenone (CN or commercially as Mace), chloropicrin (PS), CNB (CN in benzene and carbon tetrachloride), CNC (CN in chloroform), CNS (CN and chloropicrin in chloroform, CR (dibenz-(b,f)-1,4-oxazepine, a tear gas), CS (tear gas), and Capsaicin (pepper spray). Central nervous system depressants. Compounds that have the predominant effect of depressing or blocking the activity of the central nervous system. The primary mental effects include the disruption of the ability to think, sedation, and lack of motivation. Central nervous system stimulants. Compounds that have the predominant effect of flooding the brain with too much information. The primary mental effect is loss of concentration, causing indecisiveness and the inability to act in a sustained, purposeful manner. Examples of the depressants and stimulants include agent 15 (suspected Iraqi BZ), BZ (3-quinulidinyle benzilate), canniboids, fentanyls, LSD (lysergic acid diethylamide), and phenothiazines. Industrial agents. Chemicals developed or manufactured for use in industrial operations or research by industry, government, or academia. These chemicals are not primarily manufactured for the specific purpose of producing human casualties or rendering equipment, facilities, or areas dangerous for use by man. Hydrogen cyanide, cyanogen chloride, phosgene, chloropicrin and many herbicides and pesticides are industrial chemicals that also can be chemical agents. L Liquid agent. A chemical agent that appears to be an oily film or droplets. The color ranges from clear to brownish amber. N Nonpersistent agent. An agent that upon release loses its ability to cause casualties after 10 to 15 minutes. It has a high evaporation rate and is lighter than air and will disperse rapidly. It is considered to be a short-term hazard. However, in small unventilated areas, the agent will be more persistent. O Organophosphorous compound. A compound, containing the elements phosphorus and carbon, whose physiological effects include inhibition of acetylcholinesterase. Many pesticides (malathione and parathion) and virtually all nerve agents are organophosphorous compounds. P Percutaneous agent. Able to be absorbed by the body through the skin. Persistent agent. An agent that upon release retains its casualty-producing effects for an extended period of time, usually anywhere from 30 minutes to several days. A persistent agent usually has a low evaporation rate and its vapor is heavier than air. Therefore, its vapor cloud tends to hug the ground. It is considered to be a long-term hazard. Although inhalation hazards are still a concern, extreme caution should be taken to avoid skin contact as well. Protection. Any means by which an individual protects his body. Measures include masks, self-contained breathing apparatuses, clothing, structures such as buildings, and vehicles. V-series nerve agents. Chemical agents of moderate to high toxicity developed in the 1950s. They are generally persistent. Examples are VE (phosphonothioic acid, ethyl-, S-[2-(diethylamino)ethyl] O-ethyl ester), VG (phosphorothioic acid, S-[2- (diethylamino)ethyl] O,O-diethyl ester), VM (phosphonothioic acid, methyl-, S-[2- (diethylamino)ethyl] O-ethyl ester), VS (phosphonothioic acid, ethyl-, S-[2-[bis(1- methylethyl)amino]ethyl] O-ethyl ester), and VX (phosphonothioic acid, methyl-, S- [2-[bis(1-methylethyl)amino]ethyl] O-ethyl ester). Vapor agent. A gaseous form of a chemical agent. If heavier than air, the cloud will be close to the ground. If lighter than air, the cloud will rise and disperse more quickly. Volatility. A measure of how readily a substance will vaporize. Placards Associated With Chemical Incidents Gases Ð Toxic and/or Corrosive Substances Ð Toxic (Combustible) A Aerosol. Fine liquid or solid particles suspended in a gas; for example, fog or smoke. Antibiotic. A substance that inhibits the growth of or kills microorganisms. Antisera. The liquid part of blood containing antibodies, that react against disease causing agents such as those used in biological warfare. B Bacteria. Single-celled organisms that multiply by cell division and that can cause disease in humans, plants, or animals. Biochemicals. The chemicals that make up or are produced by living things. Biological warfare agents. Living organisms or the materials derived