2
A Performance-based Approach to Security and Blast-mitigating Building Design

INTRODUCTION

One of the tacit assumptions underlying the committee’s charge was that the current ISC Security Design Criteria (ISC, 2001) do not give a designer enough flexibility to explore alternative (presumably more creative) approaches to security. Without rendering judgment on that assumption, in this chapter the committee describes a hypothetical performance-based approach for designing buildings subject to the ISC criteria that is modeled on the International Performance Code for Buildings and Facilities (ICC, 2001). This material is not presented to advocate a specific approach but rather to illustrate that setting up a formal performance-based system is not a simple matter and instead requires considerable fore-thought.

Although the committee believes that the material presented here could serve as a model for a performance-based security design process, the wording of the various process elements is for illustration only; it should not be considered a specific recommendation of the committee for the ISC Security Design Criteria. It is the committee’s belief that setting specific goals and criteria for performance-based security design of federal buildings is an inherently governmental function, to be undertaken by the ISC itself, perhaps assisted by experts in drafting building codes and engineering standards. If the ISC wishes to implement a more formal performance-based approach for security-related design, crafting the necessary policy guidance and performance criteria should be given a high priority, as should development of the other process elements.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary 2 A Performance-based Approach to Security and Blast-mitigating Building Design INTRODUCTION One of the tacit assumptions underlying the committee’s charge was that the current ISC Security Design Criteria (ISC, 2001) do not give a designer enough flexibility to explore alternative (presumably more creative) approaches to security. Without rendering judgment on that assumption, in this chapter the committee describes a hypothetical performance-based approach for designing buildings subject to the ISC criteria that is modeled on the International Performance Code for Buildings and Facilities (ICC, 2001). This material is not presented to advocate a specific approach but rather to illustrate that setting up a formal performance-based system is not a simple matter and instead requires considerable fore-thought. Although the committee believes that the material presented here could serve as a model for a performance-based security design process, the wording of the various process elements is for illustration only; it should not be considered a specific recommendation of the committee for the ISC Security Design Criteria. It is the committee’s belief that setting specific goals and criteria for performance-based security design of federal buildings is an inherently governmental function, to be undertaken by the ISC itself, perhaps assisted by experts in drafting building codes and engineering standards. If the ISC wishes to implement a more formal performance-based approach for security-related design, crafting the necessary policy guidance and performance criteria should be given a high priority, as should development of the other process elements.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary A POSSIBLE PERFORMANCE-BASED FRAMEWORK FOR THE ISC SECURITY DESIGN CRITERIA Background “Prescriptive” or specification-based systems describe how buildings should be designed, built, protected, and maintained. For the most part, this is done through codes and standards that prescribe (specify) what is required for health, safety, and general welfare, how these requirements are to be met, and how compliance is to be verified. A performance-based system, on the other hand, does not limit the designer to prescribed construction details or design requirements. Rather, it relates the design and construction of the building to the desired performance of the building under certain conditions (in the case of the ISC Security Design Criteria, a terrorist attack using conventional explosives) based on preset performance objectives. A performance-based system provides a policy framework for defining the building performance desired and permits the use of a variety of acceptable methods to meet the requirements. Performance-based commercial building codes typically have three components (Meacham, 1998a): Codes (regulations) that establish the expected level of performance through explicit statements of goals, functional objectives, and performance requirements; Engineering standards, guides, and practices, which are separate documents, adopted in the codes by reference, that describe acceptable methods for complying with a code; and Evaluation and design tools, acceptable methods for creating, reviewing, and verifying designs in accordance with engineering standards, guides, and practices. Acceptable methods are design approaches, material testing procedures, or prescriptive requirements that may be included in or referenced by a code. They may be specified (prescribed) solutions or standards, practices, tools, and methodologies that can be used for both design and verification of compliance. In a performance-based system, there is a clear differentiation between: The requirements of the code or regulation (the what component), Acceptable means for complying with the code (the how component), and Acceptable means for demonstrating that the proposed solutions comply with the code (the verification component).

