Page 7

2

Guidelines for Security Management

INTRODUCTION

The committee believes strongly that each federal office building should have an ongoing building security program as part of its facility management function. It should be adopted and administered by the appropriate management element in the organization. The building security program should encompass basic building security matters (i.e., routine protection of persons, property, and information) as well as protection strategies against extraordinary events such as a terrorist act. A security program can be defined as a combination of systems, elements and people joined together to meet the specific needs of any business, industry, institution, or organization for protection, prevention, detection, enforcement, investigation, emergency service, or public service (Post and Schachtsiek, 1986).

MANAGEMENT OF A BUILDING SECURITY PROGRAM

The overall security of a federal office building and the persons and information housed within it is the responsibility of the organization that owns and occupies the building. With new buildings, the top management of organizations should insure that security



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 7
Page 7 2 Guidelines for Security Management INTRODUCTION The committee believes strongly that each federal office building should have an ongoing building security program as part of its facility management function. It should be adopted and administered by the appropriate management element in the organization. The building security program should encompass basic building security matters (i.e., routine protection of persons, property, and information) as well as protection strategies against extraordinary events such as a terrorist act. A security program can be defined as a combination of systems, elements and people joined together to meet the specific needs of any business, industry, institution, or organization for protection, prevention, detection, enforcement, investigation, emergency service, or public service (Post and Schachtsiek, 1986). MANAGEMENT OF A BUILDING SECURITY PROGRAM The overall security of a federal office building and the persons and information housed within it is the responsibility of the organization that owns and occupies the building. With new buildings, the top management of organizations should insure that security

OCR for page 7
Page 8issues are addressed in the architectural programming and design phases. With all buildings, whether new or existing, management should ensure that appropriate procedures are developed to address all levels of terrorist threat. Responsibility for security activities should be assigned to a security planning group and a security management team, established by top management. The security planning group should establish overall policy in terms of security issues, develop a building security program, and serve as the liaison entity with individuals or groups outside the organization such as the local police or the FBI. Membership in the security planning group should include those best able to assess the following: (1) mission criticality of the building or organizations within the building, (2) the likelihood that the building or organizations within the building would be a terrorist target, (3) requirements for the safety of employees, (4) requirements for classified material and other critical assets, and (5) legal and financial considerations of security measures. The security management team should manage the day-to-day operation of a building security program. A security management team should consist of security specialists, the facility manager (or representative), and others deemed appropriate by the facility manager. In some cases, non-government tenants such as those that hold valuable assets on the premises (e.g., banks and jewelry stores) or government contractors that require certain mandatory security measures, may participate on the security management team. The building security program should be prepared in collaboration with the building owner (even for non-government owned buildings), local law enforcement agencies, and outside consultants as needed. Since security programs frequently include modifications to the building (such as restrictions when and where people can enter and leave the building) life safety requirements should also be coordinated with the local fire department or other appropriate organizations. A BUILDING SECURITY PROGRAM Elements A building security program consists of four major elements: (1) policies and procedures, (2) personnel, (3) facilities, and (4)

OCR for page 7
Page 9systems and equipment. The effectiveness of the program depends upon the interaction of these elements; relying on any one element to the exclusion of the others will compromise the program. Policies and procedures, the formalized ways in which various security functions are carried out, are key to the entire security effort. They include security plans, threat analyses, instructions and manuals, standards of performance, and criteria for facilities and systems. For example, Table 2-1 shows a recommended table of contents for an office building security manual. Retaining a team of personnel that is well equipped and highly motivated is essential to the success of a building security program. Personnel must be knowledgeable about potential adversaries and, most importantly, must be able to respond to surprises. Important considerations include recruitment, selection, training, and support. The building itself is a key element of a security program, including the degree to which the building is hardened (physically strengthened to withstand greater levels of attack, such as bomb blasts), the designated entry and exit points, and the existence and location of vaults, secure rooms, response force facilities, barriers, and structures designed to withstand ballistic attacks. Security technology in the form of systems and equipment is employed primarily to complement the capability of the human security force. Systems and equipment include personal security equipment (such as arms and munitions, vehicles, and communications equipment) and electronic security systems (such as intrusion detection systems, automated entry and access control systems, and surveillance and assessment equipment). Security systems and equipment can allow for more comprehensive coverage, earlier indication of an intrusion, quicker assessment of the nature of the attack, and a more tailored and focused response. Electronic security systems can also provide the opportunity for fewer individuals to be assigned to traditional guard duty activities. While security technology enhances the capability of the security force, it places greater demands on the alertness, judgment and training of security force personnel. The building security program should include a plan for continuous maintenance of the systems and equipment. When selecting security systems and equipment for a particular building, it is important that the security force and the maintenance personnel be provided with adequate training to operate and maintain the systems and equipment. It is also important that