from them that cause disease in or harm to humans, animals, or plants, or cause deterioration of material. Biological agents may be used as liquid droplets, aerosols, or dry powders. Biological warfare. The intentional use of biological agents as weapons to kill or injure humans, animals, or plants, or to damage equipment. Bioregulators. Biochemicals that regulate bodily functions. Bioregulators that are produced by the body are termed "endogenous." Some of these same bioregulators can be chemically synthesized. C Causative agent. The organism or toxin that is responsible for causing a specific disease or harmful effect. Contagious. Capable of being transmitted from one person to another. Culture. A population of micro-organisms grown in a medium. D Decontamination. The process of making people, objects, or areas safe by absorbing, destroying, neutralizing, making harmless, or removing the hazardous material. F Fungi. Any of a group of plants mainly characterized by the absence of chlorophyll, the green colored compound found in other plants. Fungi range from microscopic single-celled plants (such as molds and mildews) to large plants (such as mush- rooms). H Host. An animal or plant that harbors or nourishes another organism. Incapacitating agent. Agents that produce physical or psychological effects, or both, that may persist for hours or days after exposure, rendering victims incapable of performing normal physical and mental tasks. Infectious agents. Biological agents capable of causing disease in a susceptible host. Infectivity. (1) The ability of an organism to spread. (2) The number of organisms required to cause an infection to secondary hosts. (3) The capability of an organism to spread out from the site of infection and cause disease in the host organism. Infectivity also can be viewed as the number of organisms required to cause an infection. L Line-source delivery system. A delivery system in which the biological agent is dispersed from a moving ground or air vehicle in a line perpendicular to the direction of the prevailing wind. (See also "point-source delivery system.") M Mycotoxin. A toxin produced by fungi. Microorganism. Any organism, such as bacteria, viruses, and some fungi, that can be seen only with a microscope. N Nebulizer. A device for producing a fine spray or aerosol. O Organism. Any individual living thing, whether animal or plant. P Parasite. Any organism that lives in or on another organism without providing benefit in return. Pathogen. Any organism (usually living) capable of producing serious disease or death, such as bacteria, fungi, and viruses. Pathogenic agents. Biological agents capable of causing serious disease. Point-source delivery system. A delivery system in which the biological agent is dispersed from a stationary position. This delivery method results in coverage over a smaller area than with the line-source system. (See also "line-source delivery system.") R Route of exposure (entry). The path by which a person comes into contact with an agent or organism; for example, through breathing, digestion, or skin contact. Single-cell protein. Protein-rich material obtained from cultured algae, fungi, protein and bacteria, and often used as food or animal feed. GLOSSARY OF RADIOLOGICAL TERMS A Acute radiation Syndrome. Consists of three levels of effects: hernatopoletic (blood cells, most sensitive); gastrointestinal (GI cells, very sensitive); and central nervous system (brain/muscle cells, insensitive). The initial signs and symptoms are nausea, vomiting, fatigue, and loss of appetite. Below about 200 rems, these symptoms may be the only indication of radiation exposure. Alpha particle (¥). The alpha particle has a very short range in air and a very low ability to penetrate other materials, but it has a strong ability to ionize materials. Alpha particles are unable to penetrate even the thin layer of dead cells of human skin and consequently are not an external radiation hazard. Alpha-emit-ting nuclides inside the body as a result of inhalation or ingestion are a considerable internal radiation hazard. B Beta particles (§). High-energy electrons emitted from the nucleus of an atom during radioactive decay. They normally can be stopped by the skin or a very thin sheet of metal. C Cesium-137 (Cs-137). A