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary FIGURE 2.1 Performance-based building code hierarchy. For performance-based regulations and design methods to be effective, there must be a logical and transparent relationship between what the regulations are designed to achieve and the methods used to achieve it. An eight-level hierarchy (see Figure 2.1) displays these relationships. This hierarchy illustrates how the goal “limit mass casualties” can be made operative through a performance requirement to “prevent progressive collapse” and achieved through a design approach (the alternate path method) that can be demonstrated to be effective. The important role played by test methods and standards, evaluation methods, design guides, and other verification methods is also readily seen. A Policy Framework for Security Design Goals The highest level of the building performance hierarchy consists of policy or societal goals. In general, goals for the built environment should reflect the interests both of the community at large and of specific stakeholders, such as owners, tenants, and facility managers. Goals for commer-

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary cial building codes are often limited to health, safety, welfare, amenity, and accessibility, and sometimes property protection, affordability, and durability. Additional goals may be needed, such as mission continuity. To be effective, goals should be clear, unambiguous, and easily comprehensible; they should not be described in technical terms. Policy goals are most appropriately established by governmental or quasi-governmental bodies that understand the building construction and regulatory issues and that are responsible for the health and safety of those who occupy the regulated buildings. In many regulatory systems, policy goals ultimately become part of the laws regulating buildings. For the ISC Security Design Criteria, a section on policy goals might include statements like the following (adapted from ICC, 2001): The purpose of these criteria is to help design facilities that save lives, prevent injuries, and protect critical functions and assets from a bombing or other physical attack. The primary goal for facilities constructed using these guidelines is to protect the occupants from death and injury and to limit damage to the facility, its contents, and its mission from acts of terrorism and related violence that may reasonably be expected. Full implementation of these guidelines should provide some protection against all threats and significantly reduce casualties. These guidelines therefore intend that federal facilities provide for: Minimizing the risk of death and injury from natural and technological hazards, acts of terrorism, and acts of social violence. A structure that will reasonably withstand those loads that can be expected to impact the facility throughout its intended life-time. Means of egress and access for emergency as well as normal circumstances. Methods of limiting the spread of fire, products of combustion, and airborne contaminants both within the building and to adjacent properties. Once clear, unambiguous, and easily comprehensible goal statements have been developed, more detailed functional and operative (performance) statements can be established. Functional Statements For each goal, functional statements set the qualitative requirements for buildings or specific building elements (features), describing how the

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary goal can be met. To meet the goal for “minimizing risk of injury and death,” for instance, functional statements might deal with such factors as blast protection, fire safety, structural stability, and protection from intrusion. Because functional statements provide more specific guidance than the general goal statement, they should contain or reference a measure (qualitative or quantitative) of the level of performance that is tolerable or acceptable to the community of stakeholders. This may be done by setting specific criteria, referring to “deemed to satisfy” solutions, or referring to criteria, methods, or standards published by others. The following example illustrates how functional statements might be formulated: The primary goal for facilities constructed using these guidelines is to protect the occupants from death and injury and to limit damage to the facility, its contents, and its mission from acts of terrorism and related violence that may reasonably be expected to occur. This statement of goals speaks to the issues of safety, damage, and mission continuity but gives no specific guidance on functional expectations. Associated functional statements are needed. The following are examples of functional statements: Life safety and injury prevention. Structures shall be designed and constructed so as to prevent injury to occupants due to the failure of a structural element or system loaded to levels determined by a facility-specific risk assessment. Property and amenity protection. Structures shall be designed and constructed to prevent loss of property and amenities due to the failure of a structural element or system loaded to levels determined by a facility-specific risk assessment. Mission continuity. Structures shall be designed and constructed to prevent loss of mission continuity due to the failure of a structural element or system loaded to levels determined by a facility-specific risk assessment. Performance Requirements Operative or performance requirements state actual requirements in terms of performance criteria or expanded functional descriptions. Like functional statements, they should refer to acceptable or tolerable levels of performance. There is considerable flexibility in how this might be accomplished. Some operative requirements may simply be detailed qualitative statements; others might specify quantitative performance criteria. The