OCR for page 7
Page 10the ergonomic design—the design of the workplace—encourage an alert and active security force. TABLE 2-1 Example of a Table of Contents for an Office Building Security Manual GENERAL OFFICE BUILDING COMPLEX SECURITY MANUAL Foreword Introduction Part I: General office complex: Its buildings, its people Organization chart: General office complex Organization chart: Security department Map of building locations Part II: Organization of security services Responsibilities of director of security, security sergeant, security officer Part III: General duties of the security force General outline of duties of members of security force Part IV: Authority as a special deputy Right to arrest Right to detain and question Part V: Deportment and general appearance Code of ethics Deportment Personal appearance Part VI: Special police equipment Use of baton, handcuffs, chemical mace, walkie-talkies Part VII: Preventive patrolling Preventive patrol, building patrol Aggressive patrol Part VIII: The things security officers must keep in mind Increasing your powers of observation Part IX: General orders for security officers General orders: How they are given and how they are to be carried out Part X Investigation report Daily security report Who, what, when, where, how Index to sample reports Sample reports Part XI: Special emergencies Fires Disasters, internal and external Bomb threats Summary Source: Post and Schachtsiek, 1986.

OCR for page 7
Page 11 Functions A building security program has at least six functions: (1) deterrence, (2) delay, (3) detection, (4) alerting, (5) response, and (6) neutralization. Deterrence is the ultimate goal of any building security program in that it discourages potential attacks because the building is so well protected. The delay function comes into play when an attack is launched and involves the combination of the security force and physical attributes such as barriers, locks, and traffic flow systems that will slow an attack in order to provide more response time. The building security program should include a detection capability so that, as soon as possible after an attack is launched, the security force can be activated. Once an attack is detected, a fourth function, alerting, comes into play. This involves communicating the nature and location of the attack using clear and quick methods. The fifth function of a building security program is the response itself, the purpose of which is to interdict the adversary. Neutralization involves controlling the adversary, thus eliminating the immediate threat. DEVELOPING, EVALUATING AND IMPLEMENTING A BUILDING SECURITY PROGRAM The committee recognizes that all federal office buildings are not equally threatened. Highly visible or symbolic buildings (such as courthouses) and office buildings housing controversial agencies are subject to higher levels of threat. Office buildings can contain information (such as intelligence or military records) that may be a target. Buildings may house high ranking political or military leaders that could be targeted by terrorist groups. The level of threat against a particular building may change over time as conditions change. Because of this, agencies should develop a building security program that is frequently reviewed and revised to keep current with changes in the agency's mission, functions, personnel and facilities, and with changes in the the nature of the threat.

OCR for page 7
Page 12 Developing a Building Security Program A building security program should be developed by the security planning group. The planning group should consider calling on physical security specialists to assist in the development of the program. Regardless of the composition of the security planning group, the major steps in developing and maintaining an effective building security program follow: 1. Identify potential targets (people, information, the building itself) and evaluate their relative attractiveness to terrorists. 2. Establish priorities for protecting the targets identified. 3. Assess the vulnerabilities of the potential targets. 4. Evaluate the building security program in light of the nature of the threat, under routine security conditions as well as under actual threat (threat alert) conditions. Evaluate the program with respect to the four elements of the program (policies and procedures, personnel, facilities, and systems and equipment). 5. Implement regular training of security personnel and sensitize the security planning group to changes in the field. 6. Conduct periodic operational testing of the building security program (at least twice a year). The testing should involve the entire building, as well as outside support personnel who would be needed in the event of a hostile incident. Such testing should emphasize the internal and external communication networks involved in the security program. 7. Modify the building security program and renovate the building as needed. Evaluating the Building Security Program Evaluation of the building security program should determine the program's effectiveness with respect to the four major security program elements. In order to be effective, the security program should clearly describe how to identify potential terrorist targets, how to establish priorities for protection, how to assess the vulnerability of targets, and how to revise and maintain the building security program. The specific responsibilities of personnel should be clearly defined and the individuals responsible should be named, with telephone numbers provided. In addition, a building security program should be evaluated in terms of the training materials, programs and schedules that are provided to educate personnel on