strong gamma ray source and can contaminate property, entailing extensive clean-up. It is commonly used in industrial measurement gauges and for irradiation of material. Half-life is 30.2 years. Cobalt-60 (Co-60). A strong gamma ray source, and is extensively used as a radiotherapeutic for treating cancer, food and material irradiation, gamma radiography, and industrial measurement gauges. Half-life is 5.27 years. Curie (Ci). A unit of radioactive decay rate defined as 3.7 x 1010 disintegrations per second. D Decay. The process by which an unstable element is changed to another isotope or another element by the spontaneous emission of radiation from its nucleus. This process can be measured by using radiation detectors such as Geiger counters. Decontamination. The process of making people, objects, or areas safe by absorbing, destroying, neutralizing, making harmless, or removing the hazardous material. Dose. A general term for the amount of radiation absorbed over a period of time. Dosimeter. A portable instrument for measuring and registering the total accumulated dose to ionizing radiation. G Gamma rays (¥). High-energy photons emitted from the nucleus of atoms; similar to x rays. They can penetrate deeply into body tissue and many materials. Cobalt-60 and Cesium-137 are both strong gamma-emitters. Shielding against gamma radiation re- quires thick layers of dense materials, such as lead. Gamma rays are potentially lethal to humans. H Half-life. The amount of time needed for half of the atoms of a radioactive material to decay. Highly enriched uranium (HEU). Uranium that is enriched to above 20% Uranium- 235 (U-235). Weapons-grade HEU is enriched to above 90% in U-235. I Ionize. To split off one or more electrons from an atom, thus leaving it with a positive electric charge. The electrons usually attach to one of the atoms or molecules, giving them a negative charge. Iridium-192. A gamma-ray emitting radioisotope used for gamma- radiography. The half-life is 73.83 days. Isotope. A specific element always has the same number of protons in the nucleus. That same element may, however, appear in forms that have different numbers of neutrons in the nucleus. These different forms are referred to as "isotopes" of the ele- ment. For example, deuterium (2H) and tritium (3H) are isotopes of ordinary hydrogen (H). L Lethal dose (50/30). The dose of radiation expected to cause death within 30 days to 50% of those exposed without medical treatment. The generally accepted range from 400-500 rem received over a short period of time. N Nuclear reactor. A device in which a controlled, self-sustaining nuclear chain reaction can be maintained with the use of cooling to remove generated heat. P Plutonium-239 (Pu-239). A metallic element used for nuclear weapons. The half- life is 24,110 years. R Rad. A unit of absorbed dose of radiation defined as deposition of 100 ergs of energy per gram of tissue. A rad amounts to approximately one ionization per cubic micron. Radiation. High energy alpha or beta particles or gamma rays that are emitted by an atom as the substance undergoes radioactive decay. Radiation sickness. Symptoms resulting from excessive exposure to radiation of the body. Radioactive waste. Disposable, radioactive materials resulting from nuclear operations. Wastes are generally classified into two categories, high-level and low- level waste. Radiological Dispersal Device (RDD). A device (weapon or equipment), other than a nuclear explosive device, designed to disseminate radioactive material in order to cause destruction, damage, or injury by means of the radiation produced by the decay of such material. Radioluminescence. The luminescence produced by particles emitted during radioactive decay. REM or rem. A Roentgen Man Equivalent is a unit of absorbed dose that takes into account the relative effectiveness of radiation that harms human health. S Spore. A reproductive form some micro-organisms can take to become resistant to environmental conditions, such as extreme heat or cold, while in a "resting stage." T Toxicity. A measure of the harmful effect produced by a given amount of a toxin on a living organism. The relative toxicity of an agent can be expressed in milligrams of toxin needed per kilogram of body weight to kill experimental