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary choice may depend on the degree of flexibility desired, or may be limited by the number of solutions available. The following are examples of qualitative performance statements for selected performance categories: Stability. Structures or portions thereof shall remain stable and not collapse during construction or alteration and throughout their lives. Disproportionate failure. Structures shall be designed to sustain local damage, and the structural system as a whole shall remain stable and not be damaged to an extent disproportionate to the original local damage. Progressive failure. Structures shall be designed to prevent progressive collapse due to the loss of one primary column, or it shall be demonstrable that the proposed design precludes such a failure. Exterior walls. Exterior walls shall be designed to resist the actual pressures and impulses acting on exterior wall surfaces from the threats defined for the facility. Exterior walls shall be capable of withstanding the dynamic reactions from the windows. Loss of amenity. Structures or portions thereof shall have a low probability of causing damage or loss of amenity through excessive deformation, vibration, or degradation during construction or alteration and throughout their lives. The following example illustrates how quantitative performance criteria can be integrated into operative statements. Exterior walls: To comply with Medium Protection Levels, exterior walls should be designed to resist elastically a pressure of X psi and an impulse loading of Y psi-msec; for Higher Protection Levels, pressure to be resisted is X′ psi and impulse loading is Y′ psi-msec. Performance Groups In performance-based regulatory systems, building-use or occupancy types for which similar performance is desired or required are often arranged into performance groups (ICC, 2001; Meacham, 1998a). The primary value to the ISC of such groupings would be to simplify security planning and design for similar types of facilities or facilities subject to similar threats. For example, the Department of Justice Vulnerability Assessment (DOJ, 1995) grouped facilities by facility type, tenant, occupancy, and perceived risk (see Table 2.1). As a starting point, the ISC Security Design Criteria could use the DOJ levels as the basis for establishing such groupings.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary TABLE 2.1 Security Levels for Federal Facilities Level Typical Location Typical Tenants I ≤10 Federal Employees ≤ 2,500 square feet Low-volume public contact Small “store-front” operation Military Recruiting Small Post Office USDA Office Border Patrol Station (remote) Customs/INS Checkpoint (remote) Social Security Administration II 11-150 Federal Employees 2500-80,000 square feet Moderate-volume public contact Routine operations similar to private sector or facility shared with private sector Public Officials (Congress/Senate) Railroad Retirement Board INS Offices U.S. Customs Offices III 151-450 Federal Employees Multistory facility 80,000-150,000 square feet Moderate/high-volume public contact Agency mix: Law enforcement operations Court functions Government records U.S. Bankruptcy Court Inspector General IRS Criminal Investigations Division U.S. Probation Service U.S. Pretrial Services Federal Public Defender GSA Field Office IV > 450 Federal Employees Multistory facility > 150,000 square feet High-volume public contact High-risk law enforcement/ intelligence agencies District court U.S. District Courts U.S. Marshals Service FBI DEA ATF U.S. Secret Service V Level IV profile and agency/mission critical to national security U.S. Department of State HQ CIA Headquarters Pentagon White House U.S. Capitol   SOURCE: DOJ (1995). Performance Levels Performance levels describe the desired, required, or expected performance of a building or structure in terms of a specified measure. Establishing these levels requires balancing of technical considerations and societal values. The terms “tolerable” or “acceptable” are often used to reflect the