OCR for page 7
Page 13the nature of the threat, and the security policies and procedures of the program. Implementing the Building Security Program Successful implementation of a building security program requires visibility, which is only possible through the active participation of the top management of the organization. In addition, effective implementation and execution of the program depend on everyone knowing his or her role and being able to execute it as a normal part of the daily routine. The smooth operation of a security program results from frequent training and rehearsal sessions organized by the security management team. TEMPORARY SECURITY MEASURES Changes in the nature and level of threats require that the security management team maintain a program of temporary security measures. These temporary responses are contingency plans for increased levels of security that are imposed when external conditions warrant. Examples of such temporary actions include closing non-essential access points, reducing the number of individuals granted access to critical areas of the building, increasing the number of personnel in the security force, and, if appropriate, establishing temporary barriers. When advised of a reduction in threat levels, measures put into place on a temporary basis should be reviewed. Those that substantially inhibit the functioning of the organization or the operation of the building should be removed. Temporary measures that enhance security without hindering individual or organizational performance should be considered for permanent incorporation in the building. ROLES AND RESPONSIBILITIES OF A SECURITY MANAGEMENT TEAM DURING AND AFTER A HOSTILE ATTACK Crisis management is essentially the management of surprise. It attempts to limit the damage from a surprise occurrence and to resume normal operations. Surprise occurrences include earthquakes, floods, industrial accidents, and fires as well as terrorist acts. The success of the response in each case is the direct result of

OCR for page 7
Page 14the thoroughness of prior contingency planning and training. The most critical requirement is to identify which agencies and individuals in those agencies are required to handle the consequences of these events. Quick communication between the security management team and these individuals, even in situations where conventional telephone and power systems are out of action, is essential. The roles of each internal and external group (such as fire fighters, utility people, food service personnel, first aid and emergency medical teams) must be established in advance to insure quick and effective action. Operational testing of the building security program should be conducted and modified until the functions are clearly understood and major problems eliminated. Such operational tests are justified not only by the threat of a terrorist attack, but by the chance of any surprise occurrence or disaster which would require the same plans and resources. TARGETS, PRIORITIES, AND VULNERABILITIES Because terrorists use violence to further political or social objectives, targets are often selected to create a sense of outrage and shock. The publicity accompanying such acts provides the terrorist with an image of invincibility and impunity. As a symbolic act, it generates a greater sense of outrage when perpetrated against a national symbol, an activity of the government, or a popular or highly-placed citizen. Shock value increases if the target appears to the public as innocent in the political struggle and if the act is executed in a very violent fashion. Terrorist methods include hostage taking, or assaults on personnel (including assassination), destroying or stealing records or valuable information, and damaging or destroying property, such as public buildings. Potential targets should be considered for their symbolic value, their functional value, the terrorists' accessibility to the targets, and the nature and location of protective measures. A building security program should be organized in consideration of protection of persons in or around the building as the highest priority. It should also recognize that the terrorists may target a critical operational function for destruction (including destroying the building itself) to demonstrate that a government can

OCR for page 7
Page 15be crippled by not protecting a vital part of its operations. Priorities for protection must consider the importance of protecting human life and critical federal functions, as well as the accessibility of the building and the practicality of affording protection at a reasonable cost. NOTE Post, R.S. and D.A. Schachtsiek. 1986. Security Manager's Desk Reference. London: Butterworth Publishers.

OCR for page 7
Page 16