animals. Toxins. Poisonous substances produced by living organisms. Vaccine. A preparation of killed or weakened microorganism products used to artificially induce immunity against a disease. Vector. An agent, such as an insect or rat, capable of transferring a pathogen from one organism to another. Venom. A poison produced in the glands of some animals; for example, snakes, scorpions, or bees. Virus. An infectious micro-organism that exists as a particle rather than as a complete cell. Particle sizes range from 20 to 400 manometers (one-billionth of a meter). Viruses are not capable of reproducing outside of a host cell. ACRONYMS E A AA&E Arms, Ammunition, and Explosives AAR After Action Report ACL Access Control Lists ACP access control point AECS Automated Entry Control System AFMAN Air Force Manual AFJMAN Air Force Joint Manual, also may be known as AFMAN (I) for Air Force ManualALERT Automated Local Evaluation in Real Time AMS Aerial Measuring System ANS alert and notification system ANSI American National Standards Institute ANSIR Awareness of National Security Issues and Response Program AOR Area of Responsibility AP Armor Piercing APHL Agency for Public Health Laboratories ARAC Atmospheric Release Advisory Capability ARC American Red Cross ARG Accident Response Group ARS Agriculture/Research Service ASTHO Association for State and Territorial Health Officials AT Antiterrorism ATC Air Traffic Control ATSD(CS) Assistant to the Secretary of Defense for Civil Support ATSDR Agency for Toxic Substances and Disease Registry B BCA Benefit-Cost Analysis BCP Business Continuity Plan BDC Bomb Data Center C CAMEO Computer-Aided Management of Emergency Operations CB Citizens Band CBIAC Chemical and Biological Defense Information and Analysis Center CBR Chemical, Biological, or Radiological CBRNE Chemical, Biological, Radiological, Nuclear Material, or High-Yield Explosive CCTV Closed-Circuit Television CDC Centers for Disease Control and Prevention CDR Call Detail Report CDRG Catastrophic Disaster Response Group CEO Chief Executive Officer CEPPO Chemical Emergency Preparedness and Prevention Office CERCLA Comprehensive Environmental Response, Compensation, and Liability Act CERT Community Emergency Response Team CFO Chief Financial Officer CFR Code of Federal Regulations CHEMTREC Chemical ManufacturersÕ Association Chemical Transportation Emergency Center CHPPM Center for Health Promotion and Preventive Medicine CIAO Chief Infrastructure Assurance Officer, also, Critical Infrastructure Assurance Officer CICG Critical Infrastructure Coordination Group CIO Chief Information Officer CIP Critical Infrastructure Protection CIRG Crisis Incident Response Group CJCS Chairman of the Joint Chiefs of Staff CM Consequence Management CMS Call Management System CMU Crisis Management Unit (CIRG) CO/DO Central Office/Direct Outdial COB Continuity of Business COBITTM Control Objectives for Information Technology CONEX Container Express CONOPS Concept of Operations COO Chief Operations Officer COOP Continuity of Operations COR Class of Restriction COS Class of Service CPG Civil Preparedness Guide CPTED Crime Prevention Through Environmental Design CPX Command Post Exercise CRU Crisis Response Unit CSEPP Chemical Stockpile Emergency Preparedness Program CSREES Cooperative State Research, Education and Extension Service CST Civil Support Teams CSTE Council of State and Territorial Epidemiologists CT Counterterrorism CW/CBD Chemical Warfare/Contraband Detection D DBMS Database Management System DBT Design Basis Threat DBU Dial Backup DD Data Dictionary DES Data Encryption Standard DEST Domestic Emergency Support Team DFO Disaster Field Office DISA Direct Inward System Access DMA Disaster Mitigation Act of 2000 DMAT Disaster Medical Assistance Team DMCR Disaster Management Central Resource DMORT Disaster Mortuary Operational Response Team DoD Department of Defense DOE Department of Energy DOJ Department of Justice DOS Department of State DOT U.S. Department of Transportation DPP Domestic Preparedness Program DRC Disaster Recovery Center DTCTPS Domestic Terrorism/Counter Terrorism Planning Section (FBI HQ) DTIC Defense Technical Information Center DWI Disaster Welfare Information E EAS Emergency Alert System ECL Emergency Classification Level EECS Electronic Entry Control System