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary fact that absolute protection is not possible and that some damage, injury, or loss will occur in structures, especially after a hazard event. The term “impact” is used as a broad descriptor of loss. The ISC Security Design Criteria already embody this concept to some degree through the four protection levels (low, medium/low, medium, and higher). Part 3 of the criteria, the Risk Guidelines, specifies the desired level of performance (i.e., how the building is to perform during an emergency and the degree to which the building and its constituent elements should protect against specific tactics). The protection levels can be translated into performance terms that are definitive statements of what is desired or expected from the building for each level of protection and could read as follows. Low Impact. The tolerable impacts of the design loads are as follows: Structural damage. There is no structural damage and the building or facility is safe to occupy. Nonstructural systems. Nonstructural systems needed for normal building or facility use and emergency operations are fully operational. Occupant hazards. Injuries to building or facility occupants are minimal in number and minor in nature. There is a very low likelihood of single or multiple life loss.* Extent of damage. Damage to building or facility contents is minimal in extent and minor in cost.* Hazardous materials. Minimal amounts of hazardous materials are released to the environment. Low/Moderate Impact. The tolerable impacts of the design loads are as follows: Structural damage. There is moderate structural damage, which is repairable; some delay in reoccupancy can be expected. Nonstructural systems. Nonstructural systems needed for normal building or facility use are fully operational, although some cleanup and repair may be needed. Emergency systems remain fully operational. Occupant hazards. Injuries to building or facility occupants may be locally significant but generally moderate in number and in *   Applies only to hazard-related applied loads. Depending on the applied load (e.g., fire hazard) expected injuries and damage may be higher in localized areas, while the remaining areas sustain fewer injuries and less damage.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary nature. There is a low likelihood of single life loss, very low likelihood of multiple life loss.* Extent of damage. Damage to building or facility contents, though it may be locally significant, is generally moderate in extent and cost.* Hazardous materials. Some hazardous materials are released, but the risk to the community is minimal. No emergency relocation is necessary. Moderate Impact. The tolerable impacts of the design loads are as follows: Structural damage. There is significant damage to structural elements but no large quantity of falling debris; repair is possible. Significant delays in reoccupancy can be expected. Nonstructural systems. Nonstructural systems needed for normal building or facility use are significantly damaged and inoperable; egress routes may be impaired by light debris; emergency systems may be significantly damaged but remain operational. Occupant hazards. Injuries to building or facility occupants may be locally significant, with a high risk to life, but are generally moderate in number and nature. There is a moderate likelihood of single life loss, a low probability of multiple life loss.* Extent of damage. Damage to building or facility contents may be locally total and generally significant.* Hazardous materials. Hazardous materials are released, with localized relocation needed for occupants of buildings and facilities in the immediate vicinity. Higher Impact. The tolerable impacts of the design loads are as follows: Structural damage. There is substantial structural damage but all significant components continue to carry gravity load demands. Repair may not be technically possible. The building or facility is not safe for reoccupancy, because reoccupancy could cause collapse. Nonstructural systems. Nonstructural systems for normal building or facility use may be completely nonfunctional. Egress routes may be impaired; emergency systems may be substantially damaged and nonfunctional. *   Applies only to hazard-related applied loads. Depending on the applied load (e.g., fire hazard) expected injuries and damage may be higher in localized areas, while the remaining areas sustain fewer injuries and less damage.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary Occupant hazards. Injuries to building or facility occupants may be high in number and significant in nature. Risk to life may be significant. There is a high likelihood of single life loss and a moderate likelihood of multiple life loss.* Extent of damage. Damage to building or facility contents may be total.