EFR Emergency First Responder EM Emergency Management EMAC Emergency Medical Assistance Compact EMI Emergency Management Institute EMP Electromagnetic Pulse EMS Emergency Medical Services EOC Emergency Operating Center EOD Explosive Ordnance Disposal EOP Emergency Operating Plan or Emergency Operations Plan EPA Environmental Protection Agency EPCRA Emergency Planning and Community Right-to-Know Act EPG Emergency Planning Guide EPI Emergency Public Information EPZ Emergency Planning Zone ERT Emergency Response Team ERT-A Emergency Response Team Advance Element ERT-N Emergency Response Team National ERTU Evidence Response Team Unit ESC Expandable Shelter Container ESF Emergency Support Function ESS Electronic Security System EST Emergency Support Team EU Explosives Unit F FAsT Field Assessment Team FBI Federal Bureau of Investigation FCO Federal Coordinating Officer FEMA Federal Emergency Management Agency FEST Foreign Emergency Support Team FHBM Flood Hazard Boundary Map FIA Federal Insurance Administration FIPS Federal Information Processing Standard FIRM Flood Insurance Rate Map FIS Flood Insurance Study FISCAM Federal Information Systems Control Audit Manual FMFIA Federal ManagerÕs Financial Integrity Act FNS Food and Nutrition Service FOIA Freedom of Information Act FOUO For Official Use Only FPEIS Final Programmatic Environmental Impact Statement FRERP Federal Radiological Emergency Response Plan FRF Fragment-retention film FRMAC Federal Radiological Monitoring and Assessment Center FRP Federal Response Plan FRL Facility Restriction Level FS Forest Service FSTFS Frame-Supported Tensioned Fabric Structure FTP File Transfer Protocol FTX Functional Training Exercise G GAO General Accounting Office GAR GovernorÕs Authorized Representative GP General Purpose GIS Geographic Information System GSA General Services Administration H HAZMAT Hazardous materials HAZUS Hazards US HEPA High Efficiency Particulate Air HHS Department of Health and Human Services HIRA Hazard Identification and Risk Assessment HMRU Hazardous Materials Response Unit HQ Headquarters HRCQ Highway Route Controlled Quantity HRT Hostage Rescue Team (CIRG) HTIS Hazardous Technical Information Services (DoD) HVAC Heating, Ventilation, and Air Conditioning I IC Incident Commander ICDDC Interstate Civil Defense and Disaster Compact ICP Incident Command Post ICS Incident Command System IDS Intrusion Detection System IED Improvised Explosive Device IEMS Integrated Emergency Management System IID Improvised Incendiary Device IND Improvised Nuclear Device IPL Initial Program Load IRZ Immediate Response Zone IS Information System ISACF Information Systems Audit and Control Foundation ISO International Organization for Standardization ISP Internet Service Provider IT Information Technology J JIC Joint Information Center JIS Joint Information System JNACC Joint Nuclear Accident Coordinating Center JOC Joint Operations Center JTF-CS Joint Task Force for Civil Support JTTF Joint Terrorism Task Force JTWG Joint Terrorism Working Group LAN Local Area Network LAW Light Antitank Weapon LCM Life Cycle Management LEPC Local Emergency Planning Committee LFA Lead Federal Agency LLNL Lawrence Livermore National Laboratory LOP Level of Protection LOS Line of Sight LPHA Local Public Health Agency LPHS Local Public Health System M MAC Moves Adds Changes MEDCOM Medical Command MEI Minimum Essential Infrastructure MEP Mission Essential Process MMRS Metropolitan Medical Response System MOU/A Memorandum of Understanding/Agreement mph miles per hour MSCA Military Support to Civil Authorities MSDS material safety data sheet MSS Medium Shelter System N NACCHO National Association for County and City Health Officials NAP Nuclear Assessment Program NBC Nuclear, Biological, and Chemical NCP National Oil and Hazardous Substances Pollution Contingency Plan NDA National Defense Area NDMS National Disaster Medical System NDPO National Domestic Preparedness Office NEST Nuclear Emergency Search Team NETC National Emergency Training Center NFA National Fire Academy NFIP National Flood Insurance Program NIOSH National Institute for Occupational Safety and Health NMRT National Medical Response Team NMS Network Management Systems NOAA National Oceanic and Atmospheric Administration NRC Nuclear Regulatory Commission; National