* Hazardous materials. Significant amounts of hazardous materials are released, with relocation needed beyond the immediate vicinity. Performance Criteria Performance criteria are the metrics against which performance should be measured, predicted, and evaluated for compliance with goals, functional objectives, and performance requirements; these criteria are integral to a performance-based system. Commercial building codes deal with structural loads, natural hazards, and technological hazards (e.g., fire, explosion, contamination, infection, and other safety and health hazards). As long as protection from these hazards achieves some tolerable level of performance and no other goals and objectives are violated, the intent of the codes is met. In a prescriptive code, the criteria for tolerable levels of performance are stated in a variety of forms (e.g., applied loads, air changes per hour, maximum travel distances). Unfortunately, the prescribed criteria often reflect what happens when formulae or standardized tests are idealized; they may not reflect actual performance under load, especially under the extreme conditions experienced during hazardous events. In a performance-based regulatory system, there must be ways to define, assess, design, and evaluate the actual performance of building components, systems, and assemblies and of the structure itself. Thus, performance criteria (measures) are needed to serve as metrics for determining compliance. The code may state such criteria qualitatively as well as quantitatively, but quantitative values are required for design and evaluation. However, determining tolerable levels of performance is not easy. In the case of safety, for example, it is difficult to determine the “load” against which appropriate “resistance” is required. This is certainly the situation with prescriptive fire protection requirements. Fire tests of building materials, elements, and systems generally use different, and sometimes incompatible or unrealistic, loads (Snell, 2001). When these materials and sys- *   Applies only to hazard-related applied loads. Depending on the applied load (e.g., fire hazard) expected injuries and damage may be higher in localized areas, while the remaining areas sustain fewer injuries and less damage.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary tems are assembled in a building, it is difficult to state accurately how much performance (safety) is actually being provided. To address these concerns, the International Performance Code for Buildings and Facilities uses the concepts of “design load” and “performance levels” (Meacham, 1998a; ICC, 2001). A “design load” is used because, although the maximum load a structure will be subjected to (especially hazard-induced loads) cannot be predicted, the structure can be designed to resist loads that can reasonably be expected. In the International Performance Code, design loads are divided into four categories of increasing magnitude: small, medium, large, and very large. “Small” loads indicate high-probability, limited-consequence events; “very large” loads indicate low-probability, significant-consequence events. Definition of design loads also depends on how performance is to be measured. In the current ICC approach, performance is expressed in terms of tolerable impacts (consequences) on structures, occupants, and contents (ICC, 2001). Thus, the impact of a fire of a certain size in an office may be different from the impact of a similar event in a laboratory. As a result, the definition of a “small” design fire will differ for different types of facilities. Explicit statements of tolerable impacts to which the structure must conform when subjected to design loads of various magnitudes are provided through the performance levels. The ISC criteria use a similar approach, but inconsistencies in their terminology could lead to confusion. For example, the “loads” are the “tactics” defined in Part 3 as low, medium/low, medium, and higher—the same classification system as for the protection levels, but here the terms refer to risk rather than performance. In Part 2, Table 4.1, “loads” refers to hazard levels, in the same taxonomy of low, medium/low, medium, and higher. To make the criteria more usable, the committee believes, the ISC should employ consistent terminology. It would also be clearer to have a different taxonomy for “loads” (tactics/hazards) and for “resistances” (protection levels). These could be pairings of small/frequent, medium/less frequent, large/rare, and very large/very rare. A matrix (Table 2.2) can be constructed of performance groups, performance levels (protection levels), and performance criteria (tactics) to give criteria users a simple visual representation of the damage to be expected for different magnitudes of anticipated threats and for the four ISC protection levels. “Deemed to Satisfy” Solutions One way to demonstrate compliance with a performance-based regulation is to apply strictly prescriptive codes and standards (sometimes called “approved documents” or “approved methods”) that have been “deemed

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary TABLE 2.2 Damage to Be Expected Based on Protection Levels and Design Event Magnitudes     SOURCE: Adapted from ICC (2001). to satisfy” the goals, functional statements, and performance requirements of the regulation. “Deemed to satisfy” solutions may be used for technical, political, legal, or practical reasons (e.g., ease of use and enforcement or proof that an agreed “standard of care” has been exercised). Often, “deemed to satisfy” solutions are derived from the prescriptive requirements that were in place before a performance-based code was introduced. Although this approach provides some performance criteria and a built-in comfort level, there is the chance that the prescriptive requirements (and associated criteria) do not, in fact, comply with the goals, performance objectives, and other elements of the performance-based system, due, perhaps, to new requirements or because metrics for assessing performance are unavailable or incompatible. This is why it is essential to link goals, functional statements, performance objectives, and criteria. “Approved documents” to support “deemed to satisfy” solutions may be installation standards, prescriptive design standards (guidelines, codes of practice), and prescriptive codes (building, fire, plumbing, electrical, and mechanical). Most performance-based regulations allow for a mix of pre-

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary scriptive and performance-based solutions because (1) performance-based solutions may be needed not for the entire building but only for specific components, (2) prescriptive solutions can be easier to apply, and (3) the combination of prescriptive and performance solutions can provide optimal flexibility and cost-effectiveness. Performance-based Solutions Performance-based solutions typically meet operative requirements and associated criteria by employing the analysis and design standards, guidelines, or practices generally accepted in the relevant professional disciplines. In the broadest sense, performance-based analysis and design is a process of designing a solution to meet specific performance goals that have been stated in terms of qualitative or quantitative objectives, criteria, or limitations of damage or injury (Meacham, 1998b). In structural engineering, for example, performance levels are often defined in terms of specific limiting damage states against which a structure’s performance can be objectively measured (Hamburger et al., 1995). This approach has been adopted, for instance, by the fire safety engineering community, which defines performance-based fire safety design as: an engineering approach to fire protection design based on (1) agreed upon fire safety goals, loss objectives, and design objectives; (2) deterministic and probabilistic evaluation of fire initiation, growth, and development; (3) the physical and chemical properties of fire and fire effluents; and (4) quantitative assessment of the effectiveness of design alternatives against loss objectives and performance objectives. (Custer and Meacham, 1997) The process of selecting performance-based analysis and design methods is outlined in Figures 2.2 and 2.3 (adapted from Meacham, 1998b). In Figure 2.2, the process is outlined in sequence; in reality, however, there will be several iterations, especially during the evaluation stage (Step 6). The iterative nature of the evaluation, including the possibility of revisiting selection of performance criteria, is illustrated in Figure 2.3. The advantage of performance-based analysis and design lies in the flexibility that can be achieved without compromising safety, cost, or other important factors. It allows all parties to agree on goals, objectives, criteria, and analysis and evaluation methods, resulting in a design that best fits all parameters—a performance-based design solution. Performance-based analysis and design can be used in conjunction with a performance-based regulation or on its own. The primary difference is that where a regulation already exists, goals, objectives, criteria, and performance requirements will already have been addressed and ordinarily need not be part of the analysis.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary FIGURE 2.2 Steps in a performance-based analysis and design process. Verification Methods Verification methods can be defined to include test standards; test methods; and analytical methods, including computational models. In short, a verification method can be any document, system, test, method, or tool that is needed to measure a design and its components against goals, functional statements, operational requirements, and performance criteria.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary FIGURE 2.3 Iteration in the performance-based design process.

OCR for page 9
ISC Security Design Criteria For New Federal Office Buildings and Major Modernization Projects: A Review and Commentary In a performance-based system, verification methods are often computer-based analytical tools that require a combination of data and judgment, because it may not be cost-effective or even possible to physically test every possible mitigation solution. In these cases, the tools and the data needed for the analysis must be suitably validated, and uncertainty, variability, and unknowns appropriately accounted for. Personnel must be qualified to understand the totality of a risk-informed performance-based approach when they use such tools. Otherwise, there is a risk that one area may receive a disproportionate amount of analysis to the detriment of overall safety or of the facility as a whole. SUMMARY This chapter provides an overview of a performance-based approach to regulation and design of buildings, with a focus on security and blast mitigation. It illustrates how risk and protection can be used as performance metrics, and how performance-based and prescriptive criteria can be used jointly in design guidance. The committee believes that it can serve as a guide for the Interagency Security Committee to use in developing a performance-based process for the security-related design of federal facilities. REFERENCES Custer, R.L.P., and B.J. Meacham. 1997. Introduction to Performance-based Fire Safety. Boston, Mass.: Society of Fire Protection Engineers. DOJ (Department of Justice). 1995. Vulnerability Assessment of Federal Facilities. Washington, D.C.: U.S. Department of Justice. Hamburger, R.O., A.B. Court, and J.R. Soulages. 1995. Vision 2000: A framework for performance-based engineering of buildings. Proceedings of the 64th Annual Convention, Structural Engineers Association of California, pp. 127-146. ICC (Interstate Commerce Commission). 2001. International Performance Code for Buildings and Facilities. Falls Church, Va.: ICC. ISC (Interagency Security Committee). 2001. ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects. Washington, D.C.: GSA. Meacham, B.J. 1998a. Concepts of a Performance-Based Building Regulatory System for the United States. NIST-GCR-98-762. Gaithersburg, Md.: National Institute of Standards and Technology. Meacham, B.J. 1998b. Assessment of the Technological Requirements for the Realization of Performance-Based Fire Safety Design in the United States. NIST-GCR-98-763. Gaithersburg, Md.: National Institute of Standards and Technology. Snell, J. 2001. Towards a global agenda for fire research. Proceedings of the United Engineering Foundation Conference: The Technical Basis for Performance-Based Fire Regulations. New York, N.Y.: United Engineering Foundation.