Response Center NRT National Response Team NSC National Security Council NTIS National Technical Information Service NUREG Nuclear Regulation NWS National Weather Service O ODP Office of Disaster Preparedness OEP Office of Emergency Preparedness OES Office of Emergency Services OFCM Office of the Federal Coordinator for Meteorology OHS Office of Homeland Security OJP Office of Justice Programs OMB Office of Management and Budget OPA Oil Pollution Act OSC On-Scene Coordinator OSD Office of Secretary of Defense OSHA Occupational Safety and Health Administration OSLDPS Office for State and Local Domestic Preparedness Support P PA public address PAZ Protective Action Zone PBX Public Branch Exchange PCC Policy Coordinating Committee PCCIP PresidentÕs Commission on Critical Infrastructure Protection PCM Procedures Control Manual PDA Preliminary Damage Assessment PDD Presidential Decision Directive PHS Public Health Service PIN Personal Identification Number PIO Public Information Officer PL Public Law POC Point of Contact POL Petroleum, Oils, and Lubricants PPA Performance Partnership Agreement PT Preparedness, Training, and Exercises Directorate (FEMA) PTE Potential Threat Element PZ Precautionary Zone R RACES Radio Amateur Civil Emergency Service RAP Radiological Assistance Program RCRA Research Conservation and Recovery Act RDD Radiological Dispersal Device RDT&E Research, Development, Test and Evaluation REACT Radio Emergency Associated Communications Teams REAC/TS Radiation Emergency Assistance Center/Training Site REP Radiological Emergency Preparedness Program ROC Regional Operating Center ROD Record of Decision RPG Rocket Propelled Grenade RRIS Rapid Response Information System (FEMA) RRP Regional Response Plan RRT Regional Response Team S SAA State Administrative Agency SAC Special Agent in Charge (FBI) SAME Specific Area Message Encoder SARA Superfund Amendments and Reauthorization Act SBCCOM Soldier and Biological Chemical Command (U.S. Army) SCADA Supervisory, Control, and Data Acquisition SCBA Self-Contained Breathing Apparatus SCO State Coordinating Officer SEA Southeast Asia SEB State Emergency Board SEL Standardized Equipment List SEMA State Emergency Management Agency SERC State Emergency Response Commission SIOC Strategic Information and Operations Center (FBI HQ) SLA Service Level Agreement SLG State and Local Guide SOP standard operating procedure SPCA Society for the Prevention of Cruelty to Animals SPSA Super Power Small Arms SSS Small Shelter System STC Sound Transmission Class SWAT Special Weapons and Tactics T TAC Trunk Access Codes TEA Threat Environment Assessment TEMPER Tent, Extendable, Modular, Personnel TERC Tribal Emergency Response Commission TIA Terrorist Incident Appendix TM Technical Manual TNT Trinitrotoluene TRIS Toxic Release Inventory System TSO Time Share Option U UC Unified Command UCS Unified Command System UL Underwriters Laboratories UPS Uninterrupted Power Supply USC U.S. Code USDA U.S. Department of Agriculture USFA U.S. Fire Administration USGS U.S. Geological Survey US&R Urban Search and Rescue V VA Department of Veterans Affairs VAV Variable Air Volume VAP Vulnerability Assessment Plan VDN Vector Directory Number VRU Voice Response Unit W WAN Wide Area Network WMD Weapons of Mass Destruction WMD-CST WMD Civil Support Team ASSOCIATIONS AND ORGANIZATIONS F American Lifelines Alliance http://www.americanlifelinesalliance.org Applied Technology Council http://www.atcouncil.org Battelle Memorial Institute, National Security Program http://www.battelle.org/natsecurity/default.stm Center for Strategic and International Studies (CSIS) http://www.csis.org Centers for Disease Control and Prevention (CDC) / National Institute for Occupational Safety and Health (NIOSH) http://www.cdc.gov/niosh Central Intelligence Agency (CIA) http://www.cia.gov Council on Tall Buildings and Urban Habitat (CTBUH) http://www.ctbuh.org Federal Aviation Administration (FAA) http://www.faa.gov Healthy Buildings International, Inc. http://www.healthybuildings.com Institute of Transportation Engineers http://www.ite.org Interagency Security Committee (ISC) led by U.S. General Services Administration International CPTED [Crime Prevention Through Environmental Design] Association (ICA) http://new.cpted.net/home.amt Lawrence Berkeley National Laboratory (LBNL) http://securebuildings.lbl.gov National Academy of Sciences http://www4.nationalacademies.org/nas/nashome.nsf _ Federal Facilities Council (FFC) Standing Committee on Physical Security and Hazard Mitigation http://www7.nationalacademies.org/ffc/ Physical_Security_Hazard_Mitigation.html _ National Research Council http://www.nationalacademies.org/nrc National Defense Industrial Association (NDIA) http://www.ndia.org Public Entity Risk Institute http://www.riskinstitute.org Security Design Coalition http://www.designingforsecurity.org Security Industry Association (SIA) http://www.siaonline.org/ Technical Support Working Group (Departments of Defense and State) http://www.tswg.gov .U.S. Air Force Electronic System Center (ESC), Hanscom AirForce Base http://eschq.hanscom.af.mil/ U.S. Army Soldiers and Biological Chemical Command(SBCCOM): Basic Information on Building Protection http://buildingprotection.sbccom.army.mil .U.S. Department of Justice http://www.usdoj.gov _ Federal Bureau of Investigation: Terrorism in the United States reports http://www.fbi.gov/publications/terror/terroris.htm . _ Office of Domestic Preparedness (ODP) http://www.ojp.usdoj.gov/odp . _ National Institute of Justice (NIJ) http://www.ojp.usdoj.gov/nij . _ U.S. Marshals Service (USMS) http://www.usdoj.gov/marshals The Infrastructure Security Partnership (TISP) http://www.tisp.org Founding Organizations: American Council of Engineering Companies (ACEC) http://www.acec.org The American Institute of Architects (AIA), Security Resource Center http://www.aia.org/security American Society of Civil Engineers (ASCE) http://www.asce.org . _ Architectural Engineering Institute (AEI) of ASCE http://www.asce.org/instfound/aei.cfm . _ Civil Engineering Research Foundation (CERF) of ASCE http://www.cerf.org . _ Structural Engineering Institute (SEI) of ASCE http://www.seinstitute.org Associated General Contractors of America http://www.agc.org Construction Industry Institute http://construction-institute.org Federal Facilities Council Ð See National Academy of Sciences above. Federal Emergency Management Agency (FEMA) http://www.fema.gov . _ Building Performance Assessment Team http://www.fema.gov/mit/bpat . _ Mitigation Planning http://www.fema.gov/fima/planning.shtm . _ Human Caused Hazards http://www.fema.gov/hazards National Institute of Standards and Technology (NIST), Building and Fire Research Laboratory http://www.bfrl.nist.gov Naval Facilities Engineering Command http://www.navfac.navy.mil _ Naval Facilities Engineering Service Center (NFESC), Security Engineering Center of Expertise ESC66 http://atfp.nfesc.navy.mil Society of American Military Engineers (SAME) http://www.same.org U.S. Army Corps of Engineers http://www.usace.army.mil _ Blast Mitigation Action Group, U.S. Army Corps of Engineers Center of Expertise for Protective Design http://bmag.nwo.usace.army.mil . _ U.S. Army Corps of Engineers, Electronic Security Center http://www.hnd.usace.army.mil/esc . _ U.S. Army Corps of Engineers, Protective Design Center http://pdc.nwo.usace.army.mil Selected Member Organizations: Air Conditioning Contractors of America http://www.acca.org Air-Conditioning and Refrigeration Institute, Inc http://www.ari.org Airport Consultants Council http://www.acconline.org Alliance for Fire & Smoke Containment & Control http://www.afscconline.org American Association of State Highway and Transportation Officials (AASHTO) http://www.transportation.org American Institute of Chemical Engineers, Center for Chemical Process Safety http://www.aiche.org/ccps American Planning Association http://www.planning.org American Portland Cement Alliance http://www.portcement.org/apca American Public Works Association http://www.apwa.net American Railway Engineering & Maintenance of Way Association http://www.arema.org American Society for Industrial Security International (ASIS) http://www.asisonline.org American Society of Heating, Refrigerating, and Air Conditioning Engineers (ASHRAE) http://www.ashrae.org American Society of Interior Designers http://www.asid.org American Society of Landscape Architects (ASLA) http://www.asla.org American Society of Mechanical Engineers (ASME) http://www.asme.org American Underground Construction Association (AUA) http://www.